"
thanks!!
dg mv8000
dg mv8000
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
24.7, 24.10 Legacy Series / where is certificate authority
September 12, 2024, 10:17:22 AM
Version 24.7.3_1
Architecture amd64
Commit ba0168b69
trying to create a new server certificate. when i click the add (+) button, a popup with "Edit Certificate" is displayed, but i don't see a certificate authority field?
https://docs.opnsense.org/manual/how-tos/self-signed-chain.html does show a certificate authority field.
what am i missing?
thanks
Architecture amd64
Commit ba0168b69
trying to create a new server certificate. when i click the add (+) button, a popup with "Edit Certificate" is displayed, but i don't see a certificate authority field?
https://docs.opnsense.org/manual/how-tos/self-signed-chain.html does show a certificate authority field.
what am i missing?
thanks
#3
Virtual private networks / Re: wireguard "client" hang
September 06, 2024, 06:32:14 AMQuote from: chemlud on September 04, 2024, 02:46:56 PM
I use a cron job named "Renew DNS for WG on stale connections" under
System -> Settings -> Cron
run every min or so. Works just fine.
thanks much! am not well-versed in opnsense, i thought there was some switch/option/parameter that i have to set. cron it is. thanks again
#4
Virtual private networks / wireguard "client" hang
September 04, 2024, 02:42:15 PM
wireguard "client" connects to wireguard "server".
the server reboots and isp assigned a new ipv6 address, server updates the dynamic dns
the client hangs, still pointing to the "old" address
what options/switch do i need to adjust/set so the client will timeout, requery the dns and reconnect to the server with the "new" address?
thanks
the server reboots and isp assigned a new ipv6 address, server updates the dynamic dns
the client hangs, still pointing to the "old" address
what options/switch do i need to adjust/set so the client will timeout, requery the dns and reconnect to the server with the "new" address?
thanks
#5
Virtual private networks / how to ping default gateway
May 12, 2021, 07:38:10 AM
setup:
opnsense wireguard (server)
slackware wireguard road warrior (client)
slackware eth0 is connected to 4g router lan port
slackware 10.10.5.45
4g router 10.10.5.41
wireguard tunnel server 10.9.1.1
wireguard tunnel client 10.9.1.2
wireguard tunnel client wg0
on slackware client:
route table
0.0.0.0 10.10.5.41 ug eth0
10.9.1.0 0.0.0.0 u wg0
10.10.5.0 0.0.0.0 u eth0
slackware rc.ip_forwarding is executable
ufw To Anywhere on eth0 ALLOW FWD From Anywhere on wg0
ufw DEFAULT_FORWARD_POLICY="ACCEPT"
problem:
from opnsense server, can ping 10.10.5.45 (slackware client)
from slackware client, can ping 10.10.5.41 (4g router)
from opnsense server, cannot ping 10.10.5.41
is this a circular route?
is there something i miss? what is missing?
thanks.
opnsense wireguard (server)
slackware wireguard road warrior (client)
slackware eth0 is connected to 4g router lan port
slackware 10.10.5.45
4g router 10.10.5.41
wireguard tunnel server 10.9.1.1
wireguard tunnel client 10.9.1.2
wireguard tunnel client wg0
on slackware client:
route table
0.0.0.0 10.10.5.41 ug eth0
10.9.1.0 0.0.0.0 u wg0
10.10.5.0 0.0.0.0 u eth0
slackware rc.ip_forwarding is executable
ufw To Anywhere on eth0 ALLOW FWD From Anywhere on wg0
ufw DEFAULT_FORWARD_POLICY="ACCEPT"
problem:
from opnsense server, can ping 10.10.5.45 (slackware client)
from slackware client, can ping 10.10.5.41 (4g router)
from opnsense server, cannot ping 10.10.5.41
is this a circular route?
is there something i miss? what is missing?
thanks.
#6
21.1 Legacy Series / Re: openvpn certificate is not intended for server use
May 05, 2021, 11:43:29 AM
using new instance already, still have some stragglers.
thanks.
thanks.
#7
21.1 Legacy Series / [Solved] openvpn certificate is not intended for server use
May 05, 2021, 08:32:14 AM
i have an old openvpn server that is using server certificate without the server bit set.
yes, the server certificate needs to be changed etc etc
for now, is there a way to override the server bit check?
thanks
yes, the server certificate needs to be changed etc etc
for now, is there a way to override the server bit check?
thanks
#8
21.1 Legacy Series / Re: ipv6 gateway address does not lie within subnets
May 05, 2021, 08:21:54 AM
the opnsense ipv6 mask was set to /128.
so i changed it to /64 and it's ok now.
thanks for all the mindshare. :)
so i changed it to /64 and it's ok now.
thanks for all the mindshare. :)
#9
21.1 Legacy Series / [Solved] ipv6 gateway address does not lie within subnets
May 04, 2021, 07:01:04 AM
OPNsense 21.1.5-amd64
FreeBSD 12.1-RELEASE-p16-HBSD
OpenSSL 1.1.1k 25 Mar 2021
setting up opnsense in the cloud, i have both static ipv4 and ipv6 addresses.
interfaces/wan
static ipv4
static ipv6
ipv4 upstream gateway is set to provided ipv4 gateway address
upv6 upstream gateway is set to auto-detect
ping6 udp connect no route to host
system/routes/status
there is no default gateway for ipv6
i tried adding a gateway in system/gateways/single with the provided ipv6 gateway address with checks on upstream gateway and far gateway.
the error message is:
the gateway address does not lie within one of the chosen interface's ipv6 subnets.
what did i miss or did wrong?
thanks
FreeBSD 12.1-RELEASE-p16-HBSD
OpenSSL 1.1.1k 25 Mar 2021
setting up opnsense in the cloud, i have both static ipv4 and ipv6 addresses.
interfaces/wan
static ipv4
static ipv6
ipv4 upstream gateway is set to provided ipv4 gateway address
upv6 upstream gateway is set to auto-detect
ping6 udp connect no route to host
system/routes/status
there is no default gateway for ipv6
i tried adding a gateway in system/gateways/single with the provided ipv6 gateway address with checks on upstream gateway and far gateway.
the error message is:
the gateway address does not lie within one of the chosen interface's ipv6 subnets.
what did i miss or did wrong?
thanks
Pages1
