OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Recent Posts

Recent Posts

Pages: [1] 2 3 ... 10
1
17.7 Production Series / Re: Using Opnsense only for VPN? Is it possible?
« Last post by davidm on Today at 10:25:42 pm »
Quote from: fabian on Today at 09:33:46 pm
Quote from: davidm on Today at 08:47:19 pm
@fabian
Do you mean run it on the Opnsense VM itself?

yes - via the GUI with the packet capture page or the CLI using SSH. Would recommend the CLI.

Pinging from the iPhone VPN client to Google's DNS:
13:19:00.420513 IP 172.16.200.3 > google-public-dns-a.google.com: ICMP echo request, id 5317, seq 1, length 64
13:19:01.065023 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:19:01.460413 IP 172.16.200.3 > google-public-dns-a.google.com: ICMP echo request, id 5317, seq 2, length 64
13:19:01.864592 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:19:02.449406 IP 172.16.200.3 > google-public-dns-a.google.com: ICMP echo request, id 5317, seq 3, length 64
13:19:02.763523 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:19:03.480193 IP 172.16.200.3 > google-public-dns-a.google.com: ICMP echo request, id 5317, seq 4, length 64
13:19:03.487601 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:19:04.186267 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:19:04.480168 IP 172.16.200.3 > google-public-dns-a.google.com: ICMP echo request, id 5317, seq 5, length 64
13:19:05.086951 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:19:05.490400 IP 172.16.200.3 > google-public-dns-a.google.com: ICMP echo request, id 5317, seq 6, length 64
13:19:05.885036 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:19:06.490236 IP 172.16.200.3 > google-public-dns-a.google.com: ICMP echo request, id 5317, seq 7, length 64
13:19:06.586857 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:19:07.490062 IP 172.16.200.3 > google-public-dns-a.google.com: ICMP echo request, id 5317, seq 8, length 64
13:19:08.490251 IP 172.16.200.3 > google-public-dns-a.google.com: ICMP echo request, id 5317, seq 9, length 64
13:19:08.498396 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46


Pinging to the iPhone VPN client from my laptop on a different VLAN:
13:21:34.336308 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:35.035239 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:35.934876 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:36.734680 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:37.333973 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:38.346563 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:38.946088 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:39.845858 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:40.546805 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:41.146561 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:42.361434 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:42.961067 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:43.860648 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:44.661290 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
13:21:45.561126 ARP, Request who-has 172.16.200.3 tell 172.16.200.1, length 46
2
Tutorials and FAQs / Re: Multiple dnscrypt-proxy Opnsense 16.7 / 17.1 / 17.7 :-)
« Last post by beclar2 on Today at 10:23:49 pm »
Quote from: franco on September 18, 2017, 09:13:35 am
Quote
I am not sure but it looks like dnscrypt-proxy (enabled in /etc/rc.conf) doesn´t start when Unbound is already running. In the dnscrypt-proxy we see the directive "BEFORE: unbound..." but this controls the normal "service... start" process. How can I make sure that the Unbound-Plugin will be started AFTER "service dnscrypt-proxy start" at boot time?

Unbound is part of our system, a base plugin if you will. We start auxiliary services afterwards, so in order to fix this we need to make dnscrypt-proxy a plugin as well to adhere to a correct starting order.

Ok, thank you for your reply. Unfortunately I have not the skills to develop a dnscrypt-proxy-Plugin. So the only option seems to wait for a plugin or - as a workaround - modify the dnscrypt-proxy-Start script in a way that Unbound will be stopped temporarily and started again after dnsycrypt-proxy has started. But... I have no idea how :-(
3
17.7 Production Series / Re: OpenVPN Multi-WAN
« Last post by jorgevisentini on Today at 10:08:11 pm »
I was study the options and verifing in others appliances...

I believe that the option (b) its good, but the option (d) also to be util. If we can select the interface better, if not, only "true wan" its good too.
4
17.7 Production Series / Re: OpenVPN: --ns-cert-type is DEPRECATED
« Last post by jorgevisentini on Today at 09:49:07 pm »
Hi Franco, it work!

Sorry for I dont contribute for project but I dont know php very much and I dont know the project and also I dont know use git lol  :'(

I would very much like to help in any way possible.
5
17.7 Production Series / Re: Server certificates have mysteriously disappeared
« Last post by RainerR on Today at 09:48:32 pm »
Thank you for your quick reply.

Attached you'll find the configuration differences that were be shown by using the diff function in the history.
6
17.7 Production Series / Re: Using Opnsense only for VPN? Is it possible?
« Last post by fabian on Today at 09:33:46 pm »
Quote from: davidm on Today at 08:47:19 pm
@fabian
Do you mean run it on the Opnsense VM itself?

yes - via the GUI with the packet capture page or the CLI using SSH. Would recommend the CLI.
7
17.7 Production Series / Re: Mobile IPSec
« Last post by ekke on Today at 09:10:36 pm »
thanx for the replay,

no my android mobile says failed unfortunately .
8
17.7 Production Series / Re: Using Opnsense only for VPN? Is it possible?
« Last post by davidm on Today at 08:47:19 pm »
@fabian
Do you mean run it on the Opnsense VM itself?

@franco
I tried that as well. Made no difference

@Stephan
Here's my current routing table:
http://uploads.im/Nl24O.jpg

Btw, I wanted to thank you guys again. I truly appreciate your time.

-Dave
9
17.7 Production Series / Re: Mobile IPSec
« Last post by franco on Today at 08:03:43 pm »
The bigger question: is it working?

The source code says your client already requested a connection, but asked again which StrongSwan refuses because it wants the process the former one still.

https://github.com/strongswan/strongswan/blob/master/src/libcharon/sa/ikev1/task_manager_v1.c#L1323


Cheers,
Franco
10
17.7 Production Series / Re: [17.7.1] Restoring previous config fails partially
« Last post by franco on Today at 07:59:39 pm »
Hi Fabian,

17.7.1 and up have an interface lock feature that should prevent this. New images will be available in 17.7.4 to try this. I don't think we find a way to prevent the removal in a stock 17.7 image at this point.

What you can do now is enable locking for your config from 17.7.3 and use this as a base for 17.7.4 images restore.

Just report back and we'll pick it up from there. :)


Thanks,
Franco
Pages: [1] 2 3 ... 10
OPNsense is an OSS project © Deciso B.V. 2015 - 2017 All rights reserved
  • SMF 2.0.14 | SMF © 2017, Simple Machines | XHTML | RSS | WAP2