Topics

This update has broken my VPN / Virtual Gateway connections.

How do i revert back to 16.7.9 please

seeing this in the log
configd.py: unable to sendback response [OK ] for [filter][reload][None] {e4d2f24c-3fe2-4951-9d29-1633b9dc70f1}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pip

In the UPNP settings for Interfaces, there is no option to select the OpenVPN Client Gateway.

I have three VPN interfaces defined and a gateway for interface down.

I can't use UPNP with plex unless the VPN Gateway is included.

I have two LAN segments green and blue.
WAN is connected via OpenVPN.
I have a work laptop which i want to bypass the VPN and go over normal WAN.

If i set on Firewall-Rule on
Interface Green0
Proto Any
Source mylaptop
destination Any
Gateway Red0_DHCP

it is working.

if i try to make this rule as a floating rule

Interface Green0, Blue0
Proto Any
Direction (tried both out and in)
Source  mylaptop
Destination Any
Gateway Red0_dhcp

It continues to route via OpenVPN and not the Red interface.

This is also true for a DNS rule.
I have to make a separate DNS rule on the green and blue interface
Proto TCP/UDP
Source Any
Port Any
Destination Any
Port 53
Gateway *
This is working.

If i make a floating rule.
The services that use the openVPN work, but mylaptop doesn't resolve DNS names.

I have a single sip phone and have set the NAT rules up.

Connections work and outgoing/incoming calls work, however are talking for sometime the call drops.

i see on pfsense forums that they say the default UDP timeout is too aggressive for sip and needs to be increased.
it that true for opnsense as well? if so, where do we do it?

after some struggles, i managed to get opnsense setup so that it connects to 3 separate locations of my VPN provider and routes that traffic from two separate lan segments via the vpn. the vpn balancing based on packet loss and latency seems to work as i verified that provider point changes throughout the day.

i have a work laptop which connects via a vpn client on the laptop. obviously i don't need to route this via my home vpn.

can someone advise how i set this up to exclude the client which could potentially connect via either of the two lan segments.

gracias

Does anyone know if http://www.fwbuilder.org is compatible with opnsense 16.7 such that the firewall rules can be built off line and trasnferred by ssh?

Hi All,
Just played with IPFire and concluded it is not user friendly enough for me.
Have decided to go for opnsense as it looks easier to get the important aspects up and running for me.

two areas, where i failed with ipfire and need assistance with please.

I have two internal nets green and blue (contains media and game systems connecting to internet)
green 192.168.2.x
blue 192.168.3.x

I setup under ipfire an OpenVPN client and had some problems
- it needs multiple vpn client locations to round robin in case the first one fails
- no notifications, etc if the vpn can't be established
- routing would only work if i routed 192.168.0.0 if i tried the two individual nets, it didn't work.
- when i routed 192.168.0.0, everything worked expect for gigaset phone....
  i could only get the directory to connect but no voice channel.
- i have a work laptop that can go on either network (both have WAPs connected). It has it's own VPN and therefore does not need to be routed over the firewall vpn. (i guess that could be the solution for the SIP phone as well, but would prefer the SIP phone over an encrypted connection out of country.

i basically followed this guide on https://www.ovpn.se/en/guides/ipfire/ for setting up the vpn client.

can someone give a newbie pointers please on;
- setup vpn client with round robin i.e. 4 or 5 alternates
- setup notifications if vpn is down
- setup split vpn routing based on mac addr and/or ip addr
- setup sip client to work over the vpn and the non-vpn with vpn is down.

muchas gracias