"
In System: High Availability: Status
HaProxy Status show stopped
HaProxy is regularly running
HaProxy Status show stopped
HaProxy is regularly running
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
24.7, 24.10 Legacy Series / HAPROXY Status is showd stopped in System: High Availability: Status
August 29, 2024, 01:00:13 PM #2
Virtual private networks / Re: Advanced configuration on new openVPN instances
June 29, 2024, 10:37:13 AM
I use the following parameters in legacy configuration. What is the equivalent in the new openVPN instances?
Any suggestion will pbe appreciated.
Quoteauth-gen-token 43200 3600
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
Any suggestion will pbe appreciated.
#3
24.1, 24.4 Legacy Series / OpenVPN Data Channel Offload (DCO)
March 26, 2024, 04:39:37 PM
Does version 24.1 supports OpenVPN Data Channel Offload (DCO) ?
#4
23.7 Legacy Series / OpenVPN version 3 (split-dns problem)
November 29, 2023, 04:13:32 PM
It seems that only OpenVPN 3 correctly implements split-dns.
Is there some plans to implement OpennVPN 3 in OPNSense?
Is there some plans to implement OpennVPN 3 in OPNSense?
#5
23.1 Legacy Series / Netork aliases /32 seems not working
July 27, 2023, 04:46:31 PM
If I use network alias 31.33.34.35/32 packet for host 31.33.34.35 are blocked.
If I use host alias 31.33.34.35 packet for host 31.33.34.35 pass.
It is correct?
Thank you
If I use host alias 31.33.34.35 packet for host 31.33.34.35 pass.
It is correct?
Thank you
#6
23.1 Legacy Series / IPSEC Policy Base Routing
July 07, 2023, 11:53:30 AM
I'm using OPNsense 23.1.
Creating a new IPSEC tunnel default to Policy Based Routing ([Install Policy] is cheched by default].
So I don't find any route in the routing table.
It works, but what I can't understand is how local network reach remote network without routes.
Where I can monitor the routes from local to remote?
How can an IP packet that start from a local host reach the remote host if on the firewall there is no route?
It works, but I don't understand why :)
Sorry for the confusion, any help will be appreciated.
Creating a new IPSEC tunnel default to Policy Based Routing ([Install Policy] is cheched by default].
So I don't find any route in the routing table.
It works, but what I can't understand is how local network reach remote network without routes.
Where I can monitor the routes from local to remote?
How can an IP packet that start from a local host reach the remote host if on the firewall there is no route?
It works, but I don't understand why :)
Sorry for the confusion, any help will be appreciated.
#7
23.1 Legacy Series / OPNsense High Availability setup with PPPoE
April 18, 2023, 11:27:30 AM
Anyone has some news about setup OPNSense High Availability (CARP) setup and a PPPoE connection?
Any suggestion is welcome :-)
Any suggestion is welcome :-)
#8
Tutorials and FAQs / Re: Reverse proxy setup and firewall rules (HAproxy or nginx)
April 16, 2020, 06:09:48 PM
Found the solution: you need to add the rule under Public Server
#9
Tutorials and FAQs / Re: Reverse proxy setup and firewall rules (HAproxy or nginx)
April 16, 2020, 05:50:03 PM
Here same problem.
It seems that the plugin don't write conditions and rules inside haproxy cofiguration file (/usr/local/etc/haproxy.conf) :-(
Maybe a bug with the new opnsense 20 and plugin?
Any suggestion?
It seems that the plugin don't write conditions and rules inside haproxy cofiguration file (/usr/local/etc/haproxy.conf) :-(
Maybe a bug with the new opnsense 20 and plugin?
Any suggestion?
#10
20.1 Legacy Series / Block access to IP that resolve to a specific domain
March 16, 2020, 04:08:10 PM
I need to block Teamviewer.
I read https://community.teamviewer.com/t5/Knowledge-Base/Which-ports-are-used-by-TeamViewer/ta-p/4139
All teamviewer IP have PTR records that resolve to *.teamviewer.com.
I wish to create an alias that is tru for all IP with a PTR record that resolver to *.teamviewer.com
Can I do this?
Thank you very much
I read https://community.teamviewer.com/t5/Knowledge-Base/Which-ports-are-used-by-TeamViewer/ta-p/4139
All teamviewer IP have PTR records that resolve to *.teamviewer.com.
I wish to create an alias that is tru for all IP with a PTR record that resolver to *.teamviewer.com
Can I do this?
Thank you very much
#11
19.7 Legacy Series / "LAN Net" internal Alias
August 19, 2019, 11:32:15 AM
I setup the interface LAN for the network 192.168.250.0/24 and I give IP address 192.168.250.1 to the LAN interface.
Then I added a CARP IP address 10.10.0.1/24 to the LAN interface.
Does internal Alias "LAN Net" comprises both 192.168.250.0/24 and 10.10.0.0/24 subnets?
Then I added a CARP IP address 10.10.0.1/24 to the LAN interface.
Does internal Alias "LAN Net" comprises both 192.168.250.0/24 and 10.10.0.0/24 subnets?
#12
19.7 Legacy Series / "LAN net" in firewall rules for interface with multiple subnets
August 12, 2019, 07:58:08 PM
I configured the LAN interface with multiple CARP IP coming from different subnet (192.168.250.1/24 and 10.100.0.1/27).
Instead of adding two rules (one with source 192.168.250.0/24 and the other with source 10.100.0.0/27), adding only one rule with source "LAN net" works but I wish to know if there is an explanation of how "LAN net" is constructed.
Thank you
Instead of adding two rules (one with source 192.168.250.0/24 and the other with source 10.100.0.0/27), adding only one rule with source "LAN net" works but I wish to know if there is an explanation of how "LAN net" is constructed.
Thank you
#13
19.7 Legacy Series / Re: Routing problems with HA and multiple subnets on the same LAN interface
August 12, 2019, 07:50:06 PM
That's what I wanted to hear, thanks! :)
So this don't works for LAN interface.
The same configuration on WAN interface works. I image that the reason is that WAN interface has a gateway, right?
So this don't works for LAN interface.
The same configuration on WAN interface works. I image that the reason is that WAN interface has a gateway, right?
#14
19.7 Legacy Series / Re: Explain me what adding VHID for every IP would make the CARP traffic very noisy
August 12, 2019, 07:47:12 PM
Thank you very much for the explanation, now I have a more clear idea of what means traffic noisy. :-)
I understand that If I use IP Alias for the 2nd IP I need to setup this IP Alias manually also on the failover router.
If I setup IP Alias on the same VHID Group of the CARP address my configuration is still in high availability?
Box1:
Carp IP=8.8.8.8 VHID Group=1
IP Alias=8.8.8.9 VHID Group=2
Box2:
Carp IP=8.8.8.8 VHID Group=1
IP Alias=8.8.8.9 VHID Group=2
If Box1 dies I can still reach both 8.8.8.8 and 8.8.8.9 just like using two CARP IP?
Thanks
I understand that If I use IP Alias for the 2nd IP I need to setup this IP Alias manually also on the failover router.
If I setup IP Alias on the same VHID Group of the CARP address my configuration is still in high availability?
Box1:
Carp IP=8.8.8.8 VHID Group=1
IP Alias=8.8.8.9 VHID Group=2
Box2:
Carp IP=8.8.8.8 VHID Group=1
IP Alias=8.8.8.9 VHID Group=2
If Box1 dies I can still reach both 8.8.8.8 and 8.8.8.9 just like using two CARP IP?
Thanks
#15
19.7 Legacy Series / Explain me what adding VHID for every IP would make the CARP traffic very noisy
August 12, 2019, 04:43:26 PM
Please,
someone can explain me what exactly means "adding a VHID for every IP would make the CARP traffic very noisy"
Thank you very much.
someone can explain me what exactly means "adding a VHID for every IP would make the CARP traffic very noisy"
Thank you very much.
