Messages

Hi,

I'm trying to connect a SonicWALL router with IPSEC to my new OPNsense 18.7.6 A10 appliance.

Internet is fiber from Xs4all, pppoe.

IPSEC log:
Nov 2 21:42:44 charon: 11[NET] <con2|22> sending packet: from a.a.a.a[500] to b.b.b.b[500] (80 bytes)
Nov 2 21:42:44 charon: 11[ENC] <con2|22> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Nov 2 21:42:44 charon: 11[IKE] <con2|22> no shared key found for '%any' - 'www.bbbb.nl'
Nov 2 21:42:44 charon: 11[CFG] <con2|22> selected peer config 'con2'
Nov 2 21:42:44 charon: 11[CFG] <22> looking for peer configs matching a.a.a.a[%any]...b.b.b.b[www.bbbb.nl]
Nov 2 21:42:44 charon: 11[ENC] <22> parsed IKE_AUTH request 1 [ IDi CERTREQ AUTH SA TSi TSr N(INIT_CONTACT) ]
Nov 2 21:42:44 charon: 11[NET] <22> received packet: from b.b.b.b[500] to a.a.a.a[500] (240 bytes)
Nov 2 21:42:44 charon: 11[NET] <22> sending packet: from a.a.a.a[500] to b.b.b.b[500] (440 bytes)
Nov 2 21:42:44 charon: 11[ENC] <22> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Nov 2 21:42:44 charon: 11[IKE] <22> b.b.b.b is initiating an IKE_SA
Nov 2 21:42:44 charon: 11[ENC] <22> received unknown vendor ID: 2a:67:75:d0:ad:2a:a7:88:7c:33:fe:1d:68:ba:f3:08:96:6f:00:01
Nov 2 21:42:44 charon: 11[ENC] <22> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V ]
Nov 2 21:42:44 charon: 11[NET] <22> received packet: from b.b.b.b[500] to a.a.a.a[500] (444 bytes)

I copied the settings from my old pfSense router, but here the tunnel will not get up.

I have added the 3 WAN rules and 1 IPSEC to LAN rule, and applied these.

Anyone an idea?

Thanks!

Thanks, did not know the name. In my previous router, SonicWALL, it was called transparent subnet.

Hi,

Can I forward 1 external ip from my routed subnet to another router?

Kind regards,
Ray

Hi,

I have setup configuration backup on Google Drive. If I press save it backups to Google Drive fine.

I'm wondering if I can save the backups on a daily basis automatically. If yes, how?

Thanks,
Ray

Thanks!

Hi Fabian,

Thanks for your reply, sounds logical. However, your write should be able.

I'm wondering if anyone has done this before. If this don't work we can't use this. If we use the virtual ips, we (of course) would need to be able to nat these ip addresses.

Kind regards,
Ray

Hi,

We currently have a SonicWALL in our data center which we are looking to replace with an Opnsense appliance.

On the WAN interface of the SonicWALL we have 2 /26 (64 ip addresses).

So, I would like to know if we can configure the Opnsense appliance with for example
5.5.5.1 /26
5.5.6.1 /26

Of course we would need to be able to use NAT on all of these addresses and so on.

Looking forward for a reply, thanks!

Kind regards,
Ray

Hi Franco,

This works fine now. I have tried with Typology on and off.

Thanks, great!!

@fraenki: It's unchecked. I followed this guide: https://docs.opnsense.org/manual/how-tos/sslvpn_client.html.
If I read correct (here: https://community.openvpn.net/openvpn/wiki/Topology), I should enable this, right?

@franco: If I try this, I get the following messages:
root@OPNsense:~ # pkg install -f https://pkg.opnsense.org/snapshots/openvpn-2.3.14_1.txz
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
pkg: No packages available to install matching 'https://pkg.opnsense.org/snapshots/openvpn-2.3.14_1.txz'; have been found in the repositories.

I did unlock Openvpn before I tried this. Also rechecked the currect package version, which is 2.3.13_1.

In System/firmware/settings I have both on Default.


Kind regards,
Ray

Thank you, great!

Hi Franco,

I tried to install OpenVPN 2.3.13 with the command you wrote, did not work. I don't recall the exact error, but when I entered the line, it took about 10 minutes and then it said something like: No package created, or no package available... (also pkg update takes long time and does nothing).

For the old version, I installed and updated this appliance on November 7th. According to the releases it should have been 16.7.7.

I now have downgraded with usb stick to 16.7 (.1?). Everything seems to work ok now.

Is it possible to upgrade to 16.7.7, which I know works? I can't do it from the webinterface, which would bring me back to 16.7.11 and (maybe) broken OpenVPN...

Edit: I seem to have a solution now. As you can read above this, I downgraded to 16.7 release. I then locked the OpenVPN package and upgraded to 16.7.11. After reboot OpenVPN (2.3.11) would not start, so I updated OpenVPN to 2.3.13. After this, also OpenVPN would start AND I can connect now! Finally I locked the OpenVPN package again.


Thanks,
Ray

Hi Franco,

The appliance is an A10 Quad Core with SSD with OpenSSL.

Actually, I have the same problem with 2 different clients, both A10/OpenSSL.

When I reboot the appliance, I can connect with OpenVPN, but just for 15-30 seconds, then it stops working...

Also, I tried to update to v17, but all shell commands seem to fail, even a pkg update fails...

I now go to my client, to downgrade to 16.7 with memstick, and then I don't upgrade the appliance, which I now should work.


Edit: I tried switching 1 of the appliances to LibreSSL, but same problem.

Edit2: I downgraded 1 of the clients with memstick to 16.7. Restored configuration, OpenVPN worked instantly.

Hi,

I just upgraded to 16.7.11, my openvpn client cannot connect anymore. Before upgrade was fine, now it stays on connecting.

Server log:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

The firewall rules on wan and openvpn are there, and again, was working fine.

Any ideas?

Downgrade to previous version?

Kind regards,
Ray

I'll call tomorrow then. Thank you!

Hi,

Just had a new A10QC SSD appliance.

My WAN PPPOE connection to Xs4all drops frequently (3 - 4 times in the evening). The connection comes back up in a couple of minutes. TV continues to work.

I have a Xs4all fiber connection and followed this guide to set it up:
http://blog.firewallonline.nl/how-to-en-tutorials/xs4all-glasvezel-internet-iptv-op-pfsense-opnsense/

I did have OPNsense before on a computer with a SuperMicro board in it, and my connection never dropped before.

In the log I find this, which might be related?

Oct 4 22:53:29   opnsense: /widgets/api/get.php: The command `/usr/local/sbin/ifinfo 'pppoe1'' failed to execute
Oct 4 22:53:28   opnsense: /widgets/api/get.php: The command `/sbin/ifconfig 'pppoe1'' failed to execute
Oct 4 22:53:27   opnsense: /index.php: The command `/usr/local/sbin/ifinfo 'pppoe1'' failed to execute
Oct 4 22:53:27   opnsense: /index.php: The command `/sbin/ifconfig 'pppoe1'' failed to execute

Oct 4 22:51:59   opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface opt2
Oct 4 22:51:59   opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for opt2
Oct 4 22:51:59   configd.py: [0663a837-9193-4ea0-ae80-a856dded3adf] Linkup starting em1_vlan4
Oct 4 22:51:59   devd: Executing '/usr/local/opnsense/service/configd_ctl.py interface linkup start em1_vlan4'
Oct 4 22:51:58   configd.py: [64090e03-9389-447f-ac17-da150e4433cd] updating dyndns opt2

Does anyone have an idea what might be wrong?

Kind regards,
Ray