Messages

1

Web Proxy Filtering and Caching / Allow only some Domains

« on: April 02, 2021, 05:42:00 pm »

Hello,

I tried to setup a transparent Web Proxy to allow only some websites. I added a regex to Blacklist to block everything and added some regex for allow some Sites with subdomains. But every websites gets blocked. I think Blacklist works for Whitelist? Is there an easy way to make it working?

Best regards,

Alex

2

20.7 Legacy Series / Re: Multiple IPs in Domain Override (Unbound)

« on: March 21, 2021, 08:13:27 am »

Solved. I had to also add

Code: [Select]

server:
private-domain: "domain.tld"
domain-insecure: "domain.tld"

to custom config.

But it would be nice to edit the gui to insert multiple ips in the textfield. Is there an howto how for feature request or how to add a code change?

3

20.7 Legacy Series / SOLVED Multiple IPs in Domain Override (Unbound)

« on: March 21, 2021, 08:03:02 am »

Hello,

for a Domain Override a want to set more than one ip. It seems that in Konsense only one ip can be insert in the textfield. It would be better if a list of its were possible. So I tried to add it to the custom options field but it is not working. I think I write something wrong:

Code: [Select]

forward-zone:
name: "rdomain.tld"
forward-addr: x.x.x.x
forward-addr: y.y.y.y

Thank you!

Alex

4

High availability / Multi WAN Routes not working / no switch over on gateway failure

« on: March 20, 2021, 07:57:17 am »

Hello,

I tried to setup multi WAN but that's not working well. I have one Network where 2 routers and the OPNsense application exists.

In OPNsense I added both routers as gateway with different monitoring ups (8.8.8.8 and 8.8.4.4). Under general tab I also used this Ips for DNS and selected the right gateway.

Route Status shows the right entries

Code: [Select]

ipv4 default 10.64.10.253 UGS 70279 1500 igb0_vlan1064 RouterNET
ipv4 8.8.4.4 10.64.10.254 UGHS 391 1500 igb0_vlan1064 RouterNET
But every package get routed through the default gateway see trace route below:

Code: [Select]

# /usr/sbin/traceroute -w 2 -n  -m '4'  '8.8.4.4'
traceroute to 8.8.4.4 (8.8.4.4), 4 hops max, 40 byte packets
 1  10.64.10.253  0.526 ms  0.277 ms  0.264 ms
 2  * * *
 3  81.210.131.174  11.082 ms  12.046 ms  10.768 ms
 4  84.116.196.94  18.002 ms  16.866 ms  25.051 ms
The Gateways

Code: [Select]

gwb (active) RouterNET IPv4 255 (upstream) 10.64.10.253 8.8.8.8 15.8 ms 2.7 ms 0.0 % Online    
gwa RouterNET IPv4 255 (upstream) 10.64.10.254 8.8.4.4 16.4 ms 3.9 ms 0.0 % Online
Any idea what the problem could be? Is it because I use the same Interface? I came from pfsense. There was a problem for a long time using the same interface but tis was solved a few years ago. I use version OPNsense 20.7.8-amd64.

Many thanks

Alex

5

General Discussion / Re: Multi-WAN one Interface Gateway Monitoring wrong

« on: September 19, 2019, 10:32:48 am »

Now I tried to set static routes:

ipv4   default   10.64.10.253   UGS   1754927   1500   em0_vlan1064
ipv4   1.1.1.1   10.64.10.253   UGHS   12   1500   em0_vlan1064
ipv4   8.8.4.4   10.64.10.254   UGHS   135698   1500   em0_vlan1064
ipv4   8.8.4.4/32   10.64.10.254   UGS   0   1500   em0_vlan1064
ipv4   8.8.8.8   10.64.10.253   UGHS   136152   1500   em0_vlan1064
ipv4   8.8.8.8/32   10.64.10.253   UGS   0   1500   em0_vlan1064

The 8.8.8.8 / 8.8.4.4 is set as Monitoring IP for testing. I also set static routes like ip/32. Both method seems to not working.

Both Gateways (10.64.10.253 and 10.64.10.254) are on the same Interface (em0_vlan1064)

When I make a traceroute to the monitoring ips:

# /usr/sbin/traceroute -w 2 -n  -m '1'  '8.8.8.8'
traceroute to 8.8.8.8 (8.8.8., 1 hops max, 40 byte packets
 1  10.64.10.253  0.449 ms  0.318 ms  0.187 ms

# /usr/sbin/traceroute -w 2 -n  -m '1'  '8.8.4.4'
traceroute to 8.8.4.4 (8.8.4.4), 1 hops max, 40 byte packets
 1  10.64.10.253  0.413 ms  0.270 ms  0.226 ms

Both Ips uses the default route but that is wrong. I setup routes so one ip should use the other gateway but it don't work. Befor I used another Software there it was no problem. I think it could be a bug or something to change in the settings?

A workaround could be to use two interfaces but then I have a problem with the Failover. I use openvpn in client mode to connect to an other network. As interface I used the carp ip so failover should works on master and slave. When I use diffrent interfaces openvpn in client mode with failover dont work like this.

6

General Discussion / Multi-WAN one Interface Gateway Monitoring wrong

« on: September 10, 2019, 09:24:36 am »

Hello,

I have a failover Setup where one Interface is for the WAN connection. Both Devices uses the CARP IP. On the connected subnet are 2 Router from different ISP:

R1 (active)   RouterNET   IPv4   254 (upstream)   10.64.10.253
R2   RouterNET   IPv4   255 (upstream)   10.64.10.254

I setup public IPs as Monitoring IP. If R1 goes offline, the Monitoring of R2 also goes offline but normally the Monitoring IP should be routed over R2 so it is reachable.

Because both Gateways seems to be offline, WAN is not working until R1 gets online.

Routingtable:
ipv4   default   10.64.10.253   UGS   1623849   1500   em0_vlan1064
ipv4   PUBLIC-MONITOR-IP-R1   10.64.10.253   UGHS   13   1500   em0_vlan1064
ipv4   PUBLIC-MONITOR-IP-R2   10.64.10.254   UGHS   17   1500   em0_vlan1064

Workaround is, thtat I set R2 to be always online. So failover works but I don't recognize if Internet on R2 is really not avaiable.

So I'm not sure if this is a bug or I have a mistake in my config. Perhaps it is not possible to use the same interface for both router?

Best regards,

Alexander

7

General Discussion / Re: Failover one Network Interface down

« on: August 15, 2019, 07:15:59 pm »

I will post them. Next week I am on holidays so it will took some time. Thank you for your help!

8

General Discussion / Re: Failover one Network Interface down

« on: August 15, 2019, 08:42:05 am »

Hi,

on both Units the field is unchecked and I performed a reboot. If I unplug one cable from active master only the carp ip from this interface changed to the slave and all other subnets cannot connect to the subnet behind this carp ip.

Best regards,

Alexander

9

General Discussion / Re: Failover one Network Interface down

« on: August 14, 2019, 01:35:26 pm »

Hallo,

Thank you for your answer.

I have disabled preempt on slave only. I enabled this option for testing. So it looks like the status for the carp ip changed now but i already have a problem.

following situation. Firewall with one server subnet (own interface) and one lan subnet (second interface). When i unplug the lan cable from master firewall it looks like the slave firewall take the lan carp ip. But the server from server subnet cannot route to lan subnet anymore. I think perhaps because the server subnet carp ip is on master and so the pakages will be routed on the master firewall throw the unplugged interface. so how can i change this behavoir? Can the slave takes all carp ips if one interface is unplugged?

Best regards,

Alexander

10

General Discussion / Failover one Network Interface down

« on: August 14, 2019, 12:06:06 pm »

Hello,

I setup two opnsense in HA mode. Theer are 4 Network Interface with virtual CARP IPs. The building gat change from copper to fiber and I become mediaconverter. So at the moment Failover works fine if one firewall gets down. But in future with the mediaconverter it could be happen, that one converter failed and only one network interface get down. I wanted to test this situation so i unplugged one cable from the active firewalls interface and the network didn't work. it looks like the slave doen't take over only this single carp ip. Is there an configuration where I can setup failover when only one interfaceget down?

Best regards,

Alexander