Messages

pfsense or OPNsense?
You might be on the wrong forum.

Do you have a static ip set on the tablet or any other lan client?
Does an arp scan show a matching ip setup (according to dhcp range)?

This behavior in my box appeard only after multiwan, at least that's when I noticed it. Might be normal, I think the GUI is waiting for modules to load, for data collection to be performed.

I did noticed a slowdown, but not this big, after i set up multi wan. Do you happen to have multiwan?

In my setup, at first, right after a reboot for example, the GUI fully loads, before all modules/services load. While these still load, refreshing the GUI takes about 10-15 secs to load. Then, when all services fully loaded, the GUI refreshes instantly every time.

Maybe you could give it a chance...
At first i didn't like it either, i couldn't even find a distro without some sorts of problems. But then i settled with Ubuntu Server without a GUI (not the Desktop version with a GUI, which i think sucks). I don't need an interface, most of the servers i run on it don't need one. It's much more stable like this. Sure.. they crash sometimes from even sneezing near them (or feels like it), but i backup everything. For low power boxes, it's a great choice in the end. Just saying that it deserves a second chance :)

The only way the ISP could be hijacking the requests is if the requests are actually going out over the WAN gateway rather than the VPN gateway, which is pretty much the whole problem.  I can't seem to get unbound configured to forward the DNS requests it can't answer over the VPN gateway, it only seems to work when it's sending them over the WAN gateway.

I've switched the DNS from Google to the new 1.1.1.1, which actually seems slightly faster from here.  However, I'm still not happy that they are going out over the WAN interface as my ISP could easily see and hijack them like you say elektroinside.

Exactly, which means that the originating query might not be going through the tunnel, eg. the client is ignoring the config set by the server and not directing all the traffic over the tunnel. In this particular case, neither the OpenVPN server or Unbound is the cause of the leak.

Yeah, that might take a while. Thanks!

Yeah, and in my case it's the only way to avoid reinstalling 17.5 first, then upgrade, if i want a "clean & fresh" install.

1-2 months? Wow.. what did you tweak?

No leaks here, not one. This is true when performing the test from the LAN or from the OpenVPN client.

I do have forwarding enabled, but i forward to either OpenDNS or Quad9. Right now I'm using Quad9 with dnnsec.

But I use an internal DNS as main DNS server. That uses as upstream dns the OPNsense's Unbound, and that forwards to Quad9.

Maybe your ISP is hijacking your requests, it's not unheard of, actually it's quite common.

I've been running 2 different OpenVPN servers on 2 different OPNsense deployments in 2 different cities without any issues (road warrior setup). Stable, not a single disconnect, hardened firewall rules.

That's all i can say about my OpenVPN servers.

To keep the thread updated, mimugmail & Franco, I have uploaded a fresh new set of logs & dump file on the google drive. I personally don't see anything helpful in them. Console doesn't helps either (please check the video).

Also, as pointed out before, the single option which crashes the system if wan1 goes down in way or another is "Use shared forwarding between packet filter, traffic shaper and captive portal".

@elektroinside there will probably be a Nextcloud backup feature in the near future so you can just upload the config files automatically.

That's very nice.

What is disappointing is that Macrium fails (at the moment)... didn't expect that, it never failed on me, with anything.

Thanks dcol for the report!

@noname12123, first you need to chill, if you want to work together with other people, this world is too fast already.

I would suggest you, since It happen to like your theme, to apologize for your actions, then work it out with franco. If theme is according to coding guidelines, there most probably should not be an issue for merge.

Pointing fingers to forum members will not be good.  You also need to understand developers priorities..themes are nice to have, but stability comes first.

I wish you, to find the way for your theme to make it to opnsense...but remember nice attitude is the way to go in life.

Well said.

You're welcome. Go ahead, although, just as a side note, in very secured setups, all (except the very minimum) TCP/IP processed stuff are disabled, including IGMP. And also worth mentioning that older OSs are vulnerable (regarding IGMP) but patches are available :)