Messages

Happy to do that and test, where do I add the override?

Right now it's listening on 0.0.0.0:443 (and another public on 80).

My WAN changes every so often.

I'm using the HAproxy + ACME and wanted my internal site to use the offical TLS certificate instead of the self signed ones.

I'm still not able to access the reverse proxied websites from the internal subnet that the real servers are on. I can access them from another subnet and from the internet but not locally.

I have checked that option and then rebooted the firewall but still no change. :-(

Could this have something to do with the devices being on the same firewall interface?

Desktop -> vlan2 (firewall) > wan (firewall) -> vlan2 (firewall) -> nas

If I do the following with my laptop and phone it works:

Laptop (wifi) -> vlan3 (firewall) > wan (firewall) -> vlan2 (firewall) -> nas

The Real Server is an internal: 10.0.0.10:5001
The Public IP is: 173.67.25.115:443
The Router Internal address: 10.0.0.1

I'm using HAProxy + ACME on OPNsense to provide a reverse proxy to my internal services. After another small conditions issue, I now have it working as expected from the external internet on my phone (LTE connection).

I going to it using chrome and firefox by typing in the FQDN: https://server1.mydomain.com

However when I turn on wifi and am on the same network as the Real Server I get an ERR_TIMED_OUT. In HAProxy log I get a handshake failure error. I tried it using the same process with my laptop with a VPN to the internet and connecting in, the internal site loads as expected. When I disconnect the VPN an try it on the same subnet I get the same error as my phone.

Code Select Expand

2022-08-31T12:59:21-04:00 Error haproxy 173.66.23.118:2188 [31/Aug/2022:12:59:21.223] default_443/0.0.0.0:443: SSL handshake failure

Thank you for pointing me in the correct direction, in my rule no_host_match I forgot to add the condition of this hostname match.

I have fixed this error.

I recently resetup HAProxy with ACME let's encrypt using a known working setup guide.

I'm getting a 403 error with the message from the guide in the body of the site.

The haproxy log shows the following each time I try to get to the page from outside my network:

Code Select Expand

Error haproxy 154.89.5.203:44012 [30/Aug/2022:19:10:22.111] default_443~ default_443/<NOSRV> 0/-1/-1/-1/0 403 203 - - PR-- 1/1/0/0/0 0/0 "GET / HTTP/1.0"

I'm happy to provide additional logs to help troubleshoot the issue.

I am having this exact same issue. WAN will failover to WAN2 successfully but never (or takes forever) to failback to WAN.

I don't see how adding another gateway group would help as that would need to be specified in the firewall some how for the policy based routing and you can only select one gateway / gateway group.

Just made the switch and didn't have any issues with Google Domains or Namecheap.

Looking forward to having the widget back.

Any thoughts on this? it looks like there was a similar post as well but the solution was using an external VM.

Because I'm using the kernel wireguard, I can't use the dashboard service start/stop button. If I disable wireguard and start it in the VPN/Wireguard menu Wireguard automatically picks the current WAN to route of which is generally WAN1 when I'm looking at it.

I have WAN1 connected to my ISP which sometimes goes down for a minute or two. I have WAN2 connected to an LTE Modem so one is igb0 and the other is ibg1.

WAN1 latency is around 90ms, WAN2 is around 170ms.

I have 2 VPNs setup, one is OpenVPN and the other is Wireguard, they are used to support different services.

When I have a failure, I can see that both VPNs route through WAN2 and their latency jumps up. A few minutes after WAN1 comes back up the OpenVPN VPN will switch back to WAN1 and you can see the latency creep down. However, the Wireguard VPN never switches back and the latency stays high and I can see the traffic on my LTE modem.

I wanted to check if there is a setting that I'm missing or a way to force it to restart the connection, I know Wireguard isn't an always on type of connection but not sure what is happening there.

I'm not skilled with Monit but I guess I could use something like that to restart the service if the latency of the OpenVPN and Wireguard aren't close but I would like to see if there is a setting in the configs that I'm missing.

Thanks

I am running the latest OPNsense 21.7 and am trying to plug in my APC UPC into it. I have NUT running on a Debian 10 system and it works with the usbhid-ups driver.

I can't get it to work with OPNsense, the diagnostic page never loads. Is there a place in the logs, I can check.

Secondarily, my Debian 10 box is pushing the NUT info out on the network and I have another machine that can pull the info but not my OPNsense.

Thanks