Messages

1

Virtual private networks / Re: Unable to connect to my domain when connected via Wireguard

« on: June 06, 2021, 08:03:39 am »

Have you confirmed mydomain.net is resolving to the proper IP or at all? If you're able to directly browse to the service via its IP:port (I assume port 8282 is the actual container not your reverse proxy), have you confirmed you're tcp/443 is being allowed to your docker server on your wireguard interface? First thing I would try is connecting to wireguard and doing an nslookup for mydomain.net and confirming the correct IP resolves. Then check that tcp/443 to the container is being allowed through on your wireguard interface.

2

21.1 Legacy Series / Unbound Host Override Not Working

« on: June 06, 2021, 07:46:44 am »

Hello,
I'm a very recent opnsense convert from pfSense and have everything working as intended except for a weird issue with Unbound host overrides that I can't figure out and am hoping might have an idea.

Scenario:
1) DHCP Registration is enabled which registers my Docker server's hostname (FQDN example: docker.home.lan).
2) I have an nginx reverse proxy running in front of my containers so I can access each container by its service name. (FQDN example: container1.home.lan, container2.home.lan, etc...)

I have a host override setup to create an A record for container1.home.lan pointing to the Docker server's IP (the same IP as docker.home.lan that exists via DHCP Registation) and an alias for container2.home.lan. However when I do this the entries refuse to resolve, any attempt results in an NXDOMAIN.

I restored my old pfsense config in a VM to see if I could spot any unbound config differences and noticed opnsense is adding PTR records for the the override and any associated aliases where pfsense doesn't.

Code Snip for both:
opnsense (host_entries.conf):

Code: [Select]

local-data-ptr: "10.0.0.100 container1.home.lan"
local-data: "container1.home.lan IN A 10.0.0.100"
local-data-ptr: "10.0.0.100 container2.home.lan"
local-data: "container2.home.lan IN A 10.0.0.100"
pfsense (host_entries.conf)

Code: [Select]

local-data: "container1.home.lan A 10.0.0.100"
local-data: "container2.home.lan A 10.0.0.100"
So on a whim, I commented out the PTR records for the overrides, and restarted unbound via CLI to prevent the config files from getting rebuilt and sure enough it works like a charm. Some other test I've tried:
1) Changing destination IP of the override to one not currently in use works.
2) Changing the IP to a host that has a static mapping works
3) Adding a static mapping for the Docker server makes the override work.

Does anyone happen to have an idea, or perhaps a better way to do what I'm trying, it seems to be specific to DHCP Registrations? I'm trying to pinpoint the exact reason to help with bug reporting but am coming up empty (#3 /might/ work because the static mapping is in the same config file as the override, but that might be a stretch). I currently have #3 setup to work in the interim, but I'm trying to slowly eliminate my dependency on static mappings for hosts, especially VMs where their mac addresses will change as you rebuild the VM.

Thanks in advance and apologies for the word wall.