Messages

Thanks Maurice for the quick response, clear.

Hi Maurice,

Thanks for your work here!

Any plans to publish zfs versions for aarch64?

Thanks

Ah ... I have BIND installed, sorry.

drill is the base system replacement for dig.

Many thanks!
Was exactly what I was after :)

Thanks for the response.

But dig also seems missing from out of the box.

What's the recommendation towards my initial question?

dear all,

looking for advise

I'm surprized that the nslookup tool isn't available out-of-the-box on opnsense.

What's the recommended/pragmatic way to make simple resolve of fqdn from the command line?
Is there a tool I oversaw?
Should I install nslookup from /usr/port?

Thanks

Many thanks for the response.

To help any other people having this issue and finding this thread.

I managed to make it work via 2 options:
1- I build a oneliner- script to use openssl base64. I named the script base64 and redirect args towards openssl - following fabian's pointers
2- I downloaded the compiled binary from lilsense link: https://freebsd.pkgs.org/12/freebsd-amd64/base64-1.5_1.txz.html - worked right out of the box!

Both solution works.

There is still a 3rd way which would have been to compile from source ... but I haven't gone through this.

My warm thanks for the support!

my bash script (named base64 and placed in /root/bin):

Code Select Expand

#!/usr/local/bin/bash
/usr/bin/openssl base64 "$@"

Okay many thanks, I can work with this

Sorry for the late response, I hadn't been notified on the activity here.

Thanks for your reply.

I can't find the tool handy in the pkg library.

These 2 options you recommend, would you please be kind to share a link there where I can learn more how to work with ports or openssl to achieve this result?

Thanks

Hello,

I am struggling to find an actionable way to get the tool base64 on opnsense

for reference: https://linux.die.net/man/1/base64
This is the tool to encode/decode string from the shell.

I can't find it in packages, it's not installed by default ...
Am I missing something easy and obvious to get it ?

Any pointers would be welcome.

Thanks

We can close the topic

I feel a bit stupid, but it ended up being some firewall rules into the Mikrotik side that prevented to forward the traffic.
So it was absolutely not where I focused hours of attention, ie into the opnsense forwarding capabilities.

here goes some time well spent!

I'll mark the topic as solved.

[Could you please help me understand why I can't get opnsense to allow VPN traffic to local LAN?]

Dear Community,

I'm new joiner to opnsense, but with some experience working with *BSD systems back in 1999-2003.

Could you please help me understand why I can't get opnsense to allow VPN traffic to local LAN?
I can't get the remote LAN to ping devices in the local LAN (the LAN on opnsense).

My setup:
      ------------------------------------------------------------------------------------------
--- | (192.168.14.20)OPT1 (OPNsense, as OpenVPN client) (192.168.137.137)LAN | --- (192.168.137.0/24)Local
|     ------------------------------------------------------------------------------------------
|
VPN-Tunnel(192.168.14.0/24)
|
|    ----------------------------------------------------------------------------------------------
--- | (192.168.14.254)OVPN-Iface (mikrotik, as OpenVPN server) (192.168.4.254)LAN | - (192.168.4.0/24)Remote
     ----------------------------------------------------------------------------------------------



What I configured
- the OpenVPN server is a mikrotik router
- opnsense (OPNsense 20.1.7 (amd64/OpenSSL)) is a box in my network
- it's a single NIC box - the NIC is configured as LAN
- A virtual nic (ovpnc1) gets created when the VPN configuration is created. I associated this NIC as OPT1
- opnsense establishes the VPN connection OK with the OpenVPN server
- devices in the LAN subnet can ping devices in the remote subnet
- I have added firewall rules to all interfaces (floating, LAN, OpenVPN, OPT1) to permit all to all (example in the attachments
- I have created all sorts of (failed attempts) on NAT one-to-one as shown below and NAT outbound as show in the attachments



Found similar threads with no clear solutions:
https://forum.opnsense.org/index.php?topic=6860.0
I tried the one-on-one NAT (see screenshots), but they don't seem to be working

https://forum.opnsense.org/index.php?topic=3050.msg9401#msg9401
I tried the Hybrid NAT (see screenshots), but they don't seem to be working either

https://forum.opnsense.org/index.php?topic=4476.0
https://forum.opnsense.org/index.php?topic=3984.msg20878#msg20878

I don't think "client exception" will work as opnsense is the VPN client.
"client exception" seems to apply when opnsense is the VPN server.


EDIT:
opnsense is aimed to replace an OpenWRT router, which was capable (until it fried last week) to move traffic from the remote lan to the local lan; ie: what I can't manage to do at the moment.
It's really a 1:1 replacement: a single interface of the openWRT was used. And the forward was pretty easy to implement: had to check a "masquerading" checkbox next to the interface name.
This gives me confidence in the fact that the server side is OK (mikrotik), and I replicated the openvpn setup into the opnsense.
I must be close, but I spent 4 hours on it, and my wife is getting upset.


Happy to provide more insights if need be

Thanks