Messages

121

24.1 Legacy Series / Re: 24.1.1 NTOPNG and REDIS no longer working

« on: March 09, 2024, 09:38:04 am »

The first one is the template, picking the vlues from gui and creates the second one

122

24.1 Legacy Series / Re: OSPF weird behaviour

« on: March 08, 2024, 08:15:28 am »

Yes, looked like a routing loop which get's fixed with different costs.

123

24.1 Legacy Series / Re: Zabbix Proxy 1.9.2

« on: March 08, 2024, 08:14:20 am »

Yes, due to some reason in this version server and proxy needed to be exactly same version, I'm guessing a bug in zabbix, not OPNsense plugin

124

Virtual private networks / Re: OpenVPN Advanced Options

« on: March 08, 2024, 08:10:59 am »

Yes, a feature request filed in github with using the template is best

125

German - Deutsch / Re: Großes OpenVPN-log-file

« on: March 08, 2024, 08:10:02 am »

Der Logauszug ist dafür nicht verantwortlich, du müsstest auf der Console ein grep -v machen um das auszuklammern. Was unendlich viel Logs produzieren kann, ist, wenn ein Clientzertifikat abgelaufen ist und trotzdem dauernd connecten mag

126

German - Deutsch / Re: Ich bekomme Suricata nicht ans laufen

« on: March 08, 2024, 08:08:19 am »

24.1.3 sollte das fixen ...

127

Virtual private networks / Re: IPSec Connections and HA (High Availability) Problems

« on: March 08, 2024, 08:07:45 am »

Yes, if you see port 4500 there's NAT involved, many times the reason is that you set "any" as the source and not internal networks, thus this will get your local initiiated packets beeing natted.

128

General Discussion / Re: Stuck on OPNWAF

« on: March 05, 2024, 08:47:16 am »

The second rule does not have Quick Match (yellow lightning) so it only matches if no other rule after it matched

129

High availability / Re: Not all virtual IPs in moving to Master node in a 2 node cluster

« on: March 01, 2024, 06:49:27 pm »

Pew pew

130

High availability / Re: Not all virtual IPs in moving to Master node in a 2 node cluster

« on: February 29, 2024, 07:47:40 am »

Vlan1 would be your LAN port having an IP.

131

Virtual private networks / Re: OpenSSL: error:0308010C:digital envelope routines::unsupported:Global default li

« on: February 29, 2024, 07:45:27 am »

Best is to:

- Update OPNsense to latest version
- Set the config of OpenVPN server to best practice (opnsense docs)
- Recreate certficates for the users (no p12)
- Export new profiles
- Install latest OpenVPN on the clients https://openvpn.net/community-downloads/
- Import profile and enjoy

132

High availability / Re: opnsense 24.1.1 ha carp works, but a one interface of the backup node is master

« on: February 29, 2024, 07:41:12 am »

A stupid switch can still drop multicast packets or handle them different (or intelligent).
Thats why you need to disable igmp snooping to get this done, maybe your stupid switch does this out of the box.

You only can be save to interconnect both OPN devices in a maintenance window and check back and forth.

133

24.1 Legacy Series / Re: 24.1.1 NTOPNG and REDIS no longer working

« on: February 29, 2024, 07:35:58 am »

I did a fresh install on a clean system, latest updates, just installed redis, NO changes (also no listen oder password), on enabled and it works.

Interface : Diagnostics : Netstat : Sockets -> search for 6379 lists the open port with command redis-serv

134

High availability / Re: Not all virtual IPs in moving to Master node in a 2 node cluster

« on: February 28, 2024, 06:16:29 pm »

Please enable it

135

High availability / Re: Not all virtual IPs in moving to Master node in a 2 node cluster

« on: February 28, 2024, 02:53:04 pm »

There are too many interface resets, can you disable spanning tree portfast on the port so it comes up faster? Maybe also think about replacing realtek nic's, they behave really sloppy.