Topics

Hi All,

I recently upgraded from 17.7.7 to 17.7.8, since then I am facing issues accessing web gui(both http and https). I can access it using the dynamic dns, but not using the LAN ip(default login method). It's even accessible over the zerotier tunnel interface IP but not over lan. It gives me website not responding message.

Any help is highly appreciated.

Thanks in advance,
Regards,
Bobby Thomas

Hi All,

I have completed the Zerotier setup and I am able to reach the hosts over the Zerotier VPN network. I have created a new interface and allowed all communication through it, still LAN network is unable to access the Zerotier network. I cannot even ping the Zerotier IP of the firewall from my LAN.  While I can ping and access the Zerotier devices from the firewall. Any help?

Note: I tried disabling NAT for the traffic still it didn't help. When I do a packet capture (on LAN interface), I can see ICMP echo requests to Zerotier IP from LAN range but when I do the capture on Zerotier interface I don't see any traffic from LAN range.

Thank you,
Regards,
Bobby Thomas

Hi all,

I was exploring the Zerotier plugin and I am stuck at configuring the plugin using CLI. I was able to join Zerotier network and I am able to ping my Android phone (with Zerotier app installed) and GCP VM from the firewall but not vice versa. I believe OPNSense firewall is blocking inbound communication to the Zerotier interface on the firewall. I tried to assign it as a LAN interface but it didn't work. How can I bridge my LAN and Zerotier network? Is there any guide out there to help configuring Zerotier on OPNSense?


Thank you,
Regards,
Bobby Thomas

Hi all,

I have a Multi WAN setup with Dynamic DNS binding the MULTI WAN wan group. If interface with Dynamic DNS binding goes down, then it's not updating the second interface on the dynamic dns. In the Dynamic DNS plugin page and on the Home dashboard it shows new active interface (second interface) ip but whej I check on the NO-IP portal it's showing old ip from the first interface. Even an NSLOOKUP points to the old address. Any idea on how to fix this issue?

Thanks in advance.

Regards,
Bobby Thomas

Hi All,

I am facing all sort of issues after implementing MultiWAN. I have opened another post regarding Freeradous recently and the issue might be related to this. After MultiWAN implementation everything works for a while and then communication from LAN to the Firewall breaks. I am only able to access the services mentioned in the antilock out rule, all other communications fail and I believe that was the reason I was having problem with Freeradius(still having the issue). If I reboot, after bootup it works for a while and then all communications fail, cannot access internet from LAN, cannot communicate with the firewall (other than ssh,http,https), then after a while the internet connection restores and MultiWAN works but not as I have configured (MultiWAN with loadbalancing and failover), only loadbalancing works.

I am running the firewall in the proxmox vm. The WAN and LAN come through a single link(trunk port) and proxmox assigns corresponding WAN vlans to virtual interfaces for firewall. Everything was fine before MultiWAN implementation, but now my LAN to firewall communication breaks. I have configured the LAN rules exactly as mentioned in the documentation guide. Tried rolling back to a previous snapshot and tried configuring MultiWAN,but same result. Thinking of doing a clean install but I need more information regarding config backup. Will it backup all the configs including passwords, rules and interfaces?

Thanks in advance,
Regards,
Bobby Thomas

Hi Franco,

Can you please port the py-telepot package to 17.7? It was aavaailable in 16.7 and 17.1 but not on 17.7.
https://forum.opnsense.org/index.php?topic=4123.0

Thank you,
Regards,
Bobby Thomas

Hi,

I am facing some problem with the LAN interface after the MultiWAN implementation. Previously I have configured Radius server for 802.1x authentication along with my openwrt wireless AP. It was working fine, but after the MultiWAN setup firewall is not processing the Radius packets. When I do a packet capture, I can see that the packets are hitting the LAN interface, but nothing happens. I have checked the LAN rules and I don't see anything unusual. I have configured MutiWAN according to the user manual. I am only seeing these messages in the Radius.log.

Tue Aug 15 01:55:13 2017 : Warning: No 'ipaddr' or 'ipv4addr' or 'ipv6addr' field found in client 192.168.xxx.xxx/32. Please fix your configuration
Tue Aug 15 01:55:13 2017 : Warning: Support for old-style clients will be removed in a future release
Tue Aug 15 01:55:13 2017 : Info: Debugger not attached
Tue Aug 15 01:55:13 2017 : Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay"  found in filter list for realm "DEFAULT".
Tue Aug 15 01:55:13 2017 : Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec"      found in filter list for realm "DEFAULT".
Tue Aug 15 01:55:13 2017 : Info: Loaded virtual server <default>
Tue Aug 15 01:55:13 2017 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst)
Tue Aug 15 01:55:13 2017 : Warning: Ignoring "ldap" (see raddb/mods-available/README.rst)
Tue Aug 15 01:55:13 2017 : Info:  # Skipping contents of 'if' as it is always 'false' -- /usr/local/etc/raddb/sites-enabled/inner-tunnel:330
Tue Aug 15 01:55:13 2017 : Info: Loaded virtual server inner-tunnel
Tue Aug 15 01:55:13 2017 : Info: Loaded virtual server default
Tue Aug 15 01:55:13 2017 : Info: Ready to process requests

Below is the capture output:

Capture output
01:57:10.973401 IP WirelessAP.57234 > Firewall.1812: UDP, length 197
01:57:10.980459 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:10.987020 IP WirelessAP.57234 > Firewall.1812: UDP, length 380
01:57:11.000092 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:11.010126 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:11.022018 IP WirelessAP.57234 > Firewall.1812: UDP, length 341
01:57:11.028065 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:12.682297 IP WirelessAP.57234 > Firewall.1812: UDP, length 197
01:57:12.687066 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:12.693453 IP WirelessAP.57234 > Firewall.1812: UDP, length 380
01:57:12.706031 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:12.712632 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:12.724334 IP WirelessAP.57234 > Firewall.1812: UDP, length 341
01:57:12.730127 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:15.425568 IP WirelessAP.57234 > Firewall.1812: UDP, length 197
01:57:15.430630 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:15.436427 IP WirelessAP.57234 > Firewall.1812: UDP, length 380
01:57:15.448784 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:15.455262 IP WirelessAP.57234 > Firewall.1812: UDP, length 211
01:57:15.467295 IP WirelessAP.57234 > Firewall.1812: UDP, length 341
01:57:15.472934 IP WirelessAP.57234 > Firewall.1812: UDP, length 211

Any idea?

Thanks in advance.
Regards,
Bobby Thomas

Hi All,

I have just upgraded the firewall to 17.7 and then installed the Freeradius plugin. But I am unable to bring up the Freeradius service. I tried it through gui as well as through cli, it doesn't start. Any help is highly appreciated.

Thank you,
Regards,
Bobby Thomas

Hi,

I am having an issue with the OpenDNS plugin, it's doesn't update the Dynamic IP on OpenDNS automatically, I need do manually do a test/update to update the new IP. Any fix for this?

Thank you,
Regards,
Bobby Thomas

Hi,

I have been trying to setup transparent ssl proxy on my Opnsense VM and I was able to do that successfully, but the problem is with the exclude list. I am unable to use certain banking websites and apps as it is getting filtered. I tried adding their domain into the exclude list, but I am having difficulty in identifying the correct domains, is it possible to analyze the SSL sessions so that I can Identify the domain and add it to the exclude list. Does the packet capture feature work well with transparent ssl proxy?

Thank you,
Regards,
Bobby Thomas

Hi All,

I think I am pissed off. I was trying change web gui certificate from the Letsencrypt ca to self signed one, but as soon I changed it I got locked out. Now I cannot access the web gui. When I try I get the following error "SEC_ERROR_INADEQUATE_CERT_TYPE" and I cannot bypass that one. I have imported the certificate to my PC and it is in the trusted ca container. Can we change the certificate back to Letsencrypt certificate through CLI? Thanks in advance.

Edit: I am on 17.1.9 version.

Regards,
Bobby Thomas.

Hi all,

I am on Opnsense 16.7.14, I tried beta 17.1 but came back to 16.7 as something was not working (forgot what wasn't working). I was getting the netflow data and insight till February end (Stopped working after March 1 12:09pm), but now I dont see anything. Whenever I goto insight it only shows "Data not available" message. What could be the problem? What am I missing? I am running opnsense on a VM and I have an old stable snapshot, should I roll back to old state?

I am planning to upgrade to the latest build but would like to know whether I will be able to get my graphs back.

Thanks in advance,

Regards,
Bobby Thomas.

Hi all,

I'm having a hard time bringing up this USB stick. I am on a virtualized environment and was able to map the device to OPNSense VM, and OPNSense detects the devices.

root@firewall:~ # usbconfig -d ugen1.2 dump_device_desc
ugen1.2: <HUAWEIMOBILE HUAWEIMOBILE> at usbus1, cfg=1 md=HOST spd=FULL (12Mbps) pwr=ON (2mA)

  bLength = 0x0012
  bDescriptorType = 0x0001
  bcdUSB = 0x0210
  bDeviceClass = 0x0000  <Probed by interface class>
  bDeviceSubClass = 0x0000
  bDeviceProtocol = 0x00ff
  bMaxPacketSize0 = 0x0040
  idVendor = 0x12d1
  idProduct = 0x157c
  bcdDevice = 0x0102
  iManufacturer = 0x0001  <HUAWEI_MOBILE>
  iProduct = 0x0002  <HUAWEI_MOBILE>
  iSerialNumber = 0x0003  <0123456789ABCDEF>
  bNumConfigurations = 0x0002

I tried switching the modes using the usb_modeswitch, but keep on getting the below error.

root@firewall:~ # usb_modeswitch -v 12d1 -p 157c -J -W -R
Take all parameters from the command line


* usb_modeswitch: handle USB devices with multiple modes
* Version 2.4.0 (C) Josua Dietze 2016
* Based on libusb1/libusbx

! PLEASE REPORT NEW CONFIGURATIONS !

DefaultVendor=  0x12d1
DefaultProduct= 0x157c
HuaweiNewMode=1

Look for default devices ...
  found USB ID 0000:0000
  found USB ID 0000:0000
  found USB ID 0000:0000
  found USB ID 0000:0000
  found USB ID 0627:0001
  found USB ID 12d1:157c
   vendor ID matched
   product ID matched
Found devices in default mode (1)
Access device 002 on bus 001
Get the current device configuration ...
Current configuration number is 2
Use interface number 0
Error: message endpoint not given or found. Abort

The LTE USB stick is a carrier unlocked Huawei Hailink device. Any help is highly appreciated.

Thanks in advance.
Regards,
Bobby Thomas.

Hi all,

Is it possible to integrate Telegram bot with Opnsense?

Regards,
Bobby Thomas

Hi All,

Need immediate assistance. My virtual opnsense firewall is not connecting to intwrnet from today afternoon. There was some issues at ISP side and now it's fixed but I am having problem connecting to internet. Tried rebooting the VM, also tried rebooting the whole server, nothing works. I was seeing the below message for a while before reboot.

arprequest: cannot find matching address.

Tried capturing packets using TCPDUMP on WAN interface but no success.

Any help is highly appreciated.

Thank you,
Regards,
Bobby Thomas

Sent from my ONE A2003 using Tapatalk

Hi All,

I am playing around with my Asus wifi adapter based on RTL8188SU. I was able to create a new interface wlan0 using the rsu0 module. But the issue is that the firewall is not listing/connecting to the BSS id. Any help is appreciated. What I am trying to do is something different. I am running OPNsense on a virtual environment inside a proxmox box. I managed to passthrough the usb adapter to opnsense vm. I want to implement WAN loadbalancing using ISP link and my mobile 4G, ie, if I can manage to connect the firewall to my phones hotspot, I will use the two links for loadbalancing/sharing. Your help and suggestions are highly appreciated.

Thank you,
Regards,
Bobby Thomas

Sent from my ONE A2003 using Tapatalk

Hi All,

As I am running OPNsense on my new Intel NUC I had to recompile the kernel of onboard LAN, and with the new update (OPNsense 16.7.b_514-amd64 FreeBSD 10.2-RELEASE-p19 OpenSSL 1.0.2h 3 May 2016) it reverted back to old kernel. Luckily I had the kernel file backed up and so I was able to bring back the box in few minutes. Can anyone tell me what all changes were made on system level apart from package update? If I move to Freebsd 10.3 will I  be able to use the same kernel (in 10.2) or do I have to recompile that from 10.3 source once again? More over I have a some feature requests, where can I post those requests?

Thank you all,
Regards.
Bobby Thomas.

Hi All,

I am new here. I was an IPfire user previously and I was so attracted by the OPNsense and thought of giving it a try. Although I don't see that much addons as in IPfire I was much impressed by the default feature set. I am running this on my new Intel NUC and it took me while to get the interfaces installed (the onboard realtek interface was not working and I had to recompile the if_re kernel). It would have been better if there was an ARM version of OPNsense available. But this one is really cool (I am still playing around.)

Ok, let me come straight to the point, I am currently trying to setup an IPSec roadwarrior VPN and I almost got that working. I was able to use 2FA and was able to bring up the tunnel, but the main issue is traffic is not passing through this tunnel. I configured the access rules as mentioned in this document (https://docs.opnsense.org/manual/how-tos/ipsec-road.html) but still no luck. I am getting an IP from the virtual pool. I checked the logs but couldn't find much info. I tried capturing the ipsec packets but cannot see any packets. Am I doing anything wrong? Can someone guide me in the right direction? Your help is highly appreciated. :)

Thank you,
Regards,
Bobby Thomas.