Messages

Vielleicht "Block private IPs" auf den WANs aktiv? Ach nee, war aus, laut OP.

Um das Modem zu erreichen eine Outbound NAT rule für das richtige WAN mit Source (deinem Admin-Netz) und Destination der (Adresse/32) im /30 für das Modemnetz vielleicht?

It's hot out there. Maybe time to re-hydrate.

Or time for some Mod to tidy up.

Mal sowas probiert:

https://forum.opnsense.org/index.php?topic=25793.0

https://www.reddit.com/r/opnsense/comments/vhi7ga/sipvoip_connections_being_killed/?tl=de

"firewalls" implies this happens on more than one install? Did you install at all? Or just boot the live-system?

Hy!

Upgraded to 25.1.7 and got:

Code Select Expand

***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.1.6_4 (amd64) at Wed May 21 16:50:49 CEST 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (31 candidates): .......... done
Processing candidates (31 candidates): .......... done
The following 31 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
dhcp6c: 20241008 -> 20250513
monit: 5.35.1 -> 5.35.2
mpdecimal: 4.0.0 -> 4.0.1
nss: 3.110 -> 3.111
opnsense: 25.1.6_4 -> 25.1.7_2
perl5: 5.36.3_3 -> 5.40.2_2
pftop: 0.12 -> 0.13
php83: 8.3.20 -> 8.3.21
php83-ctype: 8.3.20 -> 8.3.21
php83-curl: 8.3.20 -> 8.3.21
php83-dom: 8.3.20 -> 8.3.21
php83-filter: 8.3.20 -> 8.3.21
php83-gettext: 8.3.20 -> 8.3.21
php83-ldap: 8.3.20 -> 8.3.21
php83-mbstring: 8.3.20 -> 8.3.21
php83-pcntl: 8.3.20 -> 8.3.21
php83-pdo: 8.3.20 -> 8.3.21
php83-session: 8.3.20 -> 8.3.21
php83-simplexml: 8.3.20 -> 8.3.21
php83-sockets: 8.3.20 -> 8.3.21
php83-sqlite3: 8.3.20 -> 8.3.21
php83-xml: 8.3.20 -> 8.3.21
php83-zlib: 8.3.20 -> 8.3.21
py311-pytz: 2024.2_1,1 -> 2025.2_1,1
smartmontools: 7.4_2 -> 7.5
syslog-ng: 4.8.1_5 -> 4.8.2

Installed packages to be REINSTALLED:
ddclient-3.11.2_2 (direct dependency changed: perl5)
ntp-4.2.8p18_4 (direct dependency changed: perl5)
p5-Data-Validate-IP-0.27 (direct dependency changed: perl5)
p5-NetAddr-IP-4.079 (direct dependency changed: perl5)
rrdtool-1.9.0 (direct dependency changed: perl5)

Number of packages to be upgraded: 26
Number of packages to be reinstalled: 5

The process will require 3 MiB more space.
30 MiB to be downloaded.
[1/31] Fetching mpdecimal-4.0.1.pkg: .......... done
[2/31] Fetching php83-filter-8.3.21.pkg: ... done
[3/31] Fetching php83-curl-8.3.21.pkg: ...... done
[4/31] Fetching p5-Data-Validate-IP-0.27.pkg: ... done
[5/31] Fetching monit-5.35.2.pkg: .......... done
[6/31] Fetching nss-3.111.pkg: .......... done
[7/31] Fetching p5-NetAddr-IP-4.079.pkg: .......... done
[8/31] Fetching ddclient-3.11.2_2.pkg: ........ done
[9/31] Fetching php83-ldap-8.3.21.pkg: ..... done
[10/31] Fetching php83-simplexml-8.3.21.pkg: ... done
[11/31] Fetching php83-pdo-8.3.21.pkg: ....... done
[12/31] Fetching rrdtool-1.9.0.pkg: .......... done
[13/31] Fetching dhcp6c-20250513.pkg: ......... done
[14/31] Fetching py311-pytz-2025.2_1,1.pkg: .......... done
[15/31] Fetching ntp-4.2.8p18_4.pkg: .......... done
[16/31] Fetching syslog-ng-4.8.2.pkg: .......... done
[17/31] Fetching php83-sockets-8.3.21.pkg: ...... done
[18/31] Fetching php83-pcntl-8.3.21.pkg: ... done
[19/31] Fetching php83-sqlite3-8.3.21.pkg: .... done
[20/31] Fetching php83-session-8.3.21.pkg: ..... done
[21/31] Fetching php83-mbstring-8.3.21.pkg: .......... done
[22/31] Fetching php83-gettext-8.3.21.pkg: . done
[23/31] Fetching php83-zlib-8.3.21.pkg: ... done
[24/31] Fetching php83-ctype-8.3.21.pkg: . done
[25/31] Fetching php83-8.3.21.pkg: .......... done
[26/31] Fetching php83-xml-8.3.21.pkg: ... done
[27/31] Fetching php83-dom-8.3.21.pkg: .......... done
[28/31] Fetching perl5-5.40.2_2.pkg: .......... done
[29/31] Fetching opnsense-25.1.7_2.pkg: .......... done
[30/31] Fetching smartmontools-7.5.pkg: .......... done
[31/31] Fetching pftop-0.13.pkg: ........ done
Checking integrity... done (0 conflicting)
[1/31] Upgrading mpdecimal from 4.0.0 to 4.0.1...
[1/31] Extracting mpdecimal-4.0.1: .......... done
[2/31] Upgrading php83 from 8.3.20 to 8.3.21...
[2/31] Extracting php83-8.3.21: .......... done
[3/31] Upgrading py311-pytz from 2024.2_1,1 to 2025.2_1,1...
[3/31] Extracting py311-pytz-2025.2_1,1: .......... done
[4/31] Upgrading php83-zlib from 8.3.20 to 8.3.21...
[4/31] Extracting php83-zlib-8.3.21: ........ done
[5/31] Upgrading php83-xml from 8.3.20 to 8.3.21...
[5/31] Extracting php83-xml-8.3.21: ......... done
[6/31] Upgrading perl5 from 5.36.3_3 to 5.40.2_2...
[6/31] Extracting perl5-5.40.2_2: .......... done
[7/31] Upgrading nss from 3.110 to 3.111...
[7/31] Extracting nss-3.111: .......... done
[8/31] Reinstalling p5-NetAddr-IP-4.079...
[8/31] Extracting p5-NetAddr-IP-4.079: .......... done
[9/31] Upgrading php83-pdo from 8.3.20 to 8.3.21...
[9/31] Extracting php83-pdo-8.3.21: .......... done
[10/31] Upgrading php83-session from 8.3.20 to 8.3.21...
[10/31] Extracting php83-session-8.3.21: .......... done
[11/31] Upgrading php83-mbstring from 8.3.20 to 8.3.21...
[11/31] Extracting php83-mbstring-8.3.21: .......... done
[12/31] Upgrading php83-filter from 8.3.20 to 8.3.21...
[12/31] Extracting php83-filter-8.3.21: ......... done
[13/31] Upgrading php83-curl from 8.3.20 to 8.3.21...
[13/31] Extracting php83-curl-8.3.21: .......... done
[14/31] Reinstalling p5-Data-Validate-IP-0.27...
[14/31] Extracting p5-Data-Validate-IP-0.27: ....... done
[15/31] Upgrading monit from 5.35.1 to 5.35.2...
[15/31] Extracting monit-5.35.2: ....... done
[16/31] Upgrading php83-ldap from 8.3.20 to 8.3.21...
[16/31] Extracting php83-ldap-8.3.21: ........ done
[17/31] Upgrading php83-simplexml from 8.3.20 to 8.3.21...
[17/31] Extracting php83-simplexml-8.3.21: ......... done
[18/31] Reinstalling rrdtool-1.9.0...
[18/31] Extracting rrdtool-1.9.0: .......... done
[19/31] Upgrading dhcp6c from 20241008 to 20250513...
[19/31] Extracting dhcp6c-20250513: ........ done
[20/31] Reinstalling ntp-4.2.8p18_4...
[20/31] Extracting ntp-4.2.8p18_4: .......... done
[21/31] Upgrading syslog-ng from 4.8.1_5 to 4.8.2...
[21/31] Extracting syslog-ng-4.8.2: .......... done
[22/31] Upgrading php83-sockets from 8.3.20 to 8.3.21...
[22/31] Extracting php83-sockets-8.3.21: .......... done
[23/31] Upgrading php83-pcntl from 8.3.20 to 8.3.21...
[23/31] Extracting php83-pcntl-8.3.21: ......... done
[24/31] Upgrading php83-sqlite3 from 8.3.20 to 8.3.21...
[24/31] Extracting php83-sqlite3-8.3.21: ......... done
[25/31] Upgrading php83-gettext from 8.3.20 to 8.3.21...
[25/31] Extracting php83-gettext-8.3.21: ........ done
[26/31] Upgrading php83-ctype from 8.3.20 to 8.3.21...
[26/31] Extracting php83-ctype-8.3.21: ........ done
[27/31] Upgrading php83-dom from 8.3.20 to 8.3.21...
[27/31] Extracting php83-dom-8.3.21: .......... done
[28/31] Upgrading pftop from 0.12 to 0.13...
[28/31] Extracting pftop-0.13: ..... done
[29/31] Reinstalling ddclient-3.11.2_2...
[29/31] Extracting ddclient-3.11.2_2: ....... done
[30/31] Upgrading opnsense from 25.1.6_4 to 25.1.7_2...
[30/31] Extracting opnsense-25.1.7_2: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
[31/31] Upgrading smartmontools from 7.4_2 to 7.5...
[31/31] Extracting smartmontools-7.5: .......... done
pkg-static: Fail to rename /usr/local/etc/periodic/daily/.pkgtemp.smart.aDdfeKctdUED -> /usr/local/etc/periodic/daily/smart:No such file or directory
Starting web GUI...done.
***DONE***
Is this "Fail to rename..." a problem of any kind?

https://forum.opnsense.org/index.php?topic=10740.msg49334

...quite a bit rude to kill all states when kiddy internet time expires, but at least it works reliable here. For years. In the meantime no need any more, but the rules and the cron jobs are still there... :-D

...Ich versuche immer, adressbasierte Firewall-Regeln so weit wie möglich zu vermeiden.

und

...Daher bei OVPN Regeln (oder WG etc.) immer Source mit angeben.

äääähhh, also

Ich würde mich da Patrick anschließen.

verstehe ich was falsch oder sind da deutliche UNTERSCHIEDE zwischen den Posts was FW-Regeln für VPN anbelangt?

Hmm, aber es geht ja nix als Antwort zurück, oder übersehe ich was?

Schlüssel stimmen überall?

Du hast ja ein Interface assigned für den Tunnel, kommen darauf Pakete an?

package capture auf dem WAN Port 51821 und schauen, ob da was ankommt/rausgeht...

Bedankt!

Wuuhh, das war aber früher (TM) einfacher...

Moin, also:

[Hier sollte ein Screenshot eines Cronjob sein, seit wann muss man Bilder für das Forum selbst hosten? Im Jahr 2025?]

https://crontab.guru/#*_/5_*_*_*_*

...
Die Angreifer könnten zwar ein deutsches Botnetz verwenden aber das dürfte schwerer aufzubauen zu sein als z. B. ein chinesisches.

Das bezweifle ich stark.

Wenn deine Clients einen DynDNS-Service konfiguriert haben und ihre public IP da hinterlegen, kannst du am WAN für deinen openVPN Port nur diese IPs zulassen. Besser als nüscht.

Hmmm, but if only the new (DNSmasq) option is more feature-rich, then there is no problem with moving to this option, right? Or are you refering to the use of a single "DHCP"-section in config.xml for all three DHCP servers?

Dnsmasq has an "import and export csv" feature which can import the static host reservations

Hi, no offence intended, but as the OP wrote: in pfSense it was just a tick box to switch to new DHCP. No "export/import". If the export/import works reliably, just do it with the tick box and the community will be happy!