OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of raider2k23 »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - raider2k23

Pages: [1]
1
23.7 Legacy Series / Vlan with no internet access and OPNsense pings 127.0.0.1
« on: October 01, 2023, 06:54:19 pm »
Hi,

I have two problems configuring OPNsense.

My Vlans have no internet access, but the gateway on every VLAN can ping to internet.

Also my OPN can´t update anymore, every try to ping from shell ends successful with localhost (127.0.0.1), when using hostname.. but ping 1.1.1.1 works for example.

Code: [Select]
**GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.7.5 at Sun Oct  1 18:49:16 EEST 2023
Fetching changelog information, please wait... Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
48907755753472:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://opnsense.c0urier.net/FreeBSD:13:amd64/23.7/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://opnsense.c0urier.net/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: Authentication error
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://opnsense.c0urier.net/FreeBSD:13:amd64/23.7/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
The setup of WAN and networks:

WAN: 185.xx.yy.2/26 GW: 185.xx.yy.1
VLAN1: 192.168.6.0/24 GW: 192.168.6.1
VLAN2: 192.168.15.0/24 GW: 192.168.15.1

NAT set to Hybrid, automatic also didn´t work.

Here the only one Firewall Rules on every VLAN:
IPv4 *   VLAN1/2 net   *   *   *   *   *

2
German - Deutsch / VLAN hat kein Internet und OPN-Update schlägt fehl
« on: October 01, 2023, 06:14:41 pm »
Hi,

ich habe 2 Probleme mit einer OPNsense, ich komme von Sophos UTM, daher ist das Verständnis da, aber die OPN ist doch von der Bedienung noch etwas ungewohnt.

Ich habe aktuell 2 Probleme, zum einen haben meine VLANs kein Internet, das Gateway des jeweiligen VLAN kann jedoch ins Internet pingen, aber keine Clients dahinter.

Zum anderen kann die OPNsense keine Updates mehr beziehen.. es endet mit einem Verification failure und wenn ich aus der Shell pkg.opnsense.org anpinge antwortet meine Firewall (127.0.0.1)

Code: [Select]
**GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.7.5 at Sun Oct  1 18:49:16 EEST 2023
Fetching changelog information, please wait... Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
48907755753472:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://opnsense.c0urier.net/FreeBSD:13:amd64/23.7/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://opnsense.c0urier.net/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: Authentication error
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://opnsense.c0urier.net/FreeBSD:13:amd64/23.7/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
Der Netzwerkaufbau sieht so aus:

WAN: 185.xx.yy.2/26 GW: 185.xx.yy.1
VLAN1: 192.168.6.0/24 GW: 192.168.6.1
VLAN2: 192.168.15.0/24 GW: 192.168.15.1

NAT ist auf Hybrid, aber auch mit automatic funktioniert es nicht.

Ansonsten hat jedes VLAN folgende FW Rules:
IPv4 *   VLAN1/2 net   *   *   *   *   *

3
German - Deutsch / NAT Public IP OPNsense hinter Mikrotik
« on: September 03, 2023, 05:03:04 pm »
Hi,

Ich habe ein Problem mit meiner OPNsense hinter einem Mikrotik Router mit fibre SFP module

Leider bin ich noch recht neu im Umgang mit der OPNsense, daher die Frage, ob mir hier jemanden helfen kann?

Hier der Aufbau:

Mikrotik
WAN IP 185.230.xxx.2
LAN  192.168.88.0/24

OPNsense
WAN IP 192.168.88.253
LAN  192.168.30.0/24

Nun möchte ich die WAN IP vom OPNsense per NAT/masq auf die WAN IP vom Mikrotik setzen, u.a. für IPsec.

OpenVPN arbeitet ohne Probleme in dem ich per NAT am Mikrotik 192.168.88.253 zu 185.230.xxx.2 übersetze..
Da OpenVPN also funktioniert, sollte auch ein Weg möglich sein, IPsec zum laufen zu bekommen, oder?

4
Virtual private networks / IPsec Tunnel between OPN and UTM not working
« on: September 02, 2023, 04:47:28 pm »
Hi,

I try to get an IPsec Tunnel between a UTM (9.716) and ONSense 23.7.3

The log on UTM shows:

Code: [Select]
initiator cookie:
01 d6 0b 09 e4 37 be 33
responder cookie:
00 00 00 00 00 00 00 00
next payload type: ISAKMP_NEXT_SA
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: none
message ID: 00 00 00 00
***emit ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_VID
DOI: ISAKMP_DOI_IPSEC
****emit IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
****emit ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
proposal number: 0
protocol ID: PROTO_ISAKMP
SPI size: 0
number of transforms: 1
*****emit ISAKMP Transform Payload (ISAKMP):
next payload type: ISAKMP_NEXT_NONE
transform number: 0
transform ID: KEY_IKE
******emit ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_TYPE
length/value: 1
[1 is OAKLEY_LIFE_SECONDS]
******emit ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_DURATION
length/value: 7800
******emit ISAKMP Oakley attribute:
af+type: OAKLEY_ENCRYPTION_ALGORITHM
length/value: 7
[7 is AES_CBC]
******emit ISAKMP Oakley attribute:
af+type: OAKLEY_HASH_ALGORITHM
length/value: 1
[1 is HMAC_MD5]
******emit ISAKMP Oakley attribute:
af+type: OAKLEY_KEY_LENGTH
length/value: 256
******emit ISAKMP Oakley attribute:
af+type: OAKLEY_AUTHENTICATION_METHOD
length/value: 1
[1 is pre-shared key]
******emit ISAKMP Oakley attribute:
af+type: OAKLEY_GROUP_DESCRIPTION
length/value: 5
[5 is MODP_1536]
emitting length of ISAKMP Transform Payload (ISAKMP): 36
emitting length of ISAKMP Proposal Payload: 44
emitting length of ISAKMP Security Association Payload: 56
out_vendorid(): sending [strongSwan]
***emit ISAKMP Vendor ID Payload:
next payload type: ISAKMP_NEXT_VID
emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
V_ID 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb
emitting length of ISAKMP Vendor ID Payload: 20
out_vendorid(): sending [Cisco-Unity]
***emit ISAKMP Vendor ID Payload:
next payload type: ISAKMP_NEXT_VID
emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
V_ID 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
emitting length of ISAKMP Vendor ID Payload: 20
out_vendorid(): sending [XAUTH]
***emit ISAKMP Vendor ID Payload:
next payload type: ISAKMP_NEXT_VID
emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
V_ID 09 00 26 89 df d6 b7 12
emitting length of ISAKMP Vendor ID Payload: 12
out_vendorid(): sending [Dead Peer Detection]
***emit ISAKMP Vendor ID Payload:
next payload type: ISAKMP_NEXT_VID
emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
emitting length of ISAKMP Vendor ID Payload: 20
out_vendorid(): sending [RFC 3947]
***emit ISAKMP Vendor ID Payload:
next payload type: ISAKMP_NEXT_VID
emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
emitting length of ISAKMP Vendor ID Payload: 20
out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03]
***emit ISAKMP Vendor ID Payload:
next payload type: ISAKMP_NEXT_VID
emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
emitting length of ISAKMP Vendor ID Payload: 20
out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02]
***emit ISAKMP Vendor ID Payload:
next payload type: ISAKMP_NEXT_VID
emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
emitting length of ISAKMP Vendor ID Payload: 20
out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
***emit ISAKMP Vendor ID Payload:
next payload type: ISAKMP_NEXT_VID
emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
emitting length of ISAKMP Vendor ID Payload: 20
out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]
***emit ISAKMP Vendor ID Payload:
next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
emitting length of ISAKMP Vendor ID Payload: 20
emitting length of ISAKMP Message: 256
HA System: can not delete ha_state #10
2023:09:02-16:42:26 fw01 pluto[12839]: |
*received 40 bytes from 185.x.x.2:500 on eth4
**parse ISAKMP Message:
initiator cookie:
01 d6 0b 09 e4 37 be 33
responder cookie:
b0 25 be f0 20 51 d5 15
next payload type: ISAKMP_NEXT_N
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_INFO
flags: none
message ID: c3 c7 7c b7
length: 40
***parse ISAKMP Notification Payload:
next payload type: ISAKMP_NEXT_NONE
length: 12
DOI: ISAKMP_DOI_IPSEC
protocol ID: 1
SPI size: 0
Notify Message Type: NO_PROPOSAL_CHOSEN
packet from 185.x.x.2:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
info:
what is the problem? I´m new to OPNSense, just managed UTM or XG until now and these IPsec Tunnels were working fine

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2