Messages

2401

16.7 Legacy Series / Re: OpenVPN - Possible Bug with Multiple Servers

« on: August 18, 2016, 11:38:45 am »

will tray to reproduce with 2 openvpn servers on a fresh opnsense soon... Currently only have here one with 2 openvpn clients, doing fine

In the meantime: What are your NAT outbound rules? Should include BOTH tunnel networks iirc...

2402

16.7 Legacy Series / Re: OpenVPN - Possible Bug with Multiple Servers

« on: August 18, 2016, 10:19:28 am »

What are your rules on the openVPN firewall tab? Allow any any?

Allow rule for port 1195 on WAN firewall tab?

And firewalls rules on the client side?

2403

16.7 Legacy Series / Re: OpenVPN - Possible Bug with Multiple Servers

« on: August 17, 2016, 07:55:30 pm »

There is only ONE Firewall tab for ALL OpenVPN tunnels... ALWAYS

2404

16.7 Legacy Series / Re: Totally Stumped...firewall rules not working

« on: August 17, 2016, 11:33:57 am »

WAN adress should be part of "This firewall", as "This firewall" is an allias for IPs on all interfaces of the opnsensee...

2405

16.7 Legacy Series / Re: not getting IP via DHCP on WAN

« on: August 14, 2016, 04:34:32 pm »

...did you wait some hours to obtain an IP? (is it a fixed IP?)

Otherwise: package capture on device that gets an IP and look for differences in DCHPDISCOVER.

My bet is on the ISP/the briged router not passing on the request. Would look around in that config to stop any filtering etc...

2406

German - Deutsch / Congstar prepaid Tarif - "IPV6CP rejected by peer"

« on: July 28, 2016, 09:05:27 pm »

Hallo!

Ich versuche meiner opnsense i386 16.1.20 mittels eines Dell 5550 mini PCIe 3G Modems und einer Congstar Prepaidkarte (funktioniert im USB-stick, PIN ist aktiv aber in der Konfiguration unter "Advanced" eingegeben) in's Internet zu verhelfen.

Konfiuration wie hier beschreiben:

https://docs.opnsense.org/manual/how-tos/cellular.html

Nach der Aktivierung des Interfaces sieht zuerst alles ganz OK aus, "Kermit", blabla, "Congratulations, authorization successful", "Join bundle WAN", dann folgt im LOG:

"IPCP: Open event"
...
"IPCP: Layer start"

aber dann:

"IPV6CP: Open event"

Aber in der Konfiguration für das WAN Interface ist nur IPv4 PPP gewählt, IPv6 hat "None"

Danach scheitert dann auch regelmäßig der weitere Verbindungsaufbau, ich bekomme keine IP, Status is "Connected", MAC aber 00:00:00:00:00:00

Ich habe sonst kein IPv6 zugelassen, habe aber mal die floating rule zum blockieren von IPv6 deaktiviert, ohne wesentliche Änderung. Auch "prefer IPv4 over IPv6, even if IPv6 is available" hat nichts gebracht....

Hat jemand eine Idee wie ich in's Interwebsdings komme, mobil mit opnsense? :-)

Tausend Dank vorab

chemlud

2407

16.1 Legacy Series / Re: Update to 16.1.20

« on: July 23, 2016, 12:45:49 pm »

eeh, to me that's self-explanatory:

"This is the EOL announcement for the 16.1 series of OPNsense."

The 16.7 release date is currently 28.07.2016 iirc. So no need to panic :-D

2408

General Discussion / Re: Set Time, Enable SSH, extend certificate life

« on: July 21, 2016, 03:33:35 pm »

GUI -> Services -> Network Time set an appropriate NTP server. As long as your WAN is online, the time should be correct...

2409

16.7 Legacy Series / Re: Traffic not passing through IPSec Roadwarrior tunnel.

« on: June 29, 2016, 04:09:00 pm »

"but the default route is pointing to it's public gateway and no other routes can be seen there"

I think you are pretty much at the point ;-)

I see at "VPN" -> "IPsec" -> "mobile clients" on the first page an option "network list", did you check this?

2410

16.7 Legacy Series / Re: Traffic not passing through IPSec Roadwarrior tunnel.

« on: June 29, 2016, 02:21:42 pm »

some suggestions:

- double check phase 2, for correct subnet etc.
- check firewall log if anything is blocked
- where did you try to wireshark? try somewhere else
- get more verbose logs, although the logs/debugging IPsec in general are a REAL PITA...

finally:
- try openVPN. Will work normally out of the box, if config is error-free :-)

2411

16.1 Legacy Series / Re: 16.1.16 i386 no. of States exploding - 100% CPU

« on: June 28, 2016, 02:59:29 pm »

...all tried to no avail! I'm more and more convinced that it is (in part?) related to some kind of problem involving opensuse. Major updates 1-2 days ago and the problem was back. This morning starting from 19 states, after 1 h more than 500 states.

Booted to Win 7, after 1 hour still only 14 states (identical use of tunnels/internet)...

Strange! But would explain why 10.3/bug fix above does not help.

2412

General Discussion / Re: Setting up a Bridge - Multiple NICs to act like a switch, like a SOHO router

« on: June 28, 2016, 02:38:45 pm »

Standard answer:

Use a switch, much cheaper and INTENDED to be used as a switch. Interfaces at your router are a powerful tool, would use it as such... :-)


http://www.tp-link.com/lk/products/details/cat-4763_TL-SG108.html

2413

16.1 Legacy Series / Re: 16.1.16 i386 no. of States exploding - 100% CPU

« on: June 28, 2016, 08:33:24 am »

Perfect, I'll prepare a fresh CF-card, just to be on the safe side....

2414

16.1 Legacy Series / Re: 16.1.16 i386 no. of States exploding - 100% CPU

« on: June 28, 2016, 08:18:46 am »

...this redmine thing looks especially plausible! Will be interesting to see if the patch improves behaviour of my box... :-D

2415

German - Deutsch / Re: Static DHCP - gültig für alle Interfaces?

« on: June 28, 2016, 08:13:03 am »

Hallo zurück! :-D

Na, dann mal weitersehen ;-) Vielen Dank für die Antwort!

Ich hoffe, dass man das irgendwie abgeschaltete bekommt, ich finde es sicherheitstechnisch suboptimal, oder?

Hat jemand vielleicht einen work-arround von den Netzwerkprofis? :-)