Messages

16

20.7 Legacy Series / Re: Overview of rules and usage

« on: September 09, 2020, 09:31:32 pm »

The statistics are kind of nice, but what I'm looking for is some kind of debug possibility.
I.e. I've created a rule that is supposed to work, but it is evaluated over 2000 times but never triggered.
The rule consists of an alias (for now with 1 ip address) which is blocked access to another alias (for now with 1 ip address).
If there would a some kind of debuglogging which show what rules are evaluated and why they are discarded and finally why it acts on the last one would be great.

17

20.7 Legacy Series / Re: Overview of rules and usage

« on: August 22, 2020, 10:50:57 am »

Hmm, it sounds like we should have a way to list not only explicit rules but also automatic rules in the overview of each interface. And while there, an "inspect" button to show statistics of said rules (bytes, packets, evaluations, states). Does that sound about right?


Cheers,
Franco

For me it does.
Would there also be a way to simulate the rules?

Verstuurd vanaf mijn HD1903 met Tapatalk

18

20.7 Legacy Series / Re: Overview of rules and usage

« on: August 21, 2020, 10:23:26 pm »

What I meant was an overview of the firewall rules and the frequency they were used, and maybe a last-triggered time.


Verstuurd vanaf mijn HD1903 met Tapatalk

19

20.7 Legacy Series / Let OpenVPN use NordVPN recommended server

« on: August 21, 2020, 05:39:12 pm »

I have a script that gets the recommended server by NordVPN.
Now I want to use the returned servername to connect OpenVPN-client to.
What is the best way to do that?
Can I 'just' replace the hostname in the config.xml and restart OpenVPN client?
In this case, how do I restart the OpenVPN-client from commandline?

20

20.7 Legacy Series / Overview of rules and usage

« on: August 20, 2020, 04:32:36 pm »

Is it possible to create an overview of the present firewall-rules and how often they're used??

21

20.7 Legacy Series / Firewall blocks one time, passes another...

« on: August 13, 2020, 09:34:27 pm »

When I looked in the live logging of the firewall I found several of the following lines...

Code: [Select]

vl70_iot Aug 13 21:23:09 192.168.70.16:49462 173.194.76.206:443 tcp Default deny rule
vl70_iot Aug 13 21:23:08 192.168.70.16:52646 34.90.171.169:80 tcp Default deny rule
vl70_iot Aug 13 21:23:06 192.168.70.16:48390 34.90.173.53:443 tcp Default deny rule
vl70_iot Aug 13 21:23:05 192.168.70.16:52646 34.90.171.169:80 tcp Default deny rule
vl70_iot Aug 13 21:23:04 192.168.70.16:49468 173.194.76.206:443 tcp vl70 allow to any rule`
As you can see at 21:23:04 the traffic is allowed, at 21:23:09 it is blocked.
I would have expected it to allowed or disallowd, not both....
Is this a bug or is there some other logfile what might explain this (erratic?) behaviour??

22

20.7 Legacy Series / Re: VMware Tools installed, but according to ESXi they're not...

« on: August 13, 2020, 09:26:48 pm »

Reinstalled the driver and rebooted...
This time it worked...
Apparently a reboot is needed...

Thanks!

23

20.7 Legacy Series / [Solved] VMware Tools installed, but according to ESXi they're not...

« on: August 11, 2020, 09:02:54 pm »

I installed OS-VMware plugin and it installs fine, according to OPNsense, but in ESXi it says VMware Tools are not installed.
How can I find out what went wrong?
ps -ef gives but a few processes, not what I expected....
`
/usr/local/opnsense/version/vmware
/usr/local/share/open-vm-tools/scripts/vmware
/usr/local/share/vmware-tools/scripts/vmware
`
are the only files/folders I found with vmware in the name, the first has a version in it (1.5) the second is an empty folder and the third has a network folder in it with a script...
Running that script does nothing, as far as I can tell...

24

20.7 Legacy Series / Re: VLAN Tag from wifi gets right ip address but appears on wrong interface

« on: August 06, 2020, 11:47:30 am »

Removed the vlan configs from opnsense and created several vnics and portgroups on esxi and everything seems to be working now.
Thanks!

Verstuurd vanaf mijn HD1903 met Tapatalk

25

20.7 Legacy Series / VLAN Tag from wifi gets right ip address but appears on wrong interface

« on: August 03, 2020, 12:30:00 am »

I have recently made a fresh install of the most recent OPNSense on ESXi.
On my OpenWRT router I have three ssids (30,70 & 90) with each a different vlan (two ssids are disabled at the moment - 70 & 90).
On my OPNSense I have 2 physical nics, 1 connected to my wan and 1 connected to a virtualswitch on a portgroup with vlan 4095.
Also I created different vlans (10, 20, 30, 70 & 90) in OPNSense and assigned interfaces to them.
When I connect my phone to the ssid it gets an ipaddress from the dhcp-range configured for vlan 30, but it cannot access anything local. Internet works fine.
My phone's ipaddress appears in the firewall logging as a client of vlan 20.
When I disable vlan 20 my phone can access local stuff...

I've searched several places and for a long time, but have not found anything remotely helpfull.

What can cause this and how to resolve this?
Where can I