Messages

1

18.1 Legacy Series / OpenVPN Issues

« on: April 28, 2018, 10:07:49 pm »

I was not sure how to title this as there is a whole host of issues that just don't seem to work.

My setup: I have three VPN clients, three different interfaces that where auto-generated (one each), and the standard outbound NAT rules for each of them. I am trying to route different traffic through different clients. I have this exact same setup, working, on PFSense, and am trying to replicate it on Opnsense. I am keeping it simpel for now and just enabling a catch-all rule on LAN to use a specific VPN clients gateway to test.

I have VPN1, VPN2, VPN3. I will use these designations for my explanations.

Gateways:

If I have more than one OpenVPN client connected, all gateways except for the first one to connect don't have an IP until I restart Opnsense. I have to restart Opnsense anytime I disable and re-enable a VPN client for it's gateway to get an IP, even though the client status shows that is has an IP. For example, I have VPN3 enabled when I restart opnsense, it comes online and has an IP, the interface shows the ip, the gateway shows the ip. I enable VPN1, the client shows it has an IP, the interface doesn't show an IP, the gateway shows no IP.

Firewall Rules

The firewall rules are acting.... funny. Say I have VPN3 online (gateway shows IP), I make a catch-all rule to use the VPN3 gateway. No traffic goes through, and it instead uses the next rule down which is my WAN gateway. I have to enable VPN1, and do nothing else, and traffic will go through the VPN3 gateway. I thought I might have interfaces mixed up, but traffic only is recorded on the VPN3 client, not the VPN1 client....

What is going on here? I've replicated, nearly exactly, the rules, interfaces, gateways, and outbound NAT from pfsense and it's acting very weird, and does not work with any level of consistency. Why does enabling more than 1 OpenVPN client make it so that client and any others don't have IPs in their gateways?

Edit: All the OpenVPN interfaces have the same mac (all zeros) is that a source of the problem? I tried setting a mac for each of them, but it doesn't show on the interfaces overview.

2

18.1 Legacy Series / Re: Unbound DNS stops working while OpenVPN client is active

« on: April 28, 2018, 08:54:25 pm »

Well, after restarting Opnsense today, it stopped working again.

As long as a VPN client is active DNS for all network clients stops functioning

@Animosity Yes, configured to use something like PIA to route traffic through it. However, I have the firewall rules disabled for that so no traffic goes through them. I only have the WAN catch-all active.

nslookup shows: ";; connection timed out; no servers could be reached"

What IP range did you use for your access rule? I'm not sure what to put there.

**Edit:** Just noticed this is only affecting linux (Ubuntu) clients for some reason. Phones, and windows devices work fine. When the VPN client is active, they stop using the router (opnsense) as their dns server,  if I specify the server (ie. 192.168.1.1) in the nslookup it works, else it times out.

3

18.1 Legacy Series / Re: Unbound DNS stops working while OpenVPN client is active

« on: April 27, 2018, 03:47:48 am »

I'm honestly not sure what to say.

It's working just fine right now, I have made no changes between my previous reply and now. I left and came back a few hours later. I suppose I'll see if it continues to function.

4

18.1 Legacy Series / Re: Unbound DNS stops working while OpenVPN client is active

« on: April 27, 2018, 01:25:48 am »

Nope, that didn't work.

I really have no idea what might be going on, as this exact same configuration works just fine on PFsense. I really want to use Opnsense, but need to sort out what's going on here. I don't have any other ideas, this is above me, hopefully some others have ideas I can try.

5

18.1 Legacy Series / Re: Unbound DNS stops working while OpenVPN client is active

« on: April 26, 2018, 11:08:20 pm »

Hi, here is my general configuration

6

18.1 Legacy Series / Re: Unbound DNS stops working while OpenVPN client is active

« on: April 26, 2018, 09:25:09 pm »

Hi Evil Sense, I'm not sure what I would use as the address range? I am fairly new to this, please forgive me if this is obvious.

I'm using a consumer VPN that is setup to connect to a hostname (ie. us.myvpn.com) that picks a different IP each time it starts up.

7

18.1 Legacy Series / Unbound DNS stops working while OpenVPN client is active

« on: April 26, 2018, 08:36:39 pm »

This is an odd one, please read the details.

I'm switching over from PFSense and replicating my setup on Opnsense. I have Unbound setup as the DNS resolver for my network. I setup my OpenVPN client, and as long as the client is active DNS queries from network clients fail.

Here is what works and what doesn't while the VPN is active and routing rules are active (IPv4 catch-all for LAN to the VPN gateway):

• DNS Query from Opnsense - Works
• DNS Query from network client - Fails
• Pinging DNS servers (ie 1.1.1.1) from network clients - Works
• Tracerouting DNS servers (ie 1.1.1.1) from network clients - Works

When pinging from a network client, the VPN packets iterate. when performing a DNS query from a network client, they do not.

While the VPN is active Dig reports that the DNS server (Opnsense IP) is unreachable, that the connection timed out. There are no logs from Unbound during this time. As soon as I disable the VPN client, DNS queries work fine. Even if the routing rule is disabled and the VPN client is online, DNS queries time out.

Things I've tried:

• Setting the Outbound interfaces on Unbound to just WAN or just the active VPN Gateway, or both, or any
• Setting the listening interface to just LAN & localhost

The VPN NAT is setup, it has an active interface, and pings successfully go out and return from it. But Unbound just stops working entirely while it's active, yet DNS queries form Opnsense keep working.

What's going on, how can I fix this or further diagnose the issue?

8

18.1 Legacy Series / Re: New install, no DHCP server in GUI under Services?

« on: April 26, 2018, 08:22:05 pm »

Franco,


That was it, I needed a static IP on the interface.

9

18.1 Legacy Series / Routing prefix dropup under interfaces is too narrow on Firefox, hiding numbers

« on: April 25, 2018, 03:16:20 am »

As the title says, the drop-up is too narrow and the scroll bar hides the numbers:

This is on Firefox. It is a non-issue on chrome.

10

18.1 Legacy Series / Re: DNS question: How to use DNS other than the one the ISP specifies in its DHCP?

« on: April 25, 2018, 02:54:49 am »

Great reply Oxygen, some helpful information here.

@Comet, he did answer your question. It's just that the answer for your question requires a few assumptions to be made, and is more nuanced than "just click that one checkbox".

11

18.1 Legacy Series / [SOLVED] New install, no DHCP server in GUI under Services?

« on: April 25, 2018, 02:52:58 am »

I'm trying to switch over from pfsense and configure the DHCP server on opnsense.

However, under Services -> DHCPv4 there are only three options (Relay, Leases, Log File) and no "Server" option.

If I try and go to /services_dhcp.php I'm redirected to the dashboard.

How can I configure the DHCP server?

12

18.1 Legacy Series / Re: Install freezes on Guided or Manual installations

« on: April 17, 2018, 08:41:00 pm »

That very closely describes the issue I'm having. I will attempt your 'set kern.vty=sc' suggestion, and reply to the github thread with my results.

13

18.1 Legacy Series / Install freezes on Guided or Manual installations

« on: April 17, 2018, 07:58:41 pm »

I'm trying to install OPNSense 18.1 and the installation freezes in two different areas on both the guided and manual installations.

In the guided install, it freezes on "Continue with a recommended swap partition of size 8192M?" when I select No. On the manual install it freezes on the screen where it asks me if I want to partition the drive and I select "Skip this step".

Example of where it freezes on guided:

Any idea why this might be happening? How can I get the install to continue?