VLAN hat kein Internet und OPN-Update schlägt fehl

Started by raider2k23, October 01, 2023, 06:14:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 01, 2023, 06:14:41 PM Last Edit: October 01, 2023, 06:17:06 PM by raider2k23
Hi,

ich habe 2 Probleme mit einer OPNsense, ich komme von Sophos UTM, daher ist das Verständnis da, aber die OPN ist doch von der Bedienung noch etwas ungewohnt.

Ich habe aktuell 2 Probleme, zum einen haben meine VLANs kein Internet, das Gateway des jeweiligen VLAN kann jedoch ins Internet pingen, aber keine Clients dahinter.

Zum anderen kann die OPNsense keine Updates mehr beziehen.. es endet mit einem Verification failure und wenn ich aus der Shell pkg.opnsense.org anpinge antwortet meine Firewall (127.0.0.1)

Code Select
**GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.7.5 at Sun Oct  1 18:49:16 EEST 2023
Fetching changelog information, please wait... Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
48907755753472:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/sets/changelog.txz: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://opnsense.c0urier.net/FreeBSD:13:amd64/23.7/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://opnsense.c0urier.net/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: Authentication error
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
35076833280:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1921:
pkg: https://opnsense.c0urier.net/FreeBSD:13:amd64/23.7/latest/packagesite.txz: Authentication error
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

Der Netzwerkaufbau sieht so aus:

WAN: 185.xx.yy.2/26 GW: 185.xx.yy.1
VLAN1: 192.168.6.0/24 GW: 192.168.6.1
VLAN2: 192.168.15.0/24 GW: 192.168.15.1

NAT ist auf Hybrid, aber auch mit automatic funktioniert es nicht.

Ansonsten hat jedes VLAN folgende FW Rules:
IPv4 *   VLAN1/2 net   *   *   *   *   *
October 05, 2023, 03:24:13 PM #1
you may have a DNS blocking enabled that's blocking that address. OR, the OPNsense is not using the DNS server configured on the device.
Print
Go Up Pages1
User actions