Messages

Hello,

I got a firewall rule with the condition "if not in alias, then allow" (that alias got filled with IP-adresses of a local fail2ban).
Now I would like to extend that rule with a geolocation information. Finally with the logic "if not in alias and location is ?"
then allow.

Is that somehow possible in OPNSense?

Thanks for your help! :)

Just found the reason for my problems... if I set my connection to WAN2, seems DNS is not working anymore! I already set several DNS servers in the settings (General > Settings > System) and selected the gateway for each one.

If I set a public DNS server on the computer, everything works fine. Any idea why DNS doesn't work in that configuration? I configured Unbound on the OPNSense and all devices got the IP address of the OPNSense as DNS set.

Hello,

for any reason my Multi WAN configuration is not working anymore... I set two gateways and two interfaces and everything worked fine until the new version. Then I had problems with the IP monitoring and since I disabled the monitoring the line was stable.

I set rules that all goes through WAN1 and only the traffic of one single IP goes through WAN2, but for any reason the computer receives nothing when using WAN2!!!

I set a rule as usual "if source IP like x.x.x.x then use gateway WAN2"... if that rule is enabled, the browser opens nothing. When I disable that rule, it uses WAN1 and all works fine.

WAN2 is online and working fine and when I ping the WAN2 gateway using the OPNSense console, all looks great.

That configuration worked fine the last months... any idea what could cause that?

Regards :)

Hello all,

I am currently using version 24.7.9_1 and got some weird problems with the IP monitoring of one gateway. I am using OPNSense as a dual wan router behind two other routers and everything worked fine. But since the newer version, I constantly get problems with the monitoring of one wan interface.

If I connect my notebook to the router, everything seems to be fine... bandwidth, speed, latency and I can also ping the IP I set in OPNSense. But my OPNSense tells me there is no response!

I checked all cables but found no problem, also changing the IP address changed nothing. Is there any problem existing?

Regards :)

Hi folks,

I got some problems with HAProxy that I cannot really solve somehow. Just the basics for the beginning, I am using my OPNSense behind another router - so I got an "IPoE" environment. I got Nextcloud working on
a virtual machine that works pretty fine using port forwarding (that I would like to replace using HAProxy).

INTERNET --> 443 --> ROUTER1 --> 8443 --> OPNSENSE > HAPROXY > 80 --> NEXTCLOUD
INTERNET -->  80  --> ROUTER1 -->   880 --> OPNSENSE > HAPROXY

I got another Nextcloud installation that is running on port 80, that I would like to connect. I thought I can run
HAProxy using the LE-certificates on port 443 and it should "forward" it internally to port 80.

But when I access the URI using port 443 I see in the firewall logs that port 880 is used (the ports 8443 and 880 are several public services in HAProxy)?! The port 880 is closed on the firewall but if I set an Allow-rule nextcloud works fine.

The conditions and rules seem to be correct. Another app that is using the same port externally and internally works totally fine. Seems just to occur on Nextcloud. The first router does it's job correct, if I switch to port forwarding all works fine - so it is HAProxy.


Thanks for your help and comments...

Hi all,

I just realized that the latest update of OPNsene seemed to fix my AdGuard problems. So I currently got AdGuard installed on the OS of my OPNSense listening on port 5353. It seems to work just fine.

Now I would like some hosts to use the unbound DNS and some specific should use the AdGuard as their DNS service. What would be best practice to realize that?

I tried to use NAT to forward all DNS traffic on port 53 to the AdGuard on port 5353 and AdGuard got that requests but for any reason the hosts seem to get no response?!

Hi everybody,

I just found your post. Does your AdGuard Home start without any problems? I tried to install it using GitHub versions (beta & final) but I am not even able to start it - same using the Max-It plugin. I see posts that it can use port 53, right after that I get the message "dhcpv4 srv: nil ist not an IP address".

Then I see posts for the IP addresses of my opnsense and the used ports 3000 and 3001. But there is no webinterface available. I got nothing on port 3000 and 3001.

Thought I try configuring it on a clean virtual machine, ended up in exactly the same problem!

Any idea what could be the reason for that?

Hello,

I just tried to configure a AdGaurd Home on my OPNSense but for any reason I just get an error message "<nil> is not an IP address" while I am starting it. Seems to me that it tries to get an IP address and doesn't get anything back.

When I start it I see that binding port 53 is successfull (doesn't matter if unbound DNS is active on port 53 or not!), then I see that error message and after it I see the IP addresses and ports (3000 and 3001 for the BETA webinterfaces).

I had the same problem on a virtualized OPNSense, but there it worked fine for a few days and suddenly I wasn't able to start it anymore.

Anybody got an advice? Would be really nice to get it working on the same device :)

Hello,

I just set up a new OPNSense configuration and everything seems to work pretty fine. But I just recognized that always when I ping the hostname of the OPNSense, it responds with different IP-addresses?! Seem to be an interface-IP that I set on the different interfaces.

I set one LAN-interface, two WAN-interfaces and 3 more VLAN-interfaces. I got several firewall rules to seperate the VLANs from each other.

E.g. if I ping the hostname of the OPNSense, it response with the IP-address of one of the WAN-interface instead of the IP of the LAN-interface.

Am I doing something wrong? Seems to be something with the DNS I guess...

Thanks for your help