"
Thanks for clairying that..
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#32
23.7 Legacy Series / FRR - BGP - Not working ?!
August 05, 2023, 08:24:16 PM
Hi All,
Anyone else not ale to use BGP ?
I have configured 23.7 fresh, and tested BGP. It does not work, and there is nothing in the logs either, not even any error. There was no error during installation.
The Running Configuration has nothing in it either.
Anyone else not ale to use BGP ?
I have configured 23.7 fresh, and tested BGP. It does not work, and there is nothing in the logs either, not even any error. There was no error during installation.
The Running Configuration has nothing in it either.
#33
Tutorials and FAQs / Routing APIPA 169.254 network ?!
May 31, 2023, 09:37:15 AM
Hi All,
I know APIPA is not a routable address, however, I recently came to know PFSensse has added a feature to allow APIPA traffic on interface https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html?highlight=apipa#allow-apipa
Can I know if any such feature exists, I have an Ericsson BBU (Baseband Unit) which has an IP address 169.254.2.2 which cannot be changed, and this needs to be accessed from different network for fetching health related information.
Any thoughts ?
Thank You
I know APIPA is not a routable address, however, I recently came to know PFSensse has added a feature to allow APIPA traffic on interface https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html?highlight=apipa#allow-apipa
Can I know if any such feature exists, I have an Ericsson BBU (Baseband Unit) which has an IP address 169.254.2.2 which cannot be changed, and this needs to be accessed from different network for fetching health related information.
Any thoughts ?
Thank You
#34
23.1 Legacy Series / VIP interface firewall rule ?
March 01, 2023, 10:47:58 PM
Hi,
I could not understand which interface to add a block rule in this case.
I have set up VIP (10.10.13.1) on FW1 (10.10.13.2 | Sub-Interface (VLAN13_Servers).
I have set a reject any IPv4 rule on this Sub-Interface of FW1, and shutdown FW2 for testing.
Parent interface of Sub-Interface VLAN13_Servers is also added with a reject all IPv4 rule.
But the ping traffic still reaches a VM in 10.10.13.0/24 network.
I found out that if I disable the VIP (10.10.13.1 in FW1) the pings between the 2 VMs stops.
So my question is which interface do I add a block rule to block traffic from reaching the VLAN Sub-Interface, because I have added 1 block rule on Parent interface, an another block rule on Sub-Interface but the VM in 10.10.13.0/24 is still reachable ?
Thank You
I could not understand which interface to add a block rule in this case.
I have set up VIP (10.10.13.1) on FW1 (10.10.13.2 | Sub-Interface (VLAN13_Servers).
I have set a reject any IPv4 rule on this Sub-Interface of FW1, and shutdown FW2 for testing.
Parent interface of Sub-Interface VLAN13_Servers is also added with a reject all IPv4 rule.
But the ping traffic still reaches a VM in 10.10.13.0/24 network.
I found out that if I disable the VIP (10.10.13.1 in FW1) the pings between the 2 VMs stops.
So my question is which interface do I add a block rule to block traffic from reaching the VLAN Sub-Interface, because I have added 1 block rule on Parent interface, an another block rule on Sub-Interface but the VM in 10.10.13.0/24 is still reachable ?
Thank You
#35
23.1 Legacy Series / Removing Duplicate Ping (DUP!) Information from Router ?!
February 27, 2023, 06:41:26 PM
Hi,
All the below is in a virtual environment.
I have a Windows Server VM which when pinged from any other device shows (DUP!). I tried to flush the ARP in the OPNSense VM, but this does not change anything.
The IP address is only assigned to 1 device, the duplicate issue comes from changing the MAC address.
Can I know how to get rid of old MAC address informatgion from the routrer ?
Thank You
All the below is in a virtual environment.
I have a Windows Server VM which when pinged from any other device shows (DUP!). I tried to flush the ARP in the OPNSense VM, but this does not change anything.
The IP address is only assigned to 1 device, the duplicate issue comes from changing the MAC address.
Can I know how to get rid of old MAC address informatgion from the routrer ?
Thank You
#36
22.1 Legacy Series / Re: CARP VLAN Issue ?
March 08, 2022, 12:16:55 PM
Thanks, that's resolved the issue.
Both the OPNSense in HA have the same OPT numbers, showing Master and Backup now.
Both the OPNSense in HA have the same OPT numbers, showing Master and Backup now.
#37
22.1 Legacy Series / Re: CARP VLAN Issue ?
March 08, 2022, 11:38:10 AMQuote from: pmhausen on March 08, 2022, 11:32:57 AMI you navigate to the Interfaces menu and click on any particular interface, the address bar of your browser shows you which of LAN, OPTx, OPTy ... ist assigned.
Thanks just the thing I missed, I was looking within the GUI and it appeared similar, but in the URL address bar the OPT number differ.
Will fix that 1st, thanks.
#38
22.1 Legacy Series / CARP VLAN Issue ?
March 08, 2022, 09:56:10 AM
Hi,
I have configured OPNSense in an HA setup with VLANS. The Primary shows the CARP interfaces fine, however, the secondary shows as 1 interface as Backup, several others as Master, (and the interfaces mismatch the VLANs they are assigned to, for example, VLAN50 interface shows as assigned to VLAN30).
Primary
Secondary
Console View
This is running on ESXi so all Portgroups already have Promiscuous mode, MAC address changes, and Forged transmits enabled.
Anyone knows the issue ?
Thank You
I have configured OPNSense in an HA setup with VLANS. The Primary shows the CARP interfaces fine, however, the secondary shows as 1 interface as Backup, several others as Master, (and the interfaces mismatch the VLANs they are assigned to, for example, VLAN50 interface shows as assigned to VLAN30).
Primary
Secondary
Console View
This is running on ESXi so all Portgroups already have Promiscuous mode, MAC address changes, and Forged transmits enabled.
Anyone knows the issue ?
Thank You
#39
22.1 Legacy Series / Re: Intermittent Issue | Settings changes shows login page after some time.
March 03, 2022, 02:36:23 PM
This issue seems to have disappeared after a reboot, I'll keep on eye.
#40
22.1 Legacy Series / Re: Intermittent Issue | Settings changes shows login page after some time.
February 28, 2022, 06:18:06 PM
So when remaining on a page for long periods without any activity, and then making any changes and saving shows the SSL certificate webpage (sorry not the login page).
I don't recall seeing this issue in 21.1.
I don't recall seeing this issue in 21.1.
#41
22.1 Legacy Series / Intermittent Issue | Settings changes shows login page after some time.
February 28, 2022, 04:03:38 PM
Hi,
I just installed the 22.1 version an there seems to be some setting, or issue. When I make changes to interface and try and save it, the browser shows as saving changes but redirects to the login page.
Anyway aware of how to change this behavior, or is it a bug ?
Thank You
I just installed the 22.1 version an there seems to be some setting, or issue. When I make changes to interface and try and save it, the browser shows as saving changes but redirects to the login page.
Anyway aware of how to change this behavior, or is it a bug ?
Thank You
#42
21.7 Legacy Series / Re: Successful VLAN Implementation in between OPNSense and vDS ?
December 12, 2021, 02:17:33 PM
Sorry I failed to understand.
You mean NOT to create sub-interfaces in OPNSense but rather just add VLAN IDs on PortGroups ?
You mean NOT to create sub-interfaces in OPNSense but rather just add VLAN IDs on PortGroups ?
#43
21.7 Legacy Series / Successful VLAN Implementation in between OPNSense and vDS ?
December 12, 2021, 12:55:40 PM
Hi,
I'm running a Nested Environment, and would like to know if anyone been able to successfully implement VLANs in OPNSense with Virtual Distributed Switch, where both OPNSense, vCenter, and ESXi are all running as VM's on a physical host.
If yes, can I know how to configure it, or is there a guide to follow specifically for OPNSense.
Thank You
I'm running a Nested Environment, and would like to know if anyone been able to successfully implement VLANs in OPNSense with Virtual Distributed Switch, where both OPNSense, vCenter, and ESXi are all running as VM's on a physical host.
If yes, can I know how to configure it, or is there a guide to follow specifically for OPNSense.
Thank You
#44
21.1 Legacy Series / VLAN CentOS not able to receive DHCP IP OPNsense Sub-Interface ?
June 27, 2021, 02:31:02 PM
Hi,
I have an esxi Server with an OPNsense Firewall and a CentOS, both running as VMs.
I have simple network with 2 PortGroups, Trunk (VLAN 4095), and Server PortGroup (VLAN 116)
The OPNsense Firewall has 2 vNIC
- Trunk PortGroup is em0 in OPNsense
- Server PortGroup is em1 in OPNsense
- em1_vlan116 is the Sub-Interface on VLAN116 under em1, and is configured with DHCP.
CentOS is attached to Server PortGroup
CentOS requests DHCP but the request does not reach the Sub-Interface (em1_vlan116) which is configured and instead reaches the main Interface (em1) which is not configured for DHCP.
I'm unsure what Im doing wrong here.
Any thoughts ?
Thank You
I have an esxi Server with an OPNsense Firewall and a CentOS, both running as VMs.
I have simple network with 2 PortGroups, Trunk (VLAN 4095), and Server PortGroup (VLAN 116)
The OPNsense Firewall has 2 vNIC
- Trunk PortGroup is em0 in OPNsense
- Server PortGroup is em1 in OPNsense
- em1_vlan116 is the Sub-Interface on VLAN116 under em1, and is configured with DHCP.
CentOS is attached to Server PortGroup
CentOS requests DHCP but the request does not reach the Sub-Interface (em1_vlan116) which is configured and instead reaches the main Interface (em1) which is not configured for DHCP.
I'm unsure what Im doing wrong here.
Any thoughts ?
Thank You
#45
21.1 Legacy Series / Re: Connection is terminated by the remote end with a reset packet..
May 07, 2021, 11:20:23 PM
I have used Fortigate before and had not faced this issue, so I'm wondering if this is related to OPNsense, or it has to do with some misconfiguration on my part..
