Messages

76

21.7 Legacy Series / Re: LAGG interface working fine but shown as "flapping"?

« on: January 10, 2022, 02:13:15 pm »

Hello,

i have the issue that under the Gui - LAGG Statistics - is shown flapping3

And strangely under Console, flapping 0

Code: [Select]

ifconfig -m -v lagg0
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=900028<VLAN_MTU,JUMBO_MTU,NETMAP>
        capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:xx:xx:xx:xx:xx
        inet6 fe80::xxxx:xxxx:xxxx:xxxx%lagg0 prefixlen 64 scopeid 0xb
        inet 192.168.99.1 netmask 0xffffff00 broadcast 192.168.99.255
        laggproto lacp lagghash l2
        lagg options:
                flags=90<LACP_STRICT>
                flowid_shift: 16
        lagg statistics:
                active ports: 3
                flapping: 0
What is now correct?

77

General Discussion / Re: Rule Separators

« on: January 04, 2022, 08:18:35 pm »

+1 for such an important Feature! 

78

Virtual private networks / OpenVPN selective Routing issue

« on: December 30, 2021, 03:32:48 pm »

Hello,

i have an issue with selective routing. I have OpenVPN running and connected. The whole LAN net is going out to Internet via the OpenVPN connection, as set in the Firewall Rule as Gateway. Now i created an Alias with www.whatsmyip.com and added before the VPN Gateway another Rule with Source LAN net and Destination the Alias and Gateway Default (ISP Connection)

When testing www.whatsmyip.com i see the public address over WAN, when testing with a other Tool, i see the IP from the VPN, so all good.

Then i restarted the Firewall, and tested again the same Websites, but this time, the excluded Alias with whatsmyip.com dont show me the WAN IP as expected, the Alias show me the VPN connected IP., whats is wrong, as the Request should be routed over the WAN Connection.

Could it be, that the Firewall States have not been flushed during the reboot ? How can i prevent this?

Thx!

79

General Discussion / Re: An old chestnut - mDNS/Bonjour across VLANs

« on: December 28, 2021, 01:36:39 pm »

Hello,

found this thread as i have also the issue with Multicast. Also related to the Rules im not sure if i have configured them correctly?

I hope someone could have a short look, and let me know, if they are correct or not

Thx!

80

Virtual private networks / Re: Prevent Ipv6 auto Gateway creation OpenVpn

« on: December 28, 2021, 09:26:10 am »

Unfortunately not. As i have several OpenVPN Connections, the solution for me is still just Disable the auto created IPv6 Gateways..

81

General Discussion / Re: FreeRadius EAP Settings Root and Server Certificate

« on: December 27, 2021, 07:42:29 am »

Well, that is interesting...

I'll look into it as my time permits but I'm glad to hear it is at least working.

Hello benyamin,

did you have the time to already look into this?

Thx!

82

General Discussion / Re: Question to Aliases

« on: December 27, 2021, 07:28:45 am »

Thanks for your reply. Yes i ended up creating network aliases, but as the "Standard" created Aliases are already available in the Firewall Rules, it should be imho possible to use them everywhere in Opnsense.

83

General Discussion / Maltrail on Opnsense

« on: December 26, 2021, 02:47:26 pm »

Hello,

i installed Maltrail Server / Sensor on OPNsense 21.7.7 . Under Maltrail - Sensor - Remote Port Help, if i left the setting empty (as Sensor / Server) on the same Device, i get the error when saving "Field remoteport is required"


The Auto Generated Alias BlocklistMaltrail , and added to a Rule from my side. But the Content in the Alias is empty, nothing loaded, even after reapplying the settings.

Also, in the Gui Settings, is there not yet the possibility to change Gui Access Port Protocol to https?

Any Idea how to Fix this?

Is Maltrail in general Production ready?

Thx!

84

General Discussion / Question to Aliases

« on: December 26, 2021, 02:13:31 pm »

Hello,

im trying to create an Alias LOCAL_NET_GROUP with Standard created Networks LAN net and VLAN10 net. Both Networks are available under Firewall Rules Source / Destination.

When I try to save the created Alias Group I get the error: Entry "LAN net" is not a network.,Entry "VLAN10 net" is not a network.

Should it be not possible, to work under the Aliases with the “Internal” created Networks, as I have them available in the Firewall Rules?

Thx!

85

Tutorials and FAQs / Re: HOWTO - Routing Traffic over Private VPN

« on: December 24, 2021, 08:31:55 am »

Hi,

Merry Christmas Everyone 😊

I have a question to NAT – Outbound Rules regarding the correct and secure configuration. I set Outbound Rules to manual, and choose the specific VPN Clients as Interface and Source to LAN, VLAN1, VLAN2 etc, so the Clients in the different Networks go over the different VPN Tunnels, that’s fine.

But I was wondering, how should Loopack networks, 127.0.0.0/8  (when switching to Hybrid or Automatic) NAT Rule generation be handled correctly. Should they also be defined when set Manual outbound NAT rule generation?

What is also not clear for me yet, under Firewall – Rules – Loopback there are  2 automatically generated rules to pass all looback requests (IPv4 / IPv6) source / destination is Any, is there anything to define manually to be sure that the VPN is not leaking somewhere?

Thx!

86

Web Proxy Filtering and Caching / Re: How do I restrict the proxy from allowing access to local networks?

« on: December 22, 2021, 12:45:53 pm »

Hi,

i have exactly the same problem. As you mentioned custom acl are not available in the Gui, means to get this correct to work, i have also to tamper again within the squid.conf??

Thx!

87

General Discussion / Question Mail Gateway

« on: December 21, 2021, 06:59:58 pm »

Hello,

i have a couple of gmail mailboxes, and get a lot of spam lately. I saw now in the docu, the option for the setup of a mailgateway, with the Plugins: ClamAV, Postfix, Redis, Rspamd

https://docs.opnsense.org/manual/how-tos/mailgateway.html

Would there be the possibility with the above configuration, for Filtering my Mailboxes? What happens with the Mails, are they locally then on the Firewall itself?

Thx!

88

21.7 Legacy Series / Re: URL TableIP Alias empty not updating after Upgrade to 21.7.7

« on: December 21, 2021, 06:37:27 pm »

no, time was correct, and sense on physical device.

in this case (if it happens again) it makes sense to look for errors in the backend log (System: Log Files: Backend) imho

Thx Fright, will keep an Eye on this on the next Update

89

21.7 Legacy Series / Re: URL TableIP Alias empty not updating after Upgrade to 21.7.7

« on: December 21, 2021, 06:36:25 pm »

Do you use AdGuard?

No, but is Adguard possible, when i use Unbound with DNS Crypt Proxy already?

Thx

90

21.7 Legacy Series / Re: URL TableIP Alias empty not updating after Upgrade to 21.7.7

« on: December 20, 2021, 03:48:22 pm »

hi,

no, time was correct, and sense on physical device.