Topics

Hi Guys,
we are using a firewall A10 with a 100GB SSD storage.
i've enabled the local Cash to use the storage however the local cash is not growing than 2%.
please see the attached screenshots.
i've configured totaal 50GB to be cashed
Number of first-level subdirectories  32
Number of first-level subdirectories 512
Number of first-level subdirectories 10

what i am doing wrong ?
PS : i just restarted the service of the proxy server but nothing has changed.

thank you

Hi Guys,
in our infra we are using windows active directory doing dns forward to the internet .
OPNsense is a DHCP server using our Active directory as DNS server for the local machine.

i've enabled the dns forwarder on the opnsense .  the issue is can't seem to find the box where to apply the dns server the one we use for the forwarding.
i want to do so .

OPENSE forward the DNS to the Domain controller. Domain controller forward the DNS to the internet using it own DNS servers.

i have to use this method because our computers and users use the local dns for the domain.

thank you

Hi Guys,
Whenever I connect using openvpn , I can access everything on the LAN but I can't seem browse to the internet while I am connected to the internet.
I can ping 8.8.8.8 but not www.google.com
On the firewall rules on the OPENVPN interface there is a rule of allow any to any.
As I understand I need to allow UDP port 53 to get this working.
Do I have to allow the UDP port on the WAN or OPENVPN interface ?
Please advise thank you

Hi Guys,
we have a new project to configure 5 OPNsense for our customers using Multi WAN.
the second WAN is gonna be just fail over, if the first WAN is down the second WAN will jump in.
the WAN1 is already configured and everything is working fine.
i want to avoid any difficulities .
i've seen this doc on the site https://docs.opnsense.org/manual/how-tos/multiwan.html?highlight=Multi
If anyone has done this already, can please share your experience with me ?
thank you

Hi Guys,
Today I did the first hardware update to 16.7, however I can connect using the OPENVPN internal,
External it doesn't hit the firewall at all.
Any suggestions why ?
log on the openvpn
Tue Aug 02 10:49:25 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Aug 02 10:49:25 2016 TLS Error: TLS handshake failed
Tue Aug 02 10:49:25 2016 SIGUSR1[soft,tls-error] received, process restarting
Tue Aug 02 10:49:27 2016 UDPv4 link local (bound): [undef]
Tue Aug 02 10:49:27 2016 UDPv4 link remote: [AF_INET]94.247.50.209:1194 is fine and open on the firewall

normaal the handshake error is firewall rules, port
Thank you

Hi Guys,
i am on OPNsense 16.7.r2-amd64 first migration from Pfsense to OPNsense.
i can't seem to have port 443 working .
between the OPNsense and the internet there is a ISP router which is forwarding the port 443 to the pfsense IP. the Pfsense is NAT the port 443 to the LAN exchange.
we turned off the Pfsense and turned on the OPNsense, the OPNsense has the same WAN/LAN as Pfsense but the port 443 is not working on the firewall.
turn the opnsense off and turn the pfsense on stuff start working.

can someone point me to the right direction ?

Hi Guys,
today have installed the OPNsense 16.7.r2-amd64 on a ESXI 6.0U2
however after trying to install the Vmware tools get the below error
root@firewall:~ # pkg install os-vmware
Updating OPNsense repository catalogue...
pkg: http://pkg.opnsense.org/FreeBSD:10:amd64/16.7/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg: http://pkg.opnsense.org/FreeBSD:10:amd64/16.7/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
All repositories are up-to-date.
pkg: Repository OPNsense cannot be opened. 'pkg update' required
pkg: No packages available to install matching 'os-vmware' have been found in the repositories
root@firewall:~ #

We have like 20 Pfsense up and running at our Customers, some of them are Hardware and some virtual.
Important for us is the OPENVPN configuration " SSL+ Domain RADIUS authentication ".
We have configured the Ahutentication over the RADIUS using this document .
https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory

Is there is a working way to get this imported to the new configuration ?
Does OPNSens support the same RADIUS over Active directory authentication ?

Thank you

Guys I got the below error after my update t0 16.1.20

Code Select Expand

Dearest user,

This is the EOL announcement for the 16.1 series of OPNsense. As such it will not receive any more updates, but the upgrade to the new 16.7 series is seamless, except for the following points:

•The FreeBSD version changes from 10.2 to 10.3, mainly for driver updates and general sanity. Due to kernel interface changes plugins or custom-built kernel modules may stop working. Reinstalling the offending packages from the firmware pages or recompiling custom additions against the stable/16.7 source branch will resolve this problem.
•Legacy VPN Servers for L2TP, PPPoE, and PPTP moved to plugins and need to be installed in order to still make use of them. Your configurations will persist, but may have to be adapted to adhere to the requirements of the MPD5 server daemon. The most important change is that your listening address needs to be a known address, preferably using a Virtual IP from the firewall settings.
•The PPTP server redirection mode has been removed. It can be emulated by the two following NAT port forward rules: From incoming WAN interface, redirect all traffic to PPTP server IP target for protocol GRE. From incoming WAN interface redirect all traffic to PPTP server IP target for protocol TCP, port 1723. Note that due to the design of GRE, only one server can be reached by incoming clients at any given time.
•The Maximum MSS option for VPN Networks moved to Firewall: Settings: Normalization, which can now be specified per interface and network.
•The Disable firewall scrub option was removed. All scrubbing (including MSS clamping) can now be disabled using the Disable interface scrub option under Firewall: Settings: Normalization
•The NAT+proxy reflection option was removed and will automatically switch to the more flexible firewall-based NAT.
•Due to lack of support in FreeBSD itself, the floating rules actions can no longer use match. The custom kernel patch that previously enabled selection of this behaviour has been removed.
•The Disable Negate rule on policy routing rules option is no longer available as automatic VPN skip rules for policy-based routing have been removed. If you want to skip your VPN, please add an explicit rule.
•The IPv6 over IPv4 tunneling option was removed. You can use a regular NAT rule to achieve the same result.


Please heed these points carefully before upgrading. Backup your configs, preview the new version via the live CD or in a virtual machine. Create snapshots. If all else fails, report back in the forums for assistance. You don't have to do this on your own. :)

Crafty Coyote, you've served us well.

Whenever I click on check update I get Repository problem.
Does this means we will get the 16.7 soon and 16.1 no supporting anymore ?

Hi Guys,
I have 16.7 Hardware running file with the OPENVPN Two Factor Authenticator.
With two factor Authentication for iPhone users is pain in the ass.
I am planning to configure IPSEC for Mobile users. Is this gonna works with the OPENVPN service on ?
Thank you

Hi Guys,
we have build a new pc/ router for testing a ASUS MOBO.
while boating with the usb its takes for ever to show the boat page and its hangs on loading boatx86
i've tried many usbs but none of them works.
i've downlaoded pfsense and tried the iso and it works.
the boat is UEFI on the MOBO, any suggestion why i can't get it installed ?

Hi Guys,
After I replaced our Cisco with the OPNSENSE, our Bonjour Printers stops working and we can't detect them on the network.
The printers are online and reachable .
Can someone please point me how to enable bonjour services on the firewall ?
Firewall rules are any to any on each interfaces.

Hi guys,
I have configured a load balancing using the next documents , https://docs.opnsense.org/manual/multiwan.html?highlight=multi
After I've configured had disabled one up link but the notification wasn't sent.
When I go to the notification and I send a test one smtp, the warning arrive to the email.
Can someone point me what I am doing wrong ?
OPNsense version is 16.7

Thank you

Hi guys ,
On our news production we configured openvpn server everything works fine .
My colleague is off to China for a week .
Before we migrate to opnsense we could build VPN to our Cisco firewall in holland to access the Internet as we may know the chiness are blocking a lot of sites .
Is this gonna work with the openvpn tunnel we build ? I've forced the tunnel over the VPN but when I am connect over the openvpn and I went to whatismyip it's not showing our office IP but the local IP

Thank you guys for the support

Hi guys,
on my lab been working for over week, everything works no issues.
today i couldn't build a vpn to the lab , so logged to the firewall log to check why.
gateway was down i couldn't ping it. it won't come online.
the gateway is online and working because its up and running using pfsense on the other side of the cloud.
just thought to share with you guys.


after i disabled intrusion detection the links comes up.
enable the Intrusion detections kills the up link again.
i believe something to do with the Intrusion Detections.

Hi Guys,
is there is away to start the openvpn daemon without have to reboot the firewall ?
i keep click on Play but it won't start.

thank you

Hi Guys,
i've configured web proxy on a hardware with 120SSD disk,
almost every website i am trying to open it pop's up with the warning.
is the below error a cashing error or a proxy bug ?

Code Select Expand

The following error was encountered while trying to retrieve the URL: http://www.domain.com

Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is webmaster.

Hi Guys,
i have lost the netflow Explorer after my hardware reinstalled .
https://docs.opnsense.org/manual/how-tos/netflow_exporter.html
my hardware is a A10
is it some kind of plug in that need to be installed ?

Hi Guys,
is it possible to create a trusted certificate with the firewall FQDN on it ?
so when the users go to the http://FQDN or https://FQDN will be secure signed.

thank you

Hi Guys,
we got a lot of chines, Russian Deny attempt in the firewall.
i want to block those attempt .
i found this tutorial https://docs.opnsense.org/manual/how-tos/ips-geoip.html
the issue i have now is the firewall doesn't have a HDD but a 64GB SD.
is this even still possible or the IP GEOIP need right to writ to the SD which is not possible with SD ?
thank you