Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - dphonov2

Pages1
#1
General Discussion / DHCP search suffix - possible to turn off?
March 04, 2021, 11:16:40 PM
Hi All,

Services --> DHCP4 says if I leave the field blank, it will use system settings.

If I go to system settings, I can't leave it blank.

My question is, how do I hand out IP's only - and not include a search domain or dns suffix list?

Edit: the backstory is I'm seeing clients request a FQDN over DNS such as x.y.z but end up tacking on x.y.z.my.local.domain
#2
20.7 Legacy Series / Simple VxLan between two subnets
November 19, 2020, 02:00:24 AM
Hi all,

I have two sites, connected via IPSEC VPNs. OPNSense does not terminate either of these VPNs.

Instead, at each site I have OPNSense deployed and exposed over IPSEC.

OPNSense LAN A <--> FW1    [INTERNET][IPSEC]     <--> FW2 <-->  OPNSense LAN B
Other LAN A Hosts <--> FW 1                                          FW2 <-->  Other LAN B Hosts

I'm attempting to use VxLan and have LAN A and LAN B be the same Layer2/broadcast domain.


I've successfully setup a VxLan route between the two and on the LAN B side I can even see all the broadcast/multicast traffic on FW2 I expect to see (from hosts that are "foreign" to it and exist on the otherside of the IPSEC tunnel).

On the LAN A side, using a different VM, if I attempt to ping TESTHOST1 in LAN B sharing the same /24, I get the correct arp from TESTHOST1's NIC!... But Im not routing.

And that's where I'm stuck.

I thought it could be because OPNSense is not the default gateway for these hosts. FW1 & FW2 are...
But it stops making sense since i'm not supposed to need a default gateway to route... to a local subnet. Just its MAC.

Would I need to proxy arp for each side?

Any insight appreciated

#3
20.7 Legacy Series / Single Interface WAN Connectivity
November 19, 2020, 12:14:09 AM
Hi All,

I have an ASA Firewall as the default gateway in an environment on 192.168.5.x.

I'm trying to deploy a single NIC OPNSense on 192.168.5.51. Seems easy enough. Bring up a VM, configure IP on the solo interface (IP 5.51, GW 5.1, DNS 5.2, just like all other hosts).

I can ping locally, I can resolve. But I can't browse traffic or ping from shell to the outside world.

I can see the ASA returning packets and delivering them to OPNSense, but its dropping them on the floor.

I have another use-case where I set this up with multiple NIC's and all is well so far.

Is 2 NICs a requirement?

Thanks in advance
Pages1