121
20.7 Legacy Series / Re: Hyper-V install fails Gen2 (UEFI) VM
« on: August 06, 2020, 08:50:43 am »
Thanks for reporting, maybe you're so kind to open a bug report on github for this?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
122
20.1 Legacy Series / Re: Firewall rule processing - groups comes after interfaces?
« on: August 06, 2020, 08:46:04 am »
the first rule that matches is processing the traffic. rules defined and processed after that rule are not doing anything to your traffic.
the diagram you showed should be up to date, but the first matching rule will be processed. if it is a pass rule traffic will pass, if it is a drop rule it will be dropped.
please correct me if i am wrong.
the diagram explaines in what order the different types of rules are processed. It is important that for example the lockout rules are proccessed before the user defined rules are processed and the floating rules need to be processed before interface groups and interfaces...
If you define an allow all rule on floating rules this will override everything you define on interface groups or interfaces. (Bad idea)
the diagram you showed should be up to date, but the first matching rule will be processed. if it is a pass rule traffic will pass, if it is a drop rule it will be dropped.
please correct me if i am wrong.
the diagram explaines in what order the different types of rules are processed. It is important that for example the lockout rules are proccessed before the user defined rules are processed and the floating rules need to be processed before interface groups and interfaces...
If you define an allow all rule on floating rules this will override everything you define on interface groups or interfaces. (Bad idea)
123
20.1 Legacy Series / Re: OpenVPN: wrong timestamps in status
« on: August 06, 2020, 08:37:09 am »
What hardware do you use?
Is NTP setup and working?
Is NTP setup and working?
124
Hardware and Performance / Re: PC Engines APU2 1Gbit traffic not achievable
« on: August 06, 2020, 08:34:02 am »
Are you using IPS/IDS?
125
German - Deutsch / Re: Opensense FIX IP - Internet
« on: August 05, 2020, 05:51:08 pm »
Das macht noch nicht so viel Sinn für mich.
Erklär bitte mal welche IP dein Mailserver hat. Welche IPs im SPF und im DNS eingetragen und public sind und mit welcher IP dein Mailserver nach extern kommuniziert.
Grundsätzlich sollte einfach alles stimmig zusammenpassen.
MX-Eintrag, SPF-Eintrag, Abgehendes NAT und ausgehender Verbindungsaufbau, Eingehende-Regeln, Reverse-DNS.
Dann sollte da auch nichts mit Blacklisting passieren.
Erklär bitte mal welche IP dein Mailserver hat. Welche IPs im SPF und im DNS eingetragen und public sind und mit welcher IP dein Mailserver nach extern kommuniziert.
Grundsätzlich sollte einfach alles stimmig zusammenpassen.
MX-Eintrag, SPF-Eintrag, Abgehendes NAT und ausgehender Verbindungsaufbau, Eingehende-Regeln, Reverse-DNS.
Dann sollte da auch nichts mit Blacklisting passieren.
126
20.7 Legacy Series / Re: APU2C4 | kernel: mmc0: Card at relative address 22964 failed to select
« on: August 05, 2020, 05:42:53 pm »
Thank you for sharing. Did it fix the initial problem?
127
20.7 Legacy Series / Re: Slow WAN after upgrade
« on: August 05, 2020, 05:41:31 pm »
Hello,
please always mention if you are using IPS/IDS or Proxy.
It is a total different setup if you make use of that technology or if you are just doing Firewalling/NAT.
The speed and throughput can differ depending on configuration and active ruleset of any IPS/IDS.
Share details so others can verify your setup with their setups.
Regards,
Dominik
please always mention if you are using IPS/IDS or Proxy.
It is a total different setup if you make use of that technology or if you are just doing Firewalling/NAT.
The speed and throughput can differ depending on configuration and active ruleset of any IPS/IDS.
Share details so others can verify your setup with their setups.
Regards,
Dominik
128
20.7 Legacy Series / Re: PPPOE question
« on: August 05, 2020, 05:37:22 pm »
Yes, the release notes point out that the legacy plugins are no longer supported.
Verify if you used this plugins for any reasons before upgrade. It is most likely not used but I don't know your setup in detail.
You can verify easy on the plugin page if you have the plugin installed currently.
Verify if you used this plugins for any reasons before upgrade. It is most likely not used but I don't know your setup in detail.
You can verify easy on the plugin page if you have the plugin installed currently.
129
20.7 Legacy Series / Re: PCEngines APU2/APU3/APU4 running on 20.7
« on: August 04, 2020, 11:06:45 pm »
Successful upgraded: apu1
Coreboot: v4.9.0.3
This old lady works like a charm.
Coreboot: v4.9.0.3
This old lady works like a charm.
130
20.7 Legacy Series / Re: One issue after the next
« on: August 04, 2020, 11:04:52 pm »
Sorry to hear your bad experience with opnsense.
The migration "problem" from hyper-v to bare metal is not a problem. It is caused by the fact, that the interfaces are named by the driver. The hyper-v emulated interfaces are different to your bare metal interfaces. This is why the name changes. Should not be a big problem since you can assign them on the console to the new interfaces.
This needs to be done if the order of the interfaces in a new box changes, too.
The problem with ipvanish seems to be related to a missing key in the configuration?
Have you imported the key?
The migration "problem" from hyper-v to bare metal is not a problem. It is caused by the fact, that the interfaces are named by the driver. The hyper-v emulated interfaces are different to your bare metal interfaces. This is why the name changes. Should not be a big problem since you can assign them on the console to the new interfaces.
This needs to be done if the order of the interfaces in a new box changes, too.
The problem with ipvanish seems to be related to a missing key in the configuration?
Have you imported the key?
131
20.1 Legacy Series / Re: VLAN Tag on the WAN interface
« on: July 05, 2020, 06:09:45 pm »
you have to assign the vlan interface as wan to make use of the vlan 10
132
German - Deutsch / Re: Komme nur online mit any Rule
« on: July 02, 2020, 03:06:22 pm »
Ohne Informationen was das für ein Standort ist und wie das Netzwerk aussieht und funktionieren soll, ist es nur Glaskugel lesen.
Mit dem Vorschlag IDS/IPS in der Art und Weise zu verwenden, sourced du das Problem bzw. die Verwantwortung was aus deinem Netz heraus in die Welt funkt nur aus. Kann für manche Standorte oder Netzwerke sinnvoll sein, für viele andere eher nicht.
Mit dem Vorschlag IDS/IPS in der Art und Weise zu verwenden, sourced du das Problem bzw. die Verwantwortung was aus deinem Netz heraus in die Welt funkt nur aus. Kann für manche Standorte oder Netzwerke sinnvoll sein, für viele andere eher nicht.
133
Intrusion Detection and Prevention / Re: out of memory
« on: May 31, 2020, 07:22:45 pm »
Jumboframes on WAN should not play a role, since to my knowledge, WAN providers will not support them.
If you try to inspect that mass of data this maybe will bring such problems.
You're sure its correlated to the backup job?
If you try to inspect that mass of data this maybe will bring such problems.
You're sure its correlated to the backup job?
134
German - Deutsch / Re: Meine Firewall Regel killt die SSH Verbindung
« on: May 31, 2020, 07:15:52 pm »
Hallo,
bitte mach doch mal einen Netzplan und mehr Infos dazu wie du die VLANs und die Firewall konfiguriert hast.
bitte mach doch mal einen Netzplan und mehr Infos dazu wie du die VLANs und die Firewall konfiguriert hast.
135
20.1 Legacy Series / Re: Update broken?
« on: May 04, 2020, 09:30:07 am »
Had the same issue yesterday.
I switched mirrors and selected the HTTPS mirror from OPNsense and this worked and showed the update for me.
I switched mirrors and selected the HTTPS mirror from OPNsense and this worked and showed the update for me.