26.1.6 migrated from 25.7 - now lost with vnc connection to win workstation

Started by stefan21, Today at 11:42:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 11:42:00 AM
Versions
OPNsense 26.1.6-amd64
FreeBSD 14.3-RELEASE-p10
OpenSSL 3.0.20
up-to-date

Did an upgrade to the latest OPNsense version. Migrated to NEW firewall rules. Migrated from ISC to KEA. Left all other settings as before.

System is up and running. As far as I can see, no errors occur.

Wireguard tunnel is up and running. I'm able to connect from remote to any service in my LAN.

BUT - I'm not able to connect from remote via RealVNC (port is via alias allowed in the LAN) viewer to a windows 10 workstation in my LAN. Which worked flawless before upgrading. I'm able to ping any machine (server, printer, ...) from remote, but not to any windows workstation.

At this point I'm lost. Anybody with any similar problem? Any hint?

Thank's for any help.
Today at 12:53:40 PM #1
Is there a firewall service active on the windows workstation? Do you see anything in:
Firewall: Log Files: Live View
Today at 01:16:17 PM #2
Thank's for hopping on.

No. Didn't change anything on the workstations. Worked before flawless. I didn't reboot the workstations after migrating to KEA. Can't do this right now. Maybe a reboot helps. IDK. Will try this tomorrow. Maybe it's still the old lease from ISC?

BTW connecting to the workstations via windows remote doesn't work either...
Today at 01:31:22 PM #3
Wait - on a second location same scenario seems to work. I'll take a closer look in the configs of both locations and will report.
Today at 08:18:50 PM #4
Quote from: stefan21 on Today at 11:42:00 AMDid an upgrade to the latest OPNsense version.
That does not mean you had to do this too :
QuoteMigrated to NEW firewall rules.
Because it does bring some changes along you might not like and the migration is not something you must do for now !!

QuoteMigrated from ISC to KEA.
That's something you could have done in 25.7 too first and then upgrade afterwards once you were sure everything is still working as it should ;)


But for now my best guess is that some Firewall Rule does not do what you want it to do...
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 09:54:09 PM #5
I migrated to the NEW firewall rules.

I also migrated from ISC to KEA.

As I reported, this are two pretty much similar installations, with the same provider germany vodafone, static IP, very much in the same way configured. One is working, the other I'm not able to connect to a windows 10 workstation.

There's a difference in the upgrade process. For the working location I installed 26.1 via USB drive and restored the config. The other one was an inplace upgrade. There are a lot of differences while comparing both backups with meld (of course not the specifically interfaces, domains, IP ranges, etc.).

Don't know if this really matters.

As I'm not able to reboot the windows workstations remote, let's wait until tomorrow. I'll report.
Today at 10:35:05 PM #6
Question: while reading the docs it's not quite clear to me if I do have to define a DNS server to the clients, in my case unbound, if using KEA? IMVHO if using KEA and unbound this should be passed automatically to the clients if the field is left empty. Wrong?
Today at 10:41:02 PM #7
Quote from: stefan21 on Today at 10:35:05 PMQuestion: while reading the docs it's not quite clear to me if I do have to define a DNS server to the clients, in my case unbound, if using KEA? IMVHO if using KEA and unbound this should be passed automatically to the clients if the field is left empty. Wrong?

If nothing specific is configured in Kea, it will pass the OPNsense IP address in the respective network/VLAN to the clients. If there is e.g. Unbound running and serving requests on that IP address, all is well.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions