1
21.7 Legacy Series / Re: Creating Self Signed certificate SAN missing after save
« on: January 01, 2022, 12:17:27 pm »
yep, i understand now.
Thank you !
Thank you !
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
21.7 Legacy Series / Re: Creating Self Signed certificate SAN missing after save
« on: January 01, 2022, 09:48:22 am »
so you tried "*" as a hostname in Host Overrides and unbound crashes with this settings?
Domain matches "domain" value in System: Settings: General?
Actually i tried Domain Override not Host and that didn't work, after some reading turns out you cannot override your OPNSense domain (added to Settings>General)
3
21.7 Legacy Series / Re: Creating Self Signed certificate SAN missing after save
« on: December 31, 2021, 09:01:41 pm »
Eh it's there now, where you pointed, earlier certificates had additional filed SubjectAltName ,see attachment, so i was confused:
now its only in "X509v3 Subject Alternative Name"
Thank you!!
Additional question, i am using Unbound Host Overrides to point to my local Nginx proxy, everything works, but instead of creating 20+ entries for all my internal services i tried Domain Override and it just cannot resolve domain names, so i have to go one by one with Host Overrides.
is this correct?
now its only in "X509v3 Subject Alternative Name"
Thank you!!
Additional question, i am using Unbound Host Overrides to point to my local Nginx proxy, everything works, but instead of creating 20+ entries for all my internal services i tried Domain Override and it just cannot resolve domain names, so i have to go one by one with Host Overrides.
is this correct?
4
21.7 Legacy Series / Creating Self Signed certificate SAN missing after save
« on: December 31, 2021, 08:10:56 pm »
I cannot get subjectAltName to stay after creating a certificate.
I followed https://docs.opnsense.org/manual/how-tos/self-signed-chain.html, and the last step is to add domain in
"see attachment" i cannot get it to stay.
It missing after certificate is created and chrome is throwing an error.
NET::ERR_CERT_COMMON_NAME_INVALID
Weird thing is that i created few certificates last year and it worked.
I am on lates OPNSense version.
thanks!
I followed https://docs.opnsense.org/manual/how-tos/self-signed-chain.html, and the last step is to add domain in
"see attachment" i cannot get it to stay.
It missing after certificate is created and chrome is throwing an error.
NET::ERR_CERT_COMMON_NAME_INVALID
Weird thing is that i created few certificates last year and it worked.
I am on lates OPNSense version.
thanks!
5
General Discussion / Allow only Cloudflare IP's , doesn't work
« on: August 22, 2020, 03:14:04 pm »
I have double NAT which is working , 443 is forwarded to NGINX which delivers some internal services.
ISP router provides 192.168.0.2 to WAN on OPNSense and the other network adapter on OPNSense is for local network 192.168.1.0/24
I created Alias with CF IPs from https://www.cloudflare.com/ips/ , i also added GEOIP block rule. but it seems it doesn't block traffic. For example i can see my mobile phone accessing nginx from blocked address .
Now if i put Cloudflare IPs as an alias in NAT rule (mark as yellow) , traffic doesnt pass no matter if i am accessing via CLoudflare, so i had to add ALLOW ANY in SOURCES.
How can i secure my network so that only Cloudflare IPs are passed to NGINX on 443 .
Picture of FW rules
EDIT: CLoudflare CIDR was not correct
ISP router provides 192.168.0.2 to WAN on OPNSense and the other network adapter on OPNSense is for local network 192.168.1.0/24
I created Alias with CF IPs from https://www.cloudflare.com/ips/ , i also added GEOIP block rule. but it seems it doesn't block traffic. For example i can see my mobile phone accessing nginx from blocked address .
Now if i put Cloudflare IPs as an alias in NAT rule (mark as yellow) , traffic doesnt pass no matter if i am accessing via CLoudflare, so i had to add ALLOW ANY in SOURCES.
How can i secure my network so that only Cloudflare IPs are passed to NGINX on 443 .
Picture of FW rules
EDIT: CLoudflare CIDR was not correct
Pages: [1]