Messages

Reply, answer and solution to my own question:

Reread the Doc's: https://www.3cx.com/docs/pfsense-firewall/

DON'T USE PORT LISTS IN ALIASES!!!!





leads to:

Hi there,

I'm currently struggling with setting a 3CX behind a OPNsense. Specifically having issue's with the firewall Test...

So would you please share your Port-Forwarding and Outbound settings, that would really help alot!

Sorry for "HiJacking" this one, here's my solution:
https://forum.opnsense.org/index.php?topic=12793.msg59243#msg59243

Best Mircsicz

Hi all,

I've read and followed those three thread's: https://forum.opnsense.org/index.php?topic=448.0 and https://forum.opnsense.org/index.php?topic=7299.msg32981#msg32981. Especially the last one has a very specific solution but sadly that does not help with the current version of 3CX

This is what the test tells:


This is what I've setup in OPNsense (BTW: 19.1.7)


This is the Forwardings:

Doesn't make a difference if I disable or enable those rule's...

And yes as this is Multi-WAN there's a rule to tell the 3CX to only use VDSL:


The Document supplied by 3CX neither isn't very supportive, it's just telling in detail why the test is correct: https://www.3cx.com/docs/firewall-checker/

So I'm kinda lost with this, and 3CX totally refuses any further support until firewall test gets "GREEN"

@ralf.kirmis No, as shown in the above ScreenShot ;-)

Had a call with Jos, installing two patches solved the Issue:

Code Select Expand


sudo opnsense-patch 7835e9c 198887ed


So I'll be skipping 19.1.5 or wait for the Hotfix Franco has in the makes ...  8)

EDIT: seems to be already out:

Code Select Expand


[13/38] Fetching opnsense-19.1.5_1.txz: 100%    4 MiB   2.2MB/s    00:02


@ralf.kirmis

THX for the hint, just tried it but no change so far:

@va176thunderbolt For me this is no similar issue as I can connect from one side of the tunnel but not from the other side. Probably just my fault in the firewall settings...

Then it's blocked on the other side in incoming direction I'd guess

Definitly not as it worked before changing the WAN setup on location #1 ;-)

As a picture based approval:


Firewall log on location #1:


Firewall log on location #2:

Yes the Tunnel's are established, and sorry for not stating that clearly in my intro!

I can't connect from 10.10.2.x to 10.10.23.2 (for example) but I can connect from 10.10.23.x to 10.10.2.2

I already created dumps on the OPNsense on location #1 ,one is from Interface CS the other from IPsec... All I tried to do is open a ssh connection behind the IPsec...

@mimugmail: THX for your reply, but both of the system are running since 16/17 and both of the tunnel's have been there for a while... But I checked anyways and the tunnel's have it checked on both side's of the connection.

Hi hi,

I've got two APU based OPNsense's which are connected using Ipsec



After I've added MultiWAN with a failover config on location#1:


I modified the firewall rules like so:


But I still can't connect from location #1 to location #2, whilst the opposite direction still works fine. To be clear: IPsec phase 1 & 2 are connected just fine!

BTW: "CS net" is 10.10.2.0/24 an "DS net" is 10.10.5.0/24

Hope one of you spot's my failure...

Hi Fabian,

thx for your reply...

But I've tried al those options before posting here...

It accepts non of the following:
- "80, 443"
- "80 443"
- "http, https"
- "http https"

I've setup shaping in another firewall, I cloned the settings from another machine.

On the clone source (which was setup while running 18.7) I could setup the rule entering a port list:



The target is now running 19.1.4 and doesn't any longer allow me to enter a list of ports:


Could some please tell me if this is intended, or if there's still a way to define several ports in one rule?

Most of my Router's are build on APU's.

But those two sadly aren't, but I also had this on APU's with SSD's that are still used until today...

One of them is a year old the other, is way older... As it happened with a new and an old one and happened before I hope it's not the hard drive...

Anyways the new one is 250km's away, the old one only 15mins driving! I'll probably reset the old one during the next week!

Is there any data that would help you debug the issue?

EDIT: just found a third system (my father in law's ...), this time an APU with a 6month old SSD:


As you can see in the screener on that one the webinterface still works! And I'm only seating only a few meter's away and just loaded the latest installer image. I'ld bet that after the cold boot it will be fine...

Hi Franco, nope sure I have tried su with the root passwd... But guess what!

And as I said I've had that a few times with 18.7 upgrades too, all of them worked fine after the webif reboot...

Greetz

Hi all,

just upgraded a bunch of machines using SSH. I've seen similar probs during 18.7 upgrades but never took the time to post...



Being dropped to such a limited shell I'm kinda lost, I can't use sudo or su, so I can't reboot the machine. And as the webinterface doesn't load through my usual SSH tunnel I can't even reboot from there!!! So pls help! :-(

If I remember correctly I didn't post when having that issue in 18.7 because back then I could use the webinterface.