"
and some more ;)
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Tutorials and FAQs / Re: Tutorial 2022/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
January 20, 2023, 10:50:51 AM #2
Tutorials and FAQs / Re: Tutorial 2022/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
January 20, 2023, 10:50:19 AM
Hi,
as far as i am aware of, Unbound is my primary DNS resolver.
I do have Zenarmor installed on the OPNsense. But this is only a web filter, not a DNS resolver.
i checked my smartphone, laptop, kids computer, ... all of them are using OPNsense as there DNS resolver.
I attached some screenshots for you.
as far as i am aware of, Unbound is my primary DNS resolver.
I do have Zenarmor installed on the OPNsense. But this is only a web filter, not a DNS resolver.
i checked my smartphone, laptop, kids computer, ... all of them are using OPNsense as there DNS resolver.
I attached some screenshots for you.
#3
Tutorials and FAQs / Re: Tutorial 2022/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
January 10, 2023, 09:46:16 AM
@TheHellSide
MYNAS vs SFINX was for testing purpose because i was doubting if i configured something wrong. So i created MYNAS.
About OPNsense GUI being accessible from the internet, i completely understand your concern.
I was looking for a webinterface to test the config with, but indeed, not realy a good thing to do.
Some extra troubleshooting.
Interfaces: Diagnostics: DNS Lookup
Interfaces: Diagnostics: Trace Route
on network client:
so now i'm lost ???
i'll try to find/set-up another internal website to test with.
MYNAS vs SFINX was for testing purpose because i was doubting if i configured something wrong. So i created MYNAS.
About OPNsense GUI being accessible from the internet, i completely understand your concern.
I was looking for a webinterface to test the config with, but indeed, not realy a good thing to do.
Some extra troubleshooting.
Interfaces: Diagnostics: DNS Lookup
Code Select
host: feniks.domain.net
server: 192.168.10.1
response: A feniks.domain.net. 3600 IN A 192.168.10.200 192.168.10.1 0 msec
Interfaces: Diagnostics: Trace Route
Code Select
# /usr/sbin/traceroute -w 2 -n -m '18' 'feniks.domain.net'
traceroute to feniks.domain.net (192.168.10.200), 18 hops max, 40 byte packets
1 192.168.10.200 0.787 ms 0.462 ms 0.475 ms
on network client:
Code Select
Pinging feniks.domain.net [192.168.10.200] with 32 bytes of data:
Reply from 192.168.10.200: bytes=32 time<1ms TTL=64
Code Select
Tracing route to feniks.domain.net [192.168.10.200]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms FENIKS.domain.net [192.168.10.200]
Trace complete.
so now i'm lost ???
i'll try to find/set-up another internal website to test with.
#4
Tutorials and FAQs / Re: Tutorial 2022/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
December 29, 2022, 12:16:31 PM
Hi, attached you can find my haproxy.conf and map file.
I replicated your tutorial 1:1
The OPNsense firewall LAN IP is 192.168.10.1
for the 2 items in the map file i created a DNS override for those FQDN's pointing to 192.168.10.1
access from the internet works fine. The wildcard ssl cert is being used and the port redirection works and is not visible. (ex :55443 for the firewall interface and :5000 for the NAS)
internally the browser says "ERR_CONNECTION_TIMED_OUT" and nothing is displayed.
If you need more info or details i'll be happy to provide them to you.
thank you for your help!
I replicated your tutorial 1:1
The OPNsense firewall LAN IP is 192.168.10.1
for the 2 items in the map file i created a DNS override for those FQDN's pointing to 192.168.10.1
access from the internet works fine. The wildcard ssl cert is being used and the port redirection works and is not visible. (ex :55443 for the firewall interface and :5000 for the NAS)
internally the browser says "ERR_CONNECTION_TIMED_OUT" and nothing is displayed.
If you need more info or details i'll be happy to provide them to you.
thank you for your help!
#5
Tutorials and FAQs / Re: Tutorial 2022/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
December 28, 2022, 01:50:44 PM
Hello,
and thank you for this great tutorial!
I managed to get the HAProxy running and I am able to access the desired services from the internet side.
But when i want to access them from the internal netwerk i am unable to reach them.
i tried the DNS override as explained but this does not work. I suppose i am doing something wrong here.
As far as I understood, i must create an "override" for each host i also want to reach internally and assign it the IP adres of the LAN interface of the OPNsense. Is that correct?
My default LAN interface has "192.168.10.1/24" so i created a host override f.e. "mynas.mydomain.com" pointing to 192.168.10.1.
I assume the HAProxy is also listening on the LAN interface?
thank you for your help!
and thank you for this great tutorial!
I managed to get the HAProxy running and I am able to access the desired services from the internet side.
But when i want to access them from the internal netwerk i am unable to reach them.
i tried the DNS override as explained but this does not work. I suppose i am doing something wrong here.
As far as I understood, i must create an "override" for each host i also want to reach internally and assign it the IP adres of the LAN interface of the OPNsense. Is that correct?
My default LAN interface has "192.168.10.1/24" so i created a host override f.e. "mynas.mydomain.com" pointing to 192.168.10.1.
I assume the HAProxy is also listening on the LAN interface?
thank you for your help!
#6
General Discussion / QOS for printing over IPSEC tunnel
October 05, 2022, 10:36:34 AM
Hi, I was wondering if it is possible, regardless of the number of printers, to limit the bandwidth consumed by an IPSEC tunnel to get the print jobs "over the line".
We work via RDP on a Server in Azure Cloud. The users make a connection from the office, via RDP, to the server within the Azure Cloud and use the IPSEC tunnel that has been set up between the OPNsense at the office and the Azure Cloud infrastructure.
On the RDP server, 3 printers are defined by their IP address (which refers to the office). So when printing, that flows back over the IPSEC to the printer in the office. However, with large prints they saturate the line and the image of the RDP sessions stutters...
I found the following article in the docs:
https://docs.opnsense.org/manual/how-tos/shaper_dedicated_bw.html
is that what i need to do to get this to work. With any change that I have to specify 3 IPs at destination in the rule? or will this not work?
We work via RDP on a Server in Azure Cloud. The users make a connection from the office, via RDP, to the server within the Azure Cloud and use the IPSEC tunnel that has been set up between the OPNsense at the office and the Azure Cloud infrastructure.
On the RDP server, 3 printers are defined by their IP address (which refers to the office). So when printing, that flows back over the IPSEC to the printer in the office. However, with large prints they saturate the line and the image of the RDP sessions stutters...
I found the following article in the docs:
https://docs.opnsense.org/manual/how-tos/shaper_dedicated_bw.html
is that what i need to do to get this to work. With any change that I have to specify 3 IPs at destination in the rule? or will this not work?
#7
Dutch - Nederlands / QOS voor printen over IPSEC tunnel
September 28, 2022, 06:16:28 PM
Hallo, ik vroeg me af of het mogelijk is om, ongeacht het aantal printers, de verbruikte bandbreedte van een IPSEC tunnel aan banden te leggen om de printopdrachten "over de lijn" te krijgen.
Er wordt gewerkt via RDP op een Server in Azure Cloud. De gebruikers maken vanop kantoor een verbinding, via RDP, naar de server binnen Azure Cloud en gebruiken hiervoor de IPSEC tunnel die tussen de OPNsense op kantoor en de Azure Cloud infra opgezet is.
Op de RDP server zijn 3 printers gedefinieerd via hun IP adres (dat verwijst naar kantoor). Dus bij afdrukken loopt dat terug over de IPSEC naar de printer op kantoor. Maar, bij grote prints verzadigen ze de lijn en hapert het beeld van de RDP sessies...
Ik vond in de docs het volgende artikel:
https://docs.opnsense.org/manual/how-tos/shaper_dedicated_bw.html
is dat wat ik moet doen om dit finaal werkende te krijgen. Met enige wijziging dat ik in de rule 3 IP's moet specifieren bij destination? of gaat dit niet lukken?
Er wordt gewerkt via RDP op een Server in Azure Cloud. De gebruikers maken vanop kantoor een verbinding, via RDP, naar de server binnen Azure Cloud en gebruiken hiervoor de IPSEC tunnel die tussen de OPNsense op kantoor en de Azure Cloud infra opgezet is.
Op de RDP server zijn 3 printers gedefinieerd via hun IP adres (dat verwijst naar kantoor). Dus bij afdrukken loopt dat terug over de IPSEC naar de printer op kantoor. Maar, bij grote prints verzadigen ze de lijn en hapert het beeld van de RDP sessies...
Ik vond in de docs het volgende artikel:
https://docs.opnsense.org/manual/how-tos/shaper_dedicated_bw.html
is dat wat ik moet doen om dit finaal werkende te krijgen. Met enige wijziging dat ik in de rule 3 IP's moet specifieren bij destination? of gaat dit niet lukken?
#8
19.7 Legacy Series / Re: Missing IPSec Interface
September 27, 2019, 04:12:04 PM
Hi, i'm having the same issue.
To create my Site 2 Site tunnel to Azure i followed the following document:gende document:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html
But i am unable to see "IPsec Azure" interface as mentioned under:
"Step 3 - Set MSS Clamping"
(Under Interfaces ‣ IPsec Azure) etc ...
The "IPsec Azure" interface doesn't show.
So "Step 6 - Define Gateways" also doesn't work
Thanks for the support
To create my Site 2 Site tunnel to Azure i followed the following document:gende document:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html
But i am unable to see "IPsec Azure" interface as mentioned under:
"Step 3 - Set MSS Clamping"
(Under Interfaces ‣ IPsec Azure) etc ...
The "IPsec Azure" interface doesn't show.
So "Step 6 - Define Gateways" also doesn't work
Thanks for the support
Pages1
