Messages

Hi all,

maybe some of the more experienced folks can give me some pointers...

What I have:
- 2 sites (soon to be 3) running OPNsense 26.1.7. with dnsmasq as DHCP and DNS server, no Unbound
- static DHCP/DNS entries configured in dnsmasq on both sites
- dnsmasq is configured to not be authoritative for the DNS domain example.com, and forward queries for example.com to the other sites' dnsmasq
  this works for resolving hostnames, but causes a loop in DNS query resolution which causes timeouts and slow resolution speed

The problem:
- nslookup looks like this (example from a client in site 1) and name resolution for internal services is slow in general

Code Select Expand

# nslookup server01
Server: opnsense01
Address: 10.10.10.254

DNS request timed out.
timeout was 2 seconds.

Name: server01.example.com
Address: 10.10.10.235

What I want:
- multiple sites using the same DNS domain (example.com) for internal hosts
- forward and reverse lookups of DHCP static and dynamic leases in DNS across sites
  (i.e. nslookup server01(.example.com) from site1 lan and site2 lan, as well as nslookup <IP-Address> from site1 and site2 lan)
- no duplication of records (i.e. if I have a DNS record in site1 setup, I don't have to add it to site2 as well)
- ideally, a 'single source of truth' (currently dnsmasq) for DHCP and DNS per site

Here is my sanitized dnsmasq.conf from site1. site2 looks similar.

Code Select Expand

# DO NOT EDIT THIS FILE -- OPNsense auto-generated file
#
rebind-localhost-ok
stop-dns-rebind
port=53
dhcp-fqdn
domain=example.com
dhcp-authoritative
# Never forward addresses in the non-routed address spaces.
bogus-priv
server=/example.com/10.20.20.254
rebind-domain-ok=/example.com/
# host entries flushed via dnsmasq_watcher.py [isc] and a dump of the static reservations
addn-hosts=/var/etc/dnsmasq-hosts
addn-hosts=/var/etc/dnsmasq-leases
dns-forward-max=5000
cache-size=10000
local-ttl=1
conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf
dhcp-range=tag:igc0,10.10.10.120,10.10.10.189,255.255.255.0,86400
domain=example.com,10.10.10.120,10.10.10.189
dhcp-host=aa:bb:cc:dd:ee:ff,10.10.10.190,device-xx
...
# default IPv4 DNS mapped to this server (0.0.0.0)
dhcp-option=6,0.0.0.0
# default IPv6 DNS mapped to this server (::)
dhcp-option=option6:23,[::]
no-ident


[Attention!]

Attention!

Hey everyone,

after the upgrade to 24.1, please check your cron job for updating OCSP data.
Since that function is no longer available from the list, mine was set to "Automatic firmware update", which could potentially be *really* bad :o



@TheHellSite: Thank you for the guide and the ongoing maintenance, much appreciated! :) (beer is on the way)

The user management in HAProxy has nothing to do at all with any login forms of services that are behind HAProxy! You can use this to add a login form that pops up before the client can even connect to the service that is behind HAProxy. So unrelated to your issue.

Figured as much. Was worth a try though.

Apart from that please ask in the official HAProxy forums about your issue since it is not related to my tutorial.

Alright, will do. Thanks anyways!

Hey all,

first of all, thank you for the amazing guide @TheHellSite, I have set it up over a year ago and everything works like a charm.

Today, I have a small problem. I have a Mikrotik switch that can only be accessed via Port 80 and requires HTTP basic auth.
I have setup my backend and map file like always, the site is reachable fine, however I cannot login. I enter my credentials and press enter, and the dialog for entering my credentials just shows back up infinitely. The credentials are correct, if I go to the switch via IP-address I can log in normally.



I have tried adding a user and password to 'User management' & ticking the box for Basic auth in the backend and selecting my user, no luck sadly. I'm pretty sure I just have to add an option somewhere to pass the auth header, however, I can't figure it out. Googling for the problem just leads to info on how to setup HAproxy to do basic auth, which I don't need... The logs also don't seem to show anything useful.

Anyone has any ideas? Thanks in advance.

Hi @TheHellSite,

just wanted to say thank you for this excellent guide, worked like a charm and thaught me much about how HAProxy works. Thank you for a job well done!  :)

Cheers!

Hi mrzaz,

wow, I'm stupid  ::)

Anyway, just changed my settings and tested the auto shutdown, works perfectly!
The Dashboard widget also works without issues.

Thanks again for you guys's work, I highly recommend anyone with an APC UPS to check this out. Looking forward for this to become official  :D

Cheers!

@Droid999, @mrzaz, @xbb

Hey guys, wanted to say thank you for working on this.

I have installed v1.2.2 of the package from @xbb's fork on OPNsense 22.1, works exactly as expected so far. I am connected to another server running apcupsd via the Ether and net options.

In the future, it would be interesting to expose these options through the GUI as well:

BATTERYLEVEL
MINUTES

With these two options one can fine tune when the system is shut down in the event of a power failure. The default settings of 3 minutes runtime left and 5% charge remaining are a little on the aggressive side.

Another thing to think about would be exposing the hosts.conf file somehow and integrate monitoring remote devices if OPNsense functions as a server for a USB connected UPS.

Sadly, I am not a programmer, so I cant help much in that area, but if you need further testing let me know.

Cheers!