Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - malli2602

Pages: [1]

German - Deutsch / Re: Mein LAN Client kann sein eigenes Gateway nicht erreichen

« on: April 01, 2024, 06:24:02 pm »

Hi Patrick,

vielen Dank für deine Rückmeldung.
Ich werde das, sobald ich wieder Zugriff habe, testen.
Nur das mit ich das richtig verstanden habe...
Du meinst das ich die Route im opnsense 10.10.10.0/24 -> 10.10.10.1 entfernen soll?

Beste Grüße,
Stephan

German - Deutsch / Re: Mein LAN Client kann sein eigenes Gateway nicht erreichen

« on: March 30, 2024, 05:39:30 pm »

Quote from: Patrick M. Hausen on March 28, 2024, 02:50:14 pm

Hast du auf der OPNsense einen Gateway 10.10.11.1 im LAN angelegt? Mach den weg, im LAN gibs keinen Gateway, wenn da nicht noch andere Netze irgendwo sind.

Quote from: chemlud on March 28, 2024, 04:06:04 pm

äääh, wenn die Sense 10.10.11.2 als Adresse hat kann sie nicht auf pings an 10.10.11.1 antworten, oder?

Quote from: Tuxtom007 on March 28, 2024, 03:41:50 pm

Mich stört da oben in dem Bild mehr die LAN : 10.10.11.2/24 an der OPNSense.

die 10.10.11.1/24 wäre das Netzwerk und die .1 dann eben auch das Interface der OPNSense im LAN, die vom Client dann als Router oder Gateway gesehen wird.
( so ies zumindest bei mir )

Oder ist das anders, wenn nur ein LAN vorhanden ist, also keine weiteren VLAN's etc. ?

Ja, das habe ich gemacht. War ein Fehler im Netzwerkdiagramm oben.

IP Fritzbox: 10.10.10.1
IP WAN Port OPN: 10.10.10.2
IP LAN Port OPN: 10.10.11.1
IP Client: 10.10.11.X

Routen Fritzbox:
10.10.11.0/24 -> 10.10.10.2

Routen OPNsense:
default -> 10.10.10.1
10.10.11.0/24 -> 10.10.11.1
10.10.10.0/24 -> 10.10.10.1

German - Deutsch / Re: Mein LAN Client kann sein eigenes Gateway nicht erreichen

« on: March 30, 2024, 10:03:09 am »

Hallo zusammen,

ich befinde mich zurzeit im Urlaub und werde nach Ostern antworten müssen.
Schonmal vielen Dank für die tolle Unterstützung.

Schöne Feiertage euch allen!

Grüße!

German - Deutsch / Mein LAN Client kann sein eigenes Gateway nicht erreichen

« on: March 28, 2024, 02:45:21 pm »

Hallo zusammen,

ich benötige etwas hilfe.
Hier meine Netzwerk Topologie:

Code: [Select]

      WAN / Internet
            :
            : Vodafone Cable 1000
            :
      .-----+-----------.
      |  Fritzbox 6660 | 
      '-----+-----------'
                | 10.10.10.1/24
                |
                | WAN : 10.10.10.2/24
      .-----+---------. 
      |  OPNsense    |
      '-----+---------' 
               | LAN : 10.10.11.1/24
               |
               | 10.10.11.124/24 (vom DHCP)
      .-----+---------. 
      |  Client          |
      '-----+---------'

Die Struktur ist noch sehr einfach.
Mein Problem ist nun aber mein Client die OPNsense nicht pingen kann.

Firewall ist aus zu Testzwecken:
[ x ] DISABLE ALL PACKAT FILTERING

Routen an der FritzBox:
10.10.11.0/24 auf 10.10.10.2

Routen auf der OPNsense:
0.0.0.0/0 auf 10.10.10.1
10.10.10.0/24 auf 10.10.10.1
10.10.11.0/24 auf 10.10.11.1

Aus dem Netz an der Fritzbox kann ich das LAN Gatway (10.10.11.1) ohne Probleme Pingen.
Wenn ich den Client Pingen möchte dann bekomme ich einen
Reply from 10.10.11.1: TTL expired in transit

Mein Client im 10.10.11.0/24 Netz kann aber noch nicht mal sein eigenes Gateway pingen.

Was kann ich tun um das zu beheben?

Besten Dank!

General Discussion / Re: Need some help with my homenetwork design and configuration

« on: March 27, 2024, 01:29:06 pm »

Hey your right.
I'm from Germany.
Thank you for sharing that information with me.
Really doesn't thought that this architecture is so complex

General Discussion / Re: Need some help with my homenetwork design and configuration

« on: March 27, 2024, 10:49:23 am »

Not much going on here.
Do I something wrong? Is there more information that I can provide?

General Discussion / Need some help with my homenetwork design and configuration

« on: March 24, 2024, 12:33:05 pm »

Hello you lovely networking guru's.

I am about to bring my home network to the next level and want to segment it a little.

Here is my hardware overview
Router for internet connection: Fritzbox 6660 Cable
Router for internal firewalling: OPNsense VM on Unraid
Managed Switch: Mikrotik with Router OS

Scheduled network segments
Fritzbox Network // 10.10.10.0/24 // DMZ & Wi-Fi for Gaming and non-trusted stuff
VLAN11 // 10.10.11.0/24 // Work Network
VLAN12 // 10.10.12.0/24 // Private Network

I do not have a lot of experience in networking stuff as an old endpoint management horse

What I try to archive here:

Fritzbox should still open the internet connection
OPNsense should be there to route and manage the traffic between DMZ and the VLANs
Mikrotik is basically there for switching the VLANs
Wi-Fi is provided by Fritzbox

Question 1:
Makes that structure any sense?

Question 2:
Where to configure VLANs and how

Mikrotik oder OPNsense and give it to mikro over thrunkport
something that is counting for OPNsense here is that I have access to VLANs in my Unraid, or am I wrong.
Point for Mikrotik is probably speed and better management

Question 3:
Where to place DNS (Adguard / PiHole)?

Question 4:
Even if the Fritzbox network 10.10.10.0/24 is not manageable, is it possible to place a VLAN10 with that net in the OPNsense Router to forward it to some of the free ports of the unraid or some VM's

Question 5:
How does the routing table need to look like for every of that network devices?

Question 6:
Do I need NAT here in that scenario and if yes how that works?

I attached a google drive link to PDFs with the planned network structure.
https://drive.google.com/drive/folders/1P-U3V01cpTxVZDVkrgBTYBLwlfy0AYwf?usp=sharing

Thank you very much for any information.

Cheers!
Stephan

General Discussion / Re: Questions about unbound DNS and Adguard

« on: November 29, 2021, 03:41:21 pm »

Started from scratch.
After I reinstalled the adguard and started from scratch I get it up and running.
DNS is now much quicker and security is good for IPv4 and 6.
What is not working right now is that adguard is not showing the hostnames of the clients.
does someone know about that?

Thanks

General Discussion / Re: Questions about unbound DNS and Adguard

« on: November 29, 2021, 02:51:32 pm »

Quote from: cookiemonster on November 29, 2021, 01:24:39 pm

Try this thread for a view of how they interact https://forum.opnsense.org/index.php?topic=22162.0 .

Hi and thank you for the answer.
Unfortunately, that's not helping me because of some reason.
1. They are ignoring IPv6 completely
2. They are not using DoT
3. The unbound DNS config with "Only select: 'Register DHCP leases' & 'Register DHCP static mappings'" is not working at all.

any other ideas or even more information I can share with you?

King regards,
Stephan

General Discussion / Questions about unbound DNS and Adguard

« on: November 29, 2021, 12:00:25 pm »

Hello OPNsens Folks,

I'm pretty much new here and I have some questions about unbound DNS and the interaction with adguard.
Wana use OPNSense as my main Router and I will migrate Service by Service started with DNS.

Configured Unbound DNS in Adguard on 5353 with the following settings.

Code: [Select]

Port: 5353
DNSSEC: ON
DNS64: ON DNS64 prefix
DHCP Registration: ON
IPv6 Link-Local: ON
TXT Comment Support: ON
DNS Cache: ON

DNS over TLS to following Servers

Code: [Select]

1.1.1.1	853	 	 
8.8.8.8	853	 	 
9.9.9.9	853	 	 
149.112.112.112	853	 	 
1.0.0.1	853	 	 
2606:4700:4700::1111	853	 	 
2606:4700:4700::1001	853

When I use the 127.0.0.1:5353 in my Adguard (that is installed on the same host with the OPNsense plugin) DNS Requests need ages to load and some pages don't load even after waiting a few minutes.

When I use the Servers direct in my Adblock everything is fine.

What did I do wrong? Can I give you more Information?

Best regards,
Stephan

Pages: [1]