Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - romain

Pages: [1] 2

16.7 Legacy Series / Hang or FW down ?

« on: October 24, 2017, 08:56:25 pm »

Hello there,

I have a strange thing with my opnsense firewall.

Here a health report with System tab selected:

https://imgur.com/6fyTEiS

The symptom were multiple.
I was connected to the VPN and I get disconnected. I cannot reconnect during few seconds.

The memory, states, processor, free disk and everything are fine (even the uptime 80 days since my last maintenance).
It is far from being overwhelmed.

It seems that any traffic can go trough the firewall here an internal interface monitoring. We have the same hang everywhere on Packet and Traffic tab.

http://imgur.com/JAD1u7Q

I can't find anything in the logs.
I checked on the management interface of the server and everything is green.

Any idea on what I'm missing ?

Thanks
Romain

17.7 Legacy Series / [SOLVED] - Lagg0 down at the boot

« on: September 04, 2017, 07:20:55 am »

Hello,

I have a strange behavior with my OPNsense box.
I configured a lagg on two network cards. It seems to works great but at every boot, the lagg stay down/inactive. I need to go to Interfaces > Other types > LAGG and edit my lag.
Once validate (without any change), the lagg goes up/active and everything is working again.

I have some CARP VIP address set up on the lagg but I don't find anything why the lagg is not up and running (that I understand) from the boot of the firewall.

Any idea ?

Thank you
Romain

17.7 Legacy Series / [SOLVED] - OCE drivers and freebsd

« on: September 01, 2017, 09:41:23 am »

Hello,

I'm trying to update my firewalls and I would like to install my Emulex network card (OCE1102NT).

Based on the editor website, the default driver given in the FreeBSD image should do the job.

How can I included them on my OPNsense installation ?

Thank you
Romain

General Discussion / Archives Version

« on: August 28, 2017, 10:35:41 am »

Hello,

Is there a way to download an old version of OPNsense ?

I'm looking for a 16.7 latest iso.

Thank you
Romain

16.7 Legacy Series / CARP newbie questions

« on: October 10, 2016, 08:55:01 pm »

Hi,

I have few questions on how the carp protocol works.

Let's say I have two firewalls which are identical. 4 physicals network ports and 10 vlans on it.

I would like to configure one of my firewalls to be the master on each VLAN. So all the VIP will be actives on the master ? If I shutdown a vlan interface, the VIP goes directly on the backup but the whole firewall switch to the backup one.

I only tested the carp system with one interface and that was working great. I'm loosing only one ping.

Is this how carp work (active /passive) or is there a way to make active /active scenario ? For example 5 VIP will be active on the first firewall and the second part on the second one ? However in this scenario, how that NAT / routing works ?

Which are the criteria to switch to the backup ? If an interface goes down ? Is it possible to add a weight ? If I have the WAN that go down switch, but if I have the MGMT interface continue to work for example ?

Let me know if I'm not clear.

Thanks !

15.7 Legacy Series / Download 15.7.25 ISO

« on: August 09, 2016, 05:07:58 pm »

Hi everyone,

Is there a way to download the 15.7.25 version. I will upgrade my main firewall and want to be sure I can still come back to the old version if needed.

Thank you
Romain

15.7 Legacy Series / pfr_update_stats: assertion failed

« on: January 20, 2016, 09:04:31 am »

Hello,

I'm in 15.7.24 and I have this following error all the time:

Code: [Select]

Jan 19 10:32:20 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 10:32:21 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:09:50 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:09:51 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:09:51 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:09:54 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:09:54 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:09:55 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:23:06 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:23:07 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:23:07 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:24:51 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:24:52 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 11:24:52 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 12:10:55 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 12:10:55 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 12:10:56 opnsense kernel: pfr_update_stats: assertion failed.
Jan 19 12:10:56 opnsense kernel: pfr_update_stats: assertion failed.

Any idea ?
Thanks

15.7 Legacy Series / Improvement - OpenVPN - KeepAlive option

« on: January 04, 2016, 05:39:06 pm »

Hello there,

It seems that in certain case we need to change the keepalive mode to a ping manually timeout specified (ping, ping-exit, ping-restart).

However, there is no way to disable this functionnality. The instruction keepalive is automatically added. It should be a good improvement to disable it in order to specify the ping value manually.

Do you think it could be possible ?

Thank you and best wishes for this new year !

15.7 Legacy Series / OpenVPN timeout

« on: December 15, 2015, 04:40:55 pm »

Hello there,

I have some strange behaviour with my openvpn. I have several timeouts and not related to my internet connection.

I have a low latency (6/10ms max) but sometime and without any explanations, I got ping with high latency 200/500 ms and few timeout. During these latency storm my internet is quite good (I still have 5/6 ms on different websites).

I tried to change tun vs tap and set the sndbuf and rcvbuf to 0 but nothing seems to be working.

The only thing I can do is to restart the service to be okay for few hours.

I changed the verobosity of the client and server log but I don't see anything.

Any idea on what's going on and what can I look into ?

Thank
Romain

15.7 Legacy Series / [SOLVED] Zabbix agent 2.4

« on: December 11, 2015, 03:49:04 pm »

Hello there,

I would like to know if there is a best way to install Zabbix Agent 2.4 on my OPNsense firewalls. Today, I will download an agent from the repository and configure it to load automatically (linux 2.6).

Does a package is already available and I can install directly through shell maybe ?

Thank you !
Romain

15.7 Legacy Series / [SOLVED] Reload filter error

« on: November 25, 2015, 08:01:25 am »

Hello,

I have a php error when I reload my filter :

Code: [Select]

Fatal error: Uncaught exception 'Exception' with message 'Timeout (120) executing :filter reload' in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php:100 Stack trace: #0 /usr/local/etc/inc/legacy_bindings.inc(38): OPNsense\Core\Backend->configdRun('filter reload', false) #1 /usr/local/etc/inc/filter.inc(119): configd_run('filter reload') #2 /usr/local/www/firewall_rules.php(52): filter_configure() #3 {main} thrown in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php on line 100

It seems it take really long time to apply it. If I go to Status > Filter Reload. I can see that my rules are applying one by one every 3 secondes. I also notice that when I boot the firewall it takes really long time to succeed Configuring Firewall (around 5 minutes).

Any idea ?

General Discussion / [SOLVED] PHP Error after reload filter rules

« on: November 25, 2015, 07:50:36 am »

I'm on the latest version :

Code: [Select]

Fatal error: Uncaught exception 'Exception' with message 'Timeout (120) executing :filter reload' in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php:100 Stack trace: #0 /usr/local/etc/inc/legacy_bindings.inc(38): OPNsense\Core\Backend->configdRun('filter reload', false) #1 /usr/local/etc/inc/filter.inc(119): configd_run('filter reload') #2 /usr/local/www/firewall_rules.php(52): filter_configure() #3 {main} thrown in /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php on line 100

15.7 Legacy Series / [SOLVED] - Buffer full ? Timeout on TCP connections ? Something slow down my OPN

« on: November 09, 2015, 05:56:27 pm »

I have a strange bug and I don't know where to look.

The symptom are very clear but I don't know how to reproduce it.

After some time / traffic (I don't know what is the source of the trouble yet), our service seems to go down (email exchange, netscaler access gateway to connect remotely to our desktop). The endpoint lost connection for few seconds.

The strange thing is that the PING is good and stable. I can access to the firewall through SSH or web but it seems to be very slow. For example, the history of the command take few seconds to display. I don't timeout but it's slow for few seconds / minutes.

It seems that some buffer is getting full and empty itself after few seconds (10/20). During this time, the ping is okay, the SSH session is very slow and on some service like RDP, we loose our connection.

I test the connection directly by using the VPN without going through our netscaler and same results.

I also check the health of the firewall and there is nothing. The CPUs and the RAM are fine. The number of sessions is okay (around 1300/2500 max). No error nowhere.

I don't have particular error on the interface level. I let the default MTU and MSS but I have any error which can tell me to change these seetings.

I try to look into Sync ACK but I didn't see anything particular. There is some but nothing more when the timeout / struggle time is on.

The datacenter provider don't see anything on it side. I test from different localisation and endpoint and always get these results.

Do you have any idea in which direction I can have a look ? $:-\$

Thank you
Romain

15.7 Legacy Series / [SOLVED] OpenVPN timeout

« on: October 25, 2015, 08:35:55 am »

Hello there,

I have a strange behaviour with the openvpn (connection from windows openvpn gui).

When I use it and after some time, I got plenty of timeout. If I wait few seconds it came back for few minutes.

I tested from differente locations and my internet connection is working even during the timeout.

I can't see anything on the firewall side and on the log. I restart sometimes the process openvpn and it works again for few minutes (sometimes 5, sometimes 30).

Do you have any idea of what's going on ?

I'm on the opnsense 15.7.16.

Thank you.

15.7 Legacy Series / [SOLVED] Can't add VIP Alias

« on: October 07, 2015, 09:42:30 am »

Hello,

I'm on the OPNsense 15.7.15-amd64. I have an issu with the IP alias.

I created an VIP IP Alias :

On the FreeBSD side, there is no VIP:

Code: [Select]

cns : flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:90:fa:9d:29:d8
        inet6 fe80::290:faff:fe9d:29d8%lagg0_vlan2010 prefixlen 64 scopeid 0x13
        inet 10.20.201.14 netmask 0xfffffff0 broadcast 10.20.201.15
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
        vlan: 2010 parent interface: lagg0

If I need it, I must add it through command line :

ifconfig cns 10.20.201.10 255.255.255.240 alias

I also notice that I can't choose anymore the mask size related to the IP when I create the IP Alias through the interface.

Is-it normal ?

Thank you.
Romain

Pages: [1] 2