Messages

I think I could solve it.
1. NO, I don't need hostwatch.
2. I checked the reason and this thread.
In the end, I installed the 1.0.9 version and removed watching WAN interfaces, only LAN
PROBLEM SOLVED!

Fun fact: when I switch into the shell and enter "hostwatch --version" it shows 1.0.2 even 1.0.9 packet is installed. May be there is some little work needed to remove this chance of misunderstanding when trying to check if correct version is installed.

Hello guys,
I had this problem with lot of Disk IO writes because of hostwatch checking whatever I don't know.
I updated to 26.1 yesterday and it became worse!!!
hostwatch --version: 1.0.2

hostwatch fills the disk completely in a few minutes with files in /var/db/hostwatch

After stopping hostwatch and deleting the files and restarting hostwatch it fills the disk again.

-rw-r--r--  1 hostd hostd     4272128 Jan 30 10:17 hosts.db
-rw-r--r--  1 hostd hostd    23396352 Jan 30 10:21 hosts.db-shm
-rw-r--r--  1 hostd hostd 35686871496 Jan 30 10:00 hosts.db-wal

My environment:
proxmox host with wan coming thru a vlan (tagging is done in the proxmox host) and a virtual opnsense
with
2 physical adapters: LAN and WAN running on a proxmox network bridge connected to physical adapters on the host.
And there is a wireguard network with about 20 hosts connecting thru the WAN into a virtual net which is routed to the LAN.


I stopped the daemon

hopefully there will be a solution soon or any advice here?

Hello guys,
I had this problem with lot of Disk IO writes because of hostwatch checking whatever I don't know.
I updated to 26.1 yesterday and it became worse!!!
hostwatch --version: 1.0.2

hostwatch fills the disk completely in a few minutes with files in /var/db/hostwatch

After stopping hostwatch and deleting the files and restarting hostwatch it fills the disk again.

-rw-r--r--  1 hostd hostd     4272128 Jan 30 10:17 hosts.db
-rw-r--r--  1 hostd hostd    23396352 Jan 30 10:21 hosts.db-shm
-rw-r--r--  1 hostd hostd 35686871496 Jan 30 10:00 hosts.db-wal

My environment:
proxmox host with wan coming thru a vlan (tagging is done in the proxmox host) and a virtual opnsense
with
2 physical adapters: LAN and WAN running on a proxmox network bridge connected to physical adapters on the host.
And there is a wireguard network with about 20 hosts connecting thru the WAN into a virtual net which is routed to the LAN.


I stopped the daemon

hopefully there will be a solution soon or any advice here?

Does anyone have an Idea?

Hello @all,
I'm using haproxy for several backend pools with ssl offload which is working fine when I use domains which go thru rules into these backends.
Now I want to use the well documented feature of "redirecting" paths.

So for example a request to https://test.domain.com/app1" should be redirected to a backend without the path but still preserving the rest of the path.
It can be used by adding a backend rule "http-request replace-path /xxxx(/)?(.*) /\2" where xxxx is the "virtual" directory
This feature ist documented in https://www.haproxy.com/blog/path-based-routing-with-haproxy

Please can anyone give advice how to use that feature in opnsense's haproxy implementation?
I'm using latest version 23.7.6
Thanks @all in advance from Germany...

Thank you. That did the trick. No firewall rules needed - thanks god  ;)

I did on each side:

1. System -> Gateways -> Single
-> Add a Gateway. Leave all Fields default. Type a name like "Firewall_Myself" and use the LAN IP Address as "IP Address"
2. System -> Routes -> Configuration
-> Add a Network Address like 192.168.111.0/24 which is the remote LAN of the other Network "behind" the tunnel.  Select the local Gateway from (1)

Works great!

Case solved

Hello guys.
I updated my original post and made an illustration. Anyone an idea why I can not ping other side from local OPNSense?

Hello, my first post here.

I have two opnsense A and B running with fixed IP addresses and VPN ipsec net-to-net. The tunnels are running well with IPv4 tunnel. I can access all machines from one network A to the other network B. Also I have some web-services behind the haproxy in network B with let's encrypt ACME which is running well also and is available from internet.

What I'm trying to do: have a "server A" with a webservice in network A (behind firewall) and want to access this webservice as a "real server" from haproxy B. That does not work. When I go by using SSH onto OPNSense B and try to ping this (Server A) address - it is NOT reachable. Other adresses in network A are also NOT reachable by ping from firewall. Is that normal? There is just "no response" from the other side when pinging from firewall itself.


Server A with Webservice (192.168.112.112:80)
Network A (192.168.112.0/24)
   |
   |
OPNSense A (LAN 192.168.112.1)
   |
   |
VPN Internet
   |
   |
haproxy B
OPNSense B  (LAN 192.168.111.1)
   |
   |
Network B (192.168.111.0/24)


Open SSH session to OPNSense B:

root@ext-firewall:~ # ping 192.168.112.112
PING 192.168.112.112 (192.168.112.112): 56 data bytes
^C
--- 192.168.112.112 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss


So it seems that the route goes NOT thru the IPV4 Tunnel when access from local firewall or may be is blocked by firewall rule.

When I ping that host with webservice in network A from another host in network B that is possible and also I can access that webservice on host in network A from a browser in network B.

What must be configured to get this connection from haproxy in firewall B to reach a service behind firewall A - routed by IPV4 tunnel?

Thank you in advance