Topics

1

22.1 Legacy Series / configd.py log error

« on: June 09, 2022, 08:27:14 am »

Hello,

i recently noticed in my logs a lot of

[3d448a43-1f6a-4745-9184-ee2022cc73f5] Script action stderr returned "b'usage: sysctl [-bdehiNnoqTtWx] [ -B <bufsize> ] [-f filename] name[=value] ...\n sysctl [-bdehNnoqTtWx] [ -B <bufsize> ] -a'"

these error lines for process configd.py.

What could this be?


Also i would like to ask for another strange thing (different problem), that i have installed the adguardhome plugin and every 2-3 days, all of sudden without reason it stops (the service appears red in the dhasboard) and i have to manually start because internet stops working.

Thank you

2

22.1 Legacy Series / DNS problem after upgrade to 22.1.5

« on: April 09, 2022, 08:17:32 pm »

Hi all,
I have a multiwan setup with DNS servers setup in every wan, in system->settings->general and unbound as local resolver for my networks.
After reboot, DNS is not working correctly and services like ddclient do not work also. I have to manually reboot unbound to have everything working.
Another thing is that, clients with web proxy enabled, do not load pages. I had to insert 127.0.0.1, in "use alternative dns servers" option in order for clients to load pages correctly.
These problems started after upgrading to 22.1.5

Thank you.

3

Virtual private networks / Inferring and hijacking VPN-tunneled TCP connections

« on: December 18, 2021, 09:40:47 pm »

Hello all,

I would like to know,  regarding this CVE-2019-14899 vulnerability,  if there is a way to apply to opnsense a fix for wireguard, similar to the fix for linux distributions with iptables

iptables -t raw -I PREROUTING ! -i wg0 -d 10.182.12.8 -m addrtype ! --src-type LOCAL -j DROP

Is there any firewall setting i could apply to my wireguard or openvpn interface?

Thank you

4

22.1 Legacy Series / ppp devices & pppoe not working

« on: November 16, 2021, 10:21:24 am »

Hello all,

i have recently updated to 22.1 BETA and upon reboot, the pppoe and ppp (usb 3g dongle) are not working. I have to manualy go to Interfaces->Devices, choose the device and just click on save, without changing any setting, so that they get an IP and connect to the provider.

5

21.1 Legacy Series / Info about business edition

« on: April 13, 2021, 01:17:18 pm »

Hello all,

since i show the announcement for the opnsense business edition, i am a home user, but i would like to know if the reliability improvements only, are going to be applied to the free version sonner or later, also.

Just asking so in case i will upgrade because some of them are important.

thank you in advance

6

20.1 Legacy Series / nat reflection & dual nat

« on: May 16, 2020, 11:34:04 am »

hello,

i would like to resolve a problem with this setup:

Router with PUBLIC IP x.x.x.x , LAN ip 172.16.99.1 and DMZ to ip 172.16.99.2 ------ opnsense with wan ip 172.16.99.2 and lan ip 192.168.1.1.

Port forward on opnsense NAT firewall with destination wan ip address port 5001 and nat to port 5000 of internal ip 192.168.1.10.

From outside networks port forward working correctly. From the inside using wan public ip x.x.x.x (dynamic) nat reflection not working.

Nat reflection enabled on firewall settings and at the nat rule.

Is there need for an outbound rule or something?

Thanks

7

20.1 Legacy Series / dyndns with dual nat

« on: May 10, 2020, 04:52:20 pm »

Hello all,

I recently setup a dhcp wan connection behind NAT. The strange problem is with dynamic dns.
The dyndns gets the internal ip 172.x.x.x and not the real wan ip. It is strange that i have also a 3g wwan connection in the same setup that also gets a private range ip 10.x.x.x but if i choose this interface for the dyndns it correctly picks the public wan ip. The problem is with the wan.

When i run curl -4 url (and any ip site like checkip ecc). It shows the correct wan ip.
Why the opnsense client only for this interface shows the internal ip?
What can be the cause of that?

Thank you

8

20.1 Legacy Series / question "system: add data length option to gateway monitor settings"

« on: May 01, 2020, 04:23:48 pm »

Hello to everyone one.
I would like to know if someone can help, since i have a multi wan setup, on ow to better use and what the purpose of packet size in the gateway monitoring system instead of leaving default.
What can change depending on the packet size?

Thank you in advance.

9

20.1 Legacy Series / Dynamic gateway policy

« on: April 24, 2020, 06:00:27 pm »

Hello all,

could someone please explain me this new option in the interfaces configuration:

Dynamic gateway policy    
This interface does not require an intermediate system to act as a gateway
If the destination is directly reachable via an interface requiring no intermediary system to act as a gateway, you can select this option which allows dynamic gateways to be created without direct target addresses. Some tunnel types support this.

I use pppoe and 3g wan-usb ppp with dynamic ip for wan , wireguard and openvpn.
In which case should i use it, i cannot understand "intermediate system" meaning.

Thank you

10

20.1 Legacy Series / pppoe passhtrough - packet loss

« on: April 14, 2020, 09:42:29 am »

Hello all,

i have a pppoe wan connection which makes the call through the providers vdsl modem.
The modem has it's own wan connection with ppoe passhthrough enabled so opnsense can make it's own pppoe connection.

The problem is that the pppoe connection on opnsense has packet loss 3-18% (which i see on the gateway monitor too) instead if i connect a pc to another lan port of the modem (through the modems pppoe connection) there is no packet loss.

I changed modem, i resetted it i changed ports, decreased MTU nothing.
Packet loss on opnsense pppoe connection persists.

The setup of the main wan connection through pppoe has remained the same for many months, this has starded lately with the last versions.

If someone with pppoe passthrough can test pppoe through passthrough, and tell me the results please i would be grateful.

Thank you.

11

20.1 Legacy Series / wireguard 3g wan & crashes on reboot/shutdown

« on: March 20, 2020, 10:48:15 am »

Hello, i have a 20.1.3 setup, with multiwan (pppoe,3g ppp and dhcp). I have setup a mullvad wireguard vpn, with interface setup, disabled auto routing and created a gateway (1.9.9.1) setup as wireguard gateway on the Local wireguard settings. Everything including the wireguard vpn is working okay.

The problem is when i try to reboot or shutdown the machine. It hangs without responding on console or it crashes and then reboots.

I don't know what to look. What i have noticed, is that after the crash the 3g does not connect (the usb stick is blocked on the old connection so i have to reset or unplug it). If i reboot it while the 3g connection is not working, it does not crash.

The thing is that before installing the wireguard vpn, with the 3g connection there were no problems rebooting.

The problem only exists when both the 3g ppp connection and wireguard vpn are working.

I would like some help how to resolve this issue.

I have submited the crashes with the button so i don't know if that helps.
Thank you.

12

20.1 Legacy Series / Multiwan setup - Strange Behavior

« on: March 02, 2020, 01:21:39 pm »

Hello all,

recently i had posted twice at the forum regarding connectivity problems i had.

https://forum.opnsense.org/index.php?topic=16081.0
https://forum.opnsense.org/index.php?topic=16075.0

After testing and searching, i found a strange behavior in my multiwan setup, and would like to know if it's normal or in someway it can be resolved.

At the beggining i thoung it was a DNS (unbound problem), after i saw that very often the ntpd and unbound service restarted related to the wan2 dhcp continuously trying to reload the connection (maybe providers problem).

Also since my connections have dynamic ips, and i use voip, the firewall option to kill stated when ip changes is enabled, and is the reason why i had the connectivity problems.

What i found out is, that even in a Failover setup, while the main connection (wan1) is active, if the wan2 connection, (which is set up as "UPSTREAM" in order to become default gateway in case wan1 fails) , for some reason restarts, then it triggers the option to kill the states (like if the dynamic ip changed) althouhg the default gateway from WAN1 is still active, so i remain without internet for a while, until the default gateway reloads.

If i disable the "upstream" option in the WAN2 gateway, then even if it reloads/restarts, it does not kill the states (from the firewall option).

If in some way i can provide more info so we can look at this problematic please let me know.

Best regards.

13

20.1 Legacy Series / wan dhcp continuously killing states

« on: February 29, 2020, 05:55:21 pm »

Hello,

i have a wan dhcp connection and since i use voip providers i have the option Dynamic state reset    "Reset all states when a dynamic IP address changes" enabled.

Now i have A LOT of disconnections from this options and in the logs i found this:


2020-02-29T18:50:23   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:50:22   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:42:53   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:42:52   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:35:23   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:35:22   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:27:53   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:27:52   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:20:23   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:20:22   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:12:53   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.
2020-02-29T18:12:52   opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.182.36) (interface: WAN2[opt4]) (real interface: vtnet5).
2020-02-29T18:05:23   opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN2.

Is this normal? why is it running so often? can i do something with an option?

thank you in advance

14

20.1 Legacy Series / connectivity problem

« on: February 28, 2020, 12:04:31 pm »

Hello,

i have a 20.1.1 installation on vm with proxmox since version 17.

I have a multiwan setup with a pppoe connection a dhcp wan and a 3g stick wwan connection and with web proxy enabled.

All hardware and checksum is disabled.

Lately with this version am having many problems with connectivity issues and with DNS issues also. i have disabled " Allow default gateway switching " in order to resolve these problematics since i though it might not work well with pppoe connections. Also, i have setup DNS servers on "System: Settings: General" for each connection.

Anyway i am still having continuous problems with internet and i found out that is more related to DNS.
from the logs, i am seeing that unbound is restarting continiously with no specific reason. like every 5-10 minutes it stops and starts again.

I don't know what else to do.

thank you in advance.

15

19.7 Legacy Series / dns resolution - general settings

« on: December 01, 2019, 09:39:32 am »

hi all,
i have opnsense 19.7.7 setup with multiwan configuration. i am using unbound as internal resolver that forwards to a private dns server and in system->settings->general i have setup a DNS server per gateway, all working good.

Lately i noticed a strange thing. When i reboot the firewall, if i go to interfaces->diagnostics->dns lookup, and try to resolve an address, the firewall only checks through 127.0.0.1 dns server (it does not check through all the dns servers, i have setup per gateway, as it used to do in the past).
I found this problem because in the past, when the dns server i forward through unbound (private one
) did not work, the firewall was resolving through the other servers (at least for services like dyndns update ecc.), but now, some days ago that the dns i forward from unbound did not respond, i had no dns resolution.

If i go to settings->general and click save again, then it does resolve through all the dns servers.

Thank you