Topics

1

General Discussion / Port 443 traffic bypass Squid Web Proxy

« on: April 10, 2024, 12:43:05 am »

I am trying to figure out if there is a host exclude list when using the Squid Proxy. Basically I have a server behind the firewall that needs an unfiltered port 443 access to download updates from IBM. It will not work through any sort of proxy as it has to have its own certificate and such so it needs a direct connection. Is there any way that I can bypass the Squid proxy for a particular host behind the firewall like that?

2

22.7 Legacy Series / Strange multi-wan failover issue

« on: November 09, 2022, 12:56:39 am »

This problem has only started occurring since the last couple of updates. The setup has worked great for many many months up until recently. We are on 22.7.7 currently but this has been a problem for at least this and the last update. Primary WAN is cable and that is pretty rock steady for the most part. Secondary WAN is T-Mobile Home Internet. What happens is I plug it all in and test the failover which works flawlessly and Internet access is great on either WAN and all DNS lookups do fine. I leave it setup and invariably the next morning I have the early birds calling me to say the Internet is down or having trouble so I walk one of them through unplugging the secondary WAN Ethernet and all returns to normal. Unfortunately, I have not been on the premises when this happens so I don't know what OPNsense is saying at the time but when I check the logs I don't see anything that sticks out but maybe I don't have logging setup correctly. Please help me figure this out if you can. Thanks.

3

22.7 Legacy Series / Can't reach Google

« on: October 08, 2022, 03:33:18 am »

Strange problem and I am too tired and hungry tonight to be able to figure it out after a long day of working. Hopefully some of you smarter people than me can chime in and help me. The scenario is this: I updated from 22.7.4 to 22.7.5 earlier this evening. After that I could not reach Google searches at all nor google.com. It gives me an ERR_CONNECTION_CLOSED error. I reverted back to 22.7.4 and reloaded my last auto backup of the system from Sep. 21 2022. I still cannot reach anything Google search related. I have tried turning off the Web Proxy completely and bypassing it in the firewall rules and everything I can think of at the moment and nothing seems to work. It is not a DNS issue as far as I can tell because I can ping the URL all day long. Something is glitching or misconfigured somewhere but for the life of me I cannot figure it out. I remember having this same or a very like issue when I first started piping SSL through the web proxy but that has been a long time ago now and I can't remember how I solved it back then. Please help me with your marvelous ideas. Thanks a bunch in advance. 

4

Virtual private networks / openvpn not working right after last update

« on: July 14, 2022, 02:50:30 am »

Okay here's my scenario: I've had openvpn up and running using Viscosity clients for several years now without any issue. My self signed certs expired on the same day I updated opnsense to the latest version. I noticed there were a lot of warnings about deprecated settings and protocols I was using so I decided to just rebuild the openvpn server. I did it manually the first time but have since rebuilt it three or four times and I've used the wizard for most of those. The issue I'm having is that I can connect to the VPN just fine but I cannot access anything beyond that. If I restart the VPN server then I can get to the remote network but only that first client. If another client tries to connect, they get the same issue until I restart the openvpn server on the firewall. I have gone through it so many times and everything looks right but just for kicks I have tweaked everything I could think of and still no dice. Please somebody help me before I pull all of my hair out and get run out of town by users and management. Thanks in advance. Also, DNS never works across the VPN but that is really not that important as I am only using the VPN for remote desktop access so I can use reserved IPs for that.

5

22.1 Legacy Series / OOKLA based speed test - strange behavior

« on: March 23, 2022, 11:31:15 pm »

So I'm not entirely sure if this is related only to 22.1 or not but I have only recently noticed it. If I do a speed test on any OOKLA based site or service, (i.e. speedtest.net, speedtest Windows or mobile apps, or on the Cox Cable site - my primary ISP), according to the results, it appears to use my failover WAN and not my primary even though it still states it is using Cox as the provider. When I say it appears to, I mean that the results show ping times and speed results consistent with my failover instead of my primary. Also, if I temporarily disable my failover then the results match the primary as expected. All other traffic seems to be routed correctly including other brand speed tests. As far as I know, I have not done any specific routing for those sites and this has just recently started happening. Any thoughts on why this strange phenomenon is taking place? I sure don't have any.

6

General Discussion / T-Mobile 5G MiFi as WAN failover

« on: December 15, 2021, 02:23:22 am »

Does anyone know if there is currently support for the T-Mobile 5G MiFi M2000 hotspot? It does support a single client through a USB C port. If there is not current support, can it be added?

7

General Discussion / Admin TOTP authentication device lost, how to get access?

« on: December 15, 2021, 12:33:21 am »

Hi folks,

Sorry if this has been answered before but I could not find a thread in my searching. This has not happened yet but I am asking in advance in case it does. I am using TOTP for admin GUI access. The thought has occurred to me that if I were to lose my authenticating device or access to it or something were to happen to me, how could anyone access the firewall GUI? I haven't seen any other backup authentication options such as email, etc. Would it then have to be accessed via console/ssh to resolve the issue? Or perhaps there is something else I'm not thinking of that would help. Forgive me if it is something simple that I am overlooking.

8

General Discussion / NTP Server no longer working - Please help!

« on: June 17, 2020, 02:13:32 am »

So originally when I setup the firewall I used the default NTP setup to sync my domain controller to and it worked but now for whatever reason the server cannot get time from the firewall any longer. If I use the w32tm monitor server funcion it also times out with no response. Could I have inadvertently changed a firewall rule that is blocking it? Everything seems to be setup properly under NTP services. Please help if you can. Thanks.

9

General Discussion / Multi-WAN failover works - sort of

« on: April 25, 2020, 12:54:56 am »

So I have a multi-WAN failover setup using a gateway group and it works initially when I pull the physical netork cable for the primary WAN connection BUT what happens is a minute later the primary WAN shows as online and it switches back over even though it is physically unplugged so it cannot be online. It then continues to cycle between the two WAN connections being active because it is alternately stating that the primary WAN is up and then down and then up and then down. How can I fix this and make it reliable? I mean it can't possibly be reaching the monitor IP on the primary and yet it thinks it is up every 30 seconds or so. In fact I can sit here and refresh the screen on the single gateway page and nearly every refresh it is seeing the status as changed for that primary WAN. The failover is setup to switch when an interface is down as opposed to latency or packet loss. The second WAN is a Verizon wireless 4G LTE router that is connected with a wired ethernet connection to the firewall. The latency is obviously more than our primary cable connection but typically is in the 40-50ms range so not anything crazy. Please help if you can. Thanks.

P.S. - I forgot to say that I can get it to stay permanently on the second WAN if I mark the primary as down but the primary status still shows as online. Also I have noticed that everytime I make a change to the primary gateway and save it, such as marking as down or not, as soon as I save it then it shows as down and then if I refresh then it shows as online. I'm really baffled.

10

Web Proxy Filtering and Caching / HTTPS traffic not working correctly

« on: April 04, 2020, 05:24:13 pm »

So I am having a really hard time getting the web proxy to work properly. I cannot get HTTPS traffic to work correctly no matter what I try when the firewall and NAT rules are redirecting to the proxy. With rules enabled for HTTP (80) only using a transparent setup, normal HTTP traffic works fine and directly entered HTTPS URLs work fine but any HTTP URLs that are being redirected to HTTPS sites never connect. If I try and enable transparent HTTPS rules then no HTTPS traffic works at all whether directly entered or not. If I disable proxy rules then everything works as expected. I really don't want to have to forego all web filtering just so we can have normal HTTPS redirects happening. Can somebody please help me before I pull what's left of my hair out? Thank you in advance for any assistance you can give me.