Messages

1

General Discussion / Opnsense in proxmox, cannot be reached

« on: July 08, 2024, 05:00:20 pm »

Until just a little while ago, i could access the opnsense interface (port 443).
Made some changes to dhcp leases, each page load took many many seconds, looking in the pve of proxmox interface, all the sudden all cpu died/stopped.

I have tried rebooting the whole server. opnsense boots and looks normal thru proxmox console, but nothing can ping opnsense, web admin pages does not open
opnsense has 2 interfaces, one is a public ipv4, and one is lan 192.168.1.1, nothing else that is on the lan vmbr1 can ping opnsense.

Any ideas what more i can check why all the sudden everything opnsense stopped working? No network related settings has been changed the past day or two and it worked up until perhaps an hour ago.

EDIT: I tried re-set ip for lan and changed to HTTP, still doesn't open nor do dhcp work for lan devices.

2

General Discussion / SSH/Web access from proxmox with opnsense guest

« on: July 05, 2024, 05:14:40 pm »

Hi, i have opnSense setup as a guest in proxmox, on hetzner.
em0 has the public ip, and internet from the opnsense guest works (currently updating)

But i cannot access the ssh server, or web interface on the opnSense (with the lan ip)

Any idea?

Lan on proxmox is set:
auto vmbr1
iface vmbr1 inet static
        address 192.168.0.254/32
        bridge-ports none
        bridge-stp off
        bridge-fd 0

Lan on opnsense is set to 192.168.0.1
proxmox host cannot ping opnsense guest, nor can opnsense (via pve console) ping proxmox host on the 192-addresses.

Any ideas?

3

General Discussion / Re: What is wrong with my settings? (Dual VPN client)

« on: November 30, 2019, 11:37:50 am »

More firewall rules and nat

4

General Discussion / Re: What is wrong with my settings? (Dual VPN client)

« on: November 30, 2019, 11:37:26 am »

Firewall rules

5

General Discussion / What is wrong with my settings? (Dual VPN client)

« on: November 30, 2019, 11:36:57 am »

I have been over some times, trying to setup a dual openvpn client where certain computers goes thru the vpn that has a fixed public ip with all ports open, and everything else goes thru the other one (that gets a new ip each time it reconnects).

But no matter what/any changes i make, everything still seems to go thru the vpn that has fixed ip and open ports.


OpenVPN client settings (Attached)

6

General Discussion / Re: blocking websites without squid

« on: January 10, 2018, 08:19:10 am »

Hi. OpenDNS might be quite alright to use, but it does Hi-jack your DNS queries to display adpages on domains not resolvable, so i have stopped recommend OpenDNS just because of this.

Hi Gargamel, when is the last time you've experienced the ads please? OpenDNS claims not to have done so for quite some years: https://umbrella.cisco.com/blog/2014/05/29/no-more-ads/ Just wondering if they have started doing this again.

Thanks,

Bart...

'

Personally i havent used OpenDNS since they hijack dns querys, glad they stopped their ad-infestations.

My mom had OpenDNS in her router, many problems was solved by going back to ISP dns server a few weeks ago.

7

General Discussion / Re: blocking websites without squid

« on: January 09, 2018, 09:41:16 am »

You can use OpenDNS for DNS with an account for your network to block the social media category

Bart...

Hi. OpenDNS might be quite alright to use, but it does Hi-jack your DNS queries to display adpages on domains not resolvable, so i have stopped recommend OpenDNS just because of this.

8

Hardware and Performance / Re: Mini PC 6 * Intel Gigabit Lan RJ45 Core i3 7100U 2.4 6 Lan

« on: December 29, 2017, 06:11:38 pm »

I am using a similar item, i7-5550U altho.
works fine.
Using openvpn on all network, delivers all my 250/250 mbit connection encryptet and hovers around 60 degrees and almsot no cpu usage.

9

17.7 Legacy Series / Re: Using Dynamic DNS for OpenVPN server

« on: December 17, 2017, 04:05:32 pm »

Thats how i do it.
Setup a DynDNS in services, and then pointed my openvpn client config to that dyndns.

10

General Discussion / Re: Suggestions for multiple servers running port 443 behind OPNsense

« on: December 16, 2017, 07:56:03 am »

Hi.

I think you are looking for HAProxy https://wiki.opnsense.org/manual/how-tos/haproxy.html

11

17.7 Legacy Series / Re: Forced to restart OpenVPN to get access to some sites!

« on: December 10, 2017, 07:43:24 pm »

This has been going on for some while, and with no response from OVPN that is my provider for this I'll hope some ppl on the forum can sort this out...

It all ends up with err_connection_refused in Chrome for some sites, and even thou I have wiped the cache it still throws a err_connection_refused UNTIL i restart the OpenVPN service in OPNsense! 

I think i used to have the same problem (using ovpn + public ip).
My issue was dns related, but then i got the related error tho.

Compare your config with mine, because current config i have had no problem since i installed it.

Code: [Select]

Server mode: peer to peer SSL/TLS
Protocol: UDP
Device Mode: tun
Interface: wan
remote server: vpn04.prd.kista.ovpn.com
retry dns resolution: checked infinitely resolve remote server
TLS auth: OpenVPN static key V1 from ovpn
Peer certificate authority: the ovpn provided cert
Client certificate: none (username password required)
encryption algorith: AES-256-GSM (256 bit key, 128 bit lock, TLS client/server)
auth digest algorithm: SHA1 (160-bit)
Hardware crypto: no hardware crypto acceleration
compression: enabled with adaptive compression
disable IPv6: checked

Advanced: persist-key
          persist-tun
          remote-cert-tls server
          key-direction 1
          reneg-sec 432000


12

17.7 Legacy Series / Re: Can opnsense do this?

« on: December 07, 2017, 08:20:30 am »

Greetings everyone,

I am using the following functionality with my current firewall but i am looking for something new and i was wondering, can opnsense do this too?

Asn ip blocking (alias from whois)
Dns black holes (using common host files)
Geo-ip blocking (alias from geo-ip)
All logging can be disabled

Also, is opnsense using a rolling release model? Or will it be rolling once all big feature changes are complete? How long are old versions supported if its not rolling?

Thank you so much
J

For GeoIP blocking see this post:
https://forum.opnsense.org/index.php?topic=5851.msg24639#msg24639

13

17.7 Legacy Series / Re: Broader censoring domains to ip (Ubound overrides)

« on: December 04, 2017, 05:06:45 pm »

Entry on the screenshot.

You can choose a nameserver for the domain which does not need to exist

Okay, i used this option before but did not get the results i was expecting, when i had PFSense, i entered something in advanced config and got all *.domain.etc to resolve to an IP, this way, lan users cant resolve the dns server for the whole domain, which is ok i guess.

14

General Discussion / Can someone explain this Firewal log?

« on: December 04, 2017, 12:59:19 pm »

I saw these 2 (and some more) entries in the firewall logs on the "front page".
As i read the log they originate/come over the LAN, but should come from the interface "OVPNPUBLICIPV4" since only from this interface the port it gets redirect to, are open (port forwarded).

15

General Discussion / Re: How pathetic!!

« on: December 04, 2017, 12:33:32 pm »

Good thing i decided to go with OPNSense over pfSense, but mainly because of elitist answers and noses stuck up in the air, not being of any help in the forum when askin for help.