OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of cardins2u »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - cardins2u

Pages: [1] 2 3 ... 5
1
19.7 Production Series / NTOPNG - Questions
« on: October 04, 2019, 03:41:15 pm »
Finally I got the time to fiddle around with NTOPNG. I'm loving it!

A few question I would like to ask.

1.) Where do you set how long the data is retention in NTOP?


2.) Can someone recommend settings for NTOPNG?




2
19.7 Production Series / Reset System > Access
« on: August 10, 2019, 05:05:24 pm »
Franco,

Is there a way to reset System > Access

I added Root to a couple of groups and now it wont let me remove it.

Also log on as root I cannot install plugin too. Anyway we can reset the System > Access without reseting everything else?


3
19.7 Production Series / Re: IPSec - Issues
« on: July 19, 2019, 05:49:55 am »
I'm so stumpped.
Here's the log.




Logs Right after Reboot:
##############################################


Jul 18 20:46:12   charon: 07[IKE] <con1|3> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:12   charon: 07[IKE] <con1|3> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:12   charon: 07[ENC] <con1|3> parsed CREATE_CHILD_SA response 4 [ N(NO_PROP) ]
Jul 18 20:46:12   charon: 07[NET] <con1|3> received packet: from 24.18.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:11   charon: 07[NET] <con1|3> sending packet: from 96.XXX.XXX.XXX[4500] to 24.18.XXX.XXX[4500] (364 bytes)
Jul 18 20:46:11   charon: 07[ENC] <con1|3> generating CREATE_CHILD_SA request 4 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:11   charon: 07[IKE] <con1|3> establishing CHILD_SA con1{14} reqid 1
Jul 18 20:46:11   charon: 09[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === 24.18.XXX.XXX/32 with reqid {1}
Jul 18 20:46:10   charon: 09[IKE] <con2|4> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:10   charon: 09[IKE] <con2|4> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:10   charon: 09[ENC] <con2|4> parsed CREATE_CHILD_SA response 2 [ N(NO_PROP) ]
Jul 18 20:46:10   charon: 09[NET] <con2|4> received packet: from XXX.XXX.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:10   charon: 09[NET] <con2|4> sending packet: from 96.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (348 bytes)
Jul 18 20:46:10   charon: 09[ENC] <con2|4> generating CREATE_CHILD_SA request 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:10   charon: 09[IKE] <con2|4> establishing CHILD_SA con2{13} reqid 2
Jul 18 20:46:10   charon: 07[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {2}
Jul 18 20:46:09   charon: 09[IKE] <con1|3> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:09   charon: 09[IKE] <con1|3> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:09   charon: 09[ENC] <con1|3> parsed CREATE_CHILD_SA response 3 [ N(NO_PROP) ]
Jul 18 20:46:09   charon: 09[NET] <con1|3> received packet: from 24.18.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:09   charon: 11[NET] <con1|3> sending packet: from 96.XXX.XXX.XXX[4500] to 24.18.XXX.XXX[4500] (364 bytes)
Jul 18 20:46:09   charon: 11[ENC] <con1|3> generating CREATE_CHILD_SA request 3 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:09   charon: 11[IKE] <con1|3> establishing CHILD_SA con1{12} reqid 1
Jul 18 20:46:09   charon: 11[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === 24.18.XXX.XXX/32 with reqid {1}
Jul 18 20:46:09   charon: 09[IKE] <con2|4> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:09   charon: 09[IKE] <con2|4> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:09   charon: 09[ENC] <con2|4> parsed CREATE_CHILD_SA response 1 [ N(NO_PROP) ]
Jul 18 20:46:09   charon: 09[NET] <con2|4> received packet: from XXX.XXX.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:08   charon: 09[NET] <con2|4> sending packet: from 96.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (348 bytes)
Jul 18 20:46:08   charon: 09[ENC] <con2|4> generating CREATE_CHILD_SA request 1 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:08   charon: 09[IKE] <con2|4> establishing CHILD_SA con2{11} reqid 2
Jul 18 20:46:08   charon: 09[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {2}
Jul 18 20:46:06   charon: 09[IKE] <con1|3> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:06   charon: 09[IKE] <con1|3> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:06   charon: 09[ENC] <con1|3> parsed CREATE_CHILD_SA response 2 [ N(NO_PROP) ]
Jul 18 20:46:06   charon: 09[NET] <con1|3> received packet: from 24.18.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:06   charon: 09[NET] <con1|3> sending packet: from 96.XXX.XXX.XXX[4500] to 24.18.XXX.XXX[4500] (364 bytes)
Jul 18 20:46:06   charon: 09[ENC] <con1|3> generating CREATE_CHILD_SA request 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:06   charon: 09[IKE] <con1|3> establishing CHILD_SA con1{10} reqid 1
Jul 18 20:46:06   charon: 11[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === 24.18.XXX.XXX/32 with reqid {1}
Jul 18 20:46:05   charon: 11[IKE] <con2|4> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:05   charon: 11[IKE] <con2|4> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:05   charon: 11[ENC] <con2|4> parsed CREATE_CHILD_SA response 0 [ N(NO_PROP) ]
Jul 18 20:46:05   charon: 11[NET] <con2|4> received packet: from XXX.XXX.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:05   charon: 11[NET] <con2|4> sending packet: from 96.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (348 bytes)
Jul 18 20:46:05   charon: 11[ENC] <con2|4> generating CREATE_CHILD_SA request 0 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:05   charon: 11[IKE] <con2|4> establishing CHILD_SA con2{9} reqid 2
Jul 18 20:46:05   charon: 08[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {2}
Jul 18 20:46:05   charon: 08[IKE] <con2|2> IKE_SA deleted
Jul 18 20:46:05   charon: 08[ENC] <con2|2> parsed INFORMATIONAL response 3 [ ]



##############################################


Logs After Clicking Save - VPN -> IPSEC > Tunnel Settings:
ABSOLUTELY NO CHANGES AT ALL. JUST CLICK SAVE and it works.
##############################################


Jul 18 20:47:45   charon: 10[IKE] <con2|4> CHILD_SA con2{143} established with SPIs ceb2477e_i c9db3f63_o and TS 10.0.0.0/22 === 10.0.52.0/24
Jul 18 20:47:45   charon: 10[CFG] <con2|4> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Jul 18 20:47:45   charon: 10[ENC] <con2|4> parsed CREATE_CHILD_SA response 61 [ SA No TSi TSr ]
Jul 18 20:47:45   charon: 10[NET] <con2|4> received packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (204 bytes)
Jul 18 20:47:45   charon: 10[NET] <con2|4> sending packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (828 bytes)
Jul 18 20:47:45   charon: 10[ENC] <con2|4> generating CREATE_CHILD_SA request 61 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:47:45   charon: 10[IKE] <con2|4> establishing CHILD_SA con2{143} reqid 4
Jul 18 20:47:45   charon: 09[KNL] creating acquire job for policy XXX.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {4}
Jul 18 20:47:45   charon: 10[IKE] <con1|3> CHILD_SA con1{142} established with SPIs c3bd7173_i c9b412f6_o and TS 10.0.0.0/22 === 10.0.55.0/24
Jul 18 20:47:45   charon: 10[CFG] <con1|3> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Jul 18 20:47:45   charon: 10[ENC] <con1|3> parsed CREATE_CHILD_SA response 68 [ SA No TSi TSr ]
Jul 18 20:47:45   charon: 10[NET] <con1|3> received packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (204 bytes)
Jul 18 20:47:45   charon: 10[NET] <con1|3> sending packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (844 bytes)
Jul 18 20:47:45   charon: 10[ENC] <con1|3> generating CREATE_CHILD_SA request 68 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:47:45   charon: 10[IKE] <con1|3> establishing CHILD_SA con1{142} reqid 3
Jul 18 20:47:45   charon: 10[KNL] creating acquire job for policy XXX.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {3}
Jul 18 20:47:45   charon: 10[CFG] received stroke: route 'con2'
Jul 18 20:47:45   charon: 09[CFG] added configuration 'con2'
Jul 18 20:47:45   charon: 09[CFG] received stroke: add connection 'con2'
Jul 18 20:47:45   charon: 10[CFG] received stroke: route 'con1'
Jul 18 20:47:45   charon: 13[CFG] added configuration 'con1'
Jul 18 20:47:45   charon: 13[CFG] received stroke: add connection 'con1'
Jul 18 20:47:45   charon: 06[CFG] deleted connection 'con2'
Jul 18 20:47:45   charon: 06[CFG] received stroke: delete connection 'con2'
Jul 18 20:47:45   charon: 10[CFG] received stroke: unroute 'con2'
Jul 18 20:47:45   charon: 12[CFG] deleted connection 'con1'
Jul 18 20:47:45   charon: 12[CFG] received stroke: delete connection 'con1'
Jul 18 20:47:45   charon: 10[CFG] received stroke: unroute 'con1'
Jul 18 20:47:45   charon: 06[CFG] rereading crls from '/usr/local/etc/ipsec.d/crls'
Jul 18 20:47:45   charon: 06[CFG] rereading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Jul 18 20:47:45   charon: 06[CFG] rereading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Jul 18 20:47:45   charon: 06[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Jul 18 20:47:45   charon: 06[CFG] loaded ca certificate "C=US, ST=WA, L=Olympia, O=IH Gateway, OU=InVinHost, CN=OPNSenseCA, E=" from '/usr/local/etc/ipsec.d/cacerts/cca9ae1f.0.crt'
Jul 18 20:47:45   charon: 06[CFG] loaded ca certificate "C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, N=VPN, E=VPN" from '/usr/local/etc/ipsec.d/cacerts/a72f8721.0.crt'
Jul 18 20:47:45   charon: 06[CFG] loaded ca certificate "C=PA, O=NordVPN, CN=NordVPN Root CA" from '/usr/local/etc/ipsec.d/cacerts/38ce789e.0.crt'
Jul 18 20:47:45   charon: 06[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Jul 18 20:47:45   charon: 06[CFG] expanding file expression '/usr/local/etc/ipsec.secrets.opnsense.d/*.secrets' failed
Jul 18 20:47:45   charon: 06[CFG] loaded IKE secret for XXX.XXX.XXX.XXX
Jul 18 20:47:45   charon: 06[CFG] loaded IKE secret for XXX.XXX.XXX.XXX
Jul 18 20:47:45   charon: 06[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Jul 18 20:47:45   charon: 06[CFG] rereading secrets
Jul 18 20:47:44   charon: 10[IKE] <con1|3> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:47:44   charon: 10[IKE] <con1|3> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:47:44   charon: 10[ENC] <con1|3> parsed CREATE_CHILD_SA response 67 [ N(NO_PROP) ]
Jul 18 20:47:44   charon: 10[NET] <con1|3> received packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:47:44   charon: 10[NET] <con1|3> sending packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (364 bytes)
Jul 18 20:47:44   charon: 10[ENC] <con1|3> generating CREATE_CHILD_SA request 67 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:47:44   charon: 10[IKE] <con1|3> establishing CHILD_SA con1{139} reqid 1
Jul 18 20:47:44   charon: 15[KNL] creating acquire job for policy XXX.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {1}
Jul 18 20:47:44   charon: 15[IKE] <con2|4> failed to establish CHILD_SA, keeping IKE_SA



##############################################

4
19.7 Production Series / Re: IPSec - Issues
« on: July 18, 2019, 06:45:38 am »
doesnt make sense. the other side nothing changed. I reverted back to old snapshot of the opnsense virtual machine. It worked magically. Restarted OPNSense and IPsec connects comes up without doing anything. Did it a couple of times.

Started the upgrade again. Back on 19.7 and it behaves werid again.

5
19.7 Production Series / IPSec - Issues
« on: July 18, 2019, 03:00:08 am »
The upgrade to 19.7 went smooth. Everything looks good so far. its functional as is.

The only issues I see is. After reboot IPSec services show as green but no ping or connections. NO SMB connections to server server across the ipsec.



Here's how I fix it every OPNSense Reboot last 10 reboots:

Every Reboot - the IPSec connection doesnt come up. you would have to go to

VPN > IPSec > Tunnel Settings > select one of the tunnel, click save > apply changes

then tunnel works again. I can access SMB on other side again. THis is no changes. Just save and apply. IPSEC works again.

Anyone can produce this?

6
General Discussion / NordVPN Tutorials/Instructions?
« on: December 27, 2018, 05:45:36 pm »
Anyone got NordVPN working on OPNSense? I'm trying to get it to work following PFSense tutorial. It didnt work out.

pretty please anyone?

7
18.7 Legacy Series / Re: Traffic shaper: Pipe, Queues and Rules !
« on: August 18, 2018, 08:55:17 am »
YAY I got it working

@Franco !!!!

We should add Alias to Traffic Shaping too! SO we can have multiple sources nets.

8
18.7 Legacy Series / Re: Traffic shaper: Pipe, Queues and Rules !
« on: August 18, 2018, 08:08:28 am »
Heres what I have so far. I cannot find set direction like you stated.


9
18.7 Legacy Series / Re: Traffic shaper: Pipe, Queues and Rules !
« on: August 18, 2018, 07:56:09 am »
Quote from: mimugmail on August 18, 2018, 07:36:31 am
1. create a pipe for download, set to 50mbit
2. create a pipe for upload, set to 10mbit
3. create a rule for download, set interface GuestLAN, set direction out, set destination IP your GuestLAN
4. create a rule for upload, set interface GuestLAN, set direction in, set source IP your GuestLAN

Should be enough for this case

awesome! does this apply only traffic to WAN. or Does applies to local traffic as well?

10
18.7 Legacy Series / Re: Traffic shaper: Pipe, Queues and Rules !
« on: August 18, 2018, 07:07:14 am »
@Franco,

can you post up an example of how to create it? Documentations on the wiki is a bit confusiing. I'm trying to do this traffic shaking for guest vlan too and never been sucessful at it.

could you make a simple tutorial for like 50mb/10mb pipe for guest vlan ?

thanks

11
18.7 Legacy Series / Re: update cycle 18.7.r1 consantly
« on: July 19, 2018, 08:47:04 pm »
nevermind disregard. It was fairly stupid

upgrade and update are different hahah

12
18.7 Legacy Series / update cycle 18.7.r1 consantly
« on: July 19, 2018, 08:22:11 pm »
Franco,

I'm getting a upgrade loop.

Upgrade branch: Development


Package Name   Current Version   New Version   Required Action
opnsense   18.7.r1   N/A   obsolete
opnsense-devel   N/A   18.7.r_10   new



after clicking upgrade. It reboots and comes back with this upgrade again stating 18.7.r1 is obsolite and tries to upgrade to 18.7.r_10


13
18.7 Legacy Series / Re: default vLAn
« on: July 12, 2018, 09:22:59 am »
@Franco

this rule below fixed it

I set LAN net to 10.0.0.6 (DA Server)

then I Set 10.0.0.6 to  Lan.Net


now it works fine. Its not fast like having a low grade router *linksys or UBNT usg pro*.

theres like 2-3 second delays but I can live this this.

thanks..
if you have anymore tips or anything flying by. let me know so I can test.


14
18.7 Legacy Series / Re: default vLAn
« on: July 12, 2018, 08:58:31 am »
nevermind, set to none works. FLushed state tables.

so for lan to lan traffic we should keep this stateful disable?

15
18.7 Legacy Series / Re: default vLAn
« on: July 12, 2018, 08:36:47 am »
this is the error :

Pages: [1] 2 3 ... 5
OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2