Messages

1

General Discussion / Re: Adding new network interface from ESXI reorders everything!

« on: January 27, 2022, 08:32:26 pm »

@francisaugusto

I have the same problem. I have assigned manually the MAC in each VM interface. (ESXi - adapter type: E1000E)
Then I assigned the interfaces in OPNSENSE GUI, also writing the specific MAC address. It works.

When I reboot the VM, the configuration keeps exactly in ESXi but in opnsense the interfaces are switched randomly.

If I ssh into opnsense and ifconfig, I can see some stuff like this:

Code: [Select]

em1: ....
  ether 00:11:22:33:44:55
  hwaddr 11:00:22:33:44:66


2

General Discussion / Re: Lan2 Traffic on Tor

« on: June 09, 2021, 03:52:57 pm »

Suppose you LAN2 is 192.168.0.0./24

Go to SERVICES -> TOR -> Configuration
- Check Enable
- SOCKS Port Number: 9050
- Control Port: 9051
- Check Enable Transparent Proxy
- Transparent Port: 9040

Go to SERVICES -> TOR -> SOCKS Proxy ACL
Add 2 ACL:

- Protocol IPv4
- Network: 127.0.0.1/32
- Action: Accept

- Protocol IPv4
- Network: 192.168.0.0/24  (here your LAN2 network)
- Action: Accept

Click "Reload Service" button

Go to FIREWALL -> NAT -> PORT-FORWARD
Add the following rule:
- Interface: LAN
- Source: LAN2 Net alias OR 192.168.0.0./24
- Destination: ANY
- Destination Port: ANY
- Redirect Target IP: Single Host or Network: 127.0.0.1
- Redirect Target Port: 9040 (this is the Transparent TOR Port)

Click "APPLY CHANGES" button

How to test?
Login into machine (on LAN) and run:
curl ifconfig.me
The output should be an TOR network IP.

If you disable the PORT-FORWARD rule you should see you normal IP.

Of course, depending on your LAN configuration maybe you must add more FW rules.

3

General Discussion / Re: Tor Configuration

« on: June 09, 2021, 03:36:33 pm »

Suppose you have:
- 1 machine in LAN. Its gateway it the OPNSENSE. The network is 192.168.0.0/24
- 1 OPNSense with 2 interfaces: LAN & WAN

Go to SERVICES -> TOR -> Configuration
- Check Enable
- SOCKS Port Number: 9050
- Control Port: 9051
- Check Enable Transparent Proxy
- Transparent Port: 9040

Go to SERVICES -> TOR -> SOCKS Proxy ACL
Add 2 ACL:

- Protocol IPv4
- Network: 127.0.0.1/32
- Action: Accept

- Protocol IPv4
- Network: 192.168.0.0/24  (here your LAN network)
- Action: Accept

Click "Reload Service" button

Go to FIREWALL -> NAT -> PORT-FORWARD
Add the following rule:
- Interface: LAN
- Source: LAN Net
- Destination: ANY
- Destination Port: ANY
- Redirect Target IP: Single Host or Network: 127.0.0.1
- Redirect Target Port: 9040 (this is the Transparent TOR Port)

Click "APPLY CHANGES" button

How to test?
Login into machine (on LAN) and run:
curl ifconfig.me
The output should be an TOR network IP.

If you disable the PORT-FORWARD rule you should see you normal IP.

Of course, depending on your LAN configuration maybe you must add more FW rules.

4

Spanish - Español / DNS no resuelve queries en todas las interfaces

« on: December 29, 2020, 07:39:19 pm »

Hola, tengo un OPNsense con 2 interfaces: WAN y LAN.

(LAN: 10.10.0.0/24) <---> OPNSENSE <---> (WAN: 10.20.0.0/24) <---> ROUTER <---> (OTRA RED INTERNA)

PROBLEMA:
- El DNS Unbound NO resuelve queries desde la WAN. Desde la red 10.20.0.0/24.
- Si resuelve desde la LAN.
- Si resuelve desde OTRA RED INTERNA.

Este DNS no tiene que hacer queries a otros DNS externos, solo me interesa que resuelva los Overrides.

Dentro de Services -> Unbound:
1- He habilitado Unbound DNS en todas las interfaces. (ALL)
2- En "Host Overrides" he creado algunos registros tipo A.
3- En "Access Lists" he creado una action con ALLOW ALL 10.0.0.0/8
4- DNS query forwarding esta deshabilitado.

Desde la LAN hago una query a un registro de los que defini en Overrides:
dig midominio.com -> resuelve correctamente.

Si hago lo mismo desde un host en la WAN dice:
"connection timed out; no servers could be reached"

Si hago desde la WAN:
nc -vzu IP_DEL_OPNSESNSE 53 -> no responde

El Firewall, en la interfaz WAN lo tengo completamente abierto:
source=* destination=* port=* protocol=*

Alguien me ayuda?