Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - spectrely

Pages1
#1
19.7 Legacy Series / DHCP Giving Wrong Gateway Address
November 18, 2019, 06:43:55 PM
Hey everyone!

I have an issue where DHCP is giving out the incorrect gateway address.

vCenter distributed switch setup:
LAN_Trunk
- VLAN 100: vSphere Management
- VLAN 200: other stuff
- VLAN 300: ect...

Each of those VLANS is was added as an interface with the appropriate VLAN ID, subnet, and gateway. Floating firewall rules added to allow all IPv4 traffic in and out of all networks for now. DHCPv4 configured with scope, DNS using the VLAN appropriate subnet, VLAN appropriate gateway, and VLAN appropriate NTP setup and domain for my install.

When a add a new vmkernel adapter to my esxi host, it pulls a good IP address that is within the correct DHCP scope, on the correct VLAN and even answers pings, but for the gateway, it pulls the subnet of my Trunk VLAN. I'm not sure if there is an override setting I'm missing?

Thanks for your help!
#2
19.7 Legacy Series / Re: Some troubles with my wireguard setup - changes between 19.1 and 19.7?
October 31, 2019, 11:28:00 PM
Updated Config:

Local Configuration:
Name: HomeCloud
Public Key: <Server Public Key>
Private Key: (hidden)
Listen Port: 51820
DNS Server: 192.168.20.1
Tunnel Address: 192.168.70.1/32
Peers: <Client 1>
Disable Routes: <Checked>

Endpoint:
Name: <Client 1>
Public Key: <Client 1 Public Key>
Allowed IPs:
192.168.70.1/32 - <Tunnel Address>
192.168.70.2/24 - <Client 1 Address>

List Configuration Output:
Code Select
interface: wg0
  public key: pSU90xYiwwv/K23GOnqKVUoGtw9YH+WuvC3tnxuyoEk=
  private key: (hidden)
  listening port: 51820

peer: hDB112sXsxc9JpO4QbvoshrRiEZDwZ4idUv9ls3nyzk=
  endpoint: 174.226.7.136:3348
  allowed ips: 192.168.70.1/32, 192.168.70.2/32
  latest handshake: 2 minutes, 15 seconds ago
  transfer: 1.35 KiB received, 284 B sent
  persistent keepalive: every 25 seconds

Client Settings (Phone):
Interface
Name: HomeCloud
Public Key: <Client Public Key>
Addresses: 192.168.70.2/32
DNS Servers: 192.168.20.1

Peer
Public Key: <Server Public Key>
Endpoint: vpn.example.com:51820
Allowed IPs: 0.0.0.0/0
Persistent Keepalive: 25

Firewall
NAT -> Port Forward
WAN   UDP   * *   WAN address   51820   192.168.70.1   51820   Wireguard_Inbound

NAT -> Outbound
WAN   WireGuard net   *  *  *   Interface address   *   NO   Wireguard_Outbound

Rules -> WAN
IPv4   UDP  *  *   192.168.70.1   51820  *  *   Wireguard_Inbound

Interfaces
No interface setup for wg0 (I got confused here)

System -> Gateway -> Single
No gateway set, I don't understand the way this and the interfaces interact.
#3
19.7 Legacy Series / Re: Some troubles with my wireguard setup - changes between 19.1 and 19.7?
October 31, 2019, 11:20:40 PM
I did that, and I still can't access external resources or the internet.
#4
19.7 Legacy Series / Re: Some troubles with my wireguard setup - changes between 19.1 and 19.7?
October 31, 2019, 02:45:21 PM
I wanted 0.0.0.0/0 on both client and server because I thought that the client wouldnt be able to access other network resources without it :o
Thanks for correcting that.

All of the additional subnets are configured on server side. I have my network segregated by subnet/vlan by purpose. e.g.

192.168.20.0/24 = Cloud Applications
192.168.66.0/24 = VLAN 666 or DMZ
192.168.20.0/24 = Hypervisor traffic
So on and so fourth.
I would like my clients to really just connect to the *.*.20.0 subnet, and use that gateway to also get internet. SO I can run things like bitwarden and nextcloud without exposing them to the internet.

However, for now I just want to get this working and understand it better.

Thanks!
#5
19.7 Legacy Series / Re: Some troubles with my wireguard setup - changes between 19.1 and 19.7?
October 30, 2019, 09:44:36 PM
So I'm having a tough time following this.

I followed the OPNsense documentation guide, and I can create the tunnel, but I can't access my internal network or the internet.

Local Configuration:
Name: HomeCloud
Public Key: <Server Public Key>
Private Key: (hidden)
Listen Port: 51820
DNS Server: 192.168.20.1
Tunnel Address: 192.168.70.1/24
Peers: <Client 1>
Disable Routes: <Checked>

Endpoint:
Name: <Client 1>
Public Key: <Client 1 Public Key>
Allowed IPs:
192.168.70.2/24 - <Client 1 Address>
192.168.10.0/24 - <VLAN For Other Stuff>
192.168.20.0/24 - <VLAN For Other Stuff>
192.168.30.0/24 - <VLAN For Other Stuff>
192.168.40.0/24 - <VLAN For Other Stuff>
192.168.50.0/24 - <VLAN For Other Stuff>
192.168.60.0/24 - <VLAN For Other Stuff>
192.168.66.0/24 - <VLAN For Other Stuff>
(When I put 0.0.0.0/0 all my connectivity stops)

List Configuration Output:
interface: wg0
  public key: <Server Public Key>
  private key: (hidden)
  listening port: 51820

peer: <Client 1 Public Key>
  allowed ips: 192.168.10.0/24, 192.168.20.0/24, 192.168.30.0/24, 192.168.40.0/24, 192.168.50.0/24, 192.168.60.0/24, 192.168.66.0/24, 192.168.70.0/24
  persistent keepalive: every 25 seconds

Client Settings (Phone):
Interface
Name: HomeCloud
Public Key: <Client Public Key>
Addresses: 192.168.70.2/32
DNS Servers: 192.168.20.1

Peer
Public Key: <Server Public Key>
Endpoint: vpn.example.com:51820
Allowed IPs: 192.168.70.0/24
Persistent Keepalive: 25

Firewall
NAT -> Port Forward
WAN   UDP   * *   WAN address   51820   192.168.70.1   51820   Wireguard_Inbound

NAT -> Outbound
WAN   WireGuard net   *  *  *   Interface address   *   NO   Wireguard_Outbound

Rules -> WAN
IPv4   UDP  *  *   192.168.70.1   51820  *  *   Wireguard_Inbound

Interfaces
No interface setup for wg0 (I got confused here)

System -> Gateway -> Single
No gateway set, I don't understand the way this and the interfaces interact.

Quote
1. setup like usual
2. tick "Disable routes"
3. go to CLI and do a "route add <gwip> -iface wgX" (most important it lies in the range to "Allowed IPs")
4. then add a gw for the assigned interface (ipv4 none) with the IP you added before
5. set the firewall rule you want and add the gateway

1) I set it up like the above.
2) Clicked disable routes,
3) Went the the CLI and ran
Code Select
route add 192.168.70.1/24 -face wg0
Not sure which list of allowed IPs I'm supposed to adhere to.
4)
- Tried to add the gateway, needed to link to an interface.
- Added an interface with IPv4 None, went and tried to add a gateway, complained of no IP on the interface.
- Put an IP of 192.168.70.1 on the interface, then tried to add gateway. Same message.
- I deleted the interface on wg0 and the gateway I created.
- Tested connectivity with what I had without the gateway and interface, handshake successful, no internet/network access. For testing I have allow in/out rules on all interfaces except WAN.

At this point I'm completely lost. Can anyone help?


Respectfully,

Spectrely

#6
19.7 Legacy Series / Dynamic DNS with Digital Ocean: Configuring subdomains?
October 30, 2019, 03:57:22 PM
Hello everyone,
I have a quick question regarding Dynamic DNS with Digital Ocean.
When I configure a new domain, for example "example.com" using the DNS RecordID as the username, and the Digital Ocean API token as my password, it works.
When I do the same thing with a subdomain, for example "vpn.example.com" it does not work.

Is there a way to have Dynamic DNS with Digital Ocean update subdomains? e.g. "vpn.example.com"
Thanks for your help!

Off topic bonus question: Any plans to roll out Gandi LiveDNS support with Dynamic DND or Let's encrypt?
Pages1