Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - AndyX90

Pages: [1] 2 3 4

Web Proxy Filtering and Caching / Re: Squid SSL Inspection and Windows Updates

« on: October 15, 2020, 05:50:48 am »

You have to import the Microsoft-CA in System --> Trust --> Authorities. The Windows Update CA is not trusty on other Clients than Windows..

I think this one: https://update.microsoft.com/

Gesendet von meinem Mi 10 mit Tapatalk

20.7 Legacy Series / 20.7.3 - OpenVPN Site2Site change Tunnelnetwork

« on: October 11, 2020, 09:41:59 am »

Hey guys,
I have a running Site-to-Site Tunnel just for one site with configured Tunnel network 10.0.31.0/30.
The Server and Client instance on both sites is assigned to separate Interfaces.
On the main site there are 3 different OpenVPN server instances with all /24 Tunnel networks which are working very well.
Now I want to change the Tunnel Network of this specific instance from /30 to /24 to be able to connect more sites.
The problem with this is that if I change the Tunnel network on both sites to whatever (<30 Bits), the connection gets established, but no traffic will pass.
Changing the Tunnel network to /30 makes it work again.
I tried the following:
- rebooting both sides after change of Tunnel network --> same problem
- disabling and re-enabling and restart of client/server ovpn-instances --> same problem
- Re-Applying the assigned Interfaces of the OVPN Interfaces (unconfigured) --> same problem
- Cloning of the server/client instances and assign the clones to the Interfaces --> same problem
I would be happy if someone has another hint for me..

Thx

Gesendet von meinem Mi 10 mit Tapatalk

19.7 Legacy Series / NGINX- LE for SMTPS, SUBMISSION, IMAPS

« on: December 16, 2019, 10:46:43 am »

Hi all,
i would like to use NGINX to Offload Letsencrypt Certificates on my internal services SMTPS, SUBMISSION and IMAPS.
In https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/ it is stated that you need to configure nginx with the following arguments: --with-mail --with-mail_ssl_module.
Our nginx plugin is configured with the arguments --with-mail=dynamic and --with-mail_ssl_module.
Is this setup possible with our default nginx plugin?

THX

19.7 Legacy Series / Re: Unbound - DNS Overrides

« on: December 07, 2019, 06:38:04 pm »

If i go to Interfaces->Diagnostics->DNS-Lookup and insert a hostname of the overriden domain, i get randomly different results:

If i look at the generated overrides in conf, there is the ending .(dot) missing in the zone name.
In opnsense the zone name is

Quote

forward-zone:
name: "example.com"
forward-addr: 10.0.0.1

The fqdn of the overridden domain should be example.com.(dot)
The guys at archlinux also use that syntax in their documentation (https://wiki.archlinux.org/index.php/unbound#Include_local_DNS_server).
There is also someone over at pfsense who is talking about a similar problem.
https://redmine.pfsense.org/issues/9189

19.7 Legacy Series / Unbound - DNS Overrides

« on: December 04, 2019, 10:04:59 am »

Hey guys,

i still have problems with Unbound and DNS-Overrides.
It persists since my last Thred (https://forum.opnsense.org/index.php?topic=7252.0).

But last week i made an important discovery.
I had a setup with wan on dhcp and set up domain and host overrides. Worked like a charm.
But then i changed the wan to pppoe and since then the overrides stopped working correctly.
I tried to disable "allow dns to be overridden by pppoe" and set static upstream dns, but without luck.

Any ideas?

19.7 Legacy Series / Get Opnsense Version through API

« on: September 18, 2019, 06:44:17 pm »

Hey Guys, I am trying to get the version of OPNSense through the API.
Currently I am calling „https://opnsense-ip/api/core/firmware/info“ and extract $.product_version out of the output.
My problem is that I generate thousands of lines with all installed and available packages, changelogs etc. to only extract a string like „19.7.3“.
Maybe someone has an an idea on how to do this without such a big overhead?

THX

Gesendet von iPhone mit Tapatalk

19.7 Legacy Series / Re: [solved] Squid not starting

« on: July 18, 2019, 08:36:30 pm »

Got fixed, see here:
https://github.com/opnsense/core/issues/3584

Gesendet von iPhone mit Tapatalk

19.1 Legacy Series / Re: a VLAN Per SSID

« on: May 03, 2019, 05:37:04 pm »

I can recommend to use OpenWRT.
In my setups i use it with Management-VLAN and each SSID with different VLANs. And 802.11r for Roaming between 2,4 and 5 GHz Networks.
Hardware-Recommendation: Archer-C6.
In you Need Central Management for that: OpenWISP.

Gesendet von iPhone mit Tapatalk

German - Deutsch / Re: DNS Override

« on: April 08, 2019, 07:54:21 pm »

Oh okay, bei mir sind es rund 30 Standorte, an denen aber meist auch noch zusätzliche Windows Server stehen. Jetzt machen die halt DNS...

Gesendet von meinem Pixel 2 XL mit Tapatalk

German - Deutsch / DNS Override

« on: April 08, 2019, 06:08:33 am »

Hi, das Problem hab ich schon lange.
Siehe hier:
https://forum.opnsense.org/index.php?topic=7252.0
Hab dann mein DNS Setup geändert und den DNS von OPNSense weggenommen.

Gesendet von iPhone mit Tapatalk

Web Proxy Filtering and Caching / Squid Bump Interfaces

« on: April 01, 2019, 02:29:38 pm »

Hey guys, is it somehow possible in the GUI to let squid do ssl-bump on LAN and only do SNI-Filter on WiFi-Interfaces?
Thx

Gesendet von iPhone mit Tapatalk

19.1 Legacy Series / Generate Configuration Reports

« on: March 13, 2019, 07:17:35 am »

Hey Guys, i searched something to generate reports/documentations from configuration files and found pfFocus.
I adjusted the code a bit to work with OPNSense configuration files.
https://github.com/AndyX90/OPNReport
There are some issues but in principle it works.
Maybe someone with python knowledge can help to fix the port-alias parsing?
Another question is the <version> section in OPNSense configuration files.
Am I wrong or is this dropped somehow? I noticed that it is not present anymore in 19.x.

Thx

19.1 Legacy Series / Re: Insight - Interface wrong

« on: March 07, 2019, 09:08:32 am »

Quote from: hbc on March 04, 2019, 03:02:55 pm

Did you verify via tcpdump that packets are coming from 2nd firewall and not from local WAN? Maybe a routing issue and packets are actually received from local WAN?

Sorry for the late reply. Yes, the traffic is on the other interface.
It is a HA-Setup between 2 DEC-4630.
Another example is the Carp-Traffic.
I see the traffic on the HA-Interface (separate 1G-Interface between both firewalls), but in Insight the HA-Interface is empty and the Carp-Traffic is also displayed on WAN... $:-\$

19.1 Legacy Series / Insight - Interface wrong

« on: March 04, 2019, 08:38:32 am »

Hey guys,

i have a Problem regarding Netflow/Insight and specific WAN-Traffic.
Basically i have one WAN Interface, one LAN Interface and one Interface linked to another firewall.
There are Internet-connections coming into my LAN from the other firewalls interface.
But Netflow displays them on my WAN-Interface.
Any suggestions?

Thanks in advance!

19.1 Legacy Series / Re: 19.1 - flowd_aggregate crashes

« on: February 15, 2019, 08:08:40 am »

Problem solved!
I had to force a reinstallation of flowd.
The version remains the same, but it runs now.
Note: I upgraded from 19.1-RC2.

Pages: [1] 2 3 4