"Recent posts
#21
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by Monviech (Cedrik) - Today at 05:26:07 PMTS sind traffic selectoren. Da stimmen die Netze nicht im Child mit dem was die gegenseite erwartet.
#22
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by gfroehlich - Today at 05:22:29 PMHallo,
Hab das noch einmal versucht mit nur einer lokalen und beliebigen ID:
die erste Verbindung funktioniert
die zweite Verbindung scheitert in der Phase 2
2025-12-05T17:08:24 Informational charon 14[ENC1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> parsed IKE_AUTH response 1 [ IDr AUTH N(TS_UNACCEPT) ]
...
2025-12-05T17:08:24 Informational charon 14[IKE1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> received TS_UNACCEPTABLE notify, no CHILD_SA built
Quote from: viragomann on Today at 03:24:16 PMDu solltest aber jede Seite auch so einstellen können, dass sie die Remote-ID gar nicht prüft.
Hab das noch einmal versucht mit nur einer lokalen und beliebigen ID:
die erste Verbindung funktioniert
die zweite Verbindung scheitert in der Phase 2
2025-12-05T17:08:24 Informational charon 14[ENC1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> parsed IKE_AUTH response 1 [ IDr AUTH N(TS_UNACCEPT) ]
...
2025-12-05T17:08:24 Informational charon 14[IKE1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> received TS_UNACCEPTABLE notify, no CHILD_SA built
#23
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by Monviech (Cedrik) - Today at 05:15:32 PMThe popups should not happen since this apache plugin is compiled in:
https://github.com/opnsense/ports/tree/master/opnsense/mod_proxy_msrpc
Outlook Anywhere should just work the same as in Sophos (fun fact that module was developed by Astaro - which later became Sophos).
When I tested this while writing the manual, it was still working. Is your setup exactly as described? If not, do it like in the manual.
https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server
https://github.com/opnsense/ports/tree/master/opnsense/mod_proxy_msrpc
Outlook Anywhere should just work the same as in Sophos (fun fact that module was developed by Astaro - which later became Sophos).
When I tested this while writing the manual, it was still working. Is your setup exactly as described? If not, do it like in the manual.
https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server
#24
General Discussion / Re: Port Forwarded Traffic (fr...
Last post by viragomann - Today at 05:03:49 PMMost probable reason for this behavior ist a gateway defined on the LAN interface.
So check the interfce settings.
So check the interfce settings.
#25
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by franco - Today at 05:02:07 PM> I'm deducing that the maximum download exceeded is due to the firewall making multiple attempts to download the file
Yes, because it stopped being able to read the file yesterday:
2025-12-04T11:41:01 Error firewall geoip update failed : File is not a zip file
2025-12-03T11:40:08 Notice firewall geoip updated (files: 496 lines: 5785121)
Whether or not that's because of the update I doubt at this point. It seems circumstantial.
Cheers,
Franco
Yes, because it stopped being able to read the file yesterday:
2025-12-04T11:41:01 Error firewall geoip update failed : File is not a zip file
2025-12-03T11:40:08 Notice firewall geoip updated (files: 496 lines: 5785121)
Whether or not that's because of the update I doubt at this point. It seems circumstantial.
Cheers,
Franco
#26
General Discussion / Port Forwarded Traffic (from W...
Last post by Enverex - Today at 05:00:40 PMSo I've just noticed an issue I've not experienced on any router before so I'm not sure how to handle it on OPNsense either.
I have a bunch of ports forwarded from OPNsense (as well as NAT reflection enabled so they work from inside the LAN) through to various servers but in this case I'll focus on the web traffic. Traffic that hits the internal web server from external clients is showing the routers internal LAN IP rather than the IP of the actual remote client.
Any ideas why? I've not created any custom rules other than the port forwards which are set up in the same way as all the guides I've seen.
I have a bunch of ports forwarded from OPNsense (as well as NAT reflection enabled so they work from inside the LAN) through to various servers but in this case I'll focus on the web traffic. Traffic that hits the internal web server from external clients is showing the routers internal LAN IP rather than the IP of the actual remote client.
Any ideas why? I've not created any custom rules other than the port forwards which are set up in the same way as all the guides I've seen.
#27
Q-Feeds (Threat intelligence) / Re: Traffic from unassigned su...
Last post by Q-Feeds - Today at 04:55:29 PMQuote from: Kets_One on December 01, 2025, 08:25:00 PMThanks for the suggestion.
However, I don't have managed switches installed. All other networking equipment I have monitored for years without such behaviour.
Strangely nslookup of 94.16.122.152 resolves s7.vonderste.in.
Not known as a part of the ntp.pool, maybe just an NTP client.
Indeed this doesnt explain the source ip.
Update:
Just now a new request was made from 192.168.90.100:123 to a different destination ip: 217.144.138.234, which appears to be an NTP server: ntp2.wup-de.hosts.301-moved.de. Again i am unable to locate the source ip / host on my LAN. Maybe some WireShark is in order...
94.16.122.152 is identified as a TOR node, that's why it's on our list :)
#28
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by viragomann - Today at 04:45:17 PMDu hast aber die Remote IP und den Remote Identifier für jede Verbindung klar definiert?
Und es sind IKEv2?
Was steht im Log zum Nichtzustandekommen der weiteren Verbindung?
Und es sind IKEv2?
Was steht im Log zum Nichtzustandekommen der weiteren Verbindung?
#29
25.7, 25.10 Series / os-OPNWAF / Exchange 2019 auth...
Last post by humnab - Today at 04:44:04 PMHello,
we're migration from a Sophos UTM to opnsense-business and try to replace the Sophos WAF with os-OPNWAF.
No we have the problem that we get authentication Popups in Outlook when we try to connect externally.
After canceling the popups or entering the password 2-3 times Outlook shows online.
When we do the same with the caddy plugin we have no popups (but no WAF), with the Sophos UTM WAF we also have no Popups.
Any idea whats wrong? The Web Protection is disabled in os-OPNWAF, the Locations are configured as "Exchange Server", the Remote destionatios with https://IP of Exchange...Thanks!
we're migration from a Sophos UTM to opnsense-business and try to replace the Sophos WAF with os-OPNWAF.
No we have the problem that we get authentication Popups in Outlook when we try to connect externally.
After canceling the popups or entering the password 2-3 times Outlook shows online.
When we do the same with the caddy plugin we have no popups (but no WAF), with the Sophos UTM WAF we also have no Popups.
Any idea whats wrong? The Web Protection is disabled in os-OPNWAF, the Locations are configured as "Exchange Server", the Remote destionatios with https://IP of Exchange...Thanks!
#30
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by gfroehlich - Today at 04:36:02 PMdas dachte ich eigentlich auch, dass die ID egal ist. Es hat aber nur mit der echten IP bzw. FQDN funktioniert.
Wenn ich die zweite Seite ganz weglassen will, kann ich nur eine PSK anlegen, und müsste die für alle Verbindungen verwenden.
Das hab ich sogar versucht, da war auch immer nur eine Verbindung aktiv.
Wenn ich die zweite Seite ganz weglassen will, kann ich nur eine PSK anlegen, und müsste die für alle Verbindungen verwenden.
Das hab ich sogar versucht, da war auch immer nur eine Verbindung aktiv.
