Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - mater

Pages: [1] 2

Tutorials and FAQs / Re: Tutorial 2023/12: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: January 07, 2024, 07:27:04 pm »

I'm using port 443 on the WAN Interface for my wireguard VPN.
So I can use it in public wifi (most have port 443 in tcp/udp not blocked).

How do I have to configure HAProxy, so it only uses this Port local?
I only use SSL + Reverse Proxy internal and over the VPN.

23.7 Legacy Series / Re: Item disappeared in the Cron task scheduler "Restart Wireguard service"

« on: September 16, 2023, 01:11:04 pm »

@franco

1. your renew script is working

2. I think I found the issue, why it resolves sometimes an old ip

I looked in the unbound stats and discovered that the url from the wireguard endpoint addess gets resolved with the unbound cache.
when this entry is old you get the old ip adress, even when the external dns server has the new ip.

Wouldn't it be better to always resolve the endpoint address of wireguard with the external dns server, that are setup @System/Settings/Gerneral ?
So no additional settings are necessary, to have the reresolve cronjob running.

23.7 Legacy Series / Re: Item disappeared in the Cron task scheduler "Restart Wireguard service"

« on: September 15, 2023, 06:23:28 pm »

Sorry for the late reply!

Quote

Yes and no. It's the same idea but a different script to avoid bash. It should already work without a cron job on a dynamic connection like PPPoE or DHCP.

You mean the opnsense box will reresolve the dyndns address, when it self gets a new IP?

But to get the new IP of the peer (when changed) I need to run "Renew DNS for Wireguard in stale Connections" with cron. Am I right?

I now have set the cron to run every minute, so I can see today (the peers DSL is not very stable) or at least tomorrow (after the 24h reconnect) if it has worked

Quote

Kann ich nachvollziehen.

Aha, da spricht jemand deutsch

But for other users here, I keep writing in english, even when I'm really bad at it

23.7 Legacy Series / Re: Item disappeared in the Cron task scheduler "Restart Wireguard service"

« on: September 15, 2023, 06:31:36 am »

What does the new cron "Renew DNS for Wireguard in stale Connections" do?
Is it starting the script "reresolve-dns.sh" from the wireguard-tools provided by wireguard itself?
Then it should work!

@franco
The situation here is, that in germany for example many ISPs have dynamic IPs with forced reconnection once every 24 hours.
So we have to use a dyndns service for wireguard Connections!

German - Deutsch / Re: ACME hosting.de DNS-Challenge

« on: August 05, 2022, 11:44:51 am »

Danke 👍

EDIT 19.08.22:
Jetzt geht es wieder, die TXT Records werden erstellt!

German - Deutsch / Re: Traffic von Vlans werden auf dem Parent mitgezählt?

« on: July 02, 2022, 07:26:52 pm »

Ok, hab mir schon gedacht, das die Anzeige stimmt.
Kommt ja das passende raus, wenn man nachrechnet.

Ich weiß nicht wie es bei der 22.x jetzt ist, aber soweit ich weiß musste früher das Management untagged sein.
Muss mir das mal in Ruhe anschauen.

German - Deutsch / Traffic von Vlans werden auf dem Parent mitgezählt?

« on: July 02, 2022, 07:08:30 pm »

Moin,

ich habe folgendes Setup:
1x Netzwerkport als Vlantrunk, also auf dem Port läuft das Management Interface + die Vlans zu einem Switch.
Dieser verteilt dann die Vlans auf ihre entsprechenden Ports.

Was mich jetzt stutzig macht ist, das der Traffic wohl auf dem Management Interface mitgezählt wird.
Ist das ein neues Verhalten von der 22.x?

Ich habe mal ein paar Screenshots als Angang drangehägt.

German - Deutsch / ACME hosting.de DNS-Challenge

« on: May 24, 2022, 08:18:39 pm »

Moin,

kann es sein, das hosting.de seine API geändert/angepasst hat?

Ich kann keine DNS Challenge mit der in ACME vorhandenen hosting.de API mehr durchführen,
da der TXT Recordn nicht erstellt werden kann.

Hier ein Auszug aus dem Log, entsprechende Daten geschwärzt:

Code: [Select]

Error add txt for domain:_acme-challenge.domain.de
Calling: _hostingde_addRecord() '_acme-challenge.domain.de' 'xXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXx'
Adding txt value: xXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXx for domain: _acme-challenge.domain.de
Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_hostingde.sh

Nutzt jemand hosting.de für seine Domains und kann das mal gegenprüfen?

hosting.de API: https://www.hosting.de/api/

22.1 Legacy Series / Re: Bad performance on Proxmox with Realtek NICs and/or virtIO Bridge

« on: March 22, 2022, 07:01:16 pm »

Yes, but in OpnSense 21.7 I didn't have that issue with the same Realtek NICs.

So yes, Intel NICs are better in this regard

22.1 Legacy Series / Re: Bad performance on Proxmox with Realtek NICs and/or virtIO Bridge

« on: March 20, 2022, 05:22:35 pm »

Now, finally I got my new device with Intel NICs from china.
It has the exact same CPU and RAM config.

Now I cloned the System 1:1 to the new device and assigned the NICs.

I get full gigabit now!

@franco
So I think it is an issue with the new realtek driver.

22.1 Legacy Series / Re: Bad performance on Proxmox with Realtek NICs and/or virtIO Bridge

« on: February 05, 2022, 11:23:34 am »

I have a simlple setup. Only with vlans and some Firewall rules.
It is also running ddns and wireguard.

Yesterday the firewall crashed completely.

I have ordered a new device with Intel Nics to compare with the realtek nics.
But I think that gets delivered in 2 to 3 weeks to europe, because of chinese holidays.

I will further investigate and get updates to you.

Thanks.

Pages: [1] 2