Messages

76

21.7 Legacy Series / Re: One observation and two questions after fresh install and config restore

« on: August 09, 2021, 03:57:08 am »

Franco, I just tried to install the OS using 21.7.1 and ran into an issue with multiple drives.  Using ZFS I can see the list what is installed, but I can not see what the sizes are.  Is this an issue only with my system?  I can decide which one to choose as they are different sizes and I can't figure out which is the one 1 want to use.

77

21.7 Legacy Series / Re: update 21.7.1 interface assignment error after update and how to fix in my case

« on: August 09, 2021, 03:22:17 am »

I had a similar issues with wireguard where the first wireguard configuration (wg0) was copied (wg1) and configured.  After deleting wg0 thinking wg1 would change to wg0 it did not.  At each change I had applied, which restarts the service. 

Looking at the interfaces, it showed the wireguard interface with em0 (not wg0 or even wg1 as it should have).  I then started looking at the configurations (C.L.I.) and noticed there were 2 configurations, wg0 AND wg1.  I then deleted wg0 changed the wg1 name to wg0 and reset the service.  Took a little more tinkering, but I was eventually able to get it to work.

Long story short, you may want to take a look at the openvpn configurations saved through SSH to see what you have in the website vs the terminal.

78

21.7 Legacy Series / Re: DNS aliases not resolving

« on: August 09, 2021, 03:06:54 am »

Thanks for all your help.  To answer your questions, I had a DNS set up and the client machines were able to receive resolved addresses without issue.  The host aliases are using IP addresses and others with domain names.  Both types were still having the issue.

I had also used both options for Do not use the local DNS service as a name server for this system which did not make any difference in troubleshooting. 

What it all came down to is WIREGUARD!!!!! which was installed recently and had not caused issues as the time-frame for the alias to be resolved had not been reached so, no need to resolve them.  Once it came time to resolve all the aliases again, that is apparently when the issue started.

In wireguard, when the "local" configuration has an IP address in the "DNS server" it will overwrite the configuration for the DNS that was configured for the firewall itself (system>settings>General). 

None of the documentation, nor the help text has this little bit of information.  WOW

79

20.7 Legacy Series / Re: Local DNS not in /etc/resolv.conf with Unbound after reboot

« on: August 09, 2021, 02:40:02 am »

A better, but not perfect solution would be to place the DNS Server IP address option on the clients' table.  Granted the client may be able to change it. But at least it would not cause crippling issues to the firewall / DNS resolution.

80

21.1 Legacy Series / Re: Wireguard interface DNS server setting overrides resolv.conf

« on: August 09, 2021, 02:36:38 am »

The help text should be changed.  This has nothing to do with not understanding.  This has to do with not conveying the correct information.

"Set the interface specific DNS server." Means to set the IP address the interface will send requests to, NOT change the entire firewalls' DNS resolve IP address.

Something that states the IP address entered here WILL change the resolver address for the firewall itself.

Also, the documentation needs to have this added as it is critical to causing issues (which I spent days trying to figure out why DNS was not resolving alias; Why the firewall itself failed connectivity checks; Why I could not check for updates; and other issues!)

All that is stated
DNS - Refers to the DNS servers that the client should use for the tunnel - see note below
...
If the DNS server(s) specified are only accessible over the tunnel, or you want them to be accessed over the tunnel, make sure they are covered by the AllowedIPs


Where does it state the firewalls specified DNS IP address will be changed?

81

21.7 Legacy Series / Re: Firewall log live view does not update

« on: August 08, 2021, 02:08:37 am »

Can you mark as solved.

82

21.1 Legacy Series / Re: loosing lots of my band width when connected through opnsense

« on: August 08, 2021, 02:06:35 am »

I would look at the hardware sizing and setup in the guide.  Also you may want to look at Intel NIC as they have been to be less problematic from what I have see, (I'm not simply using the basic functions).  Also make sure you get something that has enough capabilities to handle features you may be using (even a remote possibility). 

Using older /  used equipment may actually be better for you since Freebsd does not really support the latest technology. 

83

21.1 Legacy Series / Re: SSD / eMMC wear out & ram disks on 21.1

« on: August 08, 2021, 02:00:56 am »

I'm guessing that would be a freebsd question.  Have you tried iostat in the console? 

Something like
iostat -x 1 5

84

Virtual private networks / Re: Using WAN port 53 for VPN server - traffic / communication errors

« on: August 08, 2021, 01:54:23 am »

Thanks for the help.  I just quit trying to get this to work.

85

21.7 Legacy Series / Re: DNS aliases not resolving

« on: August 08, 2021, 12:55:46 am »

Thank you for helping out. 

I do not believe the program being used for resolution matters as it is a simple lookup.  I'm using DNS-crypt.  What the problem appears to be is the process itself. 

When I tried tracert for my aliases, they are "unknown hosts".  How is www.google.com unknown? 

Then I tried from my computer, host www.google.com, immediately I received 142.250.81.228.  Hmmm?

Can you try 1 more thing, please?  When on the Firewall live view, can you check "lookup hostnames" at the top right, about the record count and see if it resolves the ip addresses.  This was crashing my gui prior to the last upgrade, but now is stalling the site until "lookup hostnames" is unchecked.

If you try this and crash you gui, you can restore by logging into your FW (ssh) and run
/usr/local/etc/rc.restart_webgui

86

21.7 Legacy Series / [Solved] DNS aliases not resolving - clients queries, no issues

« on: August 07, 2021, 12:37:44 am »

Has anyone experienced their dns not resolving the aliases?  OS=21.7.1

The syslog (general) is filled with "/update_tables.py[######]  unable to resolve alias_name_entered for alias XXXXXXX"

Another issue, when using Interfaces:Diagnostics: DNS Lookup, the pages updates without any information.  It looks exactly as it did prior to clicking on "DNS Lookup".

Also, when using firewall:diagnostics:aliases, I receive "no results found". 

Can the community verify if they are having the same issues?  I would like to create a programming error if it actually is one.  This is causing large problems and forcing many rules to be written.

87

Virtual private networks / Re: Connect 2 routers using a vpn tunnel

« on: May 27, 2021, 01:25:02 am »

The example you are giving will not work.  Not to sound harsh, but it would seem you may need to learn basic networking.  Your giving route-able addresses on an internal link/network.  To make matters worse, you are double N.A.T.ing is some areas. Then there is using a VPN internally, which many would suggestion you should not do.

If you give an explanation  what you are trying to accomplish (aside from setting up an internal V.P.N., given your main objective) and why you are using 2 routers, you most likely will receive better suggestions or the "correct" method of application. 

First, in many cases 1 router/F.W. is sufficient. There are reason to use 2 F.W.'s, as complex configurations / external requirements (sharing Internet connectivity between 2 separate entities) would need.

Second, You need to use a non-routable address for local network traffic.

88

21.1 Legacy Series / Re: Website lock-out information

« on: May 27, 2021, 12:01:47 am »

How can the script be modified as to not be overwritten during an update/upgrade? 

Would it be possible to add these options into the system settings tab?

Thank you Franco

89

Virtual private networks / Re: Using WAN port 53 for VPN server - traffic / communication errors

« on: May 26, 2021, 11:54:32 pm »

Thank you, but this does not help with my issue.  The problem is that the corrupted traffic for port 53 is not identified nor what is causing the corruption.  So, we can proxy the port with another service since we have not set one up for 53 on that interface. 

We'll keep it in mind if it turns out to be the issue.

Thank you.

90

Virtual private networks / OpenVPN Server Add Interface

« on: May 26, 2021, 08:27:34 pm »

We are using Openvpn with redirect gateway, multi-wan, and other services.  When configuring the the VPN using https://docs.opnsense.org/manual/how-tos/sslvpn_client.html.  We have a need to configure the VPN server with an interface.  Doing so causes routing issues.

We have tried configuring the interface with and with out dynamic gateway policy. And have also tried with and without the automatically added gateway, with far gateway.  We have tried a mix of all these settings, but still are seeing routing issues where the client is sending "tcp retransmission" connections.

What are the proper steps to add open vpnserver (with no split-tunnel) allowing clients to access the LAN and Internet?