Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - verasense

Pages: [1]

General Discussion / Research Internet connectivity issue

« on: December 11, 2021, 05:08:25 pm »

During the last two days I went to bed with Internet access and I woke up without it. My question is: How can I research what is happening? What should I look for and where? I looked into logs but I could not find anything strange.

Symptoms:
- The router is operating but devices have no Internet access
- However, devices can access machines within the local VLANs, so my computer can see data from the camera, locally
- Cannot access the router GUI by DN but I can by IP
- From the router I can ping google.com and get DN for www.google.com
- I can connect externally via VPN
- When Windows tries to fix the issue by reseting DHCP, I lost the assigned IP (DHCP not working?)
- I had to restart the router to get everything back. I found out that restarting some services a couple of times seems to work too.

Some context:
It all started when I rebooted the router after many months of uninterrupted operation and I upgraded Opnsense to the latest version:
Type   opnsense
Version   21.7.6
Architecture   amd64
Flavour   OpenSSL
Commit   acdaa7649
Mirror   https://pkg.opnsense.org/FreeBSD:12:amd64/21.7
Repositories   OPNsense
Updated on   Wed Dec 8 13:52:49 UTC 2021
Checked on   Sat Dec 11 13:29:34 UTC 2021

All packages are up to date:
Your packages are up to date.

I only see this issue, but I don't see the reason, and it seems to work fine:
os-dyndns (misconfigured)   1.27_1   173KiB   OPNsense   Dynamic DNS Support

WAN connection is OK:
   Name   Interface   Protocol   Priority   Gateway   Monitor IP   RTT   RTTd   Loss   Status   Description
      WAN_... (active)   WAN   IPv4   254 (upstream)   x.x.x.x      ~   ~   ~   Online   Interface

From a client computer I get no DNS access:
> tracert google.com
Unable to resolve target system name google.com.

> nslookup www.google.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 10.1.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

But from the router I can ping and receive DNS responses with no problem

It seems to me that I could be a problem related to DHCP or DNS, but what should I look for, and in which GUI option, to find the source of error?

Thanks

General Discussion / Live view filtering - Is this normal?

« on: May 03, 2021, 03:59:17 pm »

I am trying to remove a host from the Live View display. I have set host != IP but it is still showing up.

Is this a bug or am I doing something wrong?

21.1 Legacy Series / Member of VLAN - OpenVPN

« on: April 02, 2021, 02:29:01 pm »

This should be an easy one, but I can't make it work.

I am trying to connect as a client to the OpenVPN server. What I want is to connect as if I was in one of my VLANs, transparently, let's say 192.168.3.0/24, and get an IP address from there as everyone else in the network.

So I use:
IPv4 Tunnel Network = 192.168.100.0/24
IPv4 Local Network = 192.168.3.0/24
Dynamic IP   unchecked
Address Pool   checked
Topology   unchecked

However I always get a 192.168.100.0 IP address and I am not able to access the VLAN. How can I configure this?

21.1 Legacy Series / VLAN in WAN and LAN

« on: March 23, 2021, 11:41:22 pm »

My ISP requests a VLAN of 20, does this mean I should not use VLAN 20 in my LAN? Or will OPNsense treat differently VLANs on WAN interface vs VLANs on LAN interfaces?

21.1 Legacy Series / Switch cannot get IP via DHCP

« on: March 21, 2021, 05:29:31 pm »

I have a switch A that gets its address via DHCP. The switch is connected to opnsense in this way:

switch A (port 8 ) - VLAN 1 - opnsense (interface 3)
switch A (port 4 ) - VLAN 2 - switch B - opnsense (interface 2)

Both VLANs have DHCP activated and some clients are getting addresses. However, the switch (and also another switch I have) are not getting any address.
- I could see on Wireshark (VLAN 1 computer) the repeated requests from the switch to get an address (not the answers, though, if any exist).
-The firewall has the autogenerated rules to allow DHCP, and I even created a floating rule for that.
- I cannot see any request in the DHCP log

How can I troubleshoot this? Is there any option I might be missing for opnsense not to lease an address?

-----
UPDATE: I captured packets from Interfaces - diagnostics - Packet capture and I can't see the request from the switch. However, I can see the request from a client. Is it possible that the DHCP request is not sent over the tagged port? I think this worked for me in the past

21.1 Legacy Series / APs going through opnsense

« on: March 18, 2021, 04:05:35 pm »

In my network I have different APs to get wifi clients.
The problem is that the firewall rules I have defined in opnsense wrt these clients are basically useless. For example, I am blocking ping access to the wifi camera at 192.168.0.5. However, any client connected to the same AP can ping the camera, since the request is received by the AP, which deals with it immediately without having to pass through opnsense. Is there a way I can force all traffic to go through opnsense?

21.1 Legacy Series / VLAN performance

« on: March 18, 2021, 02:46:32 am »

I have an opnsense with a WAN and a LAN connection. The LAN has 3 VLANs and is connected to a switch.

I am a bit concerned about performance, so taking advantage I recently got a second switch I am thinking on an improvement. Since the 3 VLANs share the same network cable, it seems reasonable to me that this could cause performance issues, if the three VLANs move a lot of data at the same time. So I am considering two scenarios:

A) Spliting the VLANs, placing VLAN 1 (the most important) on its own cable and VLAN2 and 3 on another. The second switch will also have some VLAN 2 devices that will be routed through the main switch.

B) Just connecting the new switch to the main one. Opnsense will manage the 3 VLANs on a single cable as before.

So, out of these two options (A and B, as shown in the image). What is more "correct"?
(Note: maybe there is another option that I am not contemplating)

21.1 Legacy Series / DNS without domain

« on: March 15, 2021, 03:28:46 pm »

I used the "Register DHCP static mappings" to get the computer names into the DNS.

However:
ping computer1 cannot be resolved
But:
ping computer1.domain can.

Is there a way to allow DNS request without the domain?

Pages: [1]