OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of cardins2u »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - cardins2u

Pages: [1] 2 3 ... 5
1
20.7 Development Series / Re: Zerotier stops intermittend (unstable) (20.1.7)
« on: June 04, 2020, 05:29:17 am »
I had this issue. This is what I add to help


VPN > Zerotier > Settings

{
   "physical": {
      "192.168.165.1/24": { "blacklist": true },
      "10.0.0.0/16": { "blacklist": true },
      "172.168.0.0/12": { "blacklist": true }
   },
   "settings": {
      "primaryPort": 9993,
      "portMappingEnabled": false,
      "allowSecondaryPort": false,
      "allowTcpFallbackRelay": false
   }
}

2
20.7 Development Series / ZeroTier & OSPF
« on: May 26, 2020, 07:03:32 am »
I'm trying to learn how to setup OSPF through ZeroTier.
I'm having issues distributing routes in OSPF.

Can Someone see anything odd about this?


1.) I removed all Managed Routes on ZeroTier
2.) Plugin Installed in OPNSense FRR
3.) Routing > General > Checked Enable
4.) OSPF > Check enable
              - Passive - All interface Except ZeroTier Interface
5.) Networks -> Added all networks route over ZeroTier Including ZeroTier Interface
6.) NO WORK

Anyone have a clue what I need to do? no routing table are showing up.

3
20.1 Production Series / Re: Update to 20.1.7 killed zerotier interface
« on: May 22, 2020, 07:05:15 am »
I'm having the same issues too

sometimes it pings sometimes it doesnt.

My connection was solid before the upgrade.

4
20.7 Development Series / OPNSense + WAN LTE
« on: May 21, 2020, 11:19:25 pm »
I'm working on setting up a OPNSense for RV customers.

Since they use serveral LTE devices for reliability. When you move from one area to another area you get new ip address.

WAN seem to stick on one ip addres from another city.

How can you set it so WAN renew ip of gateway pings dies?



Overview:
4 VMS
- OPNSense
- Domain Control DHCP, DNS
- 1 File Server
- Windows 10 backup

all of these are tied back using ZeroTier.


I need to find a way so that if DHCP Gateway dies. The wan try to renew/release ip address to get new ip from one location to the new location.



5
20.7 Development Series / 2 OPNSense Box Zero Tier
« on: May 21, 2020, 09:08:49 am »
I've been trying to get 2 OPNSense Zero Tier working. Anyone try it?

OPNSense1
- ZeroTier Package Installed
    Configured with IP 172.24.204.2
- Interface Assigned


OPNSense2
- ZeroTier Package Installed
    Configured with IP 172.24.204.2
- Interface Assigned


From OPNSense GUI I can ping each other OPNSense

BUT from
OPNSense LAN 192.168.X I cannot ping 172.24.204.2

I open all firewall


6
20.1 Production Series / IPSec PRoblems after upgrade
« on: April 25, 2020, 03:20:02 am »
I upgraded to version OPNsense 20.1.5-amd64 today and now ipsec are getting these errors.

There are 4 site to site. 1 works and the other 3 doesnt work.

the 3 that doesnt work show this error below.



2020-04-24T18:16:51   charon: 01[CFG] ignoring acquire, connection attempt pending
2020-04-24T18:16:51   charon: 01[KNL] creating acquire job for policy 96.85.x.x.x/32 === 173.16x.x.x.x.x/32 with reqid {3}
2020-04-24T18:16:46   charon: 01[NET] <con3|2> sending packet: from 96.85.xx.x.x[4500] to 173.160.xx.xx[4500] (1052 bytes)
2020-04-24T18:16:46   charon: 01[IKE] <con3|2> retransmit 4 of request with message ID 1
2020-04-24T18:16:45   charon: 01[CFG] ignoring acquire, connection attempt pending
2020-04-24T18:16:45   charon: 05[KNL] creating acquire job for policy 96.85.xx.xx3/32 === 173.16x.x.x.x/32 with reqid {3}
2020-04-24T18:16:42   charon: 05[CFG] ignoring acquire, connection attempt pending
2020-04-24T18:16:42   charon: 05[KNL] creating acquire job for policy 96.85xx.x.x32 === 173.160.1xx.x.x/32 with reqid {3}

7
20.1 Production Series / ipv6 on LAN
« on: February 02, 2020, 01:20:55 pm »
I have WAN & LAN IPv6 set to none. Some how all my internal client getting ipv6 . Tested to see if its routable by going to ipv6 website. Its not routable. How do I stop OPNSense from giving internal networks public ipv6 address?

8
19.7 Legacy Series / NTOPNG - Questions
« on: October 04, 2019, 03:41:15 pm »
Finally I got the time to fiddle around with NTOPNG. I'm loving it!

A few question I would like to ask.

1.) Where do you set how long the data is retention in NTOP?


2.) Can someone recommend settings for NTOPNG?




9
19.7 Legacy Series / Reset System > Access
« on: August 10, 2019, 05:05:24 pm »
Franco,

Is there a way to reset System > Access

I added Root to a couple of groups and now it wont let me remove it.

Also log on as root I cannot install plugin too. Anyway we can reset the System > Access without reseting everything else?


10
19.7 Legacy Series / Re: IPSec - Issues
« on: July 19, 2019, 05:49:55 am »
I'm so stumpped.
Here's the log.




Logs Right after Reboot:
##############################################


Jul 18 20:46:12   charon: 07[IKE] <con1|3> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:12   charon: 07[IKE] <con1|3> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:12   charon: 07[ENC] <con1|3> parsed CREATE_CHILD_SA response 4 [ N(NO_PROP) ]
Jul 18 20:46:12   charon: 07[NET] <con1|3> received packet: from 24.18.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:11   charon: 07[NET] <con1|3> sending packet: from 96.XXX.XXX.XXX[4500] to 24.18.XXX.XXX[4500] (364 bytes)
Jul 18 20:46:11   charon: 07[ENC] <con1|3> generating CREATE_CHILD_SA request 4 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:11   charon: 07[IKE] <con1|3> establishing CHILD_SA con1{14} reqid 1
Jul 18 20:46:11   charon: 09[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === 24.18.XXX.XXX/32 with reqid {1}
Jul 18 20:46:10   charon: 09[IKE] <con2|4> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:10   charon: 09[IKE] <con2|4> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:10   charon: 09[ENC] <con2|4> parsed CREATE_CHILD_SA response 2 [ N(NO_PROP) ]
Jul 18 20:46:10   charon: 09[NET] <con2|4> received packet: from XXX.XXX.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:10   charon: 09[NET] <con2|4> sending packet: from 96.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (348 bytes)
Jul 18 20:46:10   charon: 09[ENC] <con2|4> generating CREATE_CHILD_SA request 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:10   charon: 09[IKE] <con2|4> establishing CHILD_SA con2{13} reqid 2
Jul 18 20:46:10   charon: 07[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {2}
Jul 18 20:46:09   charon: 09[IKE] <con1|3> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:09   charon: 09[IKE] <con1|3> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:09   charon: 09[ENC] <con1|3> parsed CREATE_CHILD_SA response 3 [ N(NO_PROP) ]
Jul 18 20:46:09   charon: 09[NET] <con1|3> received packet: from 24.18.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:09   charon: 11[NET] <con1|3> sending packet: from 96.XXX.XXX.XXX[4500] to 24.18.XXX.XXX[4500] (364 bytes)
Jul 18 20:46:09   charon: 11[ENC] <con1|3> generating CREATE_CHILD_SA request 3 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:09   charon: 11[IKE] <con1|3> establishing CHILD_SA con1{12} reqid 1
Jul 18 20:46:09   charon: 11[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === 24.18.XXX.XXX/32 with reqid {1}
Jul 18 20:46:09   charon: 09[IKE] <con2|4> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:09   charon: 09[IKE] <con2|4> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:09   charon: 09[ENC] <con2|4> parsed CREATE_CHILD_SA response 1 [ N(NO_PROP) ]
Jul 18 20:46:09   charon: 09[NET] <con2|4> received packet: from XXX.XXX.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:08   charon: 09[NET] <con2|4> sending packet: from 96.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (348 bytes)
Jul 18 20:46:08   charon: 09[ENC] <con2|4> generating CREATE_CHILD_SA request 1 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:08   charon: 09[IKE] <con2|4> establishing CHILD_SA con2{11} reqid 2
Jul 18 20:46:08   charon: 09[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {2}
Jul 18 20:46:06   charon: 09[IKE] <con1|3> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:06   charon: 09[IKE] <con1|3> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:06   charon: 09[ENC] <con1|3> parsed CREATE_CHILD_SA response 2 [ N(NO_PROP) ]
Jul 18 20:46:06   charon: 09[NET] <con1|3> received packet: from 24.18.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:06   charon: 09[NET] <con1|3> sending packet: from 96.XXX.XXX.XXX[4500] to 24.18.XXX.XXX[4500] (364 bytes)
Jul 18 20:46:06   charon: 09[ENC] <con1|3> generating CREATE_CHILD_SA request 2 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:06   charon: 09[IKE] <con1|3> establishing CHILD_SA con1{10} reqid 1
Jul 18 20:46:06   charon: 11[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === 24.18.XXX.XXX/32 with reqid {1}
Jul 18 20:46:05   charon: 11[IKE] <con2|4> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:46:05   charon: 11[IKE] <con2|4> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:46:05   charon: 11[ENC] <con2|4> parsed CREATE_CHILD_SA response 0 [ N(NO_PROP) ]
Jul 18 20:46:05   charon: 11[NET] <con2|4> received packet: from XXX.XXX.XXX.XXX[4500] to 96.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:46:05   charon: 11[NET] <con2|4> sending packet: from 96.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (348 bytes)
Jul 18 20:46:05   charon: 11[ENC] <con2|4> generating CREATE_CHILD_SA request 0 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:46:05   charon: 11[IKE] <con2|4> establishing CHILD_SA con2{9} reqid 2
Jul 18 20:46:05   charon: 08[KNL] creating acquire job for policy 96.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {2}
Jul 18 20:46:05   charon: 08[IKE] <con2|2> IKE_SA deleted
Jul 18 20:46:05   charon: 08[ENC] <con2|2> parsed INFORMATIONAL response 3 [ ]



##############################################


Logs After Clicking Save - VPN -> IPSEC > Tunnel Settings:
ABSOLUTELY NO CHANGES AT ALL. JUST CLICK SAVE and it works.
##############################################


Jul 18 20:47:45   charon: 10[IKE] <con2|4> CHILD_SA con2{143} established with SPIs ceb2477e_i c9db3f63_o and TS 10.0.0.0/22 === 10.0.52.0/24
Jul 18 20:47:45   charon: 10[CFG] <con2|4> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Jul 18 20:47:45   charon: 10[ENC] <con2|4> parsed CREATE_CHILD_SA response 61 [ SA No TSi TSr ]
Jul 18 20:47:45   charon: 10[NET] <con2|4> received packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (204 bytes)
Jul 18 20:47:45   charon: 10[NET] <con2|4> sending packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (828 bytes)
Jul 18 20:47:45   charon: 10[ENC] <con2|4> generating CREATE_CHILD_SA request 61 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:47:45   charon: 10[IKE] <con2|4> establishing CHILD_SA con2{143} reqid 4
Jul 18 20:47:45   charon: 09[KNL] creating acquire job for policy XXX.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {4}
Jul 18 20:47:45   charon: 10[IKE] <con1|3> CHILD_SA con1{142} established with SPIs c3bd7173_i c9b412f6_o and TS 10.0.0.0/22 === 10.0.55.0/24
Jul 18 20:47:45   charon: 10[CFG] <con1|3> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Jul 18 20:47:45   charon: 10[ENC] <con1|3> parsed CREATE_CHILD_SA response 68 [ SA No TSi TSr ]
Jul 18 20:47:45   charon: 10[NET] <con1|3> received packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (204 bytes)
Jul 18 20:47:45   charon: 10[NET] <con1|3> sending packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (844 bytes)
Jul 18 20:47:45   charon: 10[ENC] <con1|3> generating CREATE_CHILD_SA request 68 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:47:45   charon: 10[IKE] <con1|3> establishing CHILD_SA con1{142} reqid 3
Jul 18 20:47:45   charon: 10[KNL] creating acquire job for policy XXX.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {3}
Jul 18 20:47:45   charon: 10[CFG] received stroke: route 'con2'
Jul 18 20:47:45   charon: 09[CFG] added configuration 'con2'
Jul 18 20:47:45   charon: 09[CFG] received stroke: add connection 'con2'
Jul 18 20:47:45   charon: 10[CFG] received stroke: route 'con1'
Jul 18 20:47:45   charon: 13[CFG] added configuration 'con1'
Jul 18 20:47:45   charon: 13[CFG] received stroke: add connection 'con1'
Jul 18 20:47:45   charon: 06[CFG] deleted connection 'con2'
Jul 18 20:47:45   charon: 06[CFG] received stroke: delete connection 'con2'
Jul 18 20:47:45   charon: 10[CFG] received stroke: unroute 'con2'
Jul 18 20:47:45   charon: 12[CFG] deleted connection 'con1'
Jul 18 20:47:45   charon: 12[CFG] received stroke: delete connection 'con1'
Jul 18 20:47:45   charon: 10[CFG] received stroke: unroute 'con1'
Jul 18 20:47:45   charon: 06[CFG] rereading crls from '/usr/local/etc/ipsec.d/crls'
Jul 18 20:47:45   charon: 06[CFG] rereading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Jul 18 20:47:45   charon: 06[CFG] rereading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Jul 18 20:47:45   charon: 06[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Jul 18 20:47:45   charon: 06[CFG] loaded ca certificate "C=US, ST=WA, L=Olympia, O=IH Gateway, OU=InVinHost, CN=OPNSenseCA, E=" from '/usr/local/etc/ipsec.d/cacerts/cca9ae1f.0.crt'
Jul 18 20:47:45   charon: 06[CFG] loaded ca certificate "C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, N=VPN, E=VPN" from '/usr/local/etc/ipsec.d/cacerts/a72f8721.0.crt'
Jul 18 20:47:45   charon: 06[CFG] loaded ca certificate "C=PA, O=NordVPN, CN=NordVPN Root CA" from '/usr/local/etc/ipsec.d/cacerts/38ce789e.0.crt'
Jul 18 20:47:45   charon: 06[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Jul 18 20:47:45   charon: 06[CFG] expanding file expression '/usr/local/etc/ipsec.secrets.opnsense.d/*.secrets' failed
Jul 18 20:47:45   charon: 06[CFG] loaded IKE secret for XXX.XXX.XXX.XXX
Jul 18 20:47:45   charon: 06[CFG] loaded IKE secret for XXX.XXX.XXX.XXX
Jul 18 20:47:45   charon: 06[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Jul 18 20:47:45   charon: 06[CFG] rereading secrets
Jul 18 20:47:44   charon: 10[IKE] <con1|3> failed to establish CHILD_SA, keeping IKE_SA
Jul 18 20:47:44   charon: 10[IKE] <con1|3> received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Jul 18 20:47:44   charon: 10[ENC] <con1|3> parsed CREATE_CHILD_SA response 67 [ N(NO_PROP) ]
Jul 18 20:47:44   charon: 10[NET] <con1|3> received packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (76 bytes)
Jul 18 20:47:44   charon: 10[NET] <con1|3> sending packet: from XXX.XXX.XXX.XXX[4500] to XXX.XXX.XXX.XXX[4500] (364 bytes)
Jul 18 20:47:44   charon: 10[ENC] <con1|3> generating CREATE_CHILD_SA request 67 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
Jul 18 20:47:44   charon: 10[IKE] <con1|3> establishing CHILD_SA con1{139} reqid 1
Jul 18 20:47:44   charon: 15[KNL] creating acquire job for policy XXX.XXX.XXX.XXX/32 === XXX.XXX.XXX.XXX/32 with reqid {1}
Jul 18 20:47:44   charon: 15[IKE] <con2|4> failed to establish CHILD_SA, keeping IKE_SA



##############################################

11
19.7 Legacy Series / Re: IPSec - Issues
« on: July 18, 2019, 06:45:38 am »
doesnt make sense. the other side nothing changed. I reverted back to old snapshot of the opnsense virtual machine. It worked magically. Restarted OPNSense and IPsec connects comes up without doing anything. Did it a couple of times.

Started the upgrade again. Back on 19.7 and it behaves werid again.

12
19.7 Legacy Series / IPSec - Issues
« on: July 18, 2019, 03:00:08 am »
The upgrade to 19.7 went smooth. Everything looks good so far. its functional as is.

The only issues I see is. After reboot IPSec services show as green but no ping or connections. NO SMB connections to server server across the ipsec.



Here's how I fix it every OPNSense Reboot last 10 reboots:

Every Reboot - the IPSec connection doesnt come up. you would have to go to

VPN > IPSec > Tunnel Settings > select one of the tunnel, click save > apply changes

then tunnel works again. I can access SMB on other side again. THis is no changes. Just save and apply. IPSEC works again.

Anyone can produce this?

13
General Discussion / NordVPN Tutorials/Instructions?
« on: December 27, 2018, 05:45:36 pm »
Anyone got NordVPN working on OPNSense? I'm trying to get it to work following PFSense tutorial. It didnt work out.

pretty please anyone?

14
18.7 Legacy Series / Re: Traffic shaper: Pipe, Queues and Rules !
« on: August 18, 2018, 08:55:17 am »
YAY I got it working

@Franco !!!!

We should add Alias to Traffic Shaping too! SO we can have multiple sources nets.

15
18.7 Legacy Series / Re: Traffic shaper: Pipe, Queues and Rules !
« on: August 18, 2018, 08:08:28 am »
Heres what I have so far. I cannot find set direction like you stated.


Pages: [1] 2 3 ... 5
OPNsense is an OSS project © Deciso B.V. 2015 - 2020 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2