OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: dalu on July 01, 2017, 04:12:44 pm
-
Ok, hello everyone.
I bought a PC Engines APU2C4 and installed opnsense (4core amd,4gb ram,16gb ssd,3 intel nics).
Previously I had a small dedicated intel nuc box with bind,dhcpd and tftpd, but it didn't act as a router/firewall.
Now, with opnsense, I use unbound dns resolver with overrides to provide local dns, but it's suboptimal, since I'd like to be able to manage my zone and add wildcard entries, etc.
aka a bit more configuration options
Also, I'd like to run a tftp server for booting via i/pxe. (to provide coreos,centos, etc...)
Then, in 2 days I'll be forced to a IPv4 only connection and I'd like to do 2 things:
1. Provide VPN access (by ipsec or openvpn, in order of preference) to my local network
2. Provide IPv6 via some cloud instance
topology will be
modem/gateway <-> WAN port
LAN port <-> switch
pretty simple
My workstation has 2 NICs and I could imagine connecting 1 nic to the switch and 1 nic to OPT1 for local to external ipv6 vpn
So any way to have
- access to zone records
- a tftp server
- vpn server
- vpn client
I know it's a lot in 1 post.
-
For VPN you can use OpenVPN or IPSec - both should work but because it looks like a home firewall I would prefer OpenVPN (reason: dynamic IP addresses).
TFTP can be hard as the protocol is really a problem for firewall rules (it tells a port number which will be used in the protocol instead of a standard port) :(
If you know the server and it has a static IP it should work. You can set the next server IP in the DHCP options of OPNsense but there is no possibility to set up a PXE server on OPNsense via the GUI.
-
Hey fabian,
thanks for reply and sorry to the late reply.
Meanwhile I switched to pfsense because it has those 2 packages but I really liked opnsense (except that they don't have those 2 features).
I'm a Linux guy, *BSD isn't really my world. Apparently everything is different in BSD land :)
I'm an ex PHP guy and now using Go since 4 years already (wow, time flies).
Nevertheless I remember phalcon but it has been a while and I'm sure they made advances meanwhile.
Oh... never mind, I see opnsense/core is using python for the services.
Would've been interesting to contribute isc-bind and tftp plugins/packages.
<...>
TFTP can be hard as the protocol is really a problem for firewall rules (it tells a port number which will be used in the protocol instead of a standard port) :(
If you know the server and it has a static IP it should work. You can set the next server IP in the DHCP options of OPNsense but there is no possibility to set up a PXE server on OPNsense via the GUI.
Yes the server would be "the box" aka 192.168.1.1 on LAN.
I backed up my config of dhcpd4, can post it no problem.
Of course people say "a firewall should be a firewall"
well 4 core 4GB RAM, there's room for more than just firewall :)
-
Hey fabian,
thanks for reply and sorry to the late reply.
Meanwhile I switched to pfsense because it has those 2 packages but I really liked opnsense (except that they don't have those 2 features).
I'm a Linux guy, *BSD isn't really my world. Apparently everything is different in BSD land :)
Which packages? Packages can be added if needed but a plugin may not be written for it (depending on if a contributor wants to add it).
I'm an ex PHP guy and now using Go since 4 years already (wow, time flies).
Nevertheless I remember phalcon but it has been a while and I'm sure they made advances meanwhile.
Oh... never mind, I see opnsense/core is using python for the services.
Would've been interesting to contribute isc-bind and tftp plugins/packages.
If you are writing a plugin, you can use any scripting language as the plugins should not contain binary executables.
This means Go is not recommend (binary would be a port and the plugin would pull it in as a dependency).
You still have a large choice, for example: python 2.7, shell script, ruby, perl
Just take what fits your needs best. In core only python 2.7 and shell script should be used.
Yes the server would be "the box" aka 192.168.1.1 on LAN.
I backed up my config of dhcpd4, can post it no problem.
In this case, you can open the ports > 1024 for UDP to RFC1918 addresses which should work. This is the reason why the machine should not be used for something else. In addition the port for tftpd is required.