1
Documentation and Translation / Re: Documentation of config.xml settings
« on: July 22, 2020, 04:53:45 pm »
Thank you for the suggestions, I'm making some progress now.
edit: fixed typo
edit: fixed typo
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Documentation and Translation / Documentation of config.xml settings
« on: July 21, 2020, 10:28:19 am »
Is there a source of documentation regarding possible settings in /conf/config.xml?
I want to write a tool to migrate parts of a fortigate configuration into OPNsense and therefore I'm especially interested in documentation regarding firewall rules.
I found https://github.com/opnsense/core/blob/master/src/etc/config.xml.sample but there is not much documentation about firewall rules.
I want to write a tool to migrate parts of a fortigate configuration into OPNsense and therefore I'm especially interested in documentation regarding firewall rules.
I found https://github.com/opnsense/core/blob/master/src/etc/config.xml.sample but there is not much documentation about firewall rules.
3
20.1 Legacy Series / Re: Problems with High Availablity setup, CARP and accessing the internet (VM setup)
« on: May 19, 2020, 01:20:20 pm »
I solved the issue, for all other people struggling with the same problems:
- In the WAN interface configuration on both OPNsense machines make sure that Block private networks and Block bogon networks are not activated!
- In the configuration of the Hypervisor (VirtualBox) make sure all OPNsense network interfaces are allowed to use the promiscuous mode!
4
20.1 Legacy Series / [solved] High Availablity setup, CARP and accessing the internet (VM setup)
« on: May 18, 2020, 04:36:00 pm »
In preparation for a OPNsense Rollout I am testing the High Availablity setup with VirtualBox.
In short I can not access the WAN from the LAN even tho the OPNsense nodes can.
Following the documentation https://docs.opnsense.org/manual/how-tos/carp.html I came up with this setup:
There also exists a direct connection between the two OPNsense VMs for pfSync (10.0.0.1 and 10.0.0.2).
I summed up the behavior in this list:
I could not find any helpful information regarding this issue and would be grateful for help and hints.
In short I can not access the WAN from the LAN even tho the OPNsense nodes can.
Following the documentation https://docs.opnsense.org/manual/how-tos/carp.html I came up with this setup:
| 192.168.178.0/24 | 192.168.1.0/24 | |||||
/ | 192.168.178.151 WAN | VM OPNsense1 | 192.168.1.1 LAN | \ | ||
| FritzBox/AVM Router | - | 192.168.178.10 WAN VIP | CARP | 192.168.1.10 LAN VIP | - | VM Debian Test Client |
\ | 192.168.178.152 WAN | VM OPNsense2 | 192.168.1.2 LAN | / |
There also exists a direct connection between the two OPNsense VMs for pfSync (10.0.0.1 and 10.0.0.2).
I summed up the behavior in this list:
- The syncronisation seems to work.
- I can't access the internet or the WAN on the Debian client and my reqests don't show up in the firewall log
- Pinging the OPNsense nodes directly works.
- I tried to ping the LAN VIP and got no response.
- However using arping i get a response from this address.
- Furthermore DNS resolve works on 192.168.1.1 and 192.168.1.2 but not on 192.168.1.10
I could not find any helpful information regarding this issue and would be grateful for help and hints.
Pages: [1]