OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Pannacotta »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Pannacotta

Pages: [1]
1
21.1 Legacy Series / Re: Strange UnBound DNS problem with web.impfnachweis.info
« on: June 26, 2021, 06:12:37 pm »
Hi

This is most likely caused by the DNS Rebinding Protection of Unbound that prevents DNS lookups that resolve to private IP Space.
While 100.102.17.10 is not "private" in the sense of RFC1918 100.64.0.0/12 is a special address range that is reserved for Carrier-grade NAT. see: https://en.wikipedia.org/wiki/Reserved_IP_addresses and https://datatracker.ietf.org/doc/html/rfc6890#section-2.2.2

If you want to configure unbound to allow it to show "private" IP responses for impfnachweis.info you can do so:
Services > Unbound DNS > General > Custom Options
Then add
Code: [Select]
server:
private-domain: impfnachweis.info
Hope this helps

EDIT: see the relevant code for unbound in opnsense: https://github.com/opnsense/core/blob/master/src/etc/inc/plugins.inc.d/unbound.inc

2
21.1 Legacy Series / Re: [SOLVED] 21.1.6 possibly broke ipsec
« on: May 29, 2021, 05:23:37 pm »
same here, did the update and everything started working again. Thanks for the quick solution.

3
21.1 Legacy Series / Re: [Workaround in place] 21.1.6 possibly broke ipsec
« on: May 29, 2021, 12:23:45 pm »
We also ran into this issue on one of our opnsense instances.

Can the
Code: [Select]
opnsense-revert -r 21.1.5 frr7 be run after a complete update to 21.1.6 or do we first have to downgrade the "base-system" to 21.1.5?

4
German - Deutsch / Re: Verständnisfrage Dual WAN
« on: May 01, 2021, 09:18:33 am »
Perfekt, vielen Dank für die Erklärung und das anschauliche Beispiel!  :)

5
German - Deutsch / Verständnisfrage Dual WAN
« on: April 30, 2021, 02:03:43 pm »
Hi

Für ein bevorstehendes Dual-WAN Setup habe ich noch eine Verständnisfrage zur Dokumentation.

In der Doku zu Multi WAN steht:
Quote
To combine Load Balancing with Failover you will have 2 or more WAN connections for Balancing purposes and 1 or more for Failover. OPNsense offers 5 tiers (Failover groups) each tier can hold multiple ISPs/WAN gateways.

https://docs.opnsense.org/manual/how-tos/multiwan.html

Heisst das um Load Balancing und Failover zu kombinieren brauche ich mind. 3 WAN Connections?

Was ich noch nicht verstanden habe, wird das Load Balancing Setup nicht automatisch zu einem Failover Setup wenn einer der beiden Links ausfällt? Oder findet beim Load Balancing kein Gateway Monitoring statt und die ausgehenden Verbindungen werden einfach 50/50 auf funktionierenden Link und toten Link aufgeteilt bei einem Ausfall?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2