Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - b1nb4sh

Pages1
#1
Virtual private networks / Re: Wireguard S2S DHCP Relay Issue
June 22, 2022, 02:45:39 PM
Nevermind I found a working solution.

Disabled the dhcp relay on opnsense and configured it on the core switches and now everything is working as expected.

Funny fact: on side C is only an openwrt router with wireguard. Connected to both Sides A & B and the dhcp relay is working without any problems.
#2
Virtual private networks / Wireguard S2S DHCP Relay Issue
June 20, 2022, 10:55:39 PM
Hello,

Currently I have three sites and I want to distribute my systems between SiteA and SiteB. So I began to migrate my DCs and DHCP-Servers, but I face a strange problem. Here is the configuration:

Every FW is on OPNsense 22.1.8_1-amd64


SiteA
HA-CARP
10.0.5.1 (VIP)
10.0.5.2 FW1
10.0.5.3 FW2
10.0.9.1 (VIP)
10.0.9.2 FW1
10.0.9.3 FW2

VPN (WG0)
172.31.254.1 (VIP) --> Wireguard-kmod
172.31.254.2 FW1
172.31.254.3 FW2

DHCP-Server
10.0.5.6 (ISC-DHCP) GW:5.1

Clients (relayed) --> 10.0.5.6 & 10.0.18.2
10.0.9.0/24

---------------------------------------------------------

SiteB
172.31.254.4 FW1 --> Wireguard-kmod
10.0.18.1 FW1
10.0.22.1 FW1

DHCP-Server
10.0.18.2 (ISC-DHCP) GW:18.1

Clients (relayed) --> 10.0.5.6 & 10.0.18.2
10.0.22.0/24

I only get leases from 10.0.18.2 on SiteB, until I disable DHCP 10.0.18.2 and the clients are stuck on trying to fetch an ip and on siteA I found the following dhcrelay error:
Error   dhcrelay   Packet to bogus giaddr 10.0.22.1.
I also tried to disable the dhcrelay on SiteAFW but it still doesn't work.
When I setup an isc-dhcp-relay agent in the clients network (10.0.9.0 & 10.0.22.0) the request are forwarded to the dhcp servers without any issues.


                                                                 


#3
High availability / Primary node is blocking access to second node
January 21, 2022, 07:19:31 PM
Hello,

I have bought an used apu4 board and installed opnsense on it.
Now I have 2 Nodes and added them to an HA.

I have added an interface lan_adm and allowed tcp:22 to from this network to any other network. Synched the two nodes and now comes the funny part.
I can connect to the second node with my admin pc, but after some time the connection get blocked...
So for ssh I get broken pipe and for the https connection I get sometimes a timeout. I have added some screenshots to show this situation
10.0.8.11 is my admin pc
10.0.1.3 is the second node
#4
General Discussion / Re: Firewall Live view is only displaying "let out anything..."
January 21, 2022, 07:07:24 PM
Problem has been solved  8)
#5
General Discussion / Firewall Live view is only displaying "let out anything..."
January 20, 2022, 07:13:41 PM
Hello everyone,

first of all opnsense is awesome :) I got a APU4 Board and installed it without and problem.
Currently I have a problem with a device, because something is blocked and I tried to find the connection during the live view.
I labelled all of my rules but non of them are displayed under the live view. I only see "let out anything from the firewall itself" "Default deny rule" and "Block all ipv6".
Is this behavior normal?
To my setup:
APU4
igb0 - wan (No Carp)
igb1 - lagg0
igb2 - lagg0
igb3 - not in use
I have added a carp vip on every vlan for the future use of an HA Setup and this carp vip is my gateway.
Is this wrong? Should I use the IP Alias instead? But is it possible to use an IPAlias as a gateway?

Modem
     |
opnsense (CARP: 192.168.10.1 / 192.168.20.1 / 192.168.30.1 / 192.168.40.1)
     |
lagg0
    |
switch
    |----- vlan 10
    |----- vlan 20
    |----- vlan 30
    |----- vlan 40



   






Pages1