Messages

1

24.1 Legacy Series / Caddy proxy plugin headers setup

« on: May 01, 2024, 01:51:16 pm »

Hello, anyone know how to set this options in the caddy proxy plugin inside opnsense like this nginx rules?:

Code: [Select]

proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
client_max_body_size 0; 
proxy_buffering off; 
proxy_request_buffering off; 
add_header X-Frame-Options SAMEORIGIN; 
autoindex off;
Look attached image, i'm sure that is uncorrect

2

General Discussion / Group of Alias?

« on: January 06, 2024, 01:40:34 pm »

Hello.
Could be a stupid question, but I can aggregate multiple alias, to be used as source invert in NAT rule?

I mean, i want to aggregate a geoip rule, a cloudfront iplist and CrowdSec ip list??

Thank you.

3

General Discussion / udp 22124 jamulus server port doesn't work

« on: January 09, 2023, 04:14:36 pm »

Hello.
where I'm wrong?
opening udp port 22124 for jamulus server results in connection deny in the logs.

I have set,
from: wan address
destination: this firewall
source port: any
destination port: 22124
lan address: 192.168.30.101
destination: 22124

In vpn (local remote opnsense lan) I can connect to the jamulus server but using wan ip.. I see connection drops in the logs..
others tcp rules are working correctly.

thanks.

4

20.1 Legacy Series / Re: OpenVPn disconnect me after some time

« on: July 27, 2020, 01:41:24 pm »

the –reneg-sec 0 it's not recognized from tunnelbclik (client openvpn for mac)
used as parameter in a single line. I need to use like??:

remote server_ip 1194 udp –reneg-sec 0

nope, sorry, never used such setting...

should be

Code: [Select]

–reneg-sec n in config file, but maybe this command doesnt exist in client config.

for reference the command description from ovpn:

–reneg-sec n
    Renegotiate data channel key after n seconds (default=3600).When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour.

    Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set –reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase –reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.

5

Hardware and Performance / Only 350mbps speed using virtio network

« on: June 01, 2020, 01:26:21 pm »

Helloooo

I run opnsense inside proxmox using virtio network card
and i can reach only 350mbps in download , the same vps with virtio, outside the opnsense reach 940mbps.

Where is the problem?
I was planning to use it on a 10gbps server, but E100 driver is only 1gbps speed and if opensense have problems with virtio driver, this is a big problem for 10gbps networks

6

20.1 Legacy Series / Re: OpenVPn disconnect me after some time

« on: May 27, 2020, 01:17:32 pm »

Really thank you.
I have changed the server side, but in the client config i don't see any text string relative to time password.

You know what i need to specify?

7

20.1 Legacy Series / OpenVPn disconnect me after some time

« on: May 26, 2020, 09:37:04 pm »

Hello,
I have setup the openvpn server with the time based code generation.

It works but after some times it systematic disconnect me from the server...

There is a time out setting?

8

General Discussion / Re: Second public IP on the same firewall

« on: May 25, 2020, 08:23:35 pm »

I don't know why, but after a reboot the nat was applied and the second ip on the dedicated virtual ethernet works correctly.

9

General Discussion / Re: Second public IP on the same firewall

« on: May 25, 2020, 07:44:43 pm »

Thank you, but using proxmox and Hetzner servers I need to create a separate MAC address for the new ip address to correctly route it to the right vps.

To do this I need to add a virtual ethernet card with this mac address, therefore assign the public Ip to the device.

I have added the virtual ethernet card to opnsense, assigning the mac address on proxmox, therefore added the net device to opnsense with the right ip.

Opnsense now have 3 virtual ethernet:
- 1: WAN public ip
- 2: LAN private ip with nat to internal virtual servers.
- 3: second Public IP that i want to nat on 443 port to a internal 443 to a VPS within the LAN private network (2).

I have set the NAT on the (3) secondo public ip device, but i see that any incoming traffic to this ip is dropped by opnsense.

Where I'm wrong?

10

General Discussion / Re: Second public IP on the same firewall

« on: May 22, 2020, 05:03:05 pm »

Really thank you.
Last question, obviously i need to add a virtual card on the firewall? it can't work on the same network card?

11

General Discussion / Second public IP on the same firewall

« on: May 19, 2020, 11:09:59 pm »

Hi.
I need to add a second public ip to the firewall and perform a nat 443 to internal VPS on proxmox.

The firewall already have a  public ip and 443 is already used by another service.
How to do this? I can't find in the manual.

Any advice?
Thank you.