OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of knossos »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - knossos

Pages: [1]
1
20.1 Legacy Series / Re: OpenVPN static IP address
« on: May 11, 2020, 12:30:39 pm »
I also have a question concerning this setup that might be relevant for you as well:

With
Code: [Select]
ifconfig-push 192.168.99.15 255.255.255.0 you should assign the fixed IP address 192.168.99.15 to the client with the client specific override setting. For instance, in a certificate based scenario, the override would use the client certificate common name.


However, what happens if the same client has multiple devices and uses them to connect multiple times at the same time ?

In that case, IMHO the above configuration would only work a single time. If the user is already connected with a one device, the IP address will be taken. Hence if the user connects with another device at the same time, he would receive the same IP address again (192.168.99.15). Since the IP address is already taken for his first connection, I suppose the connection would fail.

So, is there a way to assign static IP address ranges to users ?

For instance, a user might have the fixed IP range 192.168.99.15 - 20.
Hence, the user could connect with up to 5 clients/devices at the same time. Each device would receive an address from the range 192.168.99.15 - 20. Any client specific firewall rules would thus consider the user's specific range.

Is this possible ?

Thanks !

2
20.1 Legacy Series / Unbound DNS returns IP addresses for all local VLAN interfaces
« on: May 11, 2020, 12:19:41 pm »
Hi,

I have configured OPNsense with several VLAN interfaces as well as unbound DNS. While in general it is working just fine, my problem is that for the local system name, UnboundDNS returns the IP addresses of all interfaces (i.e. including VLAN interfaces). Instead, I would like it to return only the single IP address where the web interface is listening on.
Thus if a user enters https://firewall_hostname into the browser, the name should resolve to the one IP address where the OPNsense webserver is listening. At the moment, accessing https://firewall_hostname does not work as the UnboundDNS resolves this address to many IP addresses. The brower takes the first one which is the interface address of a VLAN where there is no webserver listening. As a result, the firewall can be accessed only by directy using the IP address instead: http://<FW IP>


UnboundDNS is set up the following way:
Network Interfaces: <all interfaces, so that it can respond to queries on all interfaces>
DNS Query Forwarding: not enabled
Local Zone Type: transparent

custom options:
------------------------------------------
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: <ext Server>
------------------------------------------


In the UnboundDNS override configuration, I added an overwrite for firewall_hostname so that it resolves to a single IP address only. However, the override does not appear to be working.


How can I set up UnboundDNS so that for the name firewall_hostname it only returns the IP Adress of the interface where the web console is running instead of returning the IP addresses of all interfaces ?

Thank you !

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2