Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - tessierp

#1
Hi,

I have somehow managed to enter a Client Identifier without any host name or any details what so ever. Now when I try to see it in Services -> DHCPV4 -> LAN, it isn't listed. If I try to add something with the same identifier it says it already exists. I haven't been able to find through the UI where to delete this identifier.

Which file do I have to edit to force remove this "ghost" client identifier?

Thanks
#2
Found it! I can't set it right now since I didn't move into my new house yet. I also will have to wire the house myself with CAT6 but at least I know exactly what to do now, thanks!

Duly noted for the US-8-150W. I think most POE switches have the same problems, they run hot and have loud fans unless you upgrade the fans. That is why I bought myself an HP ProCurve 1810-24G J9803A, an old and used 1G switch I know but, it is fanless and doesn't run so hot. Of course, I have no POE and as much as I wanted to install two WIFI POE devices like the ubiquiti ones or cameras, I've decided not to do it. I'll go WIFI for the cameras and just get some good WIFI Access Points that I can connect in an outlet for power. Not the most elegant but I just don't want to have to deal with hot running devices and loud fans.

Thanks again!
#3
Hi Allebone,

Thanks so much for all this information. It will be quite useful. I am in Gatineau btw so I'm hoping we it will be using PPPOE but then again I don't know. It will be my first time with Bell Fiber. Like I wrote before, with Videotron it was a simple task, flip the switch to BRIDGE mode.

My only worry comes from my experience with Videotron's HELIX modem/router solution that didn't support static routing ergo I could never get a connection to my VPN server and so I assumed I would be facing the same issues with Bell's router if can't find a way to make it into a bridge.

With the solutions you provided it seems to me option 1 is the less painful and sounds like my VPN server will work that way. And if I may ask one more question, setting PPPOE on OPNSense that is just a simple matter of configuring a point-to-point device on my VTNET0 interface which is my WAN and should be good to go correct? May sound like I'm repeating myself from what I wrote previously but I am headed into uncharted territory with this config.

Thanks again for the help!

BTW, if I could afford a Ubiquity switch (or any layer 3 capable switch) right this moment, I would probably go that route, not because I hate Bell but because I'm all for efficiency when I can, less power consumption. Granted, 15w is not a lot but still...
#4
Hi Allebone,

Thanks for this. I was with Videotron before and decided to make the jump to Bell. Videotron made this easy by having a bridge mode option on their Helix box and when I talked to a Bell Rep, they told me it would be as easy with their box.. Well after reading around it seems that it is not as easy as I thought.

Your solution seems very simple however, unfortunately for me, I only have a layer 2 switch and I guess that wont work for me. So that leaves me with the Media converter option.

I was wondering if I could ask you a few questions since you seem to have experience with all this.

1) If I set Bell's HH3000 box as DMZ, can I avoid all those headaches and continue to have my VPN server work? That is, in the case I want to limit the amount of change I need to do and keep Bell's router?

2) If I use a media converter, I will need to bring the RJ-45 from the media converter over to my OPNSense's WAN assigned interface and then :

    a) I need to create the VLAN ID for the internet on the WAN interface (In my case OPNSense is virtualized on Promox but it comes down to selecting the right interface which is vtnet0 for me)
    b) Configure PPPOE handling on the wan interface

And I should be good correct?
#5
Looking at the logs I noticed something which I think may be causing the problem but not 100% sure :

2021-04-19T23:43:24   kernel   pflog0: promiscuous mode enabled   
2021-04-19T23:43:24   kernel   pflog0: promiscuous mode disabled

Like I said, I was fine for months and all of a sudden after the last two updates, I've been getting those random disconnects.
#6
I have the same issue here. Ever since the last two updates, I've been getting random network disconnects. I am running version OPNsense 21.1.4.

I ran version 20.x for a few months without any issues. I'm using this network card :

https://www.servethehome.com/syba-dual-2-5-gigabit-ethernet-adapter-review/

Works great but like I said, since the last few updates, I've been getting lost packets, random disconnections.

#7
Hello Lfirewall1243,

So if I understand correctly you are asking what is the problem with giving myself a wider port range to accommodate for multiple Mumble servers?

The reason is just to prevent having to open too many ports. Just like with HTTP / HTTPS based services using HAProxy to route the traffic (by looking at the FQDN and routing it to the proper backend), I would like to do the same with TCP/UDP based services.

If there isn't a plugin to do this, is there a way I could do this through WAN and LAN rules?
#8
Hi Maurice,

Yeah I figured that much and that is what I was wondering if OPNSense has this kind of proxy otherwise, like you said, I would have to use a different port.

As for using a different IP Address, I was already doing that but in order to forward that request to the second server, I would need a way (a proxy) to look at the FQDN and forward to that specific IP Address in my LAN which is what I am missing.

About 6 years ago, I used Zentyal and it was able to redirect traffic based on the FQDN, forwarding requests directly to a very specific machine. They called that Aliasing. I did read about Aliasing on OPNSense but it doesn't seem to be quite the same thing or maybe I just don't know how to use it.
#9
I tried HAProxy and it works well for Web based services. However, for anything else that requires more ports opened and UDP I don't think HAProxy will work in that scenario.

In my case, I'm trying to passthrough traffic to a server running Mumble. I just have one right now and using Port Forwarding works great in the scenario but I may need to create another at which point I will have a problem. Mumble uses a TCP and UDP port.

I have tried to create a rules in the WAN to open the required ports on my WAN address and targeting my LAN then using unbound DNS to push traffic to the right machine but that doesn't work. I'm probably missing something. Anything else I can try?

Basically Mumble using UDP and TCP port on 64738.
#10
Anyone has a clue?
#11
Hi,

It is very easy to forward traffic on a specific port to a specific machine with Port Forwarding. But that also means I can only define one machine assigned to a specific port.. What if I have multiple servers using the same port on different internal servers? How can I make OPNSense look at the FQDN and forward the traffic to a internal server on a specific port? For example mumble1.domain.net and mumble2.domain.net, you would forward the traffic where it needs to do, how do I do that?

I tried to declare a RULE to allow traffic from any WAN ADDRESS on port XXX to that firewall and declared a UNBOUND DNS entry to forward traffic from "mumble1.domain.net" to a specific server but it doesn't work. Perhaps that is not the right thing to do.

Basically, my question is, how can I handle traffic for multiple servers using the same port and forwarding the request to specific servers matching the FQDN? Or is there another approach I should be taking?

Thanks
#12
Issues fixed. I first used the wizard which created SHA256 certificates which didn't match what was in the documentation.
#13
Hi,

I'm trying to enable VPN access on my OPNSense system but facing some issues.

I did follow the instructions here : https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

The problem I am having is when I try to import tant ovpn file into OpenVPN, I'm getting the following error message : "openvpn failed to parse profile crypto_alg rsa-sha256 not found". The weird thing is I have set SHA512 so the error message is completely wrong.

Does anyone have any clue what the problem could be?

Thanks
#14
Nevermind, that didn't work, did a search for "Microsoft Family Account" from the browsers search bar and it gave me a "can't find the site, maybe you need to enter this in your DNS" kind of message...

Any help?
#15
I think I may have found the answer to my question. I looked under Gateway and by default I had this :

WAN_DHCP6   WAN   IPv6   254         ~   ~   ~   Pending   Interface WAN_DHCP6 Gateway
WAN_DHCP (active)   WAN   IPv4   254   10.0.0.1      ~   ~   ~   Online   Interface WAN_DHCP Gateway

So I am even surprised it was "sometimes" routing traffic from my internal systems to the outside. I added this :

AQUILA_LAN_GW   AQUILA_LAN   IPv4   254   192.168.20.1      ~   ~   ~   Online

And now it seems to be OK although sometimes some pages are not being drawn perfectly and need to be reloaded.

I have 2 questions :

1) Is it normal by default no gateway is set for the LAN?
2) Is that a patch I just did or am I supposed to add a gateway for my LAN?

Thanks