46
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
47
20.7 Legacy Series / Re: PCEngines APU2/APU3/APU4 running on 20.7
« on: November 18, 2020, 08:30:58 pm »
Hi,
just an idea here:
You could for example create a connection test to any IP available from the firewall and in case it is not reachable you could initiate a reload afer let's say 5 missed attemts and initiate a reboot afer 15 attempts.
Thats the way I monitor my internet connection.
amichelf
just an idea here:
Any suggestions on how to debug this better? Can I reset the WAN DHCP from the console so I can watch for errors? It's driving me nuts since a reboot tends to fix up the problem right away.Why don't you use monit to check for the connection?
You could for example create a connection test to any IP available from the firewall and in case it is not reachable you could initiate a reload afer let's say 5 missed attemts and initiate a reboot afer 15 attempts.
Thats the way I monitor my internet connection.
amichelf
48
Zenarmor (Sensei) / Re: SOLVED Resolving hostname
« on: November 18, 2020, 05:05:07 pm »
That worked !
Thank you
amichel
Thank you
amichel
49
Zenarmor (Sensei) / Re: Remote Database not available Webgui not reachable
« on: November 17, 2020, 08:58:33 pm »
Hi sy,
thank you for your reply.
I tried to reproduce the issue and the gui froze for about two minutes when I clicked on Sensei status report after turning of the database server.
After one or two minutes in that condition I was able to reconnect and all worked as expected.
Amichel
thank you for your reply.
I tried to reproduce the issue and the gui froze for about two minutes when I clicked on Sensei status report after turning of the database server.
After one or two minutes in that condition I was able to reconnect and all worked as expected.
Amichel
50
Zenarmor (Sensei) / SOLVED: Remote Database not available Webgui not reachable
« on: November 17, 2020, 06:32:30 pm »
Hi,
I am using Sensei on my APU box with a remote elasticsearch database. Once I power down the database server I am not able to connect to the Webgui of opnsense as it does not respond anymore. Internet Access and ssh access is still working and once the database is reachable again, logging on to the Webgui is possible.
I just wanted to know it that is an expected behavior and if there is any other workaround on the shell to reach the Gui?
amichel
I am using Sensei on my APU box with a remote elasticsearch database. Once I power down the database server I am not able to connect to the Webgui of opnsense as it does not respond anymore. Internet Access and ssh access is still working and once the database is reachable again, logging on to the Webgui is possible.
I just wanted to know it that is an expected behavior and if there is any other workaround on the shell to reach the Gui?
amichel
51
Zenarmor (Sensei) / Re: SOLVED Resolving hostname
« on: November 17, 2020, 06:28:56 pm »
Hi,
I experience a similar issue. My DNS Server is a domain controller, so I decided to enter the IP Addresses of two of my DC/DNS servers to query. As I am not using the dns server locally on opnsense that should be sufficient.
Still I see no DNS names.
Since I am using the free edition, is the feature to query a remote DNS server a subscription based feature only?
amichel
I experience a similar issue. My DNS Server is a domain controller, so I decided to enter the IP Addresses of two of my DC/DNS servers to query. As I am not using the dns server locally on opnsense that should be sufficient.
Still I see no DNS names.
Since I am using the free edition, is the feature to query a remote DNS server a subscription based feature only?
amichel
52
20.7 Legacy Series / Re: Wireguard UI not writing config in 20.7.4
« on: November 02, 2020, 08:40:54 pm »You have to link it in local instance
My bad, you are right, I missed that.
Facepalm
amichel
53
20.7 Legacy Series / SOLVED: Wireguard UI not writing config in 20.7.4
« on: November 02, 2020, 07:25:21 pm »
Hi,
I just found out that adding an endpoint in Wireguard in 20.7.4 through the gui does not work. It took some time to figure out. When adding the endpoint in the /usr/local/etc/wireguard/wg0.conf file it works like a charm.
amichel
I just found out that adding an endpoint in Wireguard in 20.7.4 through the gui does not work. It took some time to figure out. When adding the endpoint in the /usr/local/etc/wireguard/wg0.conf file it works like a charm.
amichel
54
20.1 Legacy Series / Re: WebUI not loading after SSL cert update
« on: July 07, 2020, 07:51:08 pm »...Can't you simply revert from the shell to a previous version ?
-----END PRIVATE KEY-----
looks like it cannot read the private key? Any way to revert this to the "default" ssl cert?
At least that should give you access to the gui even with a cert error. Then you can recreate the cert and before installing I would intermediately also configure the gui to listen on port 80
amichel
55
20.1 Legacy Series / Re: Redundant DNS
« on: July 01, 2020, 07:51:02 pm »
The way I have set it up is:
I have three domain controllers acting as DC/AD Integrated DNS for my domain.
Each of those server is using my OPnsense box as forwarder.
As I do have some rules on my firewall based on internal DNS names I use Bind on the OPnsense box pulling all my AD Integrated zones as secondaries from one of the DC's.
The client's are using my internal domain controllers as DNS Servers, and in case all DNs Servers are down I still can manually enable DHCPv4 on the OPnsense to depoly IP Addresses to the clients instead of my Windows DHCP Servers.
So in your case to have some redundancy you can simply install another DNS server in yout environment and use this as Primary DNS serveer, install bind on your Firewall and create the zones as secondaries there and configure your clients to use both DNS-Servers. In case one is down you should still be able to resolve your internal zones even if the firewall is down.
HTH
amichel
I have three domain controllers acting as DC/AD Integrated DNS for my domain.
Each of those server is using my OPnsense box as forwarder.
As I do have some rules on my firewall based on internal DNS names I use Bind on the OPnsense box pulling all my AD Integrated zones as secondaries from one of the DC's.
The client's are using my internal domain controllers as DNS Servers, and in case all DNs Servers are down I still can manually enable DHCPv4 on the OPnsense to depoly IP Addresses to the clients instead of my Windows DHCP Servers.
So in your case to have some redundancy you can simply install another DNS server in yout environment and use this as Primary DNS serveer, install bind on your Firewall and create the zones as secondaries there and configure your clients to use both DNS-Servers. In case one is down you should still be able to resolve your internal zones even if the firewall is down.
HTH
amichel
56
20.1 Legacy Series / Re: WireGuard unable to access devices via hostname
« on: June 30, 2020, 11:48:51 am »
You are correct that should work.
Is your DNS Server the firewall or another DNS Server in your network?
If you do a nslookup and set it to query 192.168.0.1 and the query for google.com do you get a reply?
If you get one, are you sure that your DNS Server can resolve your internal DNS zone?
If not it might be a good apprroach to start here in troubleshooting.
If http://myserver.local works internally without a DNS server it is likely you use broadcast to identify the proper servre and I am not sure if that is doable through VPN.
Amichek
Is your DNS Server the firewall or another DNS Server in your network?
If you do a nslookup and set it to query 192.168.0.1 and the query for google.com do you get a reply?
If you get one, are you sure that your DNS Server can resolve your internal DNS zone?
If not it might be a good apprroach to start here in troubleshooting.
If http://myserver.local works internally without a DNS server it is likely you use broadcast to identify the proper servre and I am not sure if that is doable through VPN.
Amichek
57
20.1 Legacy Series / Re: WireGuard unable to access devices via hostname
« on: June 29, 2020, 08:23:35 pm »
Hi,
did you create a rule so that traffic to Port 53 is allowed from the VPN?
192.168.0.1 is this the IP of your DNS server?
amichel
did you create a rule so that traffic to Port 53 is allowed from the VPN?
192.168.0.1 is this the IP of your DNS server?
amichel
58
20.1 Legacy Series / Re: Cannot reach maltrail server
« on: June 15, 2020, 09:54:16 pm »
Hi,
just to be on the safe side. Did you create a rule to allow traffic from the lan to "this firewall" on the Maltrail port?
amichel
just to be on the safe side. Did you create a rule to allow traffic from the lan to "this firewall" on the Maltrail port?
amichel
59
German - Deutsch / Re: ssl-Proxy und Windows 10-Update
« on: May 25, 2020, 07:39:52 pm »
Schau Dir mal diesen Thread an https://forum.opnsense.org/index.php?topic=11922.15
60
German - Deutsch / Re: ssl-Proxy und Windows 10-Update
« on: May 25, 2020, 06:49:59 pm »
Ich habe da noch etwas gefunden:
https://wiki.squid-cache.org/SquidFaq/WindowsUpdate#Squid_with_SSL-Bump_and_Windows_Updates
So sollte das eigentlich gehen.
LG
amichel
https://wiki.squid-cache.org/SquidFaq/WindowsUpdate#Squid_with_SSL-Bump_and_Windows_Updates
So sollte das eigentlich gehen.
LG
amichel