Messages

I understand that, but i thought Caddy was listening from 80 and 443 and sending proxied UDP data from specified port to the specified local ip/port, like it's doing with basic reverse proxy.

Is there any advantage of using L4 if you're still opening the game server ports?

80 and 443 are already open on the WAN side? Do i need a rule for 2456 aswell? It would kinda beat the purpose of remove port forwarding

I already have reverse proxy along with Acme client to manage my http proxy for multiple services. I'm looking to get the l4 part working to proxy running game server without port forwarding multiples ports.
Following the guide does not result in a working proxy for some reason? Outside connections are not proxied to the appropriate server.

I.E:

Code Select Expand

Routing Type: global
Protocol:UDP
Local Port:2456
Matchers:ANY
Upstream Domain:192.168.1.12
Upstream Port:2456
Is there anything i'm missing?

Hi,

Can you check the "Block private networks" option on the configuration of ix1 interface?

In case this is correctly set, and you hardware has a second SFP port, I would try on this port.

Hope this helps

Block private Networks is currently checked for the WAN interface (pppoe on ix1) but not on the ix1 interface itself.

The stick probably has no default gateway, so the responses will not find their way back to your LAN. You should set up an outbound NAT rule to mask your LAN behind 192.168.1.2.

Also: what is ,,Outbound Rule from WAN to 192.168.11.2" supposed to do?

Adding to this, some ONTs do not answer on their Management IP once the Fiber is active.

You are correct, the stick default is no gateway, but management ip is set as this :

Code Select Expand

Management fwenvs

8311_ipaddr - IP Address
Set the management IP address. Defaults to 192.168.11.1

8311_netmask - Subnet Mask
Set the management subnet mask. Defaults to 255.255.255.0

8311_gateway - Gateway
Set the management gateway. Defaults to the IP address (ie. no default gateway)

8311_ping_ip - Ping IP
Sets an IP address to ping every 5 seconds, this can helps with reaching the stick. Defaults to the 2nd ip address in the configured management network (ie. 192.168.11.2).
How would i go settings an outbound rule to mask 192.168.1.2 ?

Hi all,

I'm using a custom Custom XGS-PON SFP+ Stick Module to bypass my ISP router. Internet is working properly, but I can't access the stick management address to update the stick itself. It was working on 24.* version of opnsense, but i figured something changed in 25.7 because i can't access it anymore. I wiped and started fresh on 25 however.

Here's the setup :

Stick is plugged in ix1
Interface > WAN is pppoe on ix1
Interface > WAS110 is ix1 with the static ip 192.168.11.2/24
WAS110 management address is 192.168.11.1

Outbound Rule from WAN to 192.168.11.2

Also tried following the "official" method found here https://pon.wiki/guides/install-the-8311-community-firmware-on-the-was-110/#opnsense but no cigar.


Anybody can help me access the stick??

[Solved]

I managed to solve this by trying a different IP on the WAS110 Interface. The PON had it's Gateway as 192.168.11.1 and it's static ip as 192.168.11.2.

So, i managed to install technitium with this guide, with a few hiccups.
The start job is not working, i need to start it manually.

I can't figure out how to make DHCP work with this too.. anyone?

Fair warning ⚠️

Make package is a long process. 5 hours in with a C3758 and still running.

Done

https://github.com/opnsense/core/issues/8870

Exactly.

Under Hosts tab, i changed the ip address to reflect the changed ranged/subnet, but it seems to have created new ones and did not delete the old ones.

Therefore, under /var/etc/dnsmasq-hosts, both entry exist for the same host. I'm trying to delete the old one.

Since I'm not using those reservation anymore, is there anyway i can remove them ? They don't appear in the gui anymore since I changed them.

Hi,

I recently re-ordered my network to remove a few vlans and make it simpler. However, dnsmasq is throwing a few warnings like this :

not giving name hostname.local.tld to the DHCP lease of 192.168.1.5 because the name exists in /var/etc/dnsmasq-hosts with address 192.168.3.3

I cannot remove them manually from /var/etc/dnsmasq-hosts, they always come back after restarting the service.

Any ideas ?

Yes, 192.168.1.0/24 , 192.168.2.0/24 , 192.168.3.0/24 , 192.168.4.0/24 , 192.168.50.0/24 are in caddy access list

Here's the topology:

Lan Networks
- 192.168.1.0/24
- 192.168.2.0/24
- 192.168.3.0/24
- 192.168.4.0/24

VPN Network
- 192.168.50.0/24

myapplication.mydomain.com and caddy are on the local network, 192.168.1.0/24

OpenVPN Routing option has all lan networks added in local network tab

Hi everyone,

I'm trying to make Caddy access list work thru the openvpn instance but having difficulties.

OpenVPN instance works, I can access local ip's within local network. However, caddy does not recognize the openvpn connection as a local network connection but rather as the WAN connection of the user, so it is block by the access list.

I tried setting the openvpn instance with different redirect gateway option but it still does not work. The connection either gets timeout and nothing appears on the caddy log file, or the connection is blocked because it's being recognized as an outside ip instead of a local network one.

Anyone can help? 

You were right, even tho VPN traffic is routed and i can access local ip's and all, caddy is still getting a WAN ip from http log instead of local id.

Any way to change that?