"Recent posts
#81
General Discussion / Re: Port Forwarded Traffic (fr...
Last post by Monviech (Cedrik) - December 05, 2025, 05:49:24 PMIf IP source gets rewritten check Outbound NAT rules.
#82
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by MoonbeamFrame - December 05, 2025, 05:46:35 PMApart from the one firewall mentioned, all the other firewalls have now updated today without issue.
#83
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by gfroehlich - December 05, 2025, 05:45:22 PMQuote from: Monviech (Cedrik) on December 05, 2025, 05:26:07 PMTS sind traffic selectoren. Da stimmen die Netze nicht im Child mit dem was die gegenseite erwartet.
das hab ich noch einmal überprüft:
Netz A: 192.168.na.0/24
Netz B: 192.168.nb.0/24
Netz C: 192.168.nc.0/24
Verbindung 1: Netz A <-> Netz B läuft
Verbindung 2: Netz A <-> Netz C läuft nicht
#84
General Discussion / Re: Port Forwarded Traffic (fr...
Last post by Enverex - December 05, 2025, 05:44:39 PMQuote from: Monviech (Cedrik) on December 05, 2025, 05:32:48 PMMost likely the following option:
Firewall - Settings - Advanced - Automatic outbound NAT for Reflection
Deactivate it
Read this and learn if you need it:
https://docs.opnsense.org/manual/how-tos/nat_reflection.html
I *did* have that enabled but disabled it a few hours ago as I suspected that may be the cause. Unfortunately it doesn't appear to have fixed the problem though. Is there anything else I need to manually remove after turning it off? There was a LAN gateway listed still which I've since deleted, but still no dice.
#85
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by meyergru - December 05, 2025, 05:38:03 PMQuote from: DEC670airp414user on December 05, 2025, 03:38:19 PMi am not using this product. but i did sign up for it. i stayed with Opnsense Business edition geoblocking
anyways. my lite account says unlimited requests using the API access.
seems weird they would be blocking all of a sudden?
Look again.
Their API handles single IP queries and is unlimited, indeed.
The download of their database is limited as indicated by the error message.
#86
General Discussion / Re: Port Forwarded Traffic (fr...
Last post by Monviech (Cedrik) - December 05, 2025, 05:32:48 PMMost likely the following option:
Firewall - Settings - Advanced - Automatic outbound NAT for Reflection
Deactivate it
Read this and learn if you need it:
https://docs.opnsense.org/manual/how-tos/nat_reflection.html
Firewall - Settings - Advanced - Automatic outbound NAT for Reflection
Deactivate it
Read this and learn if you need it:
https://docs.opnsense.org/manual/how-tos/nat_reflection.html
#87
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by Monviech (Cedrik) - December 05, 2025, 05:26:07 PMTS sind traffic selectoren. Da stimmen die Netze nicht im Child mit dem was die gegenseite erwartet.
#88
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by gfroehlich - December 05, 2025, 05:22:29 PMHallo,
Hab das noch einmal versucht mit nur einer lokalen und beliebigen ID:
die erste Verbindung funktioniert
die zweite Verbindung scheitert in der Phase 2
2025-12-05T17:08:24 Informational charon 14[ENC1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> parsed IKE_AUTH response 1 [ IDr AUTH N(TS_UNACCEPT) ]
...
2025-12-05T17:08:24 Informational charon 14[IKE1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> received TS_UNACCEPTABLE notify, no CHILD_SA built
Quote from: viragomann on December 05, 2025, 03:24:16 PMDu solltest aber jede Seite auch so einstellen können, dass sie die Remote-ID gar nicht prüft.
Hab das noch einmal versucht mit nur einer lokalen und beliebigen ID:
die erste Verbindung funktioniert
die zweite Verbindung scheitert in der Phase 2
2025-12-05T17:08:24 Informational charon 14[ENC1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> parsed IKE_AUTH response 1 [ IDr AUTH N(TS_UNACCEPT) ]
...
2025-12-05T17:08:24 Informational charon 14[IKE1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> received TS_UNACCEPTABLE notify, no CHILD_SA built
#89
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by Monviech (Cedrik) - December 05, 2025, 05:15:32 PMThe popups should not happen since this apache plugin is compiled in:
https://github.com/opnsense/ports/tree/master/opnsense/mod_proxy_msrpc
Outlook Anywhere should just work the same as in Sophos (fun fact that module was developed by Astaro - which later became Sophos).
When I tested this while writing the manual, it was still working. Is your setup exactly as described? If not, do it like in the manual.
https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server
https://github.com/opnsense/ports/tree/master/opnsense/mod_proxy_msrpc
Outlook Anywhere should just work the same as in Sophos (fun fact that module was developed by Astaro - which later became Sophos).
When I tested this while writing the manual, it was still working. Is your setup exactly as described? If not, do it like in the manual.
https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server
#90
General Discussion / Re: Port Forwarded Traffic (fr...
Last post by viragomann - December 05, 2025, 05:03:49 PMMost probable reason for this behavior ist a gateway defined on the LAN interface.
So check the interfce settings.
So check the interfce settings.
