Topics

1

23.1 Legacy Series / [SOLVED] No send syslog to graylog server

« on: March 11, 2023, 03:14:31 pm »

Good morning,
I'm trying to send syslog messages from opnsense to a graylog server.
Unfortunately, it doesn't work and I don't understand why.
My opnsense config:



If I do a command line test from opnsense:

Code: [Select]

echo 'TEST' | nc 192.168.1.103 1514
The entry is present in graylog:



I have the impression that opnsense does not send anything to graylog.
I tried TCP and UDP but there is no difference.
Here are the syslog statistics:




You have an idea ?
THANKS

2

Virtual private networks / Restart OpenVPN client service configuration automatically

« on: January 15, 2023, 11:52:35 am »

Hi,
I have two OpenVPN clients on my OpenSense machine whose server config I don't manage.
Unfortunately from time to time, the two clients can be in the same IP range and this gives me problems for the routing, here is an illustration of the problem:


In this case, in the "VPN: OpenVPN: Connection Status" menu, I restart the service until the vpn server gives me another ip address:



Once done, everything works and no more problems:


But how do you do this automatically? On the OpenVPN client side, there is a command/option that can ban an IP?
Thanks for your help

3

21.7 Legacy Series / VLAN routing no longer works on reboot

« on: January 16, 2022, 12:22:10 pm »

Hello everyone,
I am having a problem with a VLAN. I was inspired by (the excellent) tutorial:
https://nguvu.org/pfsense/pfsense-baseline-setup/

I have a client VPN (NordVPN) and I want to create a VLAN that distributes this VPN to machines on my LAN.
The VPN works correctly on the contrary the VLAN works but if I restart or make any backup of the interface it no longer works.
My steps to create the VLAN:


Starting :



I create a VLAN with an ID of 10:



I assign an interface to this VLAN:



I create an Outbound rule that routes traffic to the NordVPN interface (connected OpenVPN interface)



I activate the DCHP:



I authorize all traffic in IPV4 (we will see later to refine the rights):



End:


Everything works fine as long as I don't restart OPNSense for example but if i restart OPNSense, a pc on the vlan no internet work (dchp, addressing works).
I have the impression when I do a capture of the packets that the requests come out fine but on the return OPNSense no longer routes them.
Any help or advice is welcome,
Thank you in advance,

4

21.7 Legacy Series / openvpn client + server

« on: December 15, 2021, 06:28:07 pm »

Hello everyone,
I wanted to know if there are any people using the openvpn client and the openvpn server.
I would eventually like to set up a specific vlan with a client vpn and on another vlan access to my home automation via openvpn server.
At the moment I just can't seem to get both to work.
If I stop the client, the server is working correctly and I can connect with my phone for example.
On the other hand if I activate the VPN customer service (I am at NordVPN) then impossible to connect with my phone.
The log file indicates this error:

Code: [Select]

Server VPN (nok):
2021-12-15T18:14:25 openvpn[43478] XX.XX.XX.XX:49605 TLS Error: incoming packet authentication failed from [AF_INET]XX.XX.XX.XX:49605
2021-12-15T18:14:25 openvpn[43478] XX.XX.XX.XX:49605 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1639588468) 2021-12-15 18:14:28 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2021-12-15T18:14:24 openvpn[43478] XX.XX.XX.XX:49605 TLS Error: incoming packet authentication failed from [AF_INET]XX.XX.XX.XX:49605
2021-12-15T18:14:24 openvpn[43478] XX.XX.XX.XX:49605 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1639588468) 2021-12-15 18:14:28 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Client VPN (ok):
2021-12-15T18:12:28 openvpn[79666] Initialization Sequence Completed
I specify that the WAN does not pass via the vpn client (nordvpn).
Thank you

5

21.7 Legacy Series / Mutli-wan with dual-lan does not work

« on: September 15, 2021, 08:46:10 pm »

Hello everyone,
I have some difficulties with OPNSense on a multi-wan and dual-lan architecture.
Here is a diagram of the network (obviously I'm as good with paint as OPNSense  ):



My LAN network works perfectly, on the contrary LAN_Test not.
I have no internet connection from LAN_Test, and even a simple ping request does not work from a PC on the LAN_Test network to 1.1.1.1 for example.
However, I can clearly see the request in the firewall logs. And this request comes out well:





If I try to ping from LAN_Test to another opnsense, I can see the imcp request arriving on the target opnsense.
I have the impression that it is at the "return" that there is a problem with routing.

Here are my NAT rules:



Outbound:



If you have advice or an idea, I am interested. Thank you

6

21.7 Legacy Series / [SOLVED] No web interface access plugin Ntopng

« on: August 31, 2021, 10:40:38 pm »

Hello everyone,
I cannot access the web interface (192.168.1.1:3000) of the Ntopng plugin. I've tried os-ntopng (1.2_1) or even os-ntopng-enterprise (5.1.210831) but neither works.
For the "standard" os-ntopng (1.2_1) version:
I have this config:



And for the DB redis:


The ntopng log:

Code: [Select]

31/Aug/2021 22:14:29 [main.cpp:379] Logging onto /var/db/ntopng/ntopng.log
31/Aug/2021 22:14:29 [main.cpp:382] Working directory: /var/db/ntopng
31/Aug/2021 22:14:29 [main.cpp:384] Scripts/HTML pages directory: /usr/local/share/ntopng
31/Aug/2021 22:14:29 [Ntop.cpp:440] Welcome to ntopng amd64 v.3.4.0 - (C) 1998-20 ntop.org
31/Aug/2021 22:14:29 [Ntop.cpp:841] Adding 192.168.1.1/32 as IPv4 interface address for igb0
31/Aug/2021 22:14:29 [Ntop.cpp:850] Adding 192.168.1.0/24 as IPv4 local network for igb0
31/Aug/2021 22:14:29 [Ntop.cpp:872] Adding fe80::20d:b9ff:fe5a:65a8/128 as IPv6 interface address for igb0
31/Aug/2021 22:14:29 [Ntop.cpp:882] Adding fe80::20d:b9ff:fe5a:65a8/64 as IPv6 local network for igb0
31/Aug/2021 22:14:29 [PeriodicActivities.cpp:107] Started periodic activities loop...
31/Aug/2021 22:14:31 [startup.lua:50] Processing startup.lua: please hold on...
31/Aug/2021 22:14:31 [startup.lua:144] [lists_utils.lua:758] Refreshing category lists...
31/Aug/2021 22:14:32 [startup.lua:144] [lists_utils.lua:696] Category Lists (695 hosts, 3023 IPs, 100 JA3) loaded in 1 sec
31/Aug/2021 22:14:32 [startup.lua:218] Startup completed: ntopng is now operational
31/Aug/2021 22:14:32 [PeriodicActivities.cpp:168] Each periodic activity script will use 2 threads
31/Aug/2021 22:14:32 [NetworkInterface.cpp:2749] Started packet polling on interface igb0 [id: 0]...

The log system says:

Code: [Select]

Aug 31 22:14:29 OPNsense ntopng[51464]: [Utils.cpp:3611] WARNING: ntopng has not been compiled with libcap-dev
Aug 31 22:14:29 OPNsense ntopng[51464]: [Utils.cpp:3612] WARNING: Network discovery and other privileged activities will fail
I don't understand, everything seems to be working and yet unable to access the web interface.
The firewall does not block the request on port 3000.
Do I have to create a specific rule?
I am in multi-wan according to this config (https://docs.opnsense.org/manual/how-tos/multiwan.html), I wonder if this is not the problem.

Version opnsense :

Code: [Select]

OPNsense 21.7.1-amd64
FreeBSD 12.1-RELEASE-p19-HBSD
OpenSSL 1.1.1k 25 Mar 2021

Thanks for any help

EDIT:

I finally found and had the same problem as in the following question:
https://www.roj.fr/wp-content/uploads/2021/08/exeption.png

I had to make an exception as follows:

7

21.1 Legacy Series / NAT outbound automatic difference with manual

« on: June 07, 2021, 09:29:41 pm »

Hello,

I am new to the OPNSense environment and I do not understand a small problem.
On my (virtual) server, OPNSense has a WAN interface.
When the NAT Outbound rules are on "Automatic": I have this config:



In this case everything works correctly except OPNSense itself (but not the machines on the LAN) has no WAN / internet (no ping - eg 1.1.1.1 => 100% lost).
And conversely when I set the rules myself like this:


It is the opposite, I can no longer connect to remote on OPNSense or a machine on the LAN but OPNSense can go on the internet (for example to update the firmware or ping 1.1.1.1 => ok)

And the hybdrid mod doesn't work better.
I don't understand the difference between the two options.
Do you have an idea?

Thanks in advance