Messages

1

General Discussion / Re: charon: 04[NET] error writing to socket: Permission denied

« on: May 30, 2019, 03:12:42 pm »

After a month or so I have given up with this
Replaced with Draytek 2925, which handles multiple IPSec VPN connections without issue and is very stable

2

General Discussion / Re: Unable to receive Connection through WAN2

« on: May 30, 2019, 03:09:56 pm »

After 2 months, and every possible permutation and queries on forum I have given up
and concluded that inbound load balancing on multiple active WANS doesnt work,
OPNSense uses the default gateway method, eg it can only be received on that gateway
until that gateway fails and then the gateway switches to the other WAN, upon which
the WAN2 receives OK. So you can have both, but only one at a time.

I have replaced the entire set up with a Draytek 2925 Security Router, which works
perfectly across 3 WAN connections, inbound load balancing and failover.

I would much prefer opnsense, as the actual firewall is much better

3

General Discussion / Re: charon: 04[NET] error writing to socket: Permission denied

« on: May 13, 2019, 12:45:38 pm »

Anyone any idea on this, would be appreciated

4

General Discussion / Re: Port Forward over VPN

« on: May 12, 2019, 07:06:30 pm »

You dont need to, The VPN puts you onto the remote network
Just put in the IP and port the device is listening on

ie   10.2.30.2:80      for web etc

5

General Discussion / charon: 04[NET] error writing to socket: Permission denied

« on: May 11, 2019, 04:15:43 pm »

When starting an IPSec VPN I get the following error

charon: 04[NET] error writing to socket: Permission denied

Anyone any ideas what does this mean ?
Keep getting the same error over and over again

I can use the same settings on a Draytek Router to Draytek Router and it works fine

6

General Discussion / Re: Unable to receive Connection through WAN2

« on: May 02, 2019, 05:47:16 pm »

hbc,
Thnaks for getting back to me,
Yes, I have checked those and created the appropriate Groups and balances
I have re installed 3 times, and tried every item I can find, every single configuration
You must be able to do this, otherwise there is no point to multi WAN pointing to a single LAN
The issue is for inbound connections only

7

General Discussion / Re: Unable to receive Connection through WAN2

« on: May 01, 2019, 11:48:05 am »

Further update
If I set WAN2 as default gateway, then it works, but WAN1 then stops working
So I am back at square one, how do I get them both to work ?
A connection could come in from either WAN

8

General Discussion / Re: Unable to receive Connection through WAN2

« on: May 01, 2019, 11:16:04 am »

Has anyone any ideas solutions?
I have been working on this for over 2 weeks now

I need it to connect and flow back out of the WAN it connected in to
The connection could connect to either WAN at anytime

I have a Draytek 2925 Dual WAN which works perfectly under these same conditions, both WAN ports connect
I dont really want to replace OPNSense with the Draytek as OPNSense offers so much more.

Many Thanks

9

General Discussion / Re: Unable to receive Connection through WAN2

« on: April 29, 2019, 11:23:11 am »

I think I figured out why this is happening, though I cant figure out how to fix it

As i see it any data coming in on WAN 1 routes back out on WAN 1
However I think any data coming in on WAN 2 does hit the server but the firewall tries to
route it back out via WAN 1

How do I fix this ?

Many Thanks

10

General Discussion / Re: Unable to receive Connection through WAN2

« on: April 27, 2019, 02:27:50 pm »

Thank you
Yes,
I get a log entry with an rdr reference ( I assume that means redirect / port forward )

11

General Discussion / Re: Unable to receive Connection through WAN2

« on: April 27, 2019, 02:14:06 pm »

Hbc
Thanks for your reply

The 2 WAN IPs are from different providers they are both static

for example
WAN IP 1 = 50.50.50.50
WAN IP 2 = 60.60.60.60

50.50.50.50:80 connects fine ( forwards on to the server )
60.60.60.60:80 doesnt connect ( doesnt forward )

Even though both WAN port forwards are setup the same

12

General Discussion / Unable to receive Connection through WAN2

« on: April 26, 2019, 11:46:14 pm »

I have 1 LAN connection and 2 WAN Connections (Design for failover / load balancing )
Default gateway is not set on either WAN
I can receive the connection via Port Forwarding on WAN 1 to the web server ( Port 80 )
However with the same setting on WAN 2 ( with same port forwarding ) it wont connect.

I have been working on this for a week now, change every setting I can think of, but no luck

I need this working where either WAN connection in goes to the same server via the LAN interface
for load balancing, I have checked logs and on WAN2 when the conenction comes in it shows as
orange with rdr ( I assume that means port forward redirect )
Its not FQDN or DNS or web server binding 

I am getting to the end of things to try, really need any help I can get
Appreciated

Help !

13

General Discussion / Import / Export Alias

« on: April 13, 2019, 09:47:56 pm »

I cant see a way to import or export (save) Alias IPs or Hosts
This option used to be in previous versions and was very useful
You can paste, but it doesnt always work and you cant save

Please bring this feature back
Thanks

14

17.7 Legacy Series / [SOLVED] Re: Traffic Shaper - Upload Error

« on: September 02, 2017, 01:23:41 pm »

I have found a solution to this problem
Traffic Shaper :
Upload limiter by local LAN IP only works when Shared Forwarding is enabled

Download limiter works whether enabled or not

To enable upload limiter by local LAN IP go to

Firewall -> Settings -> Advanced
about half way down Enable Shared Forwarding and then click Save

Even though it says use with care, it seems the only way to get it working

I would rather it work consistently with download limiter,
perhaps this is something to address in later editions
 

15

17.7 Legacy Series / Re: Traffic Shaper - Upload Error - Update

« on: August 26, 2017, 03:57:14 pm »

Further bugs (feature losses found) found

You are not able to add an Alias in the Source / Destination locations
you can add multiple IPs and subnets on downlink limiters (but no Aliases)
However you can only add 1 IP on Uplink limiters or a subnet (not both and not Aliases)

This sets the Traffic Shaper feature quite pointless, especially when dealing with VOIP

I have tested the same scenario on pfSense, and it works on pfSense without issue and you can use Aliases,
I would dearly love to use OPNSense as the design of OPNSense is considerably better than pfSense
However I have to look at functionality and Traffic Shaping is important on a busy network,

In summary, if you need Traffic Shaping on 17.7 then you need to use pfSense
until the bugs are removed and the feature set is updated
otherwise use OPNSense.

Hope this helps