Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - dipol0

Pages: [1]

23.7 Legacy Series / Re: IPv6 Tunnel Broker ???

« on: October 08, 2023, 08:27:50 pm »

Very strange. I really dont know whats happens.

in confs:
1
ISP -- WAN (pppoe)*OPNSense ---(DHCP) --- clients dont dorking.

i try
2
ISP -- WAN (pppoe)*OPNSense MASTER --- (DHCP)---- WAN(DHC) OPNSense Slave --- clients
and it look worked

3.
control i install pfSense directly and it worked
ISP -- WAN (pppoe)*pfSense ---(DHCP) --- clients

but i not planing go to pfSense fully and cant have 2 machines with OPNsense. i plaing with MTUs for tunnel on opnsense but not/

23.7 Legacy Series / Re: IPv6 Tunnel Broker ???

« on: October 07, 2023, 12:56:42 am »

Quote from: TrustedComputer on October 06, 2023, 10:27:50 pm

Your screenshots look similar to mine. I use Unmanaged (SLAAC only) instead of Assisted (SLAAC + DHCPv6) but that's a matter of preference and shouldn't make a difference.

When you say "clients do not receive ipv6", do you mean they don't get IPv6 addresses assigned? Double-check RADVD and DHCPDv6 services are running in System-Diagnostics-Services. Also, double-check client NIC configuration- is IPv6 enabled as a protocol?

Also- you did not share screenshot of LAN Interface Configuration/Overview. Make sure it is configured with and has a static IPv6 address in the /64 you need your clients to receive addresses in.

Hope that helps!

LAN - Interfaces

LAN - Overview

Services:

+ i set FW-rule for enable IPv6 ICMP ECHO on TunBrok IF and i can it (use external online services for ping)

When i configure GIF IF i use "Client IPv6 address" for ping:

Clients can get IPv6 (its supported and enbled). But cant obtain it from OPNSense.

Looks like firewall rules blocks or some like that. But i not profi )) If you can share yours Firewall rules need for TunBroker?

Tnx

23.7 Legacy Series / Unbound DNS Blocklist cant be Enabled (dont working)

« on: October 06, 2023, 07:59:04 pm »

Hi.

In Services: Unbound DNS: Blocklist. Select one or few blocklist from dropdown menu. Set check mark on "Enable".
Click "Apply" and....do nothing... Circle on Apply button rotation...rotation... sometime drop to Login Page. After login go to back Services: Unbound DNS: Blocklist and... ENABLE - not checked + i think and blocklist mechanism (or it enable) - not working.

Code: [Select]

OPNsense 23.7.5-amd64
FreeBSD 13.2-RELEASE-p3
OpenSSL 1.1.1w 11 Sep 2023

23.7 Legacy Series / IPv6 Tunnel Broker ???

« on: October 06, 2023, 12:17:23 pm »

Hi all.
I set it up according to the manuals:

1. https://wiki.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html
2. https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html

Versions OPNsense 23.7.5-amd64
FreeBSD 13.2-RELEASE-p3

Connection to ISP via PPPoE. Pings from outside are enabled.

Q: On the LAN, clients do not receive ipv6. Where to dig?

The tunnel itself seems to rise, and from the machine where the OPNSense is installed, Google pings via ipv6:

[/url ]

Filewall rules for:
Firewall->Rules->TunnelBroker
[url=https://postimg.cc/w18k3q5r]

Firewall->Rules->LAN

Firewall->Rules->WAN

RA Settings:

DHCPv6:

Gateways:

Info page IF - tunnel broker:

Russian - Русский / Натстройка IPv6 Tunnel Broker

« on: October 06, 2023, 12:10:15 pm »

Всем привет.
Настраивал по мануалам:

1. https://wiki.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html
2. https://docs.netgate.com/pfsense/en/latest/recipes/ipv6-tunnel-broker.html

Versions OPNsense 23.7.5-amd64
FreeBSD 13.2-RELEASE-p3

Соединение с ISP по PPPoE. Пинги извне включены.

Q: В LAN клиенты не получают ipv6. Куда копать?

Сам туннель вроде как поднимается и с машины где ОПНСенс стоит google пингуется по ipv6:

Правила файлвола для:
Firewall->Rules->TunnelBroker

Firewall->Rules->LAN

Firewall->Rules->WAN

Настройки RA:

DHCPv6:

Gateways:

Info page IF - tunnel broker:

Zenarmor (Sensei) / Elasticsearch dont start

« on: April 07, 2023, 04:06:05 pm »

After update to:

Versions OPNsense 23.1.5_4-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023

1. Zenarmor Elasticsearch service dont start
2. Report-Trafic show:

"Fatal error: Failed opening required '/usr/local/opnsense/www/index.php' (include_path='/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/opnsense/contrib:/usr/local/share/pear:/usr/local/share') in Unknown on line 0 "

Russian - Русский / косяки с репортом трафика и zenarmor после обновления

« on: April 07, 2023, 03:56:21 pm »

После обновления до

Versions OPNsense 23.1.5_4-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023

1. Не запускается Elasticsearch от ZenArmor

2. Репорты-Трафик вываливает страничку:

"Fatal error: Failed opening required '/usr/local/opnsense/www/index.php' (include_path='/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/opnsense/contrib:/usr/local/share/pear:/usr/local/share') in Unknown on line 0 "

Russian - Русский / NAT Loopback (nat reflection)

« on: March 11, 2021, 07:32:39 pm »

Ребята, чот я отупел или не разобрался... есть тачка с OPNSENSE, у нее 2 интерфейса соотв - WAN и LAN.

WAN - белый ИП от прорва + имеется FQDN связаный с этим ИП. Пусть будет mydomain.com и 99.99.100.100
LAN - ну тут все просто 192.168.0.1 (сеть 192.168.0.0/24)

Внутри лан сети несколько машин. На одной из них (ip - 192.168.0.50) крутятся http(https) сервер (порты 80 и 443) и mysql server (порт 3306).

Port-Forwarding извне локалки на данный IP (192.168.0.50) я настроил. А вот как быть что бы тачки внутри сети при обращении по fqdn - mydomain.com отражались на внутренний IP = 192.168.0.50

Поигрался с Outbond - результатов не достиг.

Если можно прям в картинка пример или ссыль на Ютуб с боле-менее понятным видео. Огромное спасибо!!

Pages: [1]