Messages

Did you set a password for redis?

Was working perfectly before upgrade. There is no password set in the Gui that I can see.

Cheers
Spart

I need some help with this implementation.

Following a 20.7 upgrade earlier I cannot get redis or ntopng to start. Log is full of these lines. If I reboot and watch it start then redis connection fails on startup of opnsense server.

Code Select Expand

2020-11-08T16:03:39 root[11641] /usr/local/etc/rc.d/ntopng: WARNING: failed to start ntopng
2020-11-08T16:03:39 ntopng[78906] [Redis.cpp:150] ERROR: to specify a redis server other than the default
2020-11-08T16:03:39 ntopng[78906] [Redis.cpp:149] ERROR: Please start it and try again or use -r
2020-11-08T16:03:39 ntopng[78906] [Redis.cpp:148] ERROR: ntopng requires redis server to be up and running
2020-11-08T16:03:38 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:35 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:33 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:30 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:28 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:25 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:23 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:20 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:18 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:15 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:13 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:10 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:07 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:05 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:02 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out]
2020-11-08T16:03:00 ntopng[78906] [Redis.cpp:99] ERROR: Connection error [Operation timed out

Any help appreciated please.

Cheers
Spart

Hi we have recently been trying to replace an old 887VA with a  VDSL Bridge config with a 897VA with essentially the same config.

Opnsense PPPoE connection completes perfectly and we can see the Public IP's are assigned correctly but there is no traffic via the wan port. Also the network starts to behave weirdly. Websites failing etc. We though it was something to do with Arp tables but having rebooted everything. The Cisco Router. The OPNSense box, the central switch when everything comes up all looks good but  no routing of traffic is happening. If we power off the 897VA and plug the 887VA back in all bursts back into life.

The config is the same. It feels like it is a MAC address ARP issue on the wan link like it is trying to send to the old router.

Does anyone have any experience of swapping our a router and the gotchas involved. We just expected this to work as it is upstream of the OPNSense box and the PPPoE connection seems to work just fine.

Help appreciated as we need to retire the 887 as it is out of support and we have a new 897 to replace it.

Cheers
Spart

HI I am trying to swap out a Cisco 887VA-K9 with a later model 897VA-K9 teh configs are the same this is configured for simple bridging and the PPPoE is managed by OPNSense.

The cisco is simple acting as a FTTC VDSL2 Modem and bridge to OPNSense WAN interface using a point to point config.

In the 887VA-K9 this works perfectly.

In the 897VA-K9 all looks well in the WAN overview page. Connected and IP address etc. But I get very weird issues on the lan with connectivity websites time out cannot run speedtest etc. It's as if there is some kind of routing issue. The log gets constantly spammed with these messages:

arprequest: cannot find matching address

I could not find much information about this in respect of my issue.

I tried rebooting OPNSense in case it was an arp table issue having changed out the router. There is a MAC address set on the WAN interface page that matches the MAC of the WAN Nic in the server I can see this get assigned to the WAN PPPoE connection. This works perfectly when the 887VA-K9 is plugged in.

If I unplug the 897VA-K9 and plug the 887VA-K9 in all bursts into life.

My instinct is it is something to do with the MAC of the 897 vs the 887 but the WAN interface has the same settings for both.

Any help appreciated as we would like to swap these old 887 units out.

Cheers
Spart

Ok after a reboot zero-tier clients are now working perfectly.

I am sure that certain type of config requires a reboot to be effective even though the GUI makes it seem like that is not required!

Still working on the other issues.

Cheers
Spart

Looks like there is no default rule from your local lan to the WAN. The ones configured are all pointing at the loopback network.
You also look like you are pointing the default gateway to the LAN side of the OPNSense.

I may be wrong.

The other thing to do is backup the config, reset and then config a simple Wan connection to Virgin DHCP etc. and a simple llan interface set NAT to hybrid create auto rules.

See if the default OOTB works. Then build from there.

Cheers
Spart

What is the Interfaces Overview page showing for both the LAN and WAN connections. Please oscure any ip information.
Have you set the default gateway to Auto in the lan config. In system settings general have you over ridden the DNS servers?

Sounds like a NAT and FW rule issue.

Set it to Hybrid and save. It will put a default rule in place and leave your manual rule.

Also check the system configuration history and have a look at what you changed!
Cheers
Spart

Just updating this as I have now got my connection working (sort of). It is working but I do not understand why its working. And I have weird behaviour on PF's using recently configured Virtual IP's. The ones from before work perfectly the new ones do not. They look identically configured in the GUI's just with a different destination IP etc. The services are available internally.

When connected in a normal way with the CISCO doing all of the PPPOE work I get an IP address of 217.x.x.102 on the cisco ethernet interface. I then pass this through to the WAN connection as the default gateway address and assign one of my 5 usable public IP's to the OPNSense WAN interface. I then configure the rest of my public IP's .97 .98 .99 .100 as virtual IP's off my wan interface.

All is well I can PF to internal systems I can even log in to the CISCO on the 217.x.x.102 address.

But when I try to config the cisco as a simple bridge and use OPNSense to do the PPPOE stuff things get weird. I tried to replicate the config of the cisco when it was doing the PPPOE but that does not work. I cannot assign the .102 address to the pppoe connection. It gets assigned a 81.x.x.x address no matter what I do. I also cannot seem to disable IP6.

What I want to do is assign the PPPOE connection the public ip gateway address for my /29 then config the virtual IP's etc. as before.  I have tried the advanced settings when I select PPPOE as the connection type. But that creates a separate ppp connection that does the negotiation and gets assigned the 81.x.x.x address 81.x.x.x dns servers etc. It also does not seem to remember its settings when you go back to edit the PPP connection. And my router address has now changed to
81.x.x.x as far as the outside world is concerned and not 217.x.x.x which is my Public IP range.

The whole point of this is to recover a wasted Public IP that I had to assign to my OPNSense WAn interface when the cisco was doing all of the PPPOE.

Feels like I am close but missing something possibly crucial and maybe obvious. Just not seeing it.


This is what I see in the Wan Overview Tab

IPv4 address   81.x.x.x / 32
217.x.x.100 / 32
217.x.x..99 / 32
217.x.x..98 / 32
217.x.x..97 / 32
217.x.x..101 / 32
Gateway IPv4   WANGW 217.x.x.102

The WANGW shows as offline in the gateway monitor. The automatically added Gateways of WAN_GW which is IP6 shows online and active and the WAN_PPPOE gateway shows online and active.

Is there a support option where one of the experts can assist either remotely or via video call etc.

Cheers
Spart

Just updating as had to go the the boat (zero tier remote client) as my Zero Tier LAN clients cannot access remote zero tier systems and the remote ones cannot access the local lan zero tier clients. Weirdly this worked perfectly when the cisco was doing the PPPOE and I had to waste a Public IP on the OPENSense WAN interface. Just about to abandon this attempt even though I feel I am close. Have until Tuesday to get this right or revert so any help appreciated. 

Cheers
Spart

Meant HOST systems are Linux!

Cheers
Spart

Is there a build of OPNSense for the Cisco Meraki MX6x series devices.

Openwrt is running on a number of these devices so bsd is working on them.

They seem very capable devices and super cheap due to the crazy cisco license costs.

Cheers
Spart

Its difficult to see what happens currently with the cisco connection with the 887VA acting in router mode and presenting the WAN interface on a 217.x.x.102 address which is the top of the range of our 5 ip's and from the BT email is designated as the gateway address.

That is how it is currently configured in the Cisco. The BVI Interface is assigned the /29 subnet and passed to the Dialer and that is bridged to the vlan1 interface and connected to the WAN port of the OPNSense FW. It presents on 217.x..x.102 and all is well.

I can see a 81.x.x.x directly connected to the Dialer interface; See below:

Code Select Expand

sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, Dialer0
      81.0.0.0/32 is subnetted, 1 subnets
C        81.x.x.x is directly connected, Dialer0
      217.x.x.0/24 is variably subnetted, 2 subnets, 2 masks
C        217.x.x.96/29 is directly connected, BVI1
L        217.x.x.102/32 is directly connected, BVI1


this config has been running since 2018 when we finally got FTTC from the ADSL Max befoire it with the same router using an ADSL config.

I am not sure how this is recreated in the OPNSense but when I tried it simply attached the 81.x.x.x to a new WAN Gateway it created leaving my existing WANGW orphaned and I could get no output.

I really want to max out every last Mb of connection and taking away overhead on the Cisco and offloading that the 4 x Xeon X5650 CPU's seemed like a good idea and of course i learn things. Win win.

Cheers
Stephen

Well switching back to the normal cisco config all is back again. I will try the advanced dialog to see if the solves the problem.

Looking through the config screens I can find the PPP options screen where  I can set PPPOE connection type again and config a static IP although options are confusing. Asks me to configure a Local IP ( wan ) with a subnet. And then a gateway IP. Are we saying that I would configure the 217.x.x.102/29 subnet and the gateway as the 217.x.x.102



Cheers
Spart

Yes the cisco config is essentially the one I used for testing and it works fine. However when I connect via the WAN PPPOE connection BT assigns an IP that is not in my public IP range and there is no connectivity and I cannot use the public IP's BT assigned and the VIP's I have already configured for my 5 ip's. Also I cannot configure the gateway from my /29 network on the WAN interface.

It seems I really need to be able to set a static ip and subnet e.g. 217.x.x.102/32 on the PPPOE connection but there is no option to do that therefore BT assigns an address that is not in my Public IP range 81.x.x.x and not one of my 217.x.x.96 to 217.x.x.102 with 217.x.x.97-101 (5 Static) as usable addresses and 217.x.x.102 as the gateway address. BT via the PPPOE connection assigns an address in the 81.x.x.x range!

If I look at the cisco config that does PPPOE that is exactly what it does. It configures a PPPOE connection then assigns my static/29 gateway IP 217.x.x.102 to the cisco wan interface. 

I cannot get this to work. With the cisco in bridge mode and OPNSense doing the rest. I am fairly sure that this is not an issue with the cisco bridge config as I do get a connection but cannot get internet access as the address ranges are different and the address bt is assigning seems to change when I reboot and it comes up again.

It seems I really do need to config a static address on the PPPOE connection type.

Cheers
Spart

Hi I have a BT FTTC VDSL Connection with 5 Public IP's and I am looking to connect my OPNSense machine to a CISCO 887VA in bridge mode acting as a modem.

I can get a PPPOE connection but cannot figure out how to configure the WAN interface or my Public IP's. When connected the BT service provides an IP address that I do not recognise and creates a new gateway interface. It is in a totally different IP range to my public IP's.

Currently I use the cisco in router mode and essentially lose 1 ip that I have to assign to the OPNSense WAN interface. Then I set the gateway as the Dialer 0 (BVI) interface of the Cisco. All works perfectly. But wasted resources as I do nothing on the cisco other than connect it and configure the dialer interface with my Public IP range. I simply want it to act as a dumb bridge and once it has negotiated a physical connection I want the OPNSense box to do everything else PPPOE IP addressing etc.

I tried setting the OPNSense WAN interface to the address I would normally assign to the Cisco but it shows as down and the address the OPNSense gets from the PPPOE connection is a completely different IP range.  Plus it creates a new WAN Gateway  which is where I get a bit stuck.

Just looking for anyone else that has managed to config OPNSense with BT PPPOE connection and static IP's. Have now reverted back to my working config but would really like to sort this and reclaim one of my wasted public IP's as I should be able to give the OPNSense WAN Gateway the same address as I give the cisco essentially the gateway address as advised by BT.

Any help appreciated. Below is the config for the cisco bridge. Which did work as I could see an assigned IPV4 and IPV6 address to new Gateways that it automatically configured.

Code Select Expand


!
version 15.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service sequence-numbers
!
hostname ***********
!
boot-start-marker
boot system flash c880data-universalk9-mz.154-3.M9.bin
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret **********************
enable password ***********************
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
memory-size iomem 25
clock timezone GMT 0 0
!         
no ip source-route
no ip routing
no ip domain lookup
no ip cef
no ipv6 cef
!         
license udi pid *****************
license accept end user agreement
license boot module c880-data level advsecurity
!         
username *********************************************
!         
controller VDSL 0
operating mode vdsl2
firmware filename flash:VA_A_38k1_B_38h_24g1.bin
modem ukfeature
!         
bridge irb
!         
interface Ethernet0
no ip address
no ip route-cache
!         
interface Ethernet0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 1
!         
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!         
interface FastEthernet0
no ip address
duplex full
speed 100
load-interval 30
!         
interface FastEthernet1
no ip address
duplex full
speed 100
load-interval 30
!         
interface FastEthernet2
no ip address
duplex full
speed 100
load-interval 30
!         
interface FastEthernet3
switchport access vlan 3
no ip address
duplex full
speed 100
load-interval 30
!         
interface Vlan1
no ip address
ip virtual-reassembly in
no ip route-cache
load-interval 30
bridge-group 1
!
! Configure a vlan access port so I can get to the cisco from a connected laptop for config.       
interface Vlan3
ip address 192.168.x.x 255.255.255.0
no ip route-cache
!         
ip forward-protocol nd
no ip http server
no ip http secure-server
!         
logging trap debugging
!         
bridge 1 protocol ieee
!         
!         
!         
end       



Any help appreciated.
Cheers
Spart

We use OPNSense fully virtualised. VM running on a DELL R710 4 x X5650 CPu's and 4GB of memory we are not fortunate enough to have a 1Gb up down connection but do not really see any issues in the throughput of the virtualised NICS. This is using two ports of the 4 port GB NIC dedicated the the VM. One WAN one LAN to our Netgear Managed Switch.

We can max out the 1Gb LAN connection with a suitable download from another local server to the OPNSense VM. We can't attest to the WAN as our service is far slower than yours.

We are of course using LInux!

Cheers
Spart