"Recent posts
#81
General Discussion / Re: Port Forwarded Traffic (fr...
Last post by Enverex - December 05, 2025, 05:44:39 PMQuote from: Monviech (Cedrik) on December 05, 2025, 05:32:48 PMMost likely the following option:
Firewall - Settings - Advanced - Automatic outbound NAT for Reflection
Deactivate it
Read this and learn if you need it:
https://docs.opnsense.org/manual/how-tos/nat_reflection.html
I *did* have that enabled but disabled it a few hours ago as I suspected that may be the cause. Unfortunately it doesn't appear to have fixed the problem though. Is there anything else I need to manually remove after turning it off? There was a LAN gateway listed still which I've since deleted, but still no dice.
#82
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by meyergru - December 05, 2025, 05:38:03 PMQuote from: DEC670airp414user on December 05, 2025, 03:38:19 PMi am not using this product. but i did sign up for it. i stayed with Opnsense Business edition geoblocking
anyways. my lite account says unlimited requests using the API access.
seems weird they would be blocking all of a sudden?
Look again.
Their API handles single IP queries and is unlimited, indeed.
The download of their database is limited as indicated by the error message.
#83
General Discussion / Re: Port Forwarded Traffic (fr...
Last post by Monviech (Cedrik) - December 05, 2025, 05:32:48 PMMost likely the following option:
Firewall - Settings - Advanced - Automatic outbound NAT for Reflection
Deactivate it
Read this and learn if you need it:
https://docs.opnsense.org/manual/how-tos/nat_reflection.html
Firewall - Settings - Advanced - Automatic outbound NAT for Reflection
Deactivate it
Read this and learn if you need it:
https://docs.opnsense.org/manual/how-tos/nat_reflection.html
#84
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by Monviech (Cedrik) - December 05, 2025, 05:26:07 PMTS sind traffic selectoren. Da stimmen die Netze nicht im Child mit dem was die gegenseite erwartet.
#85
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by gfroehlich - December 05, 2025, 05:22:29 PMHallo,
Hab das noch einmal versucht mit nur einer lokalen und beliebigen ID:
die erste Verbindung funktioniert
die zweite Verbindung scheitert in der Phase 2
2025-12-05T17:08:24 Informational charon 14[ENC1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> parsed IKE_AUTH response 1 [ IDr AUTH N(TS_UNACCEPT) ]
...
2025-12-05T17:08:24 Informational charon 14[IKE1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> received TS_UNACCEPTABLE notify, no CHILD_SA built
Quote from: viragomann on December 05, 2025, 03:24:16 PMDu solltest aber jede Seite auch so einstellen können, dass sie die Remote-ID gar nicht prüft.
Hab das noch einmal versucht mit nur einer lokalen und beliebigen ID:
die erste Verbindung funktioniert
die zweite Verbindung scheitert in der Phase 2
2025-12-05T17:08:24 Informational charon 14[ENC1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> parsed IKE_AUTH response 1 [ IDr AUTH N(TS_UNACCEPT) ]
...
2025-12-05T17:08:24 Informational charon 14[IKE1] <bc3a9532-1130-4c0c-82fc-5b4279feec3a|260> received TS_UNACCEPTABLE notify, no CHILD_SA built
#86
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by Monviech (Cedrik) - December 05, 2025, 05:15:32 PMThe popups should not happen since this apache plugin is compiled in:
https://github.com/opnsense/ports/tree/master/opnsense/mod_proxy_msrpc
Outlook Anywhere should just work the same as in Sophos (fun fact that module was developed by Astaro - which later became Sophos).
When I tested this while writing the manual, it was still working. Is your setup exactly as described? If not, do it like in the manual.
https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server
https://github.com/opnsense/ports/tree/master/opnsense/mod_proxy_msrpc
Outlook Anywhere should just work the same as in Sophos (fun fact that module was developed by Astaro - which later became Sophos).
When I tested this while writing the manual, it was still working. Is your setup exactly as described? If not, do it like in the manual.
https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server
#87
General Discussion / Re: Port Forwarded Traffic (fr...
Last post by viragomann - December 05, 2025, 05:03:49 PMMost probable reason for this behavior ist a gateway defined on the LAN interface.
So check the interfce settings.
So check the interfce settings.
#88
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by franco - December 05, 2025, 05:02:07 PM> I'm deducing that the maximum download exceeded is due to the firewall making multiple attempts to download the file
Yes, because it stopped being able to read the file yesterday:
2025-12-04T11:41:01 Error firewall geoip update failed : File is not a zip file
2025-12-03T11:40:08 Notice firewall geoip updated (files: 496 lines: 5785121)
Whether or not that's because of the update I doubt at this point. It seems circumstantial.
Cheers,
Franco
Yes, because it stopped being able to read the file yesterday:
2025-12-04T11:41:01 Error firewall geoip update failed : File is not a zip file
2025-12-03T11:40:08 Notice firewall geoip updated (files: 496 lines: 5785121)
Whether or not that's because of the update I doubt at this point. It seems circumstantial.
Cheers,
Franco
#89
General Discussion / Port Forwarded Traffic (from W...
Last post by Enverex - December 05, 2025, 05:00:40 PMSo I've just noticed an issue I've not experienced on any router before so I'm not sure how to handle it on OPNsense either.
I have a bunch of ports forwarded from OPNsense (as well as NAT reflection enabled so they work from inside the LAN) through to various servers but in this case I'll focus on the web traffic. Traffic that hits the internal web server from external clients is showing the routers internal LAN IP rather than the IP of the actual remote client.
Any ideas why? I've not created any custom rules other than the port forwards which are set up in the same way as all the guides I've seen.
I have a bunch of ports forwarded from OPNsense (as well as NAT reflection enabled so they work from inside the LAN) through to various servers but in this case I'll focus on the web traffic. Traffic that hits the internal web server from external clients is showing the routers internal LAN IP rather than the IP of the actual remote client.
Any ideas why? I've not created any custom rules other than the port forwards which are set up in the same way as all the guides I've seen.
#90
Q-Feeds (Threat intelligence) / Re: Traffic from unassigned su...
Last post by Q-Feeds - December 05, 2025, 04:55:29 PMQuote from: Kets_One on December 01, 2025, 08:25:00 PMThanks for the suggestion.
However, I don't have managed switches installed. All other networking equipment I have monitored for years without such behaviour.
Strangely nslookup of 94.16.122.152 resolves s7.vonderste.in.
Not known as a part of the ntp.pool, maybe just an NTP client.
Indeed this doesnt explain the source ip.
Update:
Just now a new request was made from 192.168.90.100:123 to a different destination ip: 217.144.138.234, which appears to be an NTP server: ntp2.wup-de.hosts.301-moved.de. Again i am unable to locate the source ip / host on my LAN. Maybe some WireShark is in order...
94.16.122.152 is identified as a TOR node, that's why it's on our list :)
