Topics

1

23.1 Legacy Series / can not update package, dns name not resolved after brigding my modem to opnbox

« on: July 21, 2023, 01:30:55 am »

Hello,

Recently I have installed adguard and had to disable unbound. Unfortunately, I have not been able both get work in harmony. adguard is acting as sole dns server. Everything seemed normal after those changes.

I wanted install a vpn server in opnsense box.  Because of that I changed the cable modem operating mode to bridge which was operating in router mode. Everything seemed working normal, I realized packaged updates, check are failing. I thought that it was a mirror problem, change several mirrors with the same result.

I do not certainly know that it is because of initial misconfiguration of adguard or modem bridge mode change. I have not changed any setting in the wan part.

I really appreciate any insight.

2

20.7 Legacy Series / Latest update broke my firewall and not accessible with its ip

« on: November 19, 2020, 09:37:33 am »

Hello,

I am kind of newbie. I have set up opnsense about two years ago, after that it worked, and I updated it a couple of times. This morning the I could not access the internet, I detected that unbound was not working, I restarted it and saw that internet is accessible again.  I also checked the updates and saw that my firmware is end of life and I unlocked and pressed ugrade button. I do not remember my current firmware but it was 20 something. The router rebooted successfully, the internet was  accessible, but  later, internet and the router has become not accessible, I rebooted the router, now I can not even ping the router. It is completely not accessible.

I really need advice how to handle this situation

3

20.1 Legacy Series / Solved - OPNsense upgrade to 20.1.4 from 19 series broke my system

« on: April 22, 2020, 10:18:34 pm »

Hello,

Upgrade broke my system. Every new computer added to the system can not pass the firewall, eventhough there are correct rules based on aliases defined for the new machines.

The symptom is follows:

From the live log view of the firewall, it shown that based on the active pass rule the packets from the machine allowed to pass to internet.
However from the machine, even firewall can not ping and internet can not accessed. The machine can access local network and other network resources such as shared folders etc.

4

20.1 Legacy Series / OPNSense blocks one machine even though pass rules and log statements

« on: April 21, 2020, 01:17:42 am »

Hello

TLDR
In my network, only one machine can not access the firewall but also internet. Machine ip address is defined as pass rule in the rule settings. I can see the packets are allowed to pass from firewall live logs. However I can not ping the firewall from the machine as well as access the internet. I have given different ip addresses that are granted accesses to the firewall but the same happens.The machine, I believe based no mac, is not granted access. firewall is not using radius etc.

Long story:


I am runnig one opnsense firewall in my network. I have internal radius backed dhcp server. opnsense firewall relays dhcp request to the internal dhcp server.
I have a windows 10 machine that have not been used for quite sometime. Recently I booted it up, it received its preconfigured ip address from internal miktotik radius backed dhcp server.

* For every machine in the local network, there are aliases and rules are defined. The rules for the machine is also active. Basicall this machine is allowed to access outside.
* Machine's windows firewall is disabled.
* Machine can ping all machines in the local network except opnsense firewall and internet ipaddresses. Machine can access shared folders and other resources in the local network/lan.
* From the firewall live logs, by filtering for the ip address of the machine, I can see that packets, icmp and others are allowed from this machine, even though machine strangely can not go outside and can not receive ping responses.
* However unbound gives following error for each request made by this machine to firewall

2020-04-21T02:08:04   unbound: [98722:0] notice: remote address is ip4 192.168.1.23 port 51715 (len 16)
2020-04-21T02:08:04   unbound: [98722:0] notice: sendto failed: Invalid argument
2020-04-21T02:08:04   unbound: [98722:0] debug: using localzone xxxx.home. transparent
2020-04-21T02:08:04   unbound: [98722:0] info: 192.168.1.23 wpad.xxxx.home. A IN
2020-04-21T02:08:02   unbound: [98722:0] notice: remote address is ip4 192.168.1.23 port 51715 (len 16)
2020-04-21T02:08:02   unbound: [98722:0] notice: sendto failed: Invalid argument
2020-04-21T02:08:02   unbound: [98722:0] debug: using localzone xxxx.home. transparent
2020-04-21T02:08:02   unbound: [98722:0] info: 192.168.1.23 wpad.xxxx.home. A IN

* Unbound has following settings active in its general settings.

Enable DNSSEC Support
Register DHCP leases
Register DHCP static mappings

* Unbound does not have any access list configured other than generic ones as below.

Internal    Allow    127.0.0.1/8
Internal    Allow    ::1/64
Internal    Allow    192.168.1.1/24
Internal    Allow    fe80::2e0:67ff:fe10:ab4a/64

In summary: OPNSense reports that packets are passing from the firewall, but the machine can not ping or access the firewall even though there are not any setting in the unbound. Unbound does not have specific setting for the machine

What could be the reason? Any help much appreciated. By the way, every machine in the network based on firewall rules can access internet without problem. Only this machine has this problem.

UPDATE.
--------
I have disabled the UNBOUND and enabled the dnsmasq as dns server. The same problem continues. I have not seen anything in the dnsmasq logs (there is not option of controlling log level in the settings similar to unbound)

5

General Discussion / Feature or bug? Dhcp deny unknown clients overrides/surpasses firewall rules

« on: December 19, 2019, 02:51:57 pm »

Hello,

I have switched from mikrotik dhcp server to opnsense built-in dhcp server. I selected deny unknown clients option in general configuration. I also checked the Enable Static ARP entries and for each static entry I checked the Arp Table Static Entry option.

After these settings applied, the firewall does not even respond to ping request from  the clients not in the list. I have ip's statically set devices such as nas and switches and there is also allow icmp request rules from all lan subnet before all other rules in firewall rules. There is also pass through rules for statically entered ip addresses for example nas devices in the firewall rules. However unless explicitly typed in dhcp static list, they are still blocked.

According to me this is not proper behaviour, hidden feature or bug. Dhcp enteries becomes somehow firewall rules and even more than overrules the firewall rules. For example, test purposes, I manually assigned an ip address to my daily used labtop, which has valid passthroug address in firewall rules, that is not listed is dhcp static enteries, and I can not even ping the firewall and can not access the firewall.

This strange behaviour in effect overrules  anti lock rules, I can not access anything about firewall until I enter a valid address listed in the dhcp.

This must not be static lease behavior of dhcp or the affect of the setting must be explicity showed in the firewall rules according to me..

I appreciate any insight.

Thank you..

My configuration is as follows

-----------------------------------------
OPNsense 19.7.7-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.0.2t 10 Sep 2019

6

General Discussion / Migration from mikrotik infrastructure and Zywall: need advice

« on: November 05, 2019, 11:48:58 am »

Hello,

I had a zywall usg firewall which I ditched in favor of opnsense. Since the zywall capability was limited I used a mikrotik router for dhcp and radius server. Mikrotik has a radius server package which called userman. It has web interface. With this one interface, I was able to control ever device in the network. Mikrotik dhcp server asks validity of mac address to the radius server, if authorized then ip addres is assigned. I also use it to control wifi mac address authentication. Via CAPSMAN, I can control several mikrotik wifi from userman. I only made entries to the userman(radius server), and the clients are automatically can get ip address and can connect to wifi network.

In opnsense, I have not been able to do this in one place. I have keep two different but actually same database, one with freeradius and one with dhcp server.

How can I control wifi and dhcpc mac address restrictions from a single place in opnsense?

Thanks in advance..

7

General Discussion / Mikrotik convert: Is it possible? : mac adress auth of DHCP requests via RADIUS

« on: March 10, 2019, 01:05:15 am »

Hello,

I asked this question a couple of days ago and got no answer. I revise and simplify my question. Any response much appreciated.

I really need to know if  opnsense has the capability of  authenticating dhcp request with mac  via built-in dhcp server  against freeradius server installed as a plugin. (I want to have a single interface for entering authorized client access)

This is crucial for me, otherwise I will switch back  to another solution. I installed opnsense and spent great deal amount of learning and configuring it, I took this feauture as granted and never thought it could not be possible. 

If the answer is yes, I also appreciate for further directions about how to do it? 

8

Turkish - Türkçe / türkçe klavye nasıl yapılır

« on: March 08, 2019, 09:30:01 pm »

Open sense kurdum. Ancak konsol abd klavye düzeninde kaldı. setxkbmap komutunu bulamadığı için çalışmıyor. Nasıl klavyeyi türkçe f yaparım?