Messages

Maurice,
you are right, sorry.

Stefan

I'm in the same boat now.
Telekom switched us from ISDN to SIP-Trunk last Monday.
Fons are dead since then :(
DSL connection works, I have internet access.
Problem is DNS resolution of Telekom's Outbound Proxy and SIP Registrar.
reg.sip-trunk.telekom.de and sip-trunk.telekom.de are unknown.
I let the PPP override the OPNsense DNS-Servers on login.
"Allow DNS server list to be overridden by DHCP/PPP on WAN"
That doesn't help. Even with no DNS-Server configured in OPNsense internet access works but it cannot resolve the two SIP related hosts. So OPNsense seems to have received a DNS-Server on PPP connect.

Does anyone have a "working" DNS server address for this setup?

Regards
  Stefan

Problem solved by my ISP.

Thanks everyone

This is what Nmap says:
nmap -T4 -A -v 192.168.0.45

Result (excerpt):
646/tcp open  tcpwrapped
Device type: specialized
Running: AVtech embedded
OS details: AVtech Room Alert 26W environmental monitor
Network Distance: 3 hops

Seems it is definitely somewhere outside our company. We never used such a device.

I have now set up a rule to block that traffic. Works.

Thanks!

You could file a ticket with your ISP on that as it sounds like it's a mistake on their side and something that probably shouldn't be there.

I just did that - they have no idea what is happening...

Maurice, are you a customer of Deutsche Telekom?
If not, how come you were able to reproduce?

BTW:
Right now 192.168.0.48 is not existing but 192.168.0.45 is.
Weird

Maurice,
I always thought private networks (RFC 1918) should never be routed to public networks (which my WAN is).
I'm I wrong?

I did not see traffic to/from this address. I just did a IP scan on my local network using netscan.exe by SoftPerfect.

Stefan

Hm, tracert looks strange to me.

C:\>tracert 192.168.0.45
Routenverfolgung zu 192.168.0.45 über maximal 30 Hops
  1    <1 ms    <1 ms    <1 ms  172.16.30.1
  2    18 ms    18 ms    17 ms  217.5.98.15
  3    18 ms    20 ms    18 ms  192.168.0.45

172.16.30.1 is the Firewall's LAN interface.
217.5.98.15 is an external IP address assigned to my internet provider.
The firewall's WAN IP is 217.86.xxx.xxx

So the question is: Why is a ping to a local network address sent over WAN?

Stefan

I just found an unknown IP (192.168.0.45) in our network. It replies to a ping and looking at the reply with Wireshark the answer originates from the LAN interface of our OPNsense firewall. We never used 192.168.x.x here at the company, so I'm quite sure I did not configure it somewhere. And looking through the firewall's config I don't find any place where this is set.

Clueless here, anyone with an idea?

Stefan

Edit (fabian): Mark as solved

Thanks Fabian!

To be honest, I have never before used the Web Proxy. At a first glance I think I have to learn a lot of the basics first before I can use it. Will take some time...

Thanks anyways
  Stefan

According to this

http://borncity.com/win/2017/08/07/us-cert-warns-microsoft-windows-lnk-vulnerability/

we should block outgoing SMB and WEBDAV traffic to close some attack vectors which can be used by the vulnerability.

How to block WEBDAV in OPNsense?

Stefan

Thanks Franco.

So 16.7.14 does not have any known security flaws?
In that case I will wait.

Stefan

With 17.1.2 now out what is the common sense about upgrading from 16.7.14?
Production systems on Deciso hardware (OPN20077R-EUPC3-S2YN).
Any known risks still lurking?

Is 16.7.14 still safe? Or are there known security issues?

Best regards
  Stefan

OK, I just asked two of my colleagues to log into the wireless LAN again.
With the same devices they used before when vouchers were existing.
Both could log in and connect to sites on the internet.
In OPNsense there are no vouchers visible. All deleted.
But: The vouchers my colleagues initially used to log in had a lifetime of two weeks. So these vouchers would still be valid if I had not "trashed" them.

Regards
  StP

Yes, in our tests we did cut the connection by disabling the WIFI of the phone. A minute later we tried to reconnect and it worked.
Are session timeouts that long?

Regards
  StP