Messages

1

Tutorials and FAQs / Re: Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: November 04, 2024, 06:54:46 am »

Have someone done this with IPv6? Is there a way to combine IPv4 and IPv6 with Wildcard Certificates managed from OPNsense?

2

Virtual private networks / Re: Wireguard no Ping from Lan to WG0 Clients

« on: August 23, 2024, 02:21:15 pm »

No, and it was working in the past without extra gateway and route.... I have changed many Firewall rules and I think, I have missed something since than. But its to long ago for me to remember the exact way.

3

Virtual private networks / Wireguard no Ping from Lan to WG0 Clients

« on: August 23, 2024, 07:44:35 am »

Hello,
I have the situation that I'm not be able to send even a Ping from a LAN Client to a Wireguard Client. It is not a Problem if both Machines are connected through Wireguard.
I have also full access from the Wireguard Clients.
What am I missing?

My config:

Client:

Code: [Select]

[Interface]
Address = 10.0.10.5/24
PrivateKey = ***
ListenPort = 51820
DNS = 10.0.10.1

[Peer]
PublicKey = ***
Endpoint = ***:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Firewall:Rules:WG0

Code: [Select]

IN  IPv4*  LANIP/24  *  WireGuard (Group) net  *  *  *
Firewall:Rules:Wiregguard(Group)

Code: [Select]

IN  IPv4+6*  Wireguard (Group) net  *  *  *  *  *
Firewall:Rules:LAN

Code: [Select]

IN  IPv4* LANIP/24  *  WireGuard (Group) net  *  *  *
I can see, that the Firewall ist letting it throu

Code: [Select]

WG0 2024-08-23T07:40:11 LANIP 10.0.10.5 icmp let out anything from firewall host itself
LAN 2024-08-23T07:40:11 LANIP 10.0.10.5 icmp Pass everything !NET

4

23.1 Legacy Series / Re: Suricata and HAProxy

« on: March 13, 2023, 12:48:42 pm »

Yes, I thought, that decrypt and encrypt on the OPNsense would do the trick.... But therefor it had to inspect an interface X between the processes...

5

23.1 Legacy Series / Suricata and HAProxy

« on: March 12, 2023, 12:41:21 pm »

I'm running a HAProxy with a wildcard Let's Encrypt Certificate. From OPNsense to the Server is the traffic also encrypted with Let's Encrypt Certificates. Is Suricata able to inspect this traffic? It is listening to the intern Interface, but there should be only encrypted traffic?

6

23.1 Legacy Series / Re: 23.1.2 system log full of errors Netdata

« on: March 12, 2023, 07:32:24 am »

Jep, looks good.

7

23.1 Legacy Series / Re: 23.1.2 system log full of errors Netdata

« on: March 11, 2023, 11:54:34 am »

I also have this kind of messages.

Code: [Select]

2023-03-11T11:39:30 Error apps.plugin Cannot fetch process 43236 command line (command 'sh')
2023-03-11T11:39:30 Error apps.plugin Cannot fetch process 45219 command line (command 'tail')
2023-03-11T11:39:30 Error apps.plugin Cannot fetch process 44673 command line (command 'awk')
2023-03-11T11:36:26 Error apps.plugin Cannot fetch process 33784 command line (command 'sh')
2023-03-11T11:26:16 Error apps.plugin pid 32776 awk states parent 32251, but the later does not exist.
2023-03-11T11:26:15 Error apps.plugin pid 32776 awk states parent 32251, but the later does not exist.
2023-03-11T11:26:14 Error apps.plugin pid 32776 awk states parent 32251, but the later does not exist.
2023-03-11T11:26:14 Error apps.plugin Cannot fetch process 32776 command line (command 'awk')
2023-03-11T11:05:48 Error apps.plugin Cannot fetch process 72761 command line (command 'pfctl')
2023-03-11T10:56:52 Error apps.plugin Cannot fetch process 12937 command line (command 'sh')

8

23.1 Legacy Series / Monit Firmware update check

« on: March 06, 2023, 07:46:42 am »

Hey,
is it possible to test if a cronjob for the "firmware update check" left positive with monit to send an email if there are updates available?

9

23.1 Legacy Series / Re: [Captive] Whitelist URL

« on: February 26, 2023, 02:40:49 pm »

I'm also interested in that.

I want do Whitelist my pages without authentication.
I've tried it on Services: Web Proxy: Administration Accsess Control List in Whitelist with ordinary page.de and with ^https?:\/\/([A-z]|[0-9]+)\.page\.
Didn't find a awnser...

10

23.1 Legacy Series / Re: The new unbound reporting is pretty cool

« on: February 20, 2023, 08:46:41 am »

Right. Same here. But not every Client is affected. For example some Phones (Android) are OK.

11

23.1 Legacy Series / Re: The new unbound reporting is pretty cool

« on: February 16, 2023, 08:20:44 am »

Look here.
Patch

Code: [Select]

opnsense-patch -a kulikov-a 404b9d5

12

23.1 Legacy Series / Re: Update to 23.1.1: Unbound reporting broken/not working

« on: February 16, 2023, 08:00:33 am »

THX a lot. It solved my Problem from here.

13

23.1 Legacy Series / Re: Reporting: Unbound DNS

« on: February 16, 2023, 07:59:15 am »

Solved with this Patch from here.

Code: [Select]

opnsense-patch -a kulikov-a 404b9d5

14

23.1 Legacy Series / Re: Reporting: Unbound DNS

« on: February 15, 2023, 04:31:11 pm »

Oh, yes. I also had made an Update before playing with DNSCrypt

15

23.1 Legacy Series / [Solved] Reporting: Unbound DNS

« on: February 15, 2023, 04:24:17 pm »

I played with DNSCrypt-Proxy and Query Forwarding unbound to DNSCrypt-Proxy (127.0.0.1   5353).
Since than I get no entries in the new Unbound Reporting tool. Even if I reversed the DNSCrypt-Thing and uninstalled it.
In "Services: Unbound DNS: Log File" I can see all resolvings

Code: [Select]

2023-02-15T16:07:05 Informational unbound [67783:3] reply: 192.168.2.184 remp.golem.de. AAAA IN NOERROR 0.000321 0 94
The File /var/unbound/var/run/log is also 0B.
How can I solve that Problem?