Messages

1

Hardware and Performance / Migrate configuration from AMD GX-416RA to AMD GX415GA

« on: September 10, 2020, 02:27:21 pm »

I have two Deciso A10 appliances. One with a GX416RA SOC, the other has a GX415GA SOC.
The first one is currently active, the second one should provide some redundancy (cold stand-by).
So I want to export the config of the GX416 and load it into the GX415.
As I already found out I have to rename the network interfaces from igb0 to em0 etc.

Now when testing I can connect to the stand-by machine and I see that its WAN interface is connected to the internet.
But not a single data packet is moving from LAN to WAN and vice versa.

What else do I need to change in the config?

2

20.1 Legacy Series / Re: [Modified] No traffic from secondary local network to WAN

« on: April 18, 2020, 10:30:09 am »

This setting is switched on.
So IPv4 is preferred.

3

20.1 Legacy Series / [Modified] No traffic from secondary local network to WAN

« on: April 17, 2020, 08:46:43 am »

not sure what auto-detect does, but can you try setting the gateway address instead?

in https://forum.opnsense.org/index.php?topic=13456.0 there was a similar problem, and setting the gateway address seems to have solved it.

The problem in the topic you mention seems a bit different from mine.

Well, according to the help available (Info button) I should not change this value for non-WAN interfaces.
Thanks anyways

4

20.1 Legacy Series / [Modified] No traffic from secondary local network to WAN

« on: April 16, 2020, 04:18:22 pm »

Well what I found by adding a test machine into the BBB network is this:
The root of the problem is not inbound NAT.
It is a routing problem from BBB to WAN. No packets going that way.
The BBB related entries in System/Routes/Status look fine (Similar to the LAN entries).
I have a firewall rule in place for the BBB network that allows anything.

I have not done anything special regarding gateway configuration.
IPV4 Upstream Gateway is set to Auto-Detect.

Call me stupid, maybe I am.
But this did work before in 20.1.3.

Where should I look?

Stefan

5

20.1 Legacy Series / Re: SIP NAT Issue?

« on: April 15, 2020, 01:06:38 pm »

Bart,
maybe I did not express myself as clear as I should...
We host the conference system ourselves. On company premise on our own hardware behind OPNsense.
Right now I can't do any further tests because of this:
https://forum.opnsense.org/index.php?topic=16764.0

Thanks for your help
  Stefan

6

20.1 Legacy Series / Re: SIP NAT Issue?

« on: April 15, 2020, 11:56:48 am »

Bart,
don't know if your question goes in my direction but anyways, here I go:
According to the documentation of my conference system (BigBlueButton) I do not need a STUN server if the firewall's WAN interface has a fixed IP. In that case I can hardcode that IP in one of the configuration files instead of STUN server address and port. That's what I have done. Maybe that is not enough if clients are behind a router.

Stefan

7

20.1 Legacy Series / Re: SIP NAT Issue?

« on: April 15, 2020, 08:53:24 am »

Sorry, I cannot help, I'm just seing a similar problem here.

In the office I'm running a conference server (audio, video, whiteboard, chat and so on) behind an OPNsense firewall.
I can connect to the system itself just fine (well at least I could until I ran into the problems mentioned here yesterday).
No matter what connection path login works and whiteboard can be used. Chat system works.
But audio (SIP/RTP) and video (WebRTC) do not work when I try to connect from my home office where I am behind a AVM DSL router (Fritzbox).
Neither PC, nor iPad or iPhone can use audio/video when connected to the Fritzbox WIFI.
That same iPhone works fine when I shutdown WIFI and connect via LTE.
And the iPad works fine as soon as I use the iPhone as mobile hotspot with the phone.
The PC can connect from my homeoffice WIFI if I connect to the company network via OpenVPN (OPNsense road warrior setup).

In short everything using TCP works. UDP is the problem.
The problem looks very similar to yours. Difference being my homeoffice is just behind a AVM Fritzbox instead of a second OPNsense.

Just my 2 cents.

Stay safe everyone
Stefan

8

20.1 Legacy Series / [Modified] No traffic from secondary local network to WAN

« on: April 14, 2020, 08:19:37 pm »

After the update to 20.1.4 I seeing some NAT problems.
This is on a Deciso DEC2630 or DEC2640 device.
I have two internal -  physically seperated - networks. LAN on igb0 (172.16.30.1/16) and a new one called BBB on igb2 (172.31.30.1).
WAN is on igb1 with a fixed IP.
I have some NAT rules to 172.16.x.x which are all LAN clients. These still work.
And I have some rules to 172.31.0.2 which is a server in the BBB network. These do not work anymore after the update. The server itself is listening to all ports, I checked that from behind the firewall. Coming in over WAN I only get connection timeouts (10060).
I double ( and triple) checked my rules. They look good and unchanged.

Any changes in the last update that could cause this trouble?

Is there an easy way back to 20.1.3 to do some cross checks?

Regards, stay safe
Stefan

9

19.7 Legacy Series / Re: Use DNS servers just from one uplink or add priority

« on: August 05, 2019, 04:27:05 pm »

Maurice,
you are right, sorry.

Stefan

10

19.7 Legacy Series / Re: Use DNS servers just from one uplink or add priority

« on: July 31, 2019, 12:31:26 pm »

I'm in the same boat now.
Telekom switched us from ISDN to SIP-Trunk last Monday.
Fons are dead since then
DSL connection works, I have internet access.
Problem is DNS resolution of Telekom's Outbound Proxy and SIP Registrar.
reg.sip-trunk.telekom.de and sip-trunk.telekom.de are unknown.
I let the PPP override the OPNsense DNS-Servers on login.
"Allow DNS server list to be overridden by DHCP/PPP on WAN"
That doesn't help. Even with no DNS-Server configured in OPNsense internet access works but it cannot resolve the two SIP related hosts. So OPNsense seems to have received a DNS-Server on PPP connect.

Does anyone have a "working" DNS server address for this setup?

Regards
  Stefan

11

18.1 Legacy Series / Re: Mysterious IP address

« on: April 16, 2018, 08:53:29 am »

Problem solved by my ISP.

Thanks everyone

12

18.1 Legacy Series / Re: Mysterious IP address

« on: April 12, 2018, 05:12:56 pm »

This is what Nmap says:
nmap -T4 -A -v 192.168.0.45

Result (excerpt):
646/tcp open  tcpwrapped
Device type: specialized
Running: AVtech embedded
OS details: AVtech Room Alert 26W environmental monitor
Network Distance: 3 hops

Seems it is definitely somewhere outside our company. We never used such a device.

13

18.1 Legacy Series / Re: Mysterious IP address

« on: April 12, 2018, 04:58:49 pm »

I have now set up a rule to block that traffic. Works.

Thanks!

14

18.1 Legacy Series / Re: Mysterious IP address

« on: April 12, 2018, 03:54:30 pm »

You could file a ticket with your ISP on that as it sounds like it's a mistake on their side and something that probably shouldn't be there.

I just did that - they have no idea what is happening...

Maurice, are you a customer of Deutsche Telekom?
If not, how come you were able to reproduce?

BTW:
Right now 192.168.0.48 is not existing but 192.168.0.45 is.
Weird

15

18.1 Legacy Series / Re: Mysterious IP address

« on: April 12, 2018, 02:51:10 pm »

Maurice,
I always thought private networks (RFC 1918) should never be routed to public networks (which my WAN is).
I'm I wrong?

I did not see traffic to/from this address. I just did a IP scan on my local network using netscan.exe by SoftPerfect.

Stefan