Topics

16

19.7 Legacy Series / High memory utilization since upgrade to 19.7

« on: July 23, 2019, 08:39:30 am »

Since I upgraded to 19.7, my machine shows a very high memory utilization (85-95%). Machine has 8GB.
Not being a FreeBSD specialist, how can I check which component utilizes most memory?

thanks, Till

17

19.7 Legacy Series / os-wireguard-devel -> os-wireguard

« on: July 19, 2019, 05:56:23 pm »

After upgrading to 19.7, there now is a package os-wireguard.
Can I uninstall os-wireguard-devel and then install os-wireguard? Will it retain my settings?
I was kind of expecting that the upgrade would automatically replace the devel package with the released package.
thanks, Till

18

19.1 Legacy Series / PPPoE doesn't reconnect when parent interface goes down/up

« on: July 19, 2019, 05:36:41 pm »

I have the issue that my DSL modem currently hangs occasionally. Restarting the modem solves that. However the PPPoE client terminates then and doesn't reconnect when the modem is back up. I have to bounce the firewall as well which is annoying. Can that be solved somehow?
thanks!

19

19.7 Legacy Series / PPPOE over Vigor 165 dies regularly, how to debug?

« on: June 30, 2019, 12:30:40 pm »

Hi *.*,

I need some advise how to debug a braking pppoe internet connection (Telekom BNG VDSL2).
Setup is as follows:
Vigor 165 as modem with pppoe passthrough.
OPNSense tags interface em1 with VLAN7.
PPPOE sit on top of em1_VLAN7.

I had the same setup running for a while with a Vigor 130 without problems.
Now with a Vigor 165, the connection breaks sometimes ones a day and sometimes after a few days.
I don't see any indicator for that. The pppoe log indicates connection attempts without success.
The Vigor modem indicates that DSL connection is up.
I don't see anything on the vigor that let's me troubleshoot any layer on top of that.
Does anyone have a similar setup? Any hints what to look for?

The procedure to get it back up and running currently is to restart both, the modem and the firewall.
thanks a lot for any hint, Till

20

19.1 Legacy Series / Need help with wireguard basic setup

« on: June 15, 2019, 06:40:59 pm »

Can anyone point me towards the right direction with my wireguard setup please?
I have configured OPNSense as a server for roadwarriors:
listen port 51820
tunnel address: 10.2.249.1/24

Created a peer on IOS:
interface: 10.2.249.2/32
peer config: <opnsense:51820>
inserted pub key from OPNsense server

Added the peer as endpoint in OPNsense:
Tunnel address: 10.2.249.2/32
inserted the created pub key from IOS endpoint

added this endpoint as peer in the servers local peers list.

Added a firewall rule to allow udp/51820 inbound to firewall from any
Added a firewall rule to the wireguard interface to allow 10.2.249.2 -> any

Result:
When I enable the tunnel on IOS, it turns green and says connected.
No packet crosses the tunnel though.
When I "tcpdump -n udp port 51820" on opnsense, I see no packet. Why would the tunnel turn green then?
I am stuck here. Either I miss a fundamental piece of the concept or... No idea.
Handshakes also shows "0", so it doesn't look like much happened.
Anyone who could give me a push forward?
thanks so much!

21

19.1 Legacy Series / Live View filter IPv6

« on: June 06, 2019, 10:29:03 pm »

Does anyone have a smart way of filtering the Live view for IPv6 traffic only (UDP,TCP,ICMP v6)?
thanks, Till

22

German - Deutsch / Magenta TV & IGMP proxy

« on: April 07, 2019, 01:10:14 pm »

Hallo zusammen,
es gibt ja so einige Beiträge zum Thema MagentaTV hinter OPNSense aber die meisten scheinen mir etwas älter zu sein. Gibt es jemanden der das aktuell am Laufen hat und mir kurz zusammen schreiben möchte wie ich das konfigurieren muss?
Ziel ist es das als Modem ein Vigor130 oder 165 zum Einsatz kommt  und dahinter direkt die OPNSense. Gerne lege ich den IPTV Receiver auf ein separates LAN Interface falls das Sinn macht.
Offene Fragen:
IGMPProxy - welche Netze muss ich upstream eintragen damit das funktioniert?
Welche Firewall Regeln ohne das ich da Riesenlöcher aufreiße.

Vielen Dank im Vorraus, Till

23

Web Proxy Filtering and Caching / Squid access log over syslog

« on: April 23, 2018, 06:13:43 pm »

Trying to make squid logging over syslog.
There is a config in the UI to switch on syslog for squid.
I added a remote syslog server in the system settings.
Still not seeing any access logs remotely.
Does any of these config options:

Code: [Select]

System events
 Firewall events
 DHCP service events
 DNS service events
 Mail service events
 Portal Auth events
 VPN (PPTP, IPsec, OpenVPN) events
 Gateway Monitor events
 Server Load Balancer events
 Wireless eventneed to be activated? Nothing looks like proxy.
I enabled system events to validate the remote logging works at all and it does.
Any hints?
thanks, Till

24

18.1 Legacy Series / Logging view

« on: February 14, 2018, 05:14:56 pm »

Hi all,
hopefully I am not blind, but I just updated a firewall to latest 18 release after I haven't touched it for months (good sign, it was just silently working). Now I wanted to check something from the firewall log and I am missing a structured view. My "Log Files"  menu  entry just shows Live view, Overview and plain view. Wasn't there a log view where I can filter by address, port and such before?
Is that a feature or a bug?
thanks! 

25

17.7 Legacy Series / Create a certificate from CSR?

« on: December 12, 2017, 09:21:03 am »

Hi,

can I use OPNsense internal CA to generate certificates from existing CSR?
In the web UI I only see the options to create/import certificate or to generate CSR.

thanks!

26

17.1 Legacy Series / IPTV & VLAN & bridge?

« on: June 12, 2017, 10:45:53 am »

Hello,

I need someone who could brainstorm an idea with me.
I have recently applied for DT Entertain TV (IPTV in Germany) and realised that this is not as easy in my network as I thought. I run a Fritzbox as DSL modem/router and OPNsense as a firewall behind it.
The LAN itself is on a managed Unifi switch.
Trying to get the IPTV across the OPNsense using the IGMPproxy didn't really bring the desired results (stream is jerky and breaks).
Here is my idea, can I do the following?

Define a VLAN 2 on LAN for the mediareceiver.
Bridge WAN to VLAN2 to circumvent the firewall for the mediareceiver.
So all other traffic is firewalled, only the mediareceiver is bridged to WAN. Is that possible?

Unfortunately I cannot directly plug the mediareceiver into the fritzbox for physical reasons.

thanks for feedback, Till