Messages

Hi there,
my dynDNS-Provider offers a way to use subhosts by using only one dnyDNS.
means the router updates its ip for my.host.com and sends the additional info of the lanpref. the dynprovider was given the hostidentifier for another device in lan as subdomain mydev and so updates mydev.my.host.com to the public ipv6 of that device.
to make this work ist is necessary to submit the LanPrefix within the updaterequest.
unfortunately this var ist missing in phpDynDNS.inc so i made a little script as workaraound.

/usr/local/etc/rc.syshook.d/start/94-subhostdyn

Code Select Expand


#!/bin/bash
# Login
user='myuser'
pass='mypass'
MainHost='myhost.feste-ip.net'
# Host to check (SubHost or MainHost)
CheckHost="mysub.myhost.feste-ip.net"
# Interfaces
LanIf='re0'
WanIf='re1'
updateurl='v6.members.feste-ip.net'
# Vars
LanPref=$(ifconfig $LanIf | grep inet6 | grep -v fe80 | awk -v FS=" " '{ print $2 }' | awk -v FS=":" '{ print $1":"$2":"$3":"$4 }')
WanIP=$(ifconfig $WanIf | grep inet6 | grep -v fe80 | awk -v FS=" " '{ print $2 }')
# Curl-URL
CurlURL="http://"$user":"$pass"@"$updateurl"/nic/update?hostname=$MainHost&myip="$WanIP"&subhostprefix="$LanPref
# Check if SubHost is reachable, otherwise update dynDNS
if ! ping6 -c 1 $CheckHost > /dev/null 2>&1 ; then
     curl $CurlURL
fi;
exit


just change the vars of your need amd make it executable (chmod +x)

if you use feste-ip.net delete the ip in the webpanel everytime you add a new subhost, otherwise the new subhost will not become activated

if you want to do this update cyclic you need to it to the configd

/usr/local/opnsense/service/conf/actions.d/actions_festeip.conf

Code Select Expand


[start]
command:/usr/local/etc/rc.syshook.d/start/94-festedyn
description:FesteIP Update
parameters:
type:script_output
message:updating Feste-IP.net


service configd restart

now you can add a cronjob for this under System-Settings-Cron.

hef phun ;)

Hi all,
why is it, that the hostnames of networkdevices using dhcp are visible in ARP-table and and those with static IP's do not show ?
and even a bit more important than an explanation: is there a way to show them ?

and my printer isnt shown at the table at all (yes, it is connect, turned on and it works. also networkscan done from my laptop shows it)

regards

PS: btw: hostnames on the NPD-table would be handy ;)

SOLVED:
a strange solution but at least it is one.
the firewallrule was ipv4+ipv6 ond wan adress (as automatically set by openvpn)
i changed it to ipv6 on WAN adress (which did NOT work)
i changed WAN adress to singel hosten and put in the ipv6/128 and it worked !
afterwards i changes it back to WAN adress and it still works.

i had a similar issue by opening a port to a compunter in the network, when the alias did not work but the ip did.
now i changed that rule back to alias too and thatone works now as well.
maybe there is an issue this the aliasses

the portmapper should not be the problem (it just does not support udp)
fist: i used a pfsense before in the same enviroment and it worked fine
second: i have a computer in im network running an openvpn, which works fine (but that server does not have any webgui to manage the vpn and i do not want to open ports any longer, thats why i want to use the vpn on the opensense)
and i have to use the portmapper because cellphones does not have ipv6 (at least in germany).

Hello all.
i installed opnsense and everything works realy fine except the openvpn server.

when i set up a server and try to connect i always get the following messages:
TCP connection established with [AF_INET]185.248.148.13:43234
TCP_CLIENT link local (bound): [AF_INET][undef]:0
TCP_CLIENT link remote: [AF_INET]185.248.148.13:43234
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting

the rules in the firewall are set (automatically and bunch of manual tries)
i tried several different vpn-server settings and also tried to connect while the firewall was disabled.
i reinstalled openvpn-package 2.4.9_3

any suggestions what to do/try next ?

regards

server.conf

Code Select Expand


dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp6-server
cipher AES-256-CBC
auth SHA256
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
client-connect "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php server1"
tls-server
server 10.10.9.0 255.255.255.0
server-ipv6 fe80::/64
client-config-dir /var/etc/openvpn-csc/1
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'testserver-cert' 1"
lport 43234
management /var/etc/openvpn/server1.sock unix
max-clients 5
push "route 192.168.11.9 255.255.255.255"
duplicate-cn
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.2048.sample
tls-auth /var/etc/openvpn/server1.tls-auth 0
persist-remote-ip
float


client.conf

Code Select Expand


dev tun
tun-ipv6
persist-tun
persist-key
proto tcp-client
cipher AES-256-CBC
auth SHA256
client
resolv-retry infinite
remote de3.portmap64.net 43234 tcp
lport 0
verify-x509-name "C=DE, ST=teststate, L=testcity, O=testco, emailAddress=yes@i.have, CN=testserver-cert" subject
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
MIID6DCCAt...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIEgzCCA2...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBAD...
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
9e0ae8c78b...
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1


im forced to use ipv6 becaue of my internetprovider. i used a pfsense before and die not have such issues before.