Topics - zwck

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - zwck

Pages1

General Discussion / HAProxy - map files and directory selection

February 07, 2020, 02:17:32 PM

Hey Frankie :D

As far as i can determine the backend selection currently functions with

Code Select


use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/mapfile.txt,bk_defaultbackend)]

with a mapfile.txt containing something like this:

Code Select

sub.domain.tld bk_subdomain

when navigating to sub.domain.tld the properbackend will be selected. however i would like to be able to forward directories e.g

Code Select

sub.domain.tld/dir bk_subdomaindir
which does not work with map.dom in the usebackend code. How would i go about this ?

Tutorials and FAQs / VPN Client - Gateway issue

November 17, 2018, 03:38:21 PM

Hey all complete beginner here,

I am running the latest stable of opnsense and i installed the opnvpn client on opnsense which creates a gateway and client, when you start the client the gateway becomes active.
It all works fine and dandy with the installation and then my entire network is routed throught the VPN Gateway, when i start the client the default gateway (WAN_DHCP) will be overwritten directly to (VPN_DHCP) for all my lans and vlans. However, i just want one vlan to be routed through the VPN gateway

I thought it would be straight forward and a simple change of the GATEWAY in the rules for each vlan and lan would to the trick, however then the only vlan that is working then is the one with the VPN_dhcp gateway selected.

Hardware and Performance / Fiber Cards (intel x520DA2)

November 09, 2018, 06:48:34 AM

Hello Interested People,

I just changed my hardware configuration from

ISP(Fiber) -> MediaConverter (fiber to rj45) -> OPNsense

to:

ISP(fiber) -> OPNsense (ix0) (Intel 520 DA2)

I am also online like this, however i noticed in the GUI that the negotiated speeds is set to unknown, and if config shows the same. Is that an issue

Code Select

ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=c400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,TXCSUM_IPV6>
        ether 00:0e:c4:d2:66:77
        hwaddr 00:1b:21:9c:06:d8
        inet6 fe80::20e:c4ff:fed2:7777%ix0 prefixlen 64 scopeid 0x1
        inet6 2a02:168:2000:e:20e:c4ff:fed2:8989 prefixlen 64 autoconf
        inet 11.11.11.11 netmask 0xffffff00 broadcast 11.11.11.255
        inet 2.1.1.2 netmask 0xffffffff broadcast 2.1.1.2
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet autoselect (Unknown <rxpause,txpause>)
        status: active

(i changed my inet ip in this printout)
media: Ethernet autoselect (Unknown <rxpause,txpause>) is what i am refering to

Documentation and Translation / HaProxy reverse proxy -> ssl offloading and endpoint termination

September 19, 2018, 11:21:30 AM

Hey guys,

is there a nice tutorial out there on how to accomplish a haproxy setup that directs traffic based on subdomains, and requirements.

I am thinking about a simple workflow

ssl.mydomain.de:443 -> ssl offloading -> normal-backend
sni.mydomaind:443 -> endpoint termination -> sni-backend

typically this is achieved with a ton of acls/mapping and a backend that sorts them and directs them.

Cheers,
z

Pages1