Messages

16

General Discussion / Re: Minimal desktop install?

« on: October 31, 2024, 12:36:55 am »

Please don't take this wrong but I don't understand what you are saying, and no idea what is ppk.

https://www.puttygen.com/convert-pem-to-ppk

Then what error is it and what are the steps to reproduce it? In other words once logged in, what are you trying to do which causes an error? Then what log file? There are no log files to open in the UI.

No supported authentication methods available [preauth]

The Secure SSH function not working at all.  I am mainly a windows user but I have tinkered with linux for fun in my free time.  I have always use Putty to ssh into my linux systems. This is the first time I tried to lock it down since it being a firewall/router and all. 

Looks like it was disabled or my settings didn't save. 
 

I can log into the UI with my other user I create several months ago.  But can't with SSH. 

I bought the Practical OPNsense 4th edition hoping that it would help me with the configuring.   Have also visited the Docs and wanted to get a pdf copy os I view it offline and print out things I would like to remember and keep close.

17

General Discussion / Re: Minimal desktop install?

« on: October 30, 2024, 10:50:00 pm »

IDK I can login as root and manage (WebUI) I get an error and in the UI says click goto page. But it does not open the log file so I can read it.  The UI will tell me which log to check but it doesn't give me a file location.

IDK The directions to convert pem file to ppk is pretty straight forward.  I checked for updates to see if something in the coding changed.  I even tried openssh to convert pem to ppk.

OS is current and up to date as well as OPNsense running 24.7.7.  I changed the port from the default.  I am attempted to lock it down so only it will accept my, LAN ssh request with my username/password and certificate.

I have a Debian Server that I am prepping for a file and small game server.  I haven't tried to SSH in with it.

18

General Discussion / Re: Minimal desktop install?

« on: October 30, 2024, 09:51:57 pm »

Correct, I configured the secure SSH and for what ever reason it keeps on failing.  I left root ssh disabled, created a new user with admin rights.  (not working either)  I also create selfsigned cert and saved it to opnsense and my computer I am trying to ssh in with.  Telling me to check log.   It is take me days to get anywhere like this.  I would like to install and only have it to load on demand for a single user.

I suck at remembering the linux commands and file directory system.  I would like to add a miniumal desktop so I have a GUI to get in and look at what I need easily.  If I can't ssh into the router I have to move and connect a monitor so I can work directly off the machine.  IF there was a lite desktop to speed up my ability to open and read the logs make edits when possible it would be a huge help.

Another issue I am having is converting my cert to a putty format (ppk), following the directions I keep getting an error that the file is not formatted correctly.  Recreated a new cert copy and pasted to new machine to import still says incorrect format error.  I am just so tired of feeling blind and not getting anywhere.

• 2024-10-26T19:05:01-04:00   Warning   audit   user SomeDumbIdiot could not authenticate for login. [using OPNsense\Auth\Services\System + OPNsense\Auth\Local]

   

• 2024-10-26T17:56:29-04:00   Error   sshd-session   error: Received disconnect from 192.168.90.8 port 58936:14: No supported authentication methods available [preauth]
  

19

General Discussion / Minimal desktop install?

« on: October 30, 2024, 12:34:42 am »

I'm having issues getting ssh to work.  Is there a minimal desktop in the stock install?

If so what is the command to start it?  If I need to install one manually which is best? Just needing nano editor, file explorer and ability to print to pdf or my networked printer.

I found how to install nano from cli.

I do not want the desktop environment to boot all the time just when I need it.

20

General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

« on: May 20, 2024, 10:05:22 pm »

Well my issues have return and doing some more digging it seems it was an DNS issue.

I had to go in and whitelist.

2.dl.delivery.mp.microsoft.com
7.assets1.xboxlive.com
accounts.xboxlive.com
achievements.xboxlive.com
assets.xboxlive.com
assets1.xboxlive.com
attestation.xboxlive.com
avty.xboxlive.com
cert.mgt.xboxlive.com
chatfd.xboxlive.com
client-s.gateway.messenger.live.com
client-strings.xboxlive.com
clubhub.xboxlive.com
comments.xboxlive.com
compass.xboxlive.com
def-vef.xboxlive.com
device.auth.xboxlive.com
dl.delivery.mp.microsoft.com
dlassets.xboxlive.com
editorial.xboxlive.com
eds.xboxlive.com
epix.xbox.com
epix.xbox.com
eplists.xboxlive.com
fdp-xboxone-ope-game.fromsoftware-game.net
fdp-xboxone-ope-game.fromsoftware-game.net
fdp-xboxone-ope-login.fromsoftware-game.net
fdp-xboxone-ope-login.fromsoftware-game.net
fe3.delivery.dsp.mp.microsoft.com.nsatc.net
fe3.delivery.mp.microsoft.com
g.live.com
gameserverds.xboxlive.com
help.ui.xboxlive.com
images-eds.xboxlive.com
images-eds-ssl.xboxlive.com
inference.location.live.net
instance.mgt.xboxlive.com
leaderboards.xboxlive.com
licensing.xboxlive.com
login.live.com
mediahub.xboxlive.com
networktest.xboxlive.com
nexus.officeapps.live.com
nexusrules.officeapps.live.com
notify.xboxlive.com
peoplehub.xboxlive.com
privacy.xboxlive.com
profile.xboxlive.com
rta.xboxlive.com
s.gateway.messenger.live.com
sessiondirectory.gtm.xboxlive.com
sessiondirectory.xboxlive.com
settings.xboxlive.com
settings-ssl.xboxlive.com
skypexbox.skype.com
social.xboxlive.com
title.auth.xboxlive.com
title.mgt.xboxlive.com
titlehub.xboxlive.com
titlestorage.xboxlive.com
tournamentshub.xboxlive.com
update.xboxlive.com
update.xboxlive.com.akadns.net
update-cdn.xboxlive.com
user.auth.xboxlive.com
userpresence.xboxlive.com
userstats.xboxlive.com
vodcontent-2003.xboxlive.com
vodcontent-3001.xboxlive.com
vodcontent-3004.xboxlive.com
www.xboxlive.com
x1ds.xboxlive.com
xbox.ipv6.microsoft.com
xbox.ipv6.microsoft.com
xboxexperiencesprod.experimentation.xboxlive.com
xbox-mbr.xboxlive.com
xflight.xboxlive.com
xflight.xboxlive.com
xkms.xboxlive.com
xncsi.xboxlive.com
xnotify.xboxlive.com
xsts.auth.xboxlive.com

So far this has fixed the Open NAT and UPNP failures to connect.

21

General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

« on: May 15, 2024, 04:09:05 am »

Eventually I have a feeling you will end up buying a 2.5gbps switch, looks like you can get a 5 port that includes a 10gbps uplink for around $44usd. No idea if these cheap switches will really perform, but https://www.servethehome.com/ has a bunch of reviews on some "cheap" 2.5 and 10gbps switches that might be worth looking at.

Summary is that I think you are going to get tired of fooling around trying to bridge those ports and get full speed out of them. Maybe it works, maybe it doesn't, but a switch is going to be a lot easier down the road.

I wore myself out redoing the setup and always getting the same results on the Xboxes.

After exhausting my patience I bought a cheap 8 port 2.5g manage switch, to replace the 2.5g dumb switch I bought a month ago.

Set the static IP address for it and saved the Xboxes mac addresses to the assigned ports and rebooted everything..

I no longer have UPNP errors and have Open NAT   

https://a.co/d/c1D2u7N

Still having issues with my wifi flaking out.  I did run a dedicated lan cables from a bridged ports directly to the TP-Link X55 & X50-Outdoor I am using in AP mode.

22

General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

« on: April 21, 2024, 04:32:05 pm »

If you have unconnected ports in that bridge you will have output errors. This is not a problem.

What about the Mac addresses changing?  Seems like it should be static to match IP.

All ports are being used now.

23

General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

« on: April 20, 2024, 11:03:10 pm »

To keep things simple - if you want to use more than one port of your device for LAN clients - you should definitely build a LAN bridge following the OPNsense documentation. Anything else would require to create multiple interfaces, multiple DHCP pools, firewall rules for everything, dealing with multicast ... not quite fun.

What part of the LAN bridge documentation is not working for you?

My bridge has 2,930,088 errors.  Still haven't found troubleshooting documentation or anything that can help.  I figure it will be something stupid simple as checking the wrong box or missing a config step.  But I don't have a clue where to start looking for a fix other then rereading the setup documentation.

I did find out when I reloaded an old configuration, that eth1 wasn't included in the bridge in that saved version that is why I was not getting network a connection.

I have been asking about the MAC address assignment for the bridge.  I do not know why the log keeps showing MAC changes for eth1-eth5.  I assumed it would see it as a single port and be given the same mac to all ports, unless it was internal way of identifying a specific port.  I have no clue how the programing side of things work.

I am still having issues with my TP-Link x55 AP and X50-outdoor AP.  I really don't think it has anything to do with Opnsense because they was a problem before I moved to Opnsense.  That is why I moved to separate devices I thought separating the jobs it would reduce the load on them and they would work.  The mini pc I am using the highest usage I have seen will be a 20% load for less then a few seconds then it goes right back to less than 1% load.

But I have gained 4Mbps in down and 2Mbps up by ditching the x55 router function for just AP.

24

General Discussion / Any known issues with TP-Link Decos

« on: April 18, 2024, 07:40:57 pm »

I have been having issues with my Wifi.  I have X55 Deco with (2) X50-Outdoor used in AP mode.  I have been using them since about December Feburary 1 and one of the reason I moved to OPNsense I thought my network was to much for the Decos to handle.  So the OPNsense is doing all the management and the Deco are strictly in AP mode.

The Deco settings keep changing their IP address subnet, which decos are connected and which one is the "main".  I get everything configured and set working perfectly.  Then in a day or two they change settings except my SSID, user and passwords (not using default).  I don't know if this is a defective product or a known issue with the TP-Link Deco Product line.

I originally started with the M5 and they worked pretty good except the range was poor and slower speeds.  I added the X50-outdoor and they was much faster and greater range.  Then it was a old gen with new gen issues that the M5 was to slow for x50 so I replaced the M5 with the X55.  I got fed up with the Deco network getting confused and screwing up that I did a factory reset and started a new account thinking that would solve the old configuration data getting restored and overwriting the correct configuration.  Weeks later still dealing with the Decos doing what ever they want and not saving my current settings.  I don't know what else I can do, I thought about assigning static address to the AP nodes by mac addresses not sure if that would solve anything since the Deco is having several issues.

25

General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

« on: April 18, 2024, 02:12:32 am »

Here is my simple network topology.



Still looking for help.




My ISP doesn't use IPv6 wondering if enabling this would improve the network for my Xbox at least on the LAN side?

26

General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

« on: April 15, 2024, 08:03:52 pm »

 

I believe the errors are related to the DNS on my Xbox's.

27

General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

« on: April 12, 2024, 04:42:25 pm »

I haven't made any changes in my network in about a week.  Last night my wifi started going offline randomly.  When I logged in on the router checking for updates (still current)  I found 2,500,481 errors on the bridge.  How do I access the log to figure out what is going on?

28

General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

« on: April 10, 2024, 01:55:00 am »

What part of the LAN bridge documentation is not working for you?

I am not sure that there is a problem.  My access points was breaking (just stop working) I've had them a few months and the router and 2.5g switch was new.  So I wasted days looking for problems in the wrong area.  Then computer problems (windows update reset/broke office network), then something else, and something else.  But I was wanting to have all areas getting 2.5g then dropping to 1g at each of the (3) switches.  Currently everything is connected with @ 2.5g except 1 AP that is connected to 1g switch (only device) that I am using like a bridge to connect to a 2nd mesh AP that takes the signal into the office to a 16 port 1g smart switch.  I have been having frequent network issues and spending many days and weekends resetting the old routers.  (TP-Links)  IMO once a very good affordable product, now with the trend of everyone wanting to move to a mobile cloud system they are pure garbage.  Some how the cloud sync would override my latest configuration and would reset to an older state that was no longer appropriate.  The reason I decide to go with OPNsense router so I had 100% control and not 5% control.

I still haven't created the network topology map that I have been planning for 2 weeks now. But because of the previous comments I have reran 2 new cat6 cables so everything is linked by wire. (router > switch > devices).  Except the branch that goes to the office, router > 1g switch > Mesh AP <<wifi 6 about 200 ft away>> Mesh AP > Switch > Devices.

Trying to figure out how I can (ahem) should plan on linking lan to lan next door about 260 ft.  My sister has young kids that is into Minecraft and I plan on hosting LAN game servers at home so the whole family can game together without the signal going out over the WAN connection.  Because we live out in middle of nowhere our internet service is really to slow for online gaming.  So one of my trains of thought is to remove 1 NIC from the bridge (or maybe 2) IDK still reading up on VLANs.  So the point of the post earlier was IF I remove 1 NIC how to I set that up.  IDK if setting up a VLAN to run to the office through the APs would cause issues with my mesh system (2) nodes off ETH2 and (1) off ETH4.  Again still really new to VLAN I know that I can tag devices and the Smart Switch in the office can work as a VLAN client, OPNsense VLAN server.  Not fully understanding how that would affect or if it would affect the AP.

• On the Bridge I assigned a static IP, do I need to define the mac as well? Or if that is left blank it will auto assign the MAC address on eth1?
  
  
  
• Oh I did remember one issue I had, the cable plugged into ETH1 wasn't connecting to the switch.  Glanced over the settings and nothing jumped out to me as to why.  So I moved the cable to ETH3 and it started working.

29

General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports

« on: April 09, 2024, 10:15:38 pm »

So far I have been working the bugs out of other hardware on my network and my ISP finally confirmed that I was behind a double nat.

Is there and idiot proof way to understand error log (see attach photo)?  I figured it was about the double nat, hoping there is a plugin or gui that would take me to the error.  The rid was clickable but it did nothing when I clicked on it.

Another question I have if I decide to drop the bridge.  I understand that I will have to add lan eth2-eth5, but do they require their own IP address?  Think it would be obvious they would have to be static address, so if I am working down stream on eth3 do I still access the OPNsense with the current eth1 IP or would it be a seperate IP for each?

I know that if I wanted to I could put each one on their own subnet and link or route together.  I did read that but I was hoping to keep things simple for now.  As I get a better understanding I will probably separate the office network, home wifi, gaming network and have a public printer share and streaming into their own each independent LANs.

thanks!

30

General Discussion / Re: Help with NAT type and open NAT for Gaming

« on: April 03, 2024, 12:07:41 am »

I am not an expert by any means.  I am having a similar problem I am working on.  I think mine is a known issue with Xbox but check out this it might help explain NAT a little more has some "official how to's".

The manual is handy if you know the terms to look up.  (I don't)

https://docs.opnsense.org/services.html
https://docs.opnsense.org/manual/nat.html