Messages

1

24.7 Production Series / HAPROXY Status is showd stopped in System: High Availability: Status

« on: August 29, 2024, 01:00:13 pm »

In System: High Availability: Status
HaProxy Status show stopped

HaProxy is regularly running

2

Virtual private networks / Re: Advanced configuration on new openVPN instances

« on: June 29, 2024, 10:37:13 am »

I use the following parameters in legacy configuration. What is the equivalent in the new openVPN instances?

auth-gen-token 43200 3600
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

Any suggestion will pbe appreciated.

3

24.1 Legacy Series / OpenVPN Data Channel Offload (DCO)

« on: March 26, 2024, 04:39:37 pm »

Does version 24.1 supports OpenVPN Data Channel Offload (DCO) ?

4

23.7 Legacy Series / OpenVPN version 3 (split-dns problem)

« on: November 29, 2023, 04:13:32 pm »

It seems that only OpenVPN 3 correctly implements split-dns.

Is there some plans to implement OpennVPN 3 in OPNSense?

5

23.1 Legacy Series / Netork aliases /32 seems not working

« on: July 27, 2023, 04:46:31 pm »

If I use network alias 31.33.34.35/32 packet for host 31.33.34.35 are blocked.

If I use host alias 31.33.34.35 packet for host 31.33.34.35 pass.

It is correct?

Thank you

6

23.1 Legacy Series / IPSEC Policy Base Routing

« on: July 07, 2023, 11:53:30 am »

I'm using OPNsense 23.1.

Creating a new IPSEC tunnel default to Policy Based Routing ([Install Policy] is cheched by default].

So I don't find any route in the routing table.

It works, but what I can't understand is how local network reach remote network without routes.
Where I can monitor the routes from local to remote?

How can an IP packet that start from a local host reach the remote host if on the firewall there is no route?

It works, but I don't understand why 

Sorry for the confusion, any help will be appreciated.

7

23.1 Legacy Series / OPNsense High Availability setup with PPPoE

« on: April 18, 2023, 11:27:30 am »

Anyone has some news about setup OPNSense High Availability (CARP) setup and a PPPoE connection?

Any suggestion is welcome :-)

8

Tutorials and FAQs / Re: Reverse proxy setup and firewall rules (HAproxy or nginx)

« on: April 16, 2020, 06:09:48 pm »

Found the solution: you need to add the rule under Public Server

9

Tutorials and FAQs / Re: Reverse proxy setup and firewall rules (HAproxy or nginx)

« on: April 16, 2020, 05:50:03 pm »

Here same problem.
It seems that the plugin don't write conditions and rules inside haproxy cofiguration file (/usr/local/etc/haproxy.conf) :-(

Maybe a bug with the new opnsense 20 and plugin?

Any suggestion?

10

20.1 Legacy Series / Block access to IP that resolve to a specific domain

« on: March 16, 2020, 04:08:10 pm »

I need to block Teamviewer.
I read https://community.teamviewer.com/t5/Knowledge-Base/Which-ports-are-used-by-TeamViewer/ta-p/4139

All teamviewer IP have PTR records that resolve to *.teamviewer.com.

I wish to create an alias that is tru for all IP with a PTR record that resolver to *.teamviewer.com

Can I do this?

Thank you very much

11

19.7 Legacy Series / "LAN Net" internal Alias

« on: August 19, 2019, 11:32:15 am »

I setup the interface LAN for the network 192.168.250.0/24 and I give IP address 192.168.250.1 to the LAN interface.

Then I added a CARP IP address 10.10.0.1/24 to the LAN interface.

Does internal Alias "LAN Net" comprises both 192.168.250.0/24 and 10.10.0.0/24 subnets?

12

19.7 Legacy Series / "LAN net" in firewall rules for interface with multiple subnets

« on: August 12, 2019, 07:58:08 pm »

I configured the LAN interface with multiple CARP IP coming from different subnet (192.168.250.1/24 and 10.100.0.1/27).

Instead of adding two rules (one with source 192.168.250.0/24 and the other with source 10.100.0.0/27), adding only one rule with source "LAN net" works but I wish to know if there is an explanation of how "LAN net" is constructed.

Thank you

13

19.7 Legacy Series / Re: Routing problems with HA and multiple subnets on the same LAN interface

« on: August 12, 2019, 07:50:06 pm »

That's what I wanted to hear, thanks!

So this don't works for LAN interface.

The same configuration on WAN interface works. I image that the reason is that WAN interface has a gateway, right?

14

19.7 Legacy Series / Re: Explain me what adding VHID for every IP would make the CARP traffic very noisy

« on: August 12, 2019, 07:47:12 pm »

Thank you very much for the explanation, now I have a more clear idea of what means traffic noisy. :-)

I understand that If I use IP Alias for the 2nd IP I need to setup this IP Alias manually also on the failover router.
If I setup IP Alias on the same VHID Group of the CARP address my configuration is still in high availability?

Box1:
Carp IP=8.8.8.8 VHID Group=1
IP Alias=8.8.8.9 VHID Group=2

Box2:
Carp IP=8.8.8.8 VHID Group=1
IP Alias=8.8.8.9 VHID Group=2

If Box1 dies I can still reach both 8.8.8.8 and 8.8.8.9 just like using two CARP IP?

Thanks

15

19.7 Legacy Series / Explain me what adding VHID for every IP would make the CARP traffic very noisy

« on: August 12, 2019, 04:43:26 pm »

Please,
someone can explain me what exactly means "adding a VHID for every IP would make the CARP traffic very noisy"

Thank you very much.