Messages

Hello, anyone know how to set this options in the caddy proxy plugin inside opnsense like this nginx rules?:

Code Select Expand

proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
client_max_body_size 0; 
proxy_buffering off; 
proxy_request_buffering off; 
add_header X-Frame-Options SAMEORIGIN; 
autoindex off;

Look attached image, i'm sure that is uncorrect ;D :o

Hello.
Could be a stupid question, but I can aggregate multiple alias, to be used as source invert in NAT rule?

I mean, i want to aggregate a geoip rule, a cloudfront iplist and CrowdSec ip list??

Thank you.

Hello.
where I'm wrong?
opening udp port 22124 for jamulus server results in connection deny in the logs.

I have set,
from: wan address
destination: this firewall
source port: any
destination port: 22124
lan address: 192.168.30.101
destination: 22124

In vpn (local remote opnsense lan) I can connect to the jamulus server but using wan ip.. I see connection drops in the logs..
others tcp rules are working correctly.

thanks.

the –reneg-sec 0 it's not recognized from tunnelbclik (client openvpn for mac)
used as parameter in a single line. I need to use like??:

remote server_ip 1194 udp –reneg-sec 0

nope, sorry, never used such setting...

should be

Code Select Expand

–reneg-sec n in config file, but maybe this command doesnt exist in client config.

for reference the command description from ovpn:

–reneg-sec n
    Renegotiate data channel key after n seconds (default=3600).When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour.

    Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set –reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase –reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.

Helloooo :)

I run opnsense inside proxmox using virtio network card
and i can reach only 350mbps in download , the same vps with virtio, outside the opnsense reach 940mbps.

Where is the problem?
I was planning to use it on a 10gbps server, but E100 driver is only 1gbps speed and if opensense have problems with virtio driver, this is a big problem for 10gbps networks

Really thank you.
I have changed the server side, but in the client config i don't see any text string relative to time password.

You know what i need to specify?

Hello,
I have setup the openvpn server with the time based code generation.

It works but after some times it systematic disconnect me from the server...

There is a time out setting?

I don't know why, but after a reboot the nat was applied and the second ip on the dedicated virtual ethernet works correctly.

Thank you, but using proxmox and Hetzner servers I need to create a separate MAC address for the new ip address to correctly route it to the right vps.

To do this I need to add a virtual ethernet card with this mac address, therefore assign the public Ip to the device.

I have added the virtual ethernet card to opnsense, assigning the mac address on proxmox, therefore added the net device to opnsense with the right ip.

Opnsense now have 3 virtual ethernet:
- 1: WAN public ip
- 2: LAN private ip with nat to internal virtual servers.
- 3: second Public IP that i want to nat on 443 port to a internal 443 to a VPS within the LAN private network (2).

I have set the NAT on the (3) secondo public ip device, but i see that any incoming traffic to this ip is dropped by opnsense.

Where I'm wrong?

Really thank you.
Last question, obviously i need to add a virtual card on the firewall? it can't work on the same network card?

Hi.
I need to add a second public ip to the firewall and perform a nat 443 to internal VPS on proxmox.

The firewall already have a  public ip and 443 is already used by another service.
How to do this? I can't find in the manual.

Any advice?
Thank you.