Topics

Hi,
on former versions of opnsense it was possible to create a client certificate once you added a new user.
On 25.1.1 the option is missing.
Documentation still has the checkbox to automatically create a certificate:
https://docs.opnsense.org/manual/how-tos/user-local.html

Is this an bug or an outdated documentation and if the latter what's the new procedure to create a new OpenVPN user?

Best Regards,
Paul 

DNS with Dnsmasq is broken after
update to 22.1.5.
Is there any way to downgrade opnsense-revert without DNS?

[System:]

Hi everyone,
i want to switch from an old pfsense installation with an openvpn VPN to an opnsense 15.7.19 installation with multi wan and IPsec mobile setup.
So far so good, the installation is running, multi wan working and IPsec is setup.
I can connect by an OSX 10.11.1 Client via IPsec and get access to web frontend of the opnsense installation.
But any DNS lookups through the tunnel run into a timeout.
From the resolve.log i can see, that any client side nslookup is processed by the unbound resolver, but it seems that the answer isn't routed back through the tunnel to the vpn client.
Any help is appreciated.

System:
OPNsense 15.7.19-amd64
FreeBSD 10.1-RELEASE-p23
OpenSSL 1.0.2d 9 Jul 2015

Intel(R) Xeon(R) CPU E31220 @ 3.10GHz
4 CPUs: 1 package(s) x 4 core(s)

Mobile Clients:
User authentication:   Local Database
Group Authentication:   none
Virtual Address Pool:
   Provide A virtual IP:   Checked
   10.190.39.0/24

DNS Servers:     Checked
   10.190.30.253

Tunnel Phase1:
Key Exchange:   V1
IP:      IPV4
Interface:   WAN1

Authentication Method:   Mutual PSK+Xauth
Negotiation Mode:   Aggressive
My Identifier:      My IP Address
Peer Identifier:   Distinguished Name
         foo
Pre-Shared Key:      bar

Encryption algorithm:   3DES
Hash Algorith:      SHA1
DH Key Group:      2 (1024)
Lifetime:      28800
Disable Rekey:      Not Checked
Disable Reauth:      Not Checked
NAT Traversal:      Enable
Dead Peer Detection:   Not Checked


Phase 2:
Mode:      Tunnel IPv4
Type:      LAN Subnet
Address:   Left blank
Nat/Binat:   None
Address:   Left blank
      /128
Protocol:   ESP
Encryption:   Checked: AES, auto; Blowfish, auto; 3DES, CAST128
Hash Algs:   MD5, SHA1
PFS Keygroup:   OFF
Lifetime:   3600
Auto Ping Host:   Left blank


Firewall->NAT->Outbound:
Automatic outbound NAT:   Checked
WAN   127.0.0.0/8 10.190.30.0/24 10.190.39.0/24   *   *   500   WAN address   *   YES   Auto created rule for ISAKMP
WAN   127.0.0.0/8 10.190.30.0/24 10.190.39.0/24   *   *   *   WAN address   *   NO   Auto created rule
VDSL   127.0.0.0/8 10.190.30.0/24 10.190.39.0/24   *   *   500   VDSL address   *   YES   Auto created rule for ISAKMP
VDSL   127.0.0.0/8 10.190.30.0/24 10.190.39.0/24   *   *   *   VDSL    address   *   NO   Auto created rule

Firewall->Rules->Lan:
   *   *   *   LAN Address   443/80/22   *       Anti-Lockout Rule   
IPv4 *   LAN net   *   *   *   *      Default allow LAN to any rule     
IPv4 *   LAN net   *   *   *   Load_Balancing      Load Balancing
IPv4 *   LAN net   *   *   *   WAN1failover      If WAN fails switchover to VDSL     
IPv4 *   LAN net   *   *   *   WAN2failover      If VDSL fails switchover to WAN     
     

Firewall->Rules-IPSec:
IPv4 *   *   *   *   *   *         

DNS Resolver->Access Lists

Action: Allow
Networks: 10.190.0.0/16

Hi,
i have problems getting the dnsmasq running.
Installed 15.1.11 upgraded to 15.1.12
Multiwan setup
dhcp server running
system->settings dns servers entered and assigned to the 2 wans
dns forwarder enabled, no other checkbox enabled on this page
diagnostics->dns lookup works
dhcp works and distributes the ip number of the opnsense box as a nameserver to all clients
i can ping from any host ip numbers but i can't resolve any domain name

Any help is very welcome,
Best regards,
Paul

/etc/resolv.conf
domain foo.local
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 194.25.0.52
nameserver 194.25.0.68

/etc/hosts
127.0.0.1       localhost localhost.foo.local
10.190.30.254   foorouter.foo.local foorouter