"
Thanks, i will make some tests with that.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
Web Proxy Filtering and Caching / Nginx reverse proxy - no GUI
October 19, 2024, 02:20:05 PM
Hi,
I have 2 web servers on my LAN, they should dispatched by a classic Nginx setup like :
How to included that config on OPNSense Nginx configuration ? How to preserve it when the module will be updated ? There is no GUI for that kind of rules in web interface.
I have 2 web servers on my LAN, they should dispatched by a classic Nginx setup like :
Code Select
server {
listen 80;
server_name web1.domain.eu;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<host1>:80;
}
}
server {
listen 80;
server_name web2.domain.eu;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://<host2>:80;
}
}
How to included that config on OPNSense Nginx configuration ? How to preserve it when the module will be updated ? There is no GUI for that kind of rules in web interface.
#3
General Discussion / Re: Tor setup with relay / exit
August 19, 2022, 04:10:36 PM
115 views and still no reply, look like nodody use Tor plugin :/
#4
General Discussion / Tor setup with relay / exit
August 07, 2022, 02:37:42 PM
Hi,
I'm searching a real tutorial to understand how to setup a Tor relay with exit.
The documentation for the Tor plugin is just a basic description with no real setup.
For now, I'm blocked on the step where my Tor node is ok but not showing on map (https://metrics.torproject.org/rs.html#search/Singman). I think I'm missing some open ports or ACL somewhere...
I'm searching a real tutorial to understand how to setup a Tor relay with exit.
The documentation for the Tor plugin is just a basic description with no real setup.
For now, I'm blocked on the step where my Tor node is ok but not showing on map (https://metrics.torproject.org/rs.html#search/Singman). I think I'm missing some open ports or ACL somewhere...
#5
French - Français / Re: Plus d'interface Web et SSH après mise à jour en 22.1.10
August 07, 2022, 02:32:44 PM
Bonjour,
Non rien n'a marché.
J'ai du refaire une installation "from scratch" en formatant tout. Impossible de trouver d'où venait le bug.
Non rien n'a marché.
J'ai du refaire une installation "from scratch" en formatant tout. Impossible de trouver d'où venait le bug.
#6
22.1 Legacy Series / Re: No more web interface or SSH after updating to 22.1.10
July 15, 2022, 09:50:30 PM
Result of "tcpdump -n host 192.168.0.60 and port 22" while trying to open an SSH session from PC to opnsense :
Look like there is nothing that answer on this interface (LAN). Really strange if you see the previous screenshot.
Look like there is nothing that answer on this interface (LAN). Really strange if you see the previous screenshot.
#7
22.1 Legacy Series / Re: No mor web interface or SSH after updating to 22.1.10
July 15, 2022, 03:38:45 PM
ipconfig show :
igb0 (LAN) with an IPv4 address I've defined (192.168.0.254), status active and up
igb1 (WAN) with an IPv4 address too, defined by provider via DHCP (...), status active and up.
Others interfaces have no carrier (igb2 and igb3.
Also exists enc0, lo0, pflog0 and pfsync0
From the LAN, I could ping OPNSense. Look like everything is ok
For netstat, I'm used to type "netstat -tlnp" from other Unix (not *BSD) so I could not decrypt exactly what is showed in "netstat -a" qo I used "netstat -4an" to focus on my access from LAN to web management :
I have DNS (53), HTTP (80) and HTTPS (443) listening (see picture). Look like OK for me.
TCPdump give too much informations (and private ones), so I need an example to narrow the display.
igb0 (LAN) with an IPv4 address I've defined (192.168.0.254), status active and up
igb1 (WAN) with an IPv4 address too, defined by provider via DHCP (...), status active and up.
Others interfaces have no carrier (igb2 and igb3.
Also exists enc0, lo0, pflog0 and pfsync0
From the LAN, I could ping OPNSense. Look like everything is ok
For netstat, I'm used to type "netstat -tlnp" from other Unix (not *BSD) so I could not decrypt exactly what is showed in "netstat -a" qo I used "netstat -4an" to focus on my access from LAN to web management :
I have DNS (53), HTTP (80) and HTTPS (443) listening (see picture). Look like OK for me.
TCPdump give too much informations (and private ones), so I need an example to narrow the display.
#8
22.1 Legacy Series / Re: No mor web interface or SSH after updating to 22.1.10
July 11, 2022, 11:30:41 PM
I'm already accessing with https SSL the router.
Have tried without too, same result
Have tried without too, same result
#9
22.1 Legacy Series / No more web interface or SSH after updating to 22.1.10
July 10, 2022, 10:41:47 PM
Hi,
I updated my OPNSense via the web interface with no problem, system rebooted and functional.
A week later, I wanted to access it via web interface : no answer.
I've tried via SSH : no connection.
Only the console is ok, no error, no strange message.
Updated via console : ok
Restarted : still no web interface or SSH.
I think some rules discarded during update. Any idea ?
I updated my OPNSense via the web interface with no problem, system rebooted and functional.
A week later, I wanted to access it via web interface : no answer.
I've tried via SSH : no connection.
Only the console is ok, no error, no strange message.
Updated via console : ok
Restarted : still no web interface or SSH.
I think some rules discarded during update. Any idea ?
#10
French - Français / Plus d'interface Web et SSH après mise à jour en 22.1.10
July 10, 2022, 07:33:53 PM
Bonjour,
Voilà, tout est dans le titre. Après la mise à jour (faite par l'interface Web), plus moyen d'y acceder. Plus de SSH aussi, il ne me reste plus que la console.
Une idée ?
Voilà, tout est dans le titre. Après la mise à jour (faite par l'interface Web), plus moyen d'y acceder. Plus de SSH aussi, il ne me reste plus que la console.
Une idée ?
#11
French - Français / Re: GUI sur un "faux" WAN
June 16, 2020, 12:37:10 PM
Je répond moi-même :
Je désactive le firewall et basta :)
Je désactive le firewall et basta :)
#12
General Discussion / Re: Upgrade path from 17.1 to current ?
May 29, 2020, 09:00:47 PMQuote from: franco on May 29, 2020, 09:17:46 AM
No other way.
Cheers,
Franco
So, a good idea to make the update(s) less frustrating : put an option to do automatically updates over and over until the current version ! From 17.1 to 20.1.7, it took an afternoon and I have 10 boxes to do :)
#14
General Discussion / Re: WAN Balancing Not working
May 29, 2020, 09:00:56 AM
I'm not sure how OPNSense is working but :
Using loadbalancing with 2 or more WAN need a stateful engine otherwise that will not work.
When a web connexion is made (web is a good example because it's doing many requests with a non-linear timeline), you can have packets going from either WAN but the firewall should remember the source and what WAN interface it's using. Otherwise, any destination with a security will detect a "spoofing" or 'man-in-the-middle" attack and will block you (or cookie based on public @IP will fail, etc...).
The hard part with web is to remember that "path" for a very long time because a user could stay on a page for an undefined period.
Using loadbalancing with 2 or more WAN need a stateful engine otherwise that will not work.
When a web connexion is made (web is a good example because it's doing many requests with a non-linear timeline), you can have packets going from either WAN but the firewall should remember the source and what WAN interface it's using. Otherwise, any destination with a security will detect a "spoofing" or 'man-in-the-middle" attack and will block you (or cookie based on public @IP will fail, etc...).
The hard part with web is to remember that "path" for a very long time because a user could stay on a page for an undefined period.
#15
General Discussion / [Resolved] Upgrade path from 17.1 to current ?
May 28, 2020, 09:52:09 PM
Hi,
Is there a faster way to upgrade from 17.1 to current 20.1.7 instead of upgrading to all steps between (except of course, to reinstall everything) ?
Thanks.
Is there a faster way to upgrade from 17.1 to current 20.1.7 instead of upgrading to all steps between (except of course, to reinstall everything) ?
Thanks.
