Messages

316

Virtual private networks / Re: Wireguard is connected, but not traffic

« on: December 25, 2020, 05:11:37 am »

Also under endpoints tab - Allowed IPs - ensure you have both networks listed appropriately on each side. This is what is allowed to route over the tunnel.

A single client would work with only 1 entry listed. This is not appropriate for clients behind the opnsense.

317

Virtual private networks / Re: Wireguard is connected, but not traffic

« on: December 25, 2020, 05:01:53 am »

Check you added a route both sides for the clients

Eg if topologoy is:

LanA 192.168.1.x —— opnsenseA —— opensenseB —— LanB 192.168.2.x

Then for a client on lan A either default route must be opensenseA or route print shows 192.168.2.x on client
OpensenseA must allow on lan a rule for wireguard traffic to remote site and opposite direction also on wireguard side.
Same for opensenseb
Client on lanB same story - default route to opnsenseB or route print shows 1.x on client.

If any step missing then likely an issue. 

When satisfied all is correct you must be able to traceroute from a client either side and hit expected path all the way along.

P

318

20.7 Legacy Series / Re: 20.7.7 upgrade made unbound unstable

« on: December 24, 2020, 03:21:38 pm »

It fixed it for me. The did restart unbound aftewards.

319

20.7 Legacy Series / Re: Standard rule "let out anything from firewall host itself"

« on: December 24, 2020, 02:51:06 pm »

Best practice it to only allow outbound ports as needed. The default allow all out is only because this is traditionally how firewalls worked and is expected by most people that their outbound traffic be allowed.

320

20.7 Legacy Series / Re: Standard rule "let out anything from firewall host itself"

« on: December 23, 2020, 11:59:40 pm »

The inbound packet hits the green interface first and rule processing occurs there. The outbound packet hits the internal interface first and is processed there. This is why you see that. It is important it works this way so you can create appropriate rules. For example perhaps only a single machine on the lan should be allowed to send packets out on port 25. Because of how nat works a nat pinning attack could try coax another machine to reply out on port 25 on your internal lan. An appropriate rule only allowing a single machine to have access to do this would effectively block that.

321

20.7 Legacy Series / Re: Unbound service routinely stopping/crashing following 20.7.7 update

« on: December 23, 2020, 10:07:26 pm »

Thank you all. You were correct. No reboot. Just typed that command and turned off ssh again. I did restart unbound just in case also after but whole process was only 1 minute long

322

20.7 Legacy Series / Re: Unbound service routinely stopping/crashing following 20.7.7 update

« on: December 23, 2020, 10:02:04 pm »

Ok thank you that is awesome. I will run the patch then

Im just going to turn on ssh and do this then:

opnsense-revert -r 20.7.6 unbound

323

20.7 Legacy Series / Re: Unbound service routinely stopping/crashing following 20.7.7 update

« on: December 23, 2020, 09:55:21 pm »

Thank you for your reply. I appreciate it. It is kind of you to reply directly to me.


I am not able to Reboot as I already had my reboot window this week which I used to upgrade the firewall. As the issue is not a security problem, but a problem that requires me to login and start the service it is seen as a problem that I have to live with until Saturday when I can reboot again.

Is there any way to apply this fix without rebooting?

Kind regards
Peter

324

20.7 Legacy Series / Re: Unbound service routinely stopping/crashing following 20.7.7 update

« on: December 23, 2020, 09:44:34 pm »

Im also having the same issue and cannot easily apply the patch right now

What can I do? Is there an eta till the next update? Im having to start the service every few hours

325

20.1 Legacy Series / Re: [Solved] High memory usage in Proxmox VM

« on: December 18, 2020, 09:49:38 pm »

Hi Dunuin,

I dont use proxmox, but my VM of Opnsense does not do what you are saying. I use Unraid and Kvm.
It must be a proxmox issue. My VM of Opnsense only uses the memory it needs and does not use all the RAM I assign it.

I also dont use memory ballooning.

I suggest you ask on the proxmox forum why your choice of hypervisor does this. Opnsense is built with a physical machine in mind. If you have any issues with visualizing Opnsense the fix will have to come from the developer of whoever supports visualizing machines in the method you choose. The Opnsense developers dont work in the virtualization area, they maintain a firewall.

Good luck

Pete

326

20.1 Legacy Series / Re: [Solved] High memory usage in Proxmox VM

« on: December 17, 2020, 10:27:21 pm »

Turn off memory ballooning. Assign it 2GB ram and there will no longer be a problem.

327

General Discussion / Re: What's the correct way to set up local zone reverse lookup with Unbound?

« on: December 08, 2020, 09:55:21 pm »

Im so sad we never found out what happened

328

General Discussion / Re: What's the correct way to set up local zone reverse lookup with Unbound?

« on: December 07, 2020, 08:30:06 pm »

What happened did you compare the configs?

329

General Discussion / Re: What's the correct way to set up local zone reverse lookup with Unbound?

« on: December 07, 2020, 07:09:25 pm »

Im just going to get some lunch so wont be able to reply for an hour. Hope thats ok

330

General Discussion / Re: What's the correct way to set up local zone reverse lookup with Unbound?

« on: December 07, 2020, 07:06:22 pm »

I understand, no problem. Please find attached my config for unbound to compare to yours. Also a test showing it works.

Can you post if possible your unbound.conf so I can review for differences? My network is 192.168.2.0/24 and I query from a machine with an ip of 192.168.2.22 to 192.168.2.2 (Ip of opnsense with unbound configured).

Pete