Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Syon

Pages1 2
#1
Tutorials and FAQs / Re: Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
November 04, 2024, 06:54:46 AM
Have someone done this with IPv6? Is there a way to combine IPv4 and IPv6 with Wildcard Certificates managed from OPNsense?
#2
Virtual private networks / Re: Wireguard no Ping from Lan to WG0 Clients
August 23, 2024, 02:21:15 PM
No, and it was working in the past without extra gateway and route.... I have changed many Firewall rules and I think, I have missed something since than. But its to long ago for me to remember the exact way.
#3
Virtual private networks / Wireguard no Ping from Lan to WG0 Clients
August 23, 2024, 07:44:35 AM
Hello,
I have the situation that I'm not be able to send even a Ping from a LAN Client to a Wireguard Client. It is not a Problem if both Machines are connected through Wireguard.
I have also full access from the Wireguard Clients.
What am I missing?

My config:

Client:
Code Select
[Interface]
Address = 10.0.10.5/24
PrivateKey = ***
ListenPort = 51820
DNS = 10.0.10.1

[Peer]
PublicKey = ***
Endpoint = ***:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Firewall:Rules:WG0
Code Select
IN  IPv4*  LANIP/24  *  WireGuard (Group) net  *  *  *

Firewall:Rules:Wiregguard(Group)
Code Select
IN  IPv4+6*  Wireguard (Group) net  *  *  *  *  *

Firewall:Rules:LAN
Code Select
IN  IPv4* LANIP/24  *  WireGuard (Group) net  *  *  *

I can see, that the Firewall ist letting it throu
Code Select
WG0 2024-08-23T07:40:11 LANIP 10.0.10.5 icmp let out anything from firewall host itself
LAN 2024-08-23T07:40:11 LANIP 10.0.10.5 icmp Pass everything !NET
#4
23.1 Legacy Series / Re: Suricata and HAProxy
March 13, 2023, 12:48:42 PM
Yes, I thought, that decrypt and encrypt on the OPNsense would do the trick.... But therefor it had to inspect an interface X between the processes...
#5
23.1 Legacy Series / Suricata and HAProxy
March 12, 2023, 12:41:21 PM
I'm running a HAProxy with a wildcard Let's Encrypt Certificate. From OPNsense to the Server is the traffic also encrypted with Let's Encrypt Certificates. Is Suricata able to inspect this traffic? It is listening to the intern Interface, but there should be only encrypted traffic?
#6
23.1 Legacy Series / Re: 23.1.2 system log full of errors Netdata
March 12, 2023, 07:32:24 AM
Jep, looks good.
#7
23.1 Legacy Series / Re: 23.1.2 system log full of errors Netdata
March 11, 2023, 11:54:34 AM
I also have this kind of messages.

Code Select
2023-03-11T11:39:30 Error apps.plugin Cannot fetch process 43236 command line (command 'sh')
2023-03-11T11:39:30 Error apps.plugin Cannot fetch process 45219 command line (command 'tail')
2023-03-11T11:39:30 Error apps.plugin Cannot fetch process 44673 command line (command 'awk')
2023-03-11T11:36:26 Error apps.plugin Cannot fetch process 33784 command line (command 'sh')
2023-03-11T11:26:16 Error apps.plugin pid 32776 awk states parent 32251, but the later does not exist.
2023-03-11T11:26:15 Error apps.plugin pid 32776 awk states parent 32251, but the later does not exist.
2023-03-11T11:26:14 Error apps.plugin pid 32776 awk states parent 32251, but the later does not exist.
2023-03-11T11:26:14 Error apps.plugin Cannot fetch process 32776 command line (command 'awk')
2023-03-11T11:05:48 Error apps.plugin Cannot fetch process 72761 command line (command 'pfctl')
2023-03-11T10:56:52 Error apps.plugin Cannot fetch process 12937 command line (command 'sh')
#8
23.1 Legacy Series / Monit Firmware update check
March 06, 2023, 07:46:42 AM
Hey,
is it possible to test if a cronjob for the "firmware update check" left positive with monit to send an email if there are updates available?
#9
23.1 Legacy Series / Re: [Captive] Whitelist URL
February 26, 2023, 02:40:49 PM
I'm also interested in that.

I want do Whitelist my pages without authentication.
I've tried it on Services: Web Proxy: Administration Accsess Control List in Whitelist with ordinary page.de and with ^https?:\/\/([A-z]|[0-9]+)\.page\.
Didn't find a awnser...
#10
23.1 Legacy Series / Re: The new unbound reporting is pretty cool
February 20, 2023, 08:46:41 AM
Right. Same here. But not every Client is affected. For example some Phones (Android) are OK.
#11
23.1 Legacy Series / Re: The new unbound reporting is pretty cool
February 16, 2023, 08:20:44 AM
Look here.
Patch
Code Select
opnsense-patch -a kulikov-a 404b9d5
#12
23.1 Legacy Series / Re: Update to 23.1.1: Unbound reporting broken/not working
February 16, 2023, 08:00:33 AM
THX a lot. It solved my Problem from here.
#13
23.1 Legacy Series / Re: Reporting: Unbound DNS
February 16, 2023, 07:59:15 AM
Solved with this Patch from here.
Code Select
opnsense-patch -a kulikov-a 404b9d5
#14
23.1 Legacy Series / Re: Reporting: Unbound DNS
February 15, 2023, 04:31:11 PM
Oh, yes. I also had made an Update before playing with DNSCrypt
#15
23.1 Legacy Series / [Solved] Reporting: Unbound DNS
February 15, 2023, 04:24:17 PM
I played with DNSCrypt-Proxy and Query Forwarding unbound to DNSCrypt-Proxy (127.0.0.1   5353).
Since than I get no entries in the new Unbound Reporting tool. Even if I reversed the DNSCrypt-Thing and uninstalled it.
In "Services: Unbound DNS: Log File" I can see all resolvings
Code Select
2023-02-15T16:07:05 Informational unbound [67783:3] reply: 192.168.2.184 remp.golem.de. AAAA IN NOERROR 0.000321 0 94
The File /var/unbound/var/run/log is also 0B.
How can I solve that Problem?
Pages1 2