Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - malli2602

Pages1
#1
German - Deutsch / Re: Mein LAN Client kann sein eigenes Gateway nicht erreichen
April 01, 2024, 06:24:02 PM
Hi Patrick,

vielen Dank für deine Rückmeldung.
Ich werde das, sobald ich wieder Zugriff habe, testen.
Nur das mit ich das richtig verstanden habe...
Du meinst das ich die Route im opnsense 10.10.10.0/24 -> 10.10.10.1 entfernen soll?

Beste Grüße,
Stephan
#2
German - Deutsch / Re: Mein LAN Client kann sein eigenes Gateway nicht erreichen
March 30, 2024, 05:39:30 PM
Quote from: Patrick M. Hausen on March 28, 2024, 02:50:14 PM
Hast du auf der OPNsense einen Gateway 10.10.11.1 im LAN angelegt? Mach den weg, im LAN gibs keinen Gateway, wenn da nicht noch andere Netze irgendwo sind.
Quote from: chemlud on March 28, 2024, 04:06:04 PM
äääh, wenn die Sense 10.10.11.2 als Adresse hat kann sie nicht auf pings an 10.10.11.1 antworten, oder?
Quote from: Tuxtom007 on March 28, 2024, 03:41:50 PM
Mich stört da oben in dem Bild mehr die   LAN : 10.10.11.2/24  an der OPNSense.

die 10.10.11.1/24 wäre das Netzwerk und die .1 dann eben auch das Interface der OPNSense im LAN, die vom Client dann als Router oder Gateway gesehen wird.
( so ies zumindest bei mir )

Oder ist das anders, wenn nur ein LAN vorhanden ist, also keine weiteren VLAN's etc. ?


Ja, das habe ich gemacht. War ein Fehler im Netzwerkdiagramm oben.

IP Fritzbox: 10.10.10.1
IP WAN Port OPN: 10.10.10.2
IP LAN Port OPN: 10.10.11.1
IP Client: 10.10.11.X

Routen Fritzbox:
10.10.11.0/24 -> 10.10.10.2

Routen OPNsense:
default -> 10.10.10.1
10.10.11.0/24 -> 10.10.11.1
10.10.10.0/24 -> 10.10.10.1

#3
German - Deutsch / Re: Mein LAN Client kann sein eigenes Gateway nicht erreichen
March 30, 2024, 10:03:09 AM
Hallo zusammen,

ich befinde mich zurzeit im Urlaub und werde nach Ostern antworten müssen.
Schonmal vielen Dank für die tolle Unterstützung.

Schöne Feiertage euch allen!

Grüße!
#4
German - Deutsch / Mein LAN Client kann sein eigenes Gateway nicht erreichen
March 28, 2024, 02:45:21 PM
Hallo zusammen,

ich benötige etwas hilfe.
Hier meine Netzwerk Topologie:
Code Select

      WAN / Internet
            :
            : Vodafone Cable 1000
            :
      .-----+-----------.
      |  Fritzbox 6660 |
      '-----+-----------'
                | 10.10.10.1/24
                |
                | WAN : 10.10.10.2/24
      .-----+---------.
      |  OPNsense    |
      '-----+---------'
               | LAN : 10.10.11.1/24
               |
               | 10.10.11.124/24 (vom DHCP)
      .-----+---------.
      |  Client          |
      '-----+---------'


Die Struktur ist noch sehr einfach.
Mein Problem ist nun aber mein Client die OPNsense nicht pingen kann.

Firewall ist aus zu Testzwecken:
[ x ] DISABLE ALL PACKAT FILTERING

Routen an der FritzBox:
10.10.11.0/24 auf 10.10.10.2

Routen auf der OPNsense:
0.0.0.0/0 auf 10.10.10.1
10.10.10.0/24 auf 10.10.10.1
10.10.11.0/24 auf 10.10.11.1

Aus dem Netz an der Fritzbox kann ich das LAN Gatway (10.10.11.1) ohne Probleme Pingen.
Wenn ich den Client Pingen möchte dann bekomme ich einen
Reply from 10.10.11.1: TTL expired in transit

Mein Client im 10.10.11.0/24 Netz kann aber noch nicht mal sein eigenes Gateway pingen.

Was kann ich tun um das zu beheben?

Besten Dank!
#5
General Discussion / Re: Need some help with my homenetwork design and configuration
March 27, 2024, 01:29:06 PM
Hey your right.
I'm from Germany.
Thank you for sharing that information with me.
Really doesn't thought that this architecture is so complex
#6
General Discussion / Re: Need some help with my homenetwork design and configuration
March 27, 2024, 10:49:23 AM
Not much going on here.
Do I something wrong? Is there more information that I can provide?
#7
General Discussion / Need some help with my homenetwork design and configuration
March 24, 2024, 12:33:05 PM
Hello you lovely networking guru's.

I am about to bring my home network to the next level and want to segment it a little.

Here is my hardware overview
Router for internet connection: Fritzbox 6660 Cable
Router for internal firewalling: OPNsense VM on Unraid
Managed Switch: Mikrotik with Router OS

Scheduled network segments
Fritzbox Network // 10.10.10.0/24 // DMZ & Wi-Fi for Gaming and non-trusted stuff
VLAN11 // 10.10.11.0/24 // Work Network
VLAN12 // 10.10.12.0/24 // Private Network

I do not have a lot of experience in networking stuff as an old endpoint management horse   ::)

What I try to archive here:

  • Fritzbox should still open the internet connection
  • OPNsense should be there to route and manage the traffic between DMZ and the VLANs
  • Mikrotik is basically there for switching the VLANs
  • Wi-Fi is provided by Fritzbox

Question 1:
Makes that structure any sense?

Question 2:
Where to configure VLANs and how

  • Mikrotik oder OPNsense and give it to mikro over thrunkport
  • something that is counting for OPNsense here is that I have access to VLANs in my Unraid, or am I wrong.
  • Point for Mikrotik is probably speed and better management

Question 3:
Where to place DNS (Adguard / PiHole)?

Question 4:
Even if the Fritzbox network 10.10.10.0/24 is not manageable, is it possible to place a VLAN10 with that net in the OPNsense Router to forward it to some of the free ports of the unraid or some VM's

Question 5:
How does the routing table need to look like for every of that network devices?

Question 6:
Do I need NAT here in that scenario and if yes how that works?

I attached a google drive link to PDFs with the planned network structure.
https://drive.google.com/drive/folders/1P-U3V01cpTxVZDVkrgBTYBLwlfy0AYwf?usp=sharing

Thank you very much for any information.

Cheers!
Stephan
#8
General Discussion / Re: Questions about unbound DNS and Adguard
November 29, 2021, 03:41:21 PM
Started from scratch.
After I reinstalled the adguard and started from scratch I get it up and running.
DNS is now much quicker and security is good for IPv4 and 6.
What is not working right now is that adguard is not showing the hostnames of the clients.
does someone know about that?

Thanks
#9
General Discussion / Re: Questions about unbound DNS and Adguard
November 29, 2021, 02:51:32 PM
Quote from: cookiemonster on November 29, 2021, 01:24:39 PM
Try this thread for a view of how they interact https://forum.opnsense.org/index.php?topic=22162.0 .

Hi and thank you for the answer.
Unfortunately, that's not helping me because of some reason.
1. They are ignoring IPv6 completely
2. They are not using DoT
3. The unbound DNS config with "Only select: 'Register DHCP leases' & 'Register DHCP static mappings'" is not working at all.

any other ideas or even more information I can share with you?

King regards,
Stephan
#10
General Discussion / Questions about unbound DNS and Adguard
November 29, 2021, 12:00:25 PM
Hello OPNsens Folks,

I'm pretty much new here and I have some questions about unbound DNS and the interaction with adguard.
Wana use OPNSense as my main Router and I will migrate Service by Service started with DNS.

Configured Unbound DNS in Adguard on 5353 with the following settings.
Code Select

Port: 5353
DNSSEC: ON
DNS64: ON DNS64 prefix
DHCP Registration: ON
IPv6 Link-Local: ON
TXT Comment Support: ON
DNS Cache: ON


DNS over TLS to following Servers
Code Select

1.1.1.1 853
8.8.8.8 853
9.9.9.9 853
149.112.112.112 853
1.0.0.1 853
2606:4700:4700::1111 853
2606:4700:4700::1001 853


When I use the 127.0.0.1:5353 in my Adguard (that is installed on the same host with the OPNsense plugin) DNS Requests need ages to load and some pages don't load even after waiting a few minutes.

When I use the Servers direct in my Adblock everything is fine.

What did I do wrong? Can I give you more Information?

Best regards,
Stephan
Pages1