Messages

I have been looking into this. Giving ALL access does not seem like my preference.  :)
So I found the place to change the dnsmasq.
I also found how it supposedly should be entered

server=/myserver.com/#
address=/.myserver.com/100.101.102.103

I just dont seem to find how to translate this to my situation.

My iprange for the vpn tunnel is 10.1.3.1/24
How would I write this in?

Thanks!

Its that easy, eh! I will try that.
Thanks!

Hi all.


I searched but could'nt really find the answer.
So i set up the wireguard instance and made my peers. This was all quite straight forward with the opnsense guide.
But i also use a dns server on a pi with pihole. For my normal ip range on the opnsense router this works fine.

But I noticed the vpn is not using the pihole.
Probably as in the tutorial the dns is set to the first of the vpn ip range.

Can i just change this? Or what is the  way to make the vpn ip range also use the pihole dns server?

Thanks!

Just one more thing to add.
So I already changed some port forwards to the new interface I made for the pppoe connection. Which also worked fine.

But after deleting the new interface and pointing the pppoe to WAN, I noticed those port forwards where pointing to nothing.
I thought changing them back to WAN and WAN address would be enough. But they still didnt work.
Then I noticed the rules for those port forwards I changed, where also gone.
I didnt immediately see a way to quickly make a new rule for them. So I just cloned those port forwards and deleted the original ones.
This automatically made new rules.

Thanks!

Thanks for the confirmation. I assigned it to WAN and deleted the extra interface. At first it didnt work. Internet would not start.
I put it back to how it did work with the extra interface. Then I noticed the new interface was disabled by default. Only after manually enabling it internet would work.
So I tried again assigning it to WAN and deleting the extra created interface. And then disabling / re-enabling WAN. After that the pppoe worked like normal on WAN.

Thanks!

Hi all!


We recently got a new home internet provider. So we went from a simple dhcp on WAN. To a PPPOE connection.
I followed this tutorial: https://docs.opnsense.org/manual/how-tos/pppoe_isp_setup.html
But we have no VLAN, and the tutorial is a bit focussed on it. So I was a bit confused. Everything works fine. No problem. Speed is very close to promised and no heavy cpu draw. i3-7100.

But I am just wondering if this is the way it should be set up, with the new interface;ONE next to WAN and LAN.
Or if I should have just assigned WAN to the new PPPOE device.
Cause I had to change my port forwards to point to ONE as well now.

Thanks!

Ah yes, I meant the user certificate. as it also expired. I use otp.

I made new certificates.. Not noticing the authority was also expired. ;)
So I did everything twice. I guess I wont forget anymore now.

My VPN works like before again.
Thanks!

So I got home.
SSLVPN Server Certificate has indeed epired.
It was only valid for a year. User certificate is also almost expired.

I set it up myself, I guess a year ago, using a guide.
I am still learning about what I actually did and how it affects everything. I never did this before.

As I read, there is no simple renewal option. I just have to remake the certificate. And the user.
Is that right?

I am sorry I dont have more info at the moment. I am on holiday. Thats the whole reason I was using the vpn ;)

And does anyone happen to know the standard expiration date? I thought it was 10 years?

Hi all.


I have been using openvpn for quite some time now without problems. Since last Thursday though, i get this error on all clients.
Peer certificate verification failure.
Nothing changed on server. Maybe client got updated?
Was there some change in certification rules or so? Can it be expired?
Anyone have an idea?

Thanks!

Well to start with just a few IP would be fine.

But I cant seem to let it show anything else than wan or lan. Not specified to IP.

Hi all.


Is there a way to monitor live how much data an IP moves in and out.
And to check the live speeds that IP is using?
And to see this in some graphs over some timeperiod?

Thanks!

Ok. I am obviously not as well trained in this kind of stuff as you. And I can only say it in simple terms.
So forget my rant.

But just tell me this.
1. Doesnt it sound logical to expect the phones/pcs on the lan to behave the same as for instance phones outside off the lan? They both have access to the same internet. and both only have to open a link on the internet with a port. I would think it being a link to my own lan would be unimportant here.
I feel it shouldnt matter if this is on my internet or 4g internet. Internet seems internet.  and link seems link.
You get my drift?

2. Why does ipcop or ipfire or any other router i have ever used, never had this 'issue'?
If this is because it automatically does nat reflection, then ok.
But for me, logically, this is weird. ;)

I turned on: firewall / nat / advanced
Reflection for port forwards    
It didnt help.

Then I also turned on:
Automatic outbound NAT for Reflection    
Now my external ip:port directs to my server from lan too.

Thanks for the patience btw ;)

I have been reading about Nat reflection.
But this is a solution for a problem that shouldnt exist.

I dont want it to redirect to lan IP.
I just want the router to let me load the stupid external website. Even though this is actually a server on my own lan.
Who is this router to tell me I should use the internal IP instead of the external.

External IP should just lead me to exactly that. The external IP.
Not to the router opnsense admin page.

That is the problem here.

I used this
https://forum.opnsense.org/index.php?topic=8783.0
- name: A short friendly name for the IP address you're aliasing. I'll call it "media-server"
- type: Host(s)
- Aliases: Input 192.168.1.200

- Interface: WAN
- TCP/IP Version: IPv4
- Protocol: TCP

Under Source > Advanced:

- Source / Invert: Unchecked
- Source: Any
- Source Port Range: any to any

- Destination / Invert: Unchecked
- Destination: WAN address
- Destination Port range: (other) 3200 to (other) 3200

- Redirect target IP: Alias "media-server"
- Redirect target Port: (other) 3100

And the port forwards work fine.
My server and all its different services and ports are accessible from anywhere outside of the Lan through my domain name:port.
Just not on the lan. On the lan I can only reach them through internal IP: port.
Domain name: port will go to page unknown. Domain name: NO port, will lead to opnsense router admin page.