Messages

1

20.1 Production Series / Re: Dynamic DNS issue (no-ip)

« on: July 04, 2020, 12:51:18 pm »

Looks like a new patch released today. 20.1.8.1 which has the fix. Check that out.

https://twitter.com/opnsense/status/1279363581470027776?s=19

Sent from my ONEPLUS A5000 using Tapatalk

2

Hardware and Performance / Re: OPNsense 20.1 on RaspberryPI 3

« on: November 25, 2019, 09:24:46 am »

Oh, okay ... just asking, because theoretically this image should also run on a pi4, which has a lot more power, but i also don't ordered one yet ^^

I have a 4GB RPi4, I will let you know if this image works on RPi4.

Regards,
Bobby Thomas

3

19.7 Legacy Series / Re: Wireguard Unstable

« on: November 01, 2019, 01:23:17 pm »

Ok I just tried now and it's still not connecting. I even restarted the Wireguard service but that didn't make any difference. Not sure what I need to fix this issue. I will also give it a try with a different port.

Thank you,
Regards,
Bobby Thomas

4

19.7 Legacy Series / Re: Wireguard Unstable

« on: November 01, 2019, 12:36:39 pm »

Thank you Michael, I updated tunnel ip addresses in endpoint configs to /32. But it seems like my internet went down and I am now unable to connect to my OPNsense from remote. I will update the status once connectivity is back.

Thank you,
Regards,
Bobby Thomas

5

19.7 Legacy Series / Re: Wireguard Unstable

« on: November 01, 2019, 12:09:14 pm »

I was trying different settings and I just checked that to see if it would make any difference.

Please see the Endpoint config from OPNsense attached.

Thank you,
Regards,
Bobby Thomas

6

19.7 Legacy Series / Re: Wireguard Unstable

« on: November 01, 2019, 11:53:12 am »

Screenshots of local instance and endpoints please

Please see attached.

Also see the below logs from the Wireguard client while trying to connect.

Code: [Select]

2019-11-01 05:36:06.221: [MGR] Update checker: Get https://download.wireguard.com/windows-client/latest.sig: dial tcp: lookup download.wireguard.com: no such host
2019-11-01 05:37:16.888: [TUN] [wireguard] Starting WireGuard/0.0.35 (Windows 6.3.9600; amd64)
2019-11-01 05:37:16.889: [TUN] [wireguard] Watching network interfaces
2019-11-01 05:37:16.917: [TUN] [wireguard] Resolving DNS names
2019-11-01 05:37:16.969: [TUN] [wireguard] Creating Wintun interface
2019-11-01 05:37:20.405: [TUN] [wireguard] Using Wintun/0.7 (NDIS 6.40)
2019-11-01 05:37:20.504: [TUN] [wireguard] Enabling firewall rules
2019-11-01 05:37:20.663: [TUN] [wireguard] Dropping privileges
2019-11-01 05:37:20.711: [TUN] [wireguard] Creating interface instance
2019-11-01 05:37:20.712: [TUN] [wireguard] Routine: event worker - started
2019-11-01 05:37:20.714: [TUN] [wireguard] Routine: encryption worker - started
2019-11-01 05:37:20.716: [TUN] [wireguard] Routine: decryption worker - started
2019-11-01 05:37:20.717: [TUN] [wireguard] Routine: handshake worker - started
2019-11-01 05:37:20.719: [TUN] [wireguard] Routine: encryption worker - started
2019-11-01 05:37:20.720: [TUN] [wireguard] Routine: decryption worker - started
2019-11-01 05:37:20.722: [TUN] [wireguard] Routine: handshake worker - started
2019-11-01 05:37:20.724: [TUN] [wireguard] Routine: encryption worker - started
2019-11-01 05:37:20.725: [TUN] [wireguard] Routine: encryption worker - started
2019-11-01 05:37:20.727: [TUN] [wireguard] Routine: decryption worker - started
2019-11-01 05:37:20.728: [TUN] [wireguard] Routine: handshake worker - started
2019-11-01 05:37:20.730: [TUN] [wireguard] Routine: handshake worker - started
2019-11-01 05:37:20.731: [TUN] [wireguard] Routine: decryption worker - started
2019-11-01 05:37:20.733: [TUN] [wireguard] Routine: TUN reader - started
2019-11-01 05:37:20.741: [TUN] [wireguard] Setting interface configuration
2019-11-01 05:37:20.744: [TUN] [wireguard] UAPI: Updating private key
2019-11-01 05:37:20.760: [TUN] [wireguard] UAPI: Updating listen port
2019-11-01 05:37:20.774: [TUN] [wireguard] UAPI: Removing all peers
2019-11-01 05:37:20.776: [TUN] [wireguard] UAPI: Transition to peer configuration
2019-11-01 05:37:20.791: [TUN] [wireguard] peer(TIZw…s6BE) - UAPI: Created
2019-11-01 05:37:20.792: [TUN] [wireguard] peer(TIZw…s6BE) - UAPI: Updating endpoint
2019-11-01 05:37:20.793: [TUN] [wireguard] peer(TIZw…s6BE) - UAPI: Updating persistent keepalive interval
2019-11-01 05:37:20.794: [TUN] [wireguard] peer(TIZw…s6BE) - UAPI: Removing all allowedips
2019-11-01 05:37:20.805: [TUN] [wireguard] peer(TIZw…s6BE) - UAPI: Adding allowedip
2019-11-01 05:37:20.806: [TUN] [wireguard] peer(TIZw…s6BE) - UAPI: Adding allowedip
2019-11-01 05:37:20.808: [TUN] [wireguard] peer(TIZw…s6BE) - UAPI: Adding allowedip
2019-11-01 05:37:20.808: [TUN] [wireguard] peer(TIZw…s6BE) - UAPI: Adding allowedip
2019-11-01 05:37:20.821: [TUN] [wireguard] peer(TIZw…s6BE) - UAPI: Adding allowedip
2019-11-01 05:37:20.822: [TUN] [wireguard] Bringing peers up
2019-11-01 05:37:20.824: [TUN] [wireguard] Routine: receive incoming IPv6 - started
2019-11-01 05:37:20.826: [TUN] [wireguard] Routine: receive incoming IPv4 - started
2019-11-01 05:37:20.828: [TUN] [wireguard] UDP bind has been updated
2019-11-01 05:37:20.840: [TUN] [wireguard] peer(TIZw…s6BE) - Starting...
2019-11-01 05:37:20.840: [TUN] [wireguard] peer(TIZw…s6BE) - Routine: sequential receiver - started
2019-11-01 05:37:20.842: [TUN] [wireguard] peer(TIZw…s6BE) - Routine: nonce worker - started
2019-11-01 05:37:20.844: [TUN] [wireguard] peer(TIZw…s6BE) - Routine: sequential sender - started
2019-11-01 05:37:20.847: [TUN] [wireguard] Monitoring default v4 routes
2019-11-01 05:37:21.125: [TUN] [wireguard] Binding v4 socket to interface 6 (blackhole=false)
2019-11-01 05:37:21.224: [TUN] [wireguard] Setting device v4 addresses
2019-11-01 05:37:21.712: [TUN] [wireguard] Monitoring default v6 routes
2019-11-01 05:37:21.712: [TUN] [wireguard] Binding v6 socket to interface 0 (blackhole=false)
2019-11-01 05:37:21.714: [TUN] [wireguard] Setting device v6 addresses
2019-11-01 05:37:21.944: [TUN] [wireguard] Listening for UAPI requests
2019-11-01 05:37:21.945: [TUN] [wireguard] Startup complete
2019-11-01 05:37:25.412: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:37:25.445: [TUN] [wireguard] peer(TIZw…s6BE) - Awaiting keypair
2019-11-01 05:37:30.512: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:37:35.675: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:37:35.675: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:37:40.759: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:37:45.942: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:37:45.942: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:37:51.195: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:37:51.196: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:37:56.523: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:37:56.524: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:38:01.608: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:38:01.621: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:38:06.927: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:38:06.928: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:38:12.014: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:38:17.158: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:38:17.158: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:38:22.451: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:38:22.454: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:38:27.663: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:38:32.742: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:38:32.742: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:38:37.639: [MGR] [wireguard] Tunnel service tracker finished
2019-11-01 05:38:37.869: [TUN] [wireguard] peer(TIZw…s6BE) - Handshake did not complete after 5 seconds, retrying (try 2)
2019-11-01 05:38:37.935: [TUN] [wireguard] peer(TIZw…s6BE) - Sending handshake initiation
2019-11-01 05:38:38.394: [TUN] [wireguard] Device closing
2019-11-01 05:38:38.441: [TUN] [wireguard] Routine: TUN reader - stopped
2019-11-01 05:38:41.230: [TUN] [wireguard] Routine: event worker - stopped
2019-11-01 05:38:41.237: [TUN] [wireguard] Routine: receive incoming IPv4 - stopped
2019-11-01 05:38:41.241: [TUN] [wireguard] Routine: receive incoming IPv6 - stopped
2019-11-01 05:38:41.242: [TUN] [wireguard] peer(TIZw…s6BE) - Stopping...
2019-11-01 05:38:41.243: [TUN] [wireguard] peer(TIZw…s6BE) - Routine: sequential receiver - stopped
2019-11-01 05:38:41.245: [TUN] [wireguard] peer(TIZw…s6BE) - Routine: nonce worker - stopped
2019-11-01 05:38:41.247: [TUN] [wireguard] Routine: decryption worker - stopped
2019-11-01 05:38:41.251: [TUN] [wireguard] Routine: handshake worker - stopped
2019-11-01 05:38:41.257: [TUN] [wireguard] Routine: handshake worker - stopped
2019-11-01 05:38:41.258: [TUN] [wireguard] Routine: decryption worker - stopped
2019-11-01 05:38:41.260: [TUN] [wireguard] Routine: encryption worker - stopped
2019-11-01 05:38:41.261: [TUN] [wireguard] Routine: encryption worker - stopped
2019-11-01 05:38:41.263: [TUN] [wireguard] Routine: handshake worker - stopped
2019-11-01 05:38:41.268: [TUN] [wireguard] Routine: decryption worker - stopped
2019-11-01 05:38:41.274: [TUN] [wireguard] Routine: handshake worker - stopped
2019-11-01 05:38:41.277: [TUN] [wireguard] Routine: decryption worker - stopped
2019-11-01 05:38:41.278: [TUN] [wireguard] Routine: encryption worker - stopped
2019-11-01 05:38:41.280: [TUN] [wireguard] Routine: encryption worker - stopped
2019-11-01 05:38:41.306: [TUN] [wireguard] peer(TIZw…s6BE) - Routine: sequential sender - stopped
2019-11-01 05:38:41.308: [TUN] [wireguard] Interface closed
2019-11-01 05:38:41.309: [TUN] [wireguard] Shutting down


7

19.7 Legacy Series / Re: Wireguard Unstable

« on: November 01, 2019, 08:40:19 am »

Thank you Michael for the quick response. It was not really an occassion, but I was trying to connect to it from my mobile and laptop with same profile (same peer config with only IP address change) and I was only able to connect it from my laptop. Earlier it used to connect from both and if I use only one device to connect to VPN then there will be no issues, but there will be handshake issues if both of them connect at the same time and because of that I used to see packet drops (because of same public key config). I was only able to connect to VPN once after the change to stable version and not from my mobile. I tried capturing data and vould see traffic coming from my mobile or laptop on udp 51820 port but there was no handshakes. I was only seeing handshake sent from peer end but nothing received. Any suggestions?

Thank you,
Regards,
Bobby Thomas

8

19.7 Legacy Series / Wireguard Unstable

« on: October 31, 2019, 11:31:13 pm »

Hi All,

I have been using Wireguard dev for a while and recently mived to the stable build but after moving to the stable build wireguard has become unstable. Most of the times it won't establish the connection with the server only in one occasion it was able to establish the connection there were no changes in the config and I have even tried uninstalling and doing a fresh install, still thar didn't work. How can view the Wireguard logs? It's seems really hard to troubleshoot Wireguard connectivity issues.

Thanks in advance.

Regards,
Bobby Thomas

9

Hardware and Performance / Re: [Working] OPNsense Ported into ARM Devices

« on: June 25, 2019, 09:12:09 am »

I have ordered this one and I should expect it by this week or next. Since RPI 4 is here with better Specs (Cortex A72 ARM-V8, Gigabit Ethernet, LPDDR4, USB3, Wifi AC) this should be ideal to run OPNsense and FreeBSD. Can we expect some development for this board soon?

Have a look at raspi 3, there is no working BSD-sense image yet, as the hardware is not really supported by the OS yet. Assume the same to happen for raspi 4...

I think we would see more development for this little guy as it is one of the best hardware released by RPI team.

10

Hardware and Performance / Re: [Working] OPNsense Ported into ARM Devices

« on: June 25, 2019, 12:10:07 am »

Good news!

https://cdn.shopify.com/s/files/1/1560/1473/files/Inside_Raspberry_Pi_4.pdf?2142

...but how long will it take till the support will reach BSD? :-(

I have ordered this one and I should expect it by this week or next. Since RPI 4 is here with better Specs (Cortex A72 ARM-V8, Gigabit Ethernet, LPDDR4, USB3, Wifi AC) this should be ideal to run OPNsense and FreeBSD. Can we expect some development for this board soon?

11

19.1 Legacy Series / Re: Monit default mail format cannot be changed

« on: April 29, 2019, 12:38:48 pm »

Did you set the message body within the mail-format?
https://mmonit.com/monit/documentation/monit.html#Message-format

No, I haven't inserted the message body under the alert settings, but I doubt if it would affect the mail format. I will give it a try.

Thank you,
Regards,
Bobby Thomas

12

19.1 Legacy Series / Re: Monit default mail format cannot be changed

« on: April 29, 2019, 11:32:08 am »

Yes, you can do that via GUI.
see https://wiki.opnsense.org/manual/monit.html#alert-settings

Hi Faunsen,

I already tried that and it works from GUI as well as from CLI, but it will only append the Monit status details to the default mail format, for example, at end we cannot modify the email closings, regardless of what we mention under mail format the email closing will always have "your faithful employee, monit" at the end. I would like to change this. Any idea how we can modify that?

Thanks and regards,
Bobby Thomas

13

19.1 Legacy Series / LAN down, cannot access firewall through LAN but works through WAN over vpn

« on: April 18, 2019, 10:38:12 am »

Hi All,

The issue started yesterday evening and there were no recent config changes. It started all of a sudden and I lost connectivity to the network while I was working from home. I have a MultiWAN setup and both of the WAN links works fine and I can access the firewall through VPN. But the issue is with LAN interface and it seems like it's totally down even though the interface status shows up in Firewall. I tried rebooting the firewall and the interface comes up and stay active for couple of minutes then it goes down. After that I cannot ping the firewall from LAN or the other way. All I get is host down (if I ping from forewall). All the WAN links are working fine and the dpinger shows up.

The issue I am guessing seems to be something with firewall rules or NAT or routing, but it's really hard to identify that, I have Zero tier and Wireguard running on the box and when I lose LAN connectivity the routing shows the LAN network gateway as a Zerotier interface or lo0 interface. Since I am running it as a VM, I tried rolling back it to an old 19.1 snapshot and it worked, but when I tried restoring the config backups the issue started happening once again.

 Any help is highly appreciated.

Thank you,
Regards,
Bobby Thomas

14

Hardware and Performance / Re: [Working] OPNsense on Raspberry Pi 2

« on: April 13, 2019, 10:50:03 am »

I'd like to thank nekoprog for the work done with the ARM ports. Very useful and robust now.

Next step is actually the long-promised BPI image and then come 20.1 we'll have to see what we can do when i386 is being dropped from our supported list...


Cheers,
Franco

I have a Banana Pi board lying around here, if you are looking for someone to test the new image please let me know.

Regards,
Bobby Thomas

Hi, I'm currently compiling images for RPi2/3, Banana Pi and Orange Pi PC2 for OPNsense 19.1.6. Will let you know when the images are ready. 

Ok, I managed to disable IDS in my default config.xml which I use for "standard starting setup" (users, unbound, etc.). Some observations:

- Via the HDMI console the output during boot stops at "smsc0: chip..." and after a LONG break you get the login prompt from opnsense. On the serial console you can monitor the whole boot process (starting services etc.) and in the end you get the login prompt as well.

- Without WAN attached I could not reach the GUI with Firefox (60.x ESR 32 bit), as the request to the https GUI timed out. With Konqueror I could reach the GUI and restore my default config.xml. But the Dashbord is significantly impaired in Konqueror (doing fine in FF, however, only with WAN interface up).

The throughput for a single host is nice (WAN is a 10/100 Mbit USB-RJ45), will have to try the config with UMTS-stick and wifi stick soon... :-)

Would be fun to see an image for Raspi 3 with the built-in wifi as WAN.

Hi, great that you found the solution, sorry I couldn't help, quite busy lately and got little time to check the forum. RPI3 image is compiling, will let you know when it's ready. RPI2 updates for 19.1.6 is online if you like to update. Just need to edit /usr/local/etc/pkg/repos/OPNsense.conf like I mentioned before.

Great news, let me know if you want to test your images.

Thank you,
Regards,
Bobby Thomas

15

19.1 Legacy Series / Monit default mail format cannot be changed

« on: April 12, 2019, 11:41:41 pm »

Hi,

I was trying to edit the default mail-format on the monitrc file but it seems like it reverts to the default after re-initializing. Is there anyway to edit and keep the mail-format?

Thank you,
Bobby Thomas