Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - spetrillo

Pages1 2 3 ... 51
#1
25.1, 25.4 Production Series / Unbound to DNSMasq
May 12, 2025, 05:09:09 PM
Hello all,

I need some clarity. In reading the notes from 25.1.6 update it seems to give me the impression that DNSmasq is beginning to take over from Unbound. I run Unbound as my DNS server, and use ISC DHCP for DHCP purposes. If the move is to Kea DHCP does that mean I need to move from Unbound to DNSMasq for DNS purposes? Like I said I am trying to gain some clarity here.

Thanks,
Steve
#2
General Discussion / Caddy on OPNsense
May 05, 2025, 06:35:38 PM
Hello all,

I am trying to allow a personal website out via Caddy as my reverse proxy. With Caddy enabled I am able to connect to the website from my internal PC. If I try to hit on the Internet its not responding. When I look at the Caddy log I only see this:

2025-05-05T12:33:11-04:00   Informational   caddy   "info","ts":"2025-05-05T16:33:11Z","msg":"serving initial configuration"}   
2025-05-05T12:33:11-04:00   Informational   caddy   "info","ts":"2025-05-05T16:33:11Z","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}   
2025-05-05T12:33:11-04:00   Informational   caddy   "info","ts":"2025-05-05T16:33:11Z","logger":"admin","msg":"admin endpoint started","address":"unix//var/run/caddy/caddy.sock|0220","enforce_origin":false,"origins":["","//127.0.0.1","//::1"]}   

I have attached the Caddyfile and JSON. I never see it talk outbound to get a certificate. Not sure what I missed.

Thanks,
Steve
#3
General Discussion / OPNsense - Zabbix Proxy
April 22, 2025, 06:47:15 PM
Hello all,

I installed the 7.2.5 Zabbix proxy and was reading more in the status log on OPNsense. It mentions the following:

Message from net-snmp-5.9.4_6,1:

--
**** This port installs snmpd, header files and libraries but does not
     start snmpd by default.
     If you want to auto-start snmpd and snmptrapd, add the following to
     /etc/rc.conf:

   snmpd_enable="YES"
   snmpd_flags="-a"
   snmpd_conffile="/usr/local/share/snmp/snmpd.conf /etc/snmpd.conf"
   snmptrapd_enable="YES"
   snmptrapd_flags="-a -p /var/run/snmptrapd.pid"

**** You may also specify the following make variables:

   NET_SNMP_SYS_CONTACT="zi@FreeBSD.org"
   NET_SNMP_SYS_LOCATION="USA"
   DEFAULT_SNMP_VERSION=3
   NET_SNMP_MIB_MODULES="host smux mibII/mta_sendmail ucd-snmp/diskio"
   NET_SNMP_LOGFILE=/var/log/snmpd.log
   NET_SNMP_PERSISTENTDIR=/var/net-snmp

     to define default values (or to override the defaults).  To avoid being
     prompted during the configuration process, you should (minimally) define
     the first two variables. (NET_SNMP_SYS_*)

     You may also define the following to avoid all interactive configuration:


Does this mean I could use SNMP monitoring for OPNsense and get additional information, like the services that run on top of the firewall? Has anyone used this? Has anyone used Zabbix and defined an updated template to monitor services like DNS, DHCP, and others?

Thanks,
Steve
#4
General Discussion / Connect to OPNsense VM
March 31, 2025, 07:16:26 PM
Hello all,

I have built an OPNsense firewall vm on my Proxmox server. The vm was built using PCI passthrough for the Intel I350 network card. The first port on the Intel card is set with a vlan of 1, for my mgmt network. I connected an ethernet cable to that port and ran it to a USB network adapter on my laptop. I set the adapter on my laptop to vlan 1 and I can ping the new firewall's IP address on the LAN interface. I can also get IP from this firewall via DHCP, however I cannot connect to that IP via the browser on my laptop. Is there a trick to doing this? I would like to be able to configure the firewall vm before going live with it.

Thanks,
Steve
#5
25.1, 25.4 Production Series / Re: Plugins Section
March 07, 2025, 04:31:48 PM
@mimugmail,

Does this mean its being added or has been added? Can I use your two conf files to generate my own plugin?

Thanks,
Steve
#6
25.1, 25.4 Production Series / Re: Plugins Section
March 07, 2025, 03:30:31 PM
I am not talking about the standard agent. I am talking about the proxy agent. Proxy agent 7.0.9 has limited functionality, when the main Zabbix server is 7.2.x.
#7
25.1, 25.4 Production Series / Plugins Section
March 06, 2025, 05:22:11 PM
Hello all,

Is it possible to update the plugins section independent of the the main monthly release? I am in need of the updated Zabbix proxy agent, as 7.0.9 does not support Zabbix 7.2.

Thanks,
Steve
#8
General Discussion / OPNsense - SNMP
March 01, 2025, 06:07:53 PM
Hi all,

Does OPNsense have SNMP capabilities out of the box or do I need to install the os-net-snmp plugin to get this? I cannot remember.

Thanks,
Steve
#9
General Discussion / Can Ping but Cannot Connect via Web
February 25, 2025, 05:21:48 PM
Hello all,

I am building a Proxmox server for a client, with an OPNsense VM. The VM is up and operational on 25.1.1. I have directly connected my laptop to the LAN interface and can ping the IP of the LAN interface. What I cannot do is use a web browser to connect to the GUI. It comes back telling me it took too long to connect. Why would I be seeing this? I am using the Edge browser.

Thanks,
Steve
#10
General Discussion / OPNsense on Proxmox
February 22, 2025, 08:37:50 PM
Hello all,

I am running my OPNsense firewall as a Proxmox VM. All my internal VLANs are Linux bridge vlans, with my WAN interface being a passthrough device. I am trying to get access to the OPNsense LAN, which is one of three vlans on one physical interface. I have connected my USB to ethernet dongle directly to the NIC with these three vlans and set the vlan on the dongle to vlan 1, which is the OPNsense LAN interface. I cannot ping nor can I gain access to the GUI. Am I doing something wrong? What am I missing?

Thanks,
Steve
#11
General Discussion / Should I Worry??
February 18, 2025, 06:03:09 PM
What is all the stuff written on my console? Do I need to do something with these? Is there a way to not have go to the console?
#12
Virtual private networks / I Feel Like I am Missing a Rule
February 16, 2025, 06:15:05 PM
Hello all,

I have a WG S2S tunnel up and active, however I cannot ping across the tunnel. I have validated that the allowed IPs are correct on both sides. I feel like I am missing a rule that allows traffic to pass. I try to ping a device on Site B, from my workstation at Site A. I even tried to trace route but didnt get out of my Site A firewall, which is curious. What am I missing?

Thanks,
Steve
#13
Virtual private networks / Wireguard - Tunnel Addresses
February 10, 2025, 05:00:26 PM
Hello all,

Do client tunnel IP addresses need to be in the same subnet? For example site A's tunnel address is 10.0.10.1/24 and site B's tunnel address is 10.0.9.1/24. Will these work or do they need to be within the same subnet?

Thanks,
Steve
#14
Virtual private networks / Re: Wireguard site to site one way only
February 06, 2025, 05:23:40 PM
Quote from: Patrick M. Hausen on February 06, 2025, 05:16:47 PMIf AllowedIPs looks good, then probably firewall rules. Without any rules applied to either the assigned WG interface (in case you did that) or the "WireGuard" group, the default applies which is "deny all".

I thought that could be it but checked. I have firewall rules in place for WAN(FIOS) and interface(WG). Do I need rules on the LAN interfaces? I have the default allow rule for each LAN interface.
#15
Virtual private networks / Re: Wireguard site to site one way only
February 06, 2025, 05:11:23 PM
Quote from: Patrick M. Hausen on February 05, 2025, 07:07:52 PMDo you have both LAN networks and the tunnel network addresses in the respective AllowedIPs settings?

I believe I do. Here are screenshots of the peers from each firewall. The initial tunnel is up but now I cannot get to devices from either side. I have just rebooted both firewalls, just to ensure everything was clean. What could I be missing?
Pages1 2 3 ... 51