OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • [Solved] config import problem on new hardware
« previous next »
  • Print
Pages: [1]

Author Topic: [Solved] config import problem on new hardware  (Read 4286 times)

5v3n

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
[Solved] config import problem on new hardware
« on: April 26, 2019, 08:48:29 am »
Hi,

I have setup an running OPNsense 19.1.6-amd64 (FreeBSD 11.2-RELEASE-p9-HBSD / OpenSSL 1.0.2r 26 Feb 2019) on Microsoft Windows 2012R2 Hyper-V Gen2 with several network interfaces to try out OPNsense.

After we are happy with all new OPNsense Rules by replacing our old Cisco ASA we decided to move the HyperV setup to real hardware again. So we ordered an brand new DEC4610.

I exported the config and changed the XML to match the new hardware interfaces (hnX -> igbX), that was no problem.

In my config I have defined around 100 aliases for Port's, Host's and Networks.

After importing the XML to the DEC4610 it looks likte that most rules are not working. On Hyper-V everthing is fine.

After investigating this for several hours it looks like that all aliases containing "Networks" or "Hosts" are ignored by the rules engine. Port-Aliases do work.

For example a have an alias "Net_Clients" containing "192.168.15.0/24", if I use this on on the DEC4610 the logs says "Default deny rule". But if I change the rule to use the native "lan net" (which is the same network as the alias) the the rule works.

This is the case for nearly all of my rules. I'm unwilling to re-create everything from scratch. As sayed above, I have a working configuration. I just want to have this running on the new DEC4610.

Software version on the DEC4610 is the same as on the Hyper-V.

I'm a bit lost, can somebody help please?

Thanks.

Update: Seems to be fixed in 19.1.7.
« Last Edit: May 03, 2019, 07:21:20 am by 5v3n »
Logged

hbc

  • Hero Member
  • *****
  • Posts: 501
  • Karma: 47
    • View Profile
Re: config import problem on new hardware
« Reply #1 on: April 26, 2019, 09:59:18 am »
Which version are you running? There have been issues with 19.1.6 and aliases.

See here: https://forum.opnsense.org/index.php?topic=12407.0

There are also hints to patches (2nd page). Maybe these will help you.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR

5v3n

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Re: config import problem on new hardware
« Reply #2 on: April 26, 2019, 11:23:46 am »
Boah, you are great man! Thanks for this link.

What I found in this thread applies to my problem. The "pfTable" on the DEC4610 are empty!

That must be the reason why my rules not work after import.

Many Thanks!
Logged

5v3n

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Re: config import problem on new hardware
« Reply #3 on: April 26, 2019, 11:44:08 am »
As mentioned in the thread from hbc this seams to solve the issue in 19.1.6.

Code: [Select]
opnsense-patch 50c25ea
opnsense-patch ea2f217cf
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • [Solved] config import problem on new hardware
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2