Messages

I am running into a similar problem but with OSPF:

[VAKV3-NMY7B][EC 100663337] error processing configuration change: error [internal inconsistency] event [apply] operation [modify] xpath [/frr-route-map:lib/route-map[name='Redistribution']/entry[sequence='10']/match-condition[condition='ipv4-prefix-list']/rmap-match-condition/list-name]

I am wondering if it has to do with "le" in the route-map:

ip prefix-list acl_bgp_filter_out seq 999 permit 0.0.0.0/0 le 32

this only started happening after upgrading to version 23.7.6

ah I see now: https://forum.opnsense.org/index.php?topic=24304.msg116518#msg116518

Thanks for the info Franco.

Franco,

On the dashboard it shows I am using LibreSSL 3.3.3, is that the information you need?

are you also running version 21.7.1?

getting a strange error here, I am on 21.7.1 and am trying to create an internal CA under system -> trust -> authorities, I fill in the fields but when I click save I get:

Running into an issue with IPsec: I have a pair of firewalls with HA and a single opnsense firewall, the IPsec tunnel is able to establish on the primary firewall with the WAN1 VIP but when I enter CARP maintenance mode the IPsec tunnel does not establish on the standby firewall when it's active. The only way I can get this to work is utilizing DPD with time of 1 second and action of restart on the stand alone firewall. I do have MOBIKE disabled on the HA pair and the stand alone firewall.

Firewall version: 21.7.1

Any help is appreciated.

I updated to 21.1.7 and ran that patch, before I had 43 auto generated rules, I have about 6 IPsec tunnels and after applying the patch I only have 1 auto generated rule.

so the request has been changed, any way to configure netflow to show URLs instead of public IPs?

Hey guys,

still doing research on my end but figured I would get the ball going here, is there a way to do some kind of active directory integration and allow the opnsense firewall to be user aware with netflow?

KHE,

Thanks for that, I will give that a shot.

@lfirewall1243,

Can you provide screenshots of the changes you made? I am also needing this and yes I am providing services.

Thanks,

so here is my game plan:

create objects (aliases)
create object groups (nested aliases)
create the ACLs
Create NAT rules

Hey guys,

I am migrating a Fortigate firewall to Opnsense. Not sure if anyone has ran into this before or has a suggestion for migrating, FYI I haven't poked around or know my way around Fortigate, all I have is the running-config via text.

Thanks for the reply. So here is my scenario: I am using Opnsense here and have a site to site IPsec setup to a meraki firewall. The meraki firewall does have a 2nd WAN IP. If the active WAN IP goes and transitions to the 2nd WAN IP how does dead peer detection work? Does it detect that the active WAN IP is down due to no traffic? and does the opnsense keep trying to establish a tunnel with the previous WAN IP?

How does dead peer detection work for site to site VPN using IPsec? I have read some articles but the version associated with those articles are for 1.2, but I am on 18.7. Does this utilize ICMP or is it used to detect IKEv1/IKEv2 failure?