Topics

Hi Guys,

i have a Question about the MTU size for PPOE.

When i have a calculated ping -f -l of 1448 mtu do i add 20 header or 28 header+ppoe in the WAN Interface of the OPNsense?


Many Thanks

Hi Guys,

atm i'm still on 16.1.20 and just wanted to ask if assigning a vlan interface as wan still work?
Also does openvpn device mode tap work now?

greetings neo

Hallo Leute,

wie bekomme ich es hin das Broadcasts zwischen Lan1 und dem Openvpn hin und her geschickt werden können ?

hier mein Setup:

Client: Firewall aus
VpnClient: Firewall aus
Opnsense Firewall regeln sind: * * * * * etc. in beide Richtungen.

Openvpnserver ist wie folgt konfiguriert:
tap
UDP
das Lan Netzwerk ist voll verfügbar Pings NFS etc. funktionieren ohne Probleme
push "route xxx.xxx.xxx.xxx 255.255.255.0"


gibt es sonst noch etwas was ich Einstellen muss damit Broadcasts durch die beiden Netze geschickt werden?


Gruß Neo

Hi Guys,

did something change with aliases?

i can't modify old alias rules with port ranges like 1000-2000 error: not valid.
The wiki says port ranges are set by an : but there i also got the error: not valid.
Also New Rules won't work with - or :.
What I'm doing wrong?

Greetings Neo

Hi Guys


would you suggest to lower the MTU even with a fibre connection?


Greetings Neo

HI Guys,

is there a way to measure packetloss between isp opnsense and internet?

Greetings Neo

Hi Guys,

I wish all of you a Happy New Year.
Now to my Question :P how can i make a exlusion for DNS Rebind Protection?


Greetings Neo

Hi Guys,


is it possible to set the automatic created rule to static port?
setting it to manual holds the standard ones and you can modify them so closed.





Greetings Neo

Everybody get in Hype Train
http://pcengines.ch/apu2b4.htm

Hi Guys after Updating to the latest release i got this error.
Do i need to worry/fix it or can i ignore it?

Code Select Expand

FreeBSD 10.1-RELEASE-p19 #0 c982dff(stable/15.7): Wed Sep  9 22:44:49 CEST 2015     root@sensey64:/usr/obj/usr/src/sys/SMP
OPNsense 15.7.16-d1cca7f7e [15.7.12-b34a07b43] LibreSSL 2.2.3 (amd64)
UUID f6ca14d5-71ec-11e5-8a2e-000db93420a0
User Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
PHP Errors:

[13-Oct-2015 23:29:48 Europe/Berlin] PHP Fatal error:  Uncaught exception 'Exception' with message 'Timeout (120) executing :dyndns reload wan' in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php:100
Stack trace:
#0 /usr/local/etc/inc/legacy_bindings.inc(57): OPNsense\Core\Backend->configdRun('dyndns reload w...', false)
#1 /usr/local/etc/inc/interfaces.inc(3122): configd_run('dyndns reload w...')
#2 /usr/local/www/interfaces.php(697): interface_configure('wan', true)
#3 {main}
  thrown in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php on line 100
dmesg.boot:

Copyright (c) 1992-2014 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 10.1-RELEASE-p19 #0 c982dff(stable/15.7): Wed Sep  9 22:44:49 CEST 2015
    root@sensey64:/usr/obj/usr/src/sys/SMP amd64
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)
  Origin = "AuthenticAMD"  Id = 0x500f20  Family = 0x14  Model = 0x2  Stepping = 0
  Features=0x178bfbff
  Features2=0x802209
  AMD Features=0x2e500800
  AMD Features2=0x35ff
  TSC: P-state invariant, performance statistics
real memory  = 4815060992 (4592 MB)
avail memory = 4075749376 (3886 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table:
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
cpu0 (BSP): APIC ID:  0
cpu1 (AP): APIC ID:  1
ioapic0  irqs 0-23 on motherboard
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff805f84a0, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff805f8550, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff805f8600, 0) error 1
wlan: mac acl policy registered
random:  initialized
kbd0 at kbdmux0
module_register_init: MOD_LOAD (vesa, 0xffffffff80f6e1b0, 0) error 19
cryptosoft0:  on motherboard
padlock0: No ACE support.
acpi0:  on motherboard
acpi0: Power Button (fixed)
cpu0:  on acpi0
cpu1:  on acpi0
atrtc0:  port 0x70-0x71 irq 8 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
attimer0:  port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
hpet0:  iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 450
pcib0:  port 0xcf8-0xcff on acpi0
pci0:  on pcib0
pcib1:  irq 16 at device 4.0 on pci0
pci1:  on pcib1
re0:  port 0x1000-0x10ff mem 0xf7a00000-0xf7a00fff,0xf7900000-0xf7903fff irq 16 at device 0.0 on pci1
re0: Using 1 MSI-X message
re0: ASPM disabled
re0: Chip rev. 0x2c000000
re0: MAC rev. 0x00200000
miibus0:  on re0
rgephy0:  PHY 1 on miibus0
rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re0: Ethernet address: 00:0d:b9:34:20:a0
pcib2:  irq 17 at device 5.0 on pci0
pci2:  on pcib2
re1:  port 0x2000-0x20ff mem 0xf7c00000-0xf7c00fff,0xf7b00000-0xf7b03fff irq 17 at device 0.0 on pci2
re1: Using 1 MSI-X message
re1: ASPM disabled
re1: Chip rev. 0x2c000000
re1: MAC rev. 0x00200000
miibus1:  on re1
rgephy1:  PHY 1 on miibus1
rgephy1:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re1: Ethernet address: 00:0d:b9:34:20:a1
pcib3:  irq 18 at device 6.0 on pci0
pci3:  on pcib3
re2:  port 0x3000-0x30ff mem 0xf7e00000-0xf7e00fff,0xf7d00000-0xf7d03fff irq 18 at device 0.0 on pci3
re2: Using 1 MSI-X message
re2: ASPM disabled
re2: Chip rev. 0x2c000000
re2: MAC rev. 0x00200000
miibus2:  on re2
rgephy2:  PHY 1 on miibus2
rgephy2:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re2: Ethernet address: 00:0d:b9:34:20:a2
ahci0:  port 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem 0xf7f08000-0xf7f083ff irq 19 at device 17.0 on pci0
ahci0: AHCI v1.20 with 6 6Gbps ports, Port Multiplier supported
ahcich0:  at channel 0 on ahci0
ahcich1:  at channel 1 on ahci0
ahcich2:  at channel 2 on ahci0
ahcich3:  at channel 3 on ahci0
ahcich4:  at channel 4 on ahci0
ahcich5:  at channel 5 on ahci0
ohci0:  mem 0xf7f04000-0xf7f04fff irq 18 at device 18.0 on pci0
usbus0 on ohci0
ehci0:  mem 0xf7f08400-0xf7f084ff irq 17 at device 18.2 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
ohci1:  mem 0xf7f05000-0xf7f05fff irq 18 at device 19.0 on pci0
usbus2 on ohci1
ehci1:  mem 0xf7f08500-0xf7f085ff irq 17 at device 19.2 on pci0
usbus3: EHCI version 1.0
usbus3 on ehci1
isab0:  at device 20.3 on pci0
isa0:  on isab0
pcib4:  at device 20.4 on pci0
pci4:  on pcib4
ohci2:  mem 0xf7f06000-0xf7f06fff irq 18 at device 20.5 on pci0
usbus4 on ohci2
pcib5:  at device 21.0 on pci0
pci5:  on pcib5
ohci3:  mem 0xf7f07000-0xf7f07fff at device 22.0 on pci0
usbus5 on ohci3
ehci2:  mem 0xf7f08600-0xf7f086ff at device 22.2 on pci0
usbus6: EHCI version 1.0
usbus6 on ehci2
acpi_button0:  on acpi0
orm0:  at iomem 0xee800-0xeffff on isa0
ppc0: cannot reserve I/O port range
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
uart0: console (115200,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 on isa0
acpi_throttle0:  on cpu0
acpi_throttle1:  on cpu1
acpi_throttle1: failed to attach P_CNT
device_attach: acpi_throttle1 attach returned 6
Timecounters tick every 1.000 msec
IPsec: Initialized Security Association Processing.
random: unblocking device.
usbus0: 12Mbps Full Speed USB v1.0
usbus1: 480Mbps High Speed USB v2.0
usbus2: 12Mbps Full Speed USB v1.0
usbus3: 480Mbps High Speed USB v2.0
ugen0.1:  at usbus0
uhub0:  on usbus0
ugen1.1:  at usbus1
uhub1:  on usbus1
ugen2.1:  at usbus2
uhub2:  on usbus2
ugen3.1:  at usbus3
uhub3:  on usbus3
usbus4: 12Mbps Full Speed USB v1.0
usbus5: 12Mbps Full Speed USB v1.0
usbus6: 480Mbps High Speed USB v2.0
ugen4.1:  at usbus4
uhub4:  on usbus4
ugen5.1:  at usbus5
uhub5:  on usbus5
ugen6.1:  at usbus6
uhub6:  on usbus6
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0:  ATA-9 SATA 2.x device
ada0: Serial Number 20140521B46264024357
ada0: 600.000MB/s transfers (SATA 3.x, UDMA5, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 30533MB (62533296 512 byte sectors: 16H 63S/T 16383C)
ada0: Previously was known as ad4
SMP: AP CPU #1 Launched!
Timecounter "TSC" frequency 1000020658 Hz quality 800
uhub4: 2 ports with 2 removable, self powered
Root mount waiting for: usbus6 usbus5 usbus4 usbus3 usbus2 usbus1 usbus0
uhub0: 5 ports with 5 removable, self powered
uhub2: 5 ports with 5 removable, self powered
uhub5: 4 ports with 4 removable, self powered
Root mount waiting for: usbus6 usbus3 usbus1
uhub6: 4 ports with 4 removable, self powered
uhub1: 5 ports with 5 removable, self powered
uhub3: 5 ports with 5 removable, self powered
ugen6.2:  at usbus6
umass0:  on usbus6
umass0:  SCSI over Bulk-Only; quirks = 0x4001
umass0:6:0:-1: Attached to scbus6
Trying to mount root from ufs:/dev/ada0s1a [rw,noatime]...
WARNING: /mnt was not properly dismounted
da0 at umass-sim0 bus 0 scbus6 target 0 lun 0
da0:  Removable Direct Access SCSI-4 device
da0: Serial Number 058F63666485
da0: 40.000MB/s transfers
da0: Attempt to query device size failed: NOT READY, Medium not present
da0: quirks=0x2
WARNING: /mnt was not properly dismounted

Greetings Neo

Hi Guys is there a smart way to block these Advertising Networks?

Greetings Neo

Hi guys,

how does the shared folder link look when i follow the wiki for it i only can generate a link looking like this:
https://drive.google.com/folderview?id=0xxxxxzHxxxxxx1ODRmxxxxx2lqVTQ&usp=sharing
What do i need to type in?


ok found my failure :/  not the sharing link just go into the folder and copy it from the url

Greetings Neo

Hi Guys,

just wanted to mention that update to and a fresh install with 15.7 wont work with my APU 1c4d. It starts normally but then i have no Network connection. Does anyone else have this problem?

Greetings Neo

Hi Guys,

i created a Openvpn Server with the opnsense Wizard and exported the Config. I also was able to Login to the VPN but i cant access other Devices on my Network except the opnsense.
I hope you can help me here are some Informations about my Configuration.

Opnvpn Server Tab
SSL+User Auth
Local Database
Prot Udp
Device tun
unchecked "Force all client generated traffic through the tunnel."

IPV4 Local Network/s 192.168.xx.0/24,192.168.xx.0/24
Inter-client communication checked
Dynamic IP checked
Adress Pool checked
DNS Server 192.168.xx.1
Netbios Option checked b-node
____________________________________________

Firewall

Wan any to dest Wan Adress 1194(generated by wizard)
openvpn any to any(generated by wizard)


under States i find this mhh i think its an error:

tcp   192.168.1.xx:32400 <- 10.0.9.6:39869   CLOSED:SYN_SENT