1
General Discussion / Re: nslookup from command line?
« on: August 19, 2022, 07:37:29 am »Ah ... I have BIND installed, sorry.
drill is the base system replacement for dig.
Many thanks!
Was exactly what I was after
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
Many thanks!
Was exactly what I was after
2
General Discussion / Re: nslookup from command line?
« on: August 19, 2022, 12:54:21 am »
Thanks for the response.
But dig also seems missing from out of the box.
What’s the recommendation towards my initial question?
But dig also seems missing from out of the box.
What’s the recommendation towards my initial question?
3
General Discussion / nslookup from command line?
« on: August 18, 2022, 10:34:38 pm »
dear all,
looking for advise
I'm surprized that the nslookup tool isn't available out-of-the-box on opnsense.
What's the recommended/pragmatic way to make simple resolve of fqdn from the command line?
Is there a tool I oversaw?
Should I install nslookup from /usr/port?
Thanks
looking for advise
I'm surprized that the nslookup tool isn't available out-of-the-box on opnsense.
What's the recommended/pragmatic way to make simple resolve of fqdn from the command line?
Is there a tool I oversaw?
Should I install nslookup from /usr/port?
Thanks
4
21.7 Legacy Series / Re: get base64 tool
« on: September 23, 2021, 03:36:43 pm »
Many thanks for the response.
To help any other people having this issue and finding this thread.
I managed to make it work via 2 options:
1- I build a oneliner- script to use openssl base64. I named the script base64 and redirect args towards openssl - following fabian's pointers
2- I downloaded the compiled binary from lilsense link: https://freebsd.pkgs.org/12/freebsd-amd64/base64-1.5_1.txz.html - worked right out of the box!
Both solution works.
There is still a 3rd way which would have been to compile from source ... but I haven't gone through this.
My warm thanks for the support!
my bash script (named base64 and placed in /root/bin):
To help any other people having this issue and finding this thread.
I managed to make it work via 2 options:
1- I build a oneliner- script to use openssl base64. I named the script base64 and redirect args towards openssl - following fabian's pointers
2- I downloaded the compiled binary from lilsense link: https://freebsd.pkgs.org/12/freebsd-amd64/base64-1.5_1.txz.html - worked right out of the box!
Both solution works.
There is still a 3rd way which would have been to compile from source ... but I haven't gone through this.
My warm thanks for the support!
my bash script (named base64 and placed in /root/bin):
Code: [Select]
#!/usr/local/bin/bash
/usr/bin/openssl base64 "$@"
5
21.7 Legacy Series / Re: get base64 tool
« on: September 22, 2021, 08:42:57 pm »
Okay many thanks, I can work with this
6
21.7 Legacy Series / Re: get base64 tool
« on: September 22, 2021, 04:09:01 pm »
Sorry for the late response, I hadn't been notified on the activity here.
Thanks for your reply.
I can't find the tool handy in the pkg library.
These 2 options you recommend, would you please be kind to share a link there where I can learn more how to work with ports or openssl to achieve this result?
Thanks
Thanks for your reply.
I can't find the tool handy in the pkg library.
These 2 options you recommend, would you please be kind to share a link there where I can learn more how to work with ports or openssl to achieve this result?
Thanks
7
21.7 Legacy Series / get base64 tool
« on: September 17, 2021, 05:25:39 pm »
Hello,
I am struggling to find an actionable way to get the tool base64 on opnsense
for reference: https://linux.die.net/man/1/base64
This is the tool to encode/decode string from the shell.
I can't find it in packages, it's not installed by default ...
Am I missing something easy and obvious to get it ?
Any pointers would be welcome.
Thanks
I am struggling to find an actionable way to get the tool base64 on opnsense
for reference: https://linux.die.net/man/1/base64
This is the tool to encode/decode string from the shell.
I can't find it in packages, it's not installed by default ...
Am I missing something easy and obvious to get it ?
Any pointers would be welcome.
Thanks
8
General Discussion / Re: OpenVPN: Single NIC opnsense as client - how to forward VPN traffic to local LAN
« on: May 23, 2020, 07:26:22 pm »
We can close the topic
I feel a bit stupid, but it ended up being some firewall rules into the Mikrotik side that prevented to forward the traffic.
So it was absolutely not where I focused hours of attention, ie into the opnsense forwarding capabilities.
here goes some time well spent!
I'll mark the topic as solved.
I feel a bit stupid, but it ended up being some firewall rules into the Mikrotik side that prevented to forward the traffic.
So it was absolutely not where I focused hours of attention, ie into the opnsense forwarding capabilities.
here goes some time well spent!
I'll mark the topic as solved.
9
General Discussion / [Solved] OpenVPN: Single NIC opnsense as client - how to forward VPN traffic
« on: May 23, 2020, 03:30:20 pm »
Dear Community,
I'm new joiner to opnsense, but with some experience working with *BSD systems back in 1999-2003.
Could you please help me understand why I can't get opnsense to allow VPN traffic to local LAN?
I can't get the remote LAN to ping devices in the local LAN (the LAN on opnsense).
My setup:
------------------------------------------------------------------------------------------
--- | (192.168.14.20)OPT1 (OPNsense, as OpenVPN client) (192.168.137.137)LAN | --- (192.168.137.0/24)Local
| ------------------------------------------------------------------------------------------
|
VPN-Tunnel(192.168.14.0/24)
|
| ----------------------------------------------------------------------------------------------
--- | (192.168.14.254)OVPN-Iface (mikrotik, as OpenVPN server) (192.168.4.254)LAN | - (192.168.4.0/24)Remote
----------------------------------------------------------------------------------------------
What I configured
- the OpenVPN server is a mikrotik router
- opnsense (OPNsense 20.1.7 (amd64/OpenSSL)) is a box in my network
- it's a single NIC box - the NIC is configured as LAN
- A virtual nic (ovpnc1) gets created when the VPN configuration is created. I associated this NIC as OPT1
- opnsense establishes the VPN connection OK with the OpenVPN server
- devices in the LAN subnet can ping devices in the remote subnet
- I have added firewall rules to all interfaces (floating, LAN, OpenVPN, OPT1) to permit all to all (example in the attachments
- I have created all sorts of (failed attempts) on NAT one-to-one as shown below and NAT outbound as show in the attachments
Found similar threads with no clear solutions:
https://forum.opnsense.org/index.php?topic=6860.0
I tried the one-on-one NAT (see screenshots), but they don't seem to be working
https://forum.opnsense.org/index.php?topic=3050.msg9401#msg9401
I tried the Hybrid NAT (see screenshots), but they don't seem to be working either
https://forum.opnsense.org/index.php?topic=4476.0
https://forum.opnsense.org/index.php?topic=3984.msg20878#msg20878
I don't think "client exception" will work as opnsense is the VPN client.
"client exception" seems to apply when opnsense is the VPN server.
EDIT:
opnsense is aimed to replace an OpenWRT router, which was capable (until it fried last week) to move traffic from the remote lan to the local lan; ie: what I can't manage to do at the moment.
It's really a 1:1 replacement: a single interface of the openWRT was used. And the forward was pretty easy to implement: had to check a "masquerading" checkbox next to the interface name.
This gives me confidence in the fact that the server side is OK (mikrotik), and I replicated the openvpn setup into the opnsense.
I must be close, but I spent 4 hours on it, and my wife is getting upset.
Happy to provide more insights if need be
Thanks
I'm new joiner to opnsense, but with some experience working with *BSD systems back in 1999-2003.
Could you please help me understand why I can't get opnsense to allow VPN traffic to local LAN?
I can't get the remote LAN to ping devices in the local LAN (the LAN on opnsense).
My setup:
------------------------------------------------------------------------------------------
--- | (192.168.14.20)OPT1 (OPNsense, as OpenVPN client) (192.168.137.137)LAN | --- (192.168.137.0/24)Local
| ------------------------------------------------------------------------------------------
|
VPN-Tunnel(192.168.14.0/24)
|
| ----------------------------------------------------------------------------------------------
--- | (192.168.14.254)OVPN-Iface (mikrotik, as OpenVPN server) (192.168.4.254)LAN | - (192.168.4.0/24)Remote
----------------------------------------------------------------------------------------------
What I configured
- the OpenVPN server is a mikrotik router
- opnsense (OPNsense 20.1.7 (amd64/OpenSSL)) is a box in my network
- it's a single NIC box - the NIC is configured as LAN
- A virtual nic (ovpnc1) gets created when the VPN configuration is created. I associated this NIC as OPT1
- opnsense establishes the VPN connection OK with the OpenVPN server
- devices in the LAN subnet can ping devices in the remote subnet
- I have added firewall rules to all interfaces (floating, LAN, OpenVPN, OPT1) to permit all to all (example in the attachments
- I have created all sorts of (failed attempts) on NAT one-to-one as shown below and NAT outbound as show in the attachments
Found similar threads with no clear solutions:
https://forum.opnsense.org/index.php?topic=6860.0
I tried the one-on-one NAT (see screenshots), but they don't seem to be working
https://forum.opnsense.org/index.php?topic=3050.msg9401#msg9401
I tried the Hybrid NAT (see screenshots), but they don't seem to be working either
https://forum.opnsense.org/index.php?topic=4476.0
https://forum.opnsense.org/index.php?topic=3984.msg20878#msg20878
I don't think "client exception" will work as opnsense is the VPN client.
"client exception" seems to apply when opnsense is the VPN server.
EDIT:
opnsense is aimed to replace an OpenWRT router, which was capable (until it fried last week) to move traffic from the remote lan to the local lan; ie: what I can't manage to do at the moment.
It's really a 1:1 replacement: a single interface of the openWRT was used. And the forward was pretty easy to implement: had to check a "masquerading" checkbox next to the interface name.
This gives me confidence in the fact that the server side is OK (mikrotik), and I replicated the openvpn setup into the opnsense.
I must be close, but I spent 4 hours on it, and my wife is getting upset.
Happy to provide more insights if need be
Thanks
Pages: [1]