OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Rayman »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Rayman

Pages: 1 [2] 3
16
18.7 Legacy Series / Replaced pfSense for OPNsense, IPSEC will not connect (to SonicWALL router)
« on: November 02, 2018, 09:50:39 pm »
Hi,

I'm trying to connect a SonicWALL router with IPSEC to my new OPNsense 18.7.6 A10 appliance.

Internet is fiber from Xs4all, pppoe.

IPSEC log:
Nov 2 21:42:44 charon: 11[NET] <con2|22> sending packet: from a.a.a.a[500] to b.b.b.b[500] (80 bytes)
Nov 2 21:42:44 charon: 11[ENC] <con2|22> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Nov 2 21:42:44 charon: 11[IKE] <con2|22> no shared key found for '%any' - 'www.bbbb.nl'
Nov 2 21:42:44 charon: 11[CFG] <con2|22> selected peer config 'con2'
Nov 2 21:42:44 charon: 11[CFG] <22> looking for peer configs matching a.a.a.a[%any]...b.b.b.b[www.bbbb.nl]
Nov 2 21:42:44 charon: 11[ENC] <22> parsed IKE_AUTH request 1 [ IDi CERTREQ AUTH SA TSi TSr N(INIT_CONTACT) ]
Nov 2 21:42:44 charon: 11[NET] <22> received packet: from b.b.b.b[500] to a.a.a.a[500] (240 bytes)
Nov 2 21:42:44 charon: 11[NET] <22> sending packet: from a.a.a.a[500] to b.b.b.b[500] (440 bytes)
Nov 2 21:42:44 charon: 11[ENC] <22> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Nov 2 21:42:44 charon: 11[IKE] <22> b.b.b.b is initiating an IKE_SA
Nov 2 21:42:44 charon: 11[ENC] <22> received unknown vendor ID: 2a:67:75:d0:ad:2a:a7:88:7c:33:fe:1d:68:ba:f3:08:96:6f:00:01
Nov 2 21:42:44 charon: 11[ENC] <22> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V ]
Nov 2 21:42:44 charon: 11[NET] <22> received packet: from b.b.b.b[500] to a.a.a.a[500] (444 bytes)

I copied the settings from my old pfSense router, but here the tunnel will not get up.

I have added the 3 WAN rules and 1 IPSEC to LAN rule, and applied these.

Anyone an idea?

Thanks!

17
18.7 Legacy Series / Re: External ip from routed subnet to another router
« on: June 21, 2018, 06:44:56 pm »
Thanks, did not know the name. In my previous router, SonicWALL, it was called transparent subnet.


18
18.7 Legacy Series / External ip from routed subnet to another router
« on: June 21, 2018, 05:31:51 pm »
Hi,

Can I forward 1 external ip from my routed subnet to another router?

Kind regards,
Ray

19
17.7 Legacy Series / Daily backup configuration on Google Drive
« on: August 16, 2017, 08:27:42 pm »
Hi,

I have setup configuration backup on Google Drive. If I press save it backups to Google Drive fine.

I'm wondering if I can save the backups on a daily basis automatically. If yes, how?

Thanks,
Ray

20
17.7 Legacy Series / Re: 2 subnets of 64 ip addresses on a single wan interface
« on: August 15, 2017, 07:22:38 pm »
Thanks!

21
17.7 Legacy Series / Re: 2 subnets of 64 ip addresses on a single wan interface
« on: August 15, 2017, 04:03:44 pm »
Hi Fabian,

Thanks for your reply, sounds logical. However, your write should be able.

I'm wondering if anyone has done this before. If this don't work we can't use this. If we use the virtual ips, we (of course) would need to be able to nat these ip addresses.

Kind regards,
Ray

22
17.7 Legacy Series / 2 subnets of 64 ip addresses on a single wan interface
« on: August 15, 2017, 12:30:26 pm »
Hi,

We currently have a SonicWALL in our data center which we are looking to replace with an Opnsense appliance.

On the WAN interface of the SonicWALL we have 2 /26 (64 ip addresses).

So, I would like to know if we can configure the Opnsense appliance with for example
5.5.5.1 /26
5.5.6.1 /26

Of course we would need to be able to use NAT on all of these addresses and so on.

Looking forward for a reply, thanks!

Kind regards,
Ray

23
16.7 Legacy Series / Re: After upgrde to 16.7.11 OpenVPN clients cannot connect anymore
« on: December 21, 2016, 10:47:41 pm »
Hi Franco,

This works fine now. I have tried with Typology on and off.

Thanks, great!!

24
16.7 Legacy Series / Re: After upgrde to 16.7.11 OpenVPN clients cannot connect anymore
« on: December 21, 2016, 09:48:36 pm »
@fraenki: It's unchecked. I followed this guide: https://docs.opnsense.org/manual/how-tos/sslvpn_client.html.
If I read correct (here: https://community.openvpn.net/openvpn/wiki/Topology), I should enable this, right?

@franco: If I try this, I get the following messages:
root@OPNsense:~ # pkg install -f https://pkg.opnsense.org/snapshots/openvpn-2.3.14_1.txz
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
pkg: No packages available to install matching 'https://pkg.opnsense.org/snapshots/openvpn-2.3.14_1.txz' have been found in the repositories.

I did unlock Openvpn before I tried this. Also rechecked the currect package version, which is 2.3.13_1.

In System/firmware/settings I have both on Default.


Kind regards,
Ray



25
16.7 Legacy Series / Re: After upgrde to 16.7.11 OpenVPN clients cannot connect anymore
« on: December 21, 2016, 11:38:52 am »
Thank you, great!

26
16.7 Legacy Series / Re: After upgrde to 16.7.11 OpenVPN clients cannot connect anymore
« on: December 20, 2016, 03:00:29 pm »
Hi Franco,

I tried to install OpenVPN 2.3.13 with the command you wrote, did not work. I don't recall the exact error, but when I entered the line, it took about 10 minutes and then it said something like: No package created, or no package available... (also pkg update takes long time and does nothing).

For the old version, I installed and updated this appliance on November 7th. According to the releases it should have been 16.7.7.

I now have downgraded with usb stick to 16.7 (.1?). Everything seems to work ok now.

Is it possible to upgrade to 16.7.7, which I know works? I can't do it from the webinterface, which would bring me back to 16.7.11 and (maybe) broken OpenVPN...

Edit: I seem to have a solution now. As you can read above this, I downgraded to 16.7 release. I then locked the OpenVPN package and upgraded to 16.7.11. After reboot OpenVPN (2.3.11) would not start, so I updated OpenVPN to 2.3.13. After this, also OpenVPN would start AND I can connect now! Finally I locked the OpenVPN package again.


Thanks,
Ray

27
16.7 Legacy Series / Re: After upgrde to 16.7.11 OpenVPN clients cannot connect anymore
« on: December 18, 2016, 12:08:50 pm »
Hi Franco,

The appliance is an A10 Quad Core with SSD with OpenSSL.

Actually, I have the same problem with 2 different clients, both A10/OpenSSL.

When I reboot the appliance, I can connect with OpenVPN, but just for 15-30 seconds, then it stops working...

Also, I tried to update to v17, but all shell commands seem to fail, even a pkg update fails...

I now go to my client, to downgrade to 16.7 with memstick, and then I don't upgrade the appliance, which I now should work.


Edit: I tried switching 1 of the appliances to LibreSSL, but same problem.

Edit2: I downgraded 1 of the clients with memstick to 16.7. Restored configuration, OpenVPN worked instantly.

28
16.7 Legacy Series / After upgrde to 16.7.11 OpenVPN clients cannot connect anymore
« on: December 17, 2016, 02:13:10 pm »
Hi,

I just upgraded to 16.7.11, my openvpn client cannot connect anymore. Before upgrade was fine, now it stays on connecting.

Server log:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

The firewall rules on wan and openvpn are there, and again, was working fine.

Any ideas?

Downgrade to previous version?

Kind regards,
Ray

29
16.7 Legacy Series / Re: With new A10QC SSD appliance WAN connection dropping frequently
« on: October 05, 2016, 11:24:32 am »
I'll call tomorrow then. Thank you!


30
16.7 Legacy Series / With new A10QC SSD appliance WAN connection dropping frequently
« on: October 05, 2016, 10:01:57 am »
Hi,

Just had a new A10QC SSD appliance.

My WAN PPPOE connection to Xs4all drops frequently (3 - 4 times in the evening). The connection comes back up in a couple of minutes. TV continues to work.

I have a Xs4all fiber connection and followed this guide to set it up:
http://blog.firewallonline.nl/how-to-en-tutorials/xs4all-glasvezel-internet-iptv-op-pfsense-opnsense/

I did have OPNsense before on a computer with a SuperMicro board in it, and my connection never dropped before.

In the log I find this, which might be related?

Oct 4 22:53:29   opnsense: /widgets/api/get.php: The command `/usr/local/sbin/ifinfo 'pppoe1'' failed to execute
Oct 4 22:53:28   opnsense: /widgets/api/get.php: The command `/sbin/ifconfig 'pppoe1'' failed to execute
Oct 4 22:53:27   opnsense: /index.php: The command `/usr/local/sbin/ifinfo 'pppoe1'' failed to execute
Oct 4 22:53:27   opnsense: /index.php: The command `/sbin/ifconfig 'pppoe1'' failed to execute

Oct 4 22:51:59   opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface opt2
Oct 4 22:51:59   opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for opt2
Oct 4 22:51:59   configd.py: [0663a837-9193-4ea0-ae80-a856dded3adf] Linkup starting em1_vlan4
Oct 4 22:51:59   devd: Executing '/usr/local/opnsense/service/configd_ctl.py interface linkup start em1_vlan4'
Oct 4 22:51:58   configd.py: [64090e03-9389-447f-ac17-da150e4433cd] updating dyndns opt2

Does anyone have an idea what might be wrong?

Kind regards,
Ray

Pages: 1 [2] 3
OPNsense is an OSS project © Deciso B.V. 2015 - 2020 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2