"Recent posts
#1
26.1, 26,4 Series / Re: [26.1] NAT reflection not ...
Last post by Patrick M. Hausen - Today at 06:29:30 PMOr use a proxy instead of destination NAT. E.g. Caddy listening on the WAN interface can be used from internal networks just like from the Internet with just the public IP address in DNS.
#2
Virtual private networks / Re: Corrupted WG installation
Last post by amjad175 - Today at 06:14:17 PMQuote from: meyergru on Today at 06:09:35 PMAFAIK, os-wireguard has long gone and been replaced by a "native implementation. If you have remnants of the old plugin, you should remove it.
That would explain why it's not listed under plugins!
Thank you for the quick reply, I'll delete all the current WG config and start again.
#3
Virtual private networks / Re: Corrupted WG installation
Last post by meyergru - Today at 06:09:35 PMAFAIK, os-wireguard has long gone and been replaced by a "native implementation. If you have remnants of the old plugin, you should remove it.
#4
Virtual private networks / Corrupted WG installation
Last post by amjad175 - Today at 06:05:48 PMHi,
My WG plugin may be corrupted after I migrated opnsense from ESXi to Proxmox, I hadn't used WG for a while so didn't notice the issue. Wireguard is still available under VPN, I can configure server instance and peers.
Firewall logs show peers connecting but no traffic is allowed thru, I have temporarily allowed all wg traffic, WG Status page is very inconsistent.
Under firmware, plugins, os-wireguard is missing, "Show community plugins" is ticked.
pkg install os-wireguard
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'os-wireguard' have been found in the repositories
--
pkg repos
OPNsense-aux: {
url : "https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/aux",
enabled : no,
priority : 11,
signature_type : "FINGERPRINTS",
fingerprints : "/usr/local/etc/pkg/fingerprints/OPNsense"
}
OPNsense: {
url : "https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest",
enabled : yes,
priority : 11,
signature_type : "FINGERPRINTS",
fingerprints : "/usr/local/etc/pkg/fingerprints/OPNsense"
I'd like to remove WG plugin and re-install, is this possible without full firewall install?
Thanks.
My WG plugin may be corrupted after I migrated opnsense from ESXi to Proxmox, I hadn't used WG for a while so didn't notice the issue. Wireguard is still available under VPN, I can configure server instance and peers.
Firewall logs show peers connecting but no traffic is allowed thru, I have temporarily allowed all wg traffic, WG Status page is very inconsistent.
Under firmware, plugins, os-wireguard is missing, "Show community plugins" is ticked.
pkg install os-wireguard
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'os-wireguard' have been found in the repositories
--
pkg repos
OPNsense-aux: {
url : "https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/aux",
enabled : no,
priority : 11,
signature_type : "FINGERPRINTS",
fingerprints : "/usr/local/etc/pkg/fingerprints/OPNsense"
}
OPNsense: {
url : "https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest",
enabled : yes,
priority : 11,
signature_type : "FINGERPRINTS",
fingerprints : "/usr/local/etc/pkg/fingerprints/OPNsense"
I'd like to remove WG plugin and re-install, is this possible without full firewall install?
Thanks.
#5
26.1, 26,4 Series / Re: How to pin a Host to a Gat...
Last post by viragomann - Today at 06:01:30 PMQuote from: zartoz on Today at 04:38:00 PMI have tried to create a Firewall Rule with a specific internal host IP on LAN interface and mapping it to the LTE Gateway but everything still routes over the DSL Gateway.Ensure that the rule is applied to the respective traffic.
State a unique description, enable logging and check the firewall log after trying a connection.
Note that interface group rules and floating rule have precedence over interface rules.
#6
Q-Feeds (Threat intelligence) / False positives, probably beca...
Last post by meyergru - Today at 05:55:03 PMBackground: I had a problem with a remote Plex access to my network earlier this month. This problem resurfaced today and now, I have found what eventually caused it.
The client was trying to access from a Deutsche Glasfaser account with IP 93.104.119.235 (nothing private to that, because it is CG-NAT).
As it turns out, at the time of writing, this IP is listed at Q-Feeds. It also was listed at Blocklist.de, because of IMAP attacks on 1st of May.
You cannot view this attachment.
Ironically, this was caused by a prolonged outage of Vodafone's IMAP services. It seems that they also notified some blacklisting services because of failed IMAP attempts that they caused themselves. I already reported this as a false positive, but the IP above is only one example, so in case you see problems, now you know... Q-Feeds should dismiss all reports on this IMAP problems.
Proof:
https://forum.vodafone.de/t5/MeinVodafone-E-Mail/Sammelthread-IMAP-Problem-mit-Vodafone-E-Mail-Konto/td-p/3329568
P.S.: There is no contradiction, as using a free e-mail account on one of Vodafone's domains but still having any other access provider is perfectly fine....
The client was trying to access from a Deutsche Glasfaser account with IP 93.104.119.235 (nothing private to that, because it is CG-NAT).
As it turns out, at the time of writing, this IP is listed at Q-Feeds. It also was listed at Blocklist.de, because of IMAP attacks on 1st of May.
You cannot view this attachment.
Ironically, this was caused by a prolonged outage of Vodafone's IMAP services. It seems that they also notified some blacklisting services because of failed IMAP attempts that they caused themselves. I already reported this as a false positive, but the IP above is only one example, so in case you see problems, now you know... Q-Feeds should dismiss all reports on this IMAP problems.
Proof:
https://forum.vodafone.de/t5/MeinVodafone-E-Mail/Sammelthread-IMAP-Problem-mit-Vodafone-E-Mail-Konto/td-p/3329568
P.S.: There is no contradiction, as using a free e-mail account on one of Vodafone's domains but still having any other access provider is perfectly fine....
#7
German - Deutsch / Re: NUT Addon läuft nach Upgra...
Last post by Paul_Senger - Today at 05:46:06 PMDanke für den Tip. Hatte zuvor zwar kurz nach NUT gesucht, aber beim Überfliegen keine passende Antwort auf den ersten Blick gefunden.
#8
German - Deutsch / Re: NUT Addon läuft nach Upgra...
Last post by viragomann - Today at 05:39:42 PMQuote from: Paul_Senger on Today at 03:45:54 PMHat jemand ein ähnliches Problem bzw. eine Lösung?Die Forumssuche hätte diese Frage vielleicht beantworten können:
https://forum.opnsense.org/index.php?topic=51861.msg266881#msg266881
#9
German - Deutsch / Re: MTU richtig setzen
Last post by viragomann - Today at 05:32:12 PMQuote from: eric1905 on Today at 03:14:46 PMNach einem Neustart habe ich in Wireshark noch das gleiche AussehenWo wurde das Capture gemacht?
Ich vermute am Client?
Läuft diese Verbindung überhaupt über OPNsense?
Wenn ja, welche Netze sind das?
Wenn nein, hat eine Änderung der WAN Konfiguration wohl nicht viel Einfluss darauf, zumal ja das Ziel offenbar gar nicht im WAN liegt.
Quote from: eric1905 on Today at 03:14:46 PMKann ich irgendwie sehen, ob das mit MTU zusammenhängt oder ob MTU jetzt korrekt ist?Du kannst MSS ja auf einen Wert runter setzen, der in jedem Fall kein Problem bereitet, wie 1200, aber auf einem Interface, das in die Verbindung involviert ist.
Ich denke aber nicht, dass es damit zu tun hat.
Vielmehr würde ich ein Layer 1 Problem vermuten wie Kabel, Netzwerkschnittstelle, Treiber.
#10
26.1, 26,4 Series / How to pin a Host to a Gateway...
Last post by zartoz - Today at 04:38:00 PMI have a wired DSL gateway and a LTE gateway in a WAN Group with Failover, all is working well. DSL is Tier 1 and LTE is Tier 2.
Occasionally, I would like to direct a host over LTE. Things like kids streaming or gaming updates can get noisy when working from home.
I have tried to create a Firewall Rule with a specific internal host IP on LAN interface and mapping it to the LTE Gateway but everything still routes over the DSL Gateway.
Any suggestions on how to accomplish this? Thank you!
Occasionally, I would like to direct a host over LTE. Things like kids streaming or gaming updates can get noisy when working from home.
I have tried to create a Firewall Rule with a specific internal host IP on LAN interface and mapping it to the LTE Gateway but everything still routes over the DSL Gateway.
Any suggestions on how to accomplish this? Thank you!
