"Quote from: mscd on July 06, 2021, 08:41:45 AMany solutions yet to that problem? I would like to get a transparent squid web-proxy running in combination with multi-wan-load-balancing.
+1
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
Web Proxy Filtering and Caching / Re: Load Balancing outgoing squid traffic
April 25, 2025, 10:46:59 AM+1
#2
General Discussion / Re: Unbound DNS cannot flush out stale DNS entries
April 03, 2024, 03:58:58 PM
stumbling over the same problem today.
Reading https://unbound.docs.nlnetlabs.nl/en/latest/topics/core/serve-stale.html unbound can be configured how to handle stale data.
Loooking at my OPNsense -> Unbound DNS -> Advanced -> Serve Expired Responses is NOT enabled
Should I also configure "Maximum TTL for RRSets and messages" ??
OPNsense 23.10.2 / Unbound 1.19.0
Reading https://unbound.docs.nlnetlabs.nl/en/latest/topics/core/serve-stale.html unbound can be configured how to handle stale data.
Loooking at my OPNsense -> Unbound DNS -> Advanced -> Serve Expired Responses is NOT enabled
Should I also configure "Maximum TTL for RRSets and messages" ??
OPNsense 23.10.2 / Unbound 1.19.0
#3
High availability / Re: "Enter persistent carp maintenance mode" does not switch backup to master
March 13, 2024, 02:42:50 PM
are there any logs on the OPNsense where I can analyze if there are some problems with teh CARP protocol ??
#4
23.7 Legacy Series / Re: unbound Enable AAAA-only mode and squid dns_v4_first
March 04, 2024, 06:09:34 PMQuote from: Maurice on December 02, 2023, 06:53:54 PM
I don't fully understand that squid issue,
The issue is that squid tries to access the website using IPv6 even when the WAN connection is IPv4 only:
Code Select
ERROR
The requested URL could not be retrieved
The following error was encountered while trying to retrieve the URL: https://www.heise.de/*
Connection to 2a02:2e0:3fe:1001:7777:772e:2:85 failed.
The system returned: (65) No route to host
The remote host or network may be down. Please try the request again.
Your cache administrator is administrator@xxxxx.xx.
Generated Mon, 04 Mar 2024 17:02:32 GMT by fw01.intern.xxxxx.xx (squid/6.5) #5
23.7 Legacy Series / Reporting -> Traffic -> Top Talkers : Order ?
February 23, 2024, 04:57:40 PM
When looking at "Top Talkers" I assume it should be sorted by some param, but I cant find any sorting of the data?
When clicking the column heads I cant see any effect on ordering the data.
Additional there is a drop down field, which defaults to 10 seconds, I assume this is the refresh rate?
But you can only select from 500 ms to 10 seconds:
500 ms for reading a table with two dozens rows and eight columns??
Best regards
Klaus
When clicking the column heads I cant see any effect on ordering the data.
Additional there is a drop down field, which defaults to 10 seconds, I assume this is the refresh rate?
But you can only select from 500 ms to 10 seconds:
500 ms for reading a table with two dozens rows and eight columns??
Best regards
Klaus
#6
23.7 Legacy Series / Re: Error in Live View (Firewall)?
January 19, 2024, 10:11:10 PMQuote from: lar.hed on December 27, 2023, 12:07:50 PM
Filtering on IGMP and/or ICMP either is not working at all (they always seems to end up somewhere else in list of rules...) or Live View just shows odd filters.
I am seeing the same behaviour here on:
OPNsense 23.10.1_2-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w
#7
General Discussion / Re: Host range in alias doesn't seem to work
July 25, 2023, 05:55:21 PMQuote from: RoamingJay on March 08, 2023, 03:01:15 AM
*it accepts both 192.168.1.200-209 and 192.168.1.200-192.168.1.209 for adding an alias, but rules will only work with the later.
So ist he first notation a valid one??
So it would be nice if there is some helptext in the gui which describes valid notations.
#8
Virtual private networks / Re: openvpn certificate expired
July 19, 2023, 02:04:48 PM
So OpenVPN is running again.
Steps I have taken:
- create new SSL VP CA
- create new SSLVPN Server Certificate
- change VPN->OpenVPN->Servers. Peer Certificate Authority and Server Certificate
- create new User Certificates (System->Access->Users) using as Certificate Authority the new CA
- export new Client config: VPN->OpenVPN->ClientExport
Steps I have taken:
- create new SSL VP CA
- create new SSLVPN Server Certificate
- change VPN->OpenVPN->Servers. Peer Certificate Authority and Server Certificate
- create new User Certificates (System->Access->Users) using as Certificate Authority the new CA
- export new Client config: VPN->OpenVPN->ClientExport
#9
Virtual private networks / Re: openvpn certificate expired
July 19, 2023, 11:42:09 AM
ooh, my certificate also expired today. The docs at https://docs.opnsense.org/manual/how-tos/sslvpn_client.html told me to create a SSL VPN CA with only a lifetime of 365 days.
Shouldn't the CA be valid for a longer time ??
As the CA expired we have to replace all Client certificates ??
I will be trying to create new certificates and will report back
Shouldn't the CA be valid for a longer time ??
As the CA expired we have to replace all Client certificates ??
I will be trying to create new certificates and will report back
#10
22.7 Legacy Series / Re: Creating personalized firewall rules for VPN users
January 27, 2023, 03:26:50 PM
So I solved the problem by creating different OpenVPN Servers with different ports and subnets.
#11
22.7 Legacy Series / Creating personalized firewall rules for VPN users
January 25, 2023, 12:49:42 PM
coming back to this old thread https://forum.opnsense.org/index.php?topic=3483.0
I am having now the same problem:
We have OpenVPN set up for different users: normal users, administrators, external users
How I can I create firewall rules, that e.g. external users are not allowed to access our mail server.
I have found https://openvpn.net/community-resources/configuring-client-specific-rules-and-access-policies/ but I don't understand how to configure this with the current OPNSense GUI.
Any Hints/Links where I should look after?
Cheers
Klaus
I am having now the same problem:
We have OpenVPN set up for different users: normal users, administrators, external users
How I can I create firewall rules, that e.g. external users are not allowed to access our mail server.
I have found https://openvpn.net/community-resources/configuring-client-specific-rules-and-access-policies/ but I don't understand how to configure this with the current OPNSense GUI.
Any Hints/Links where I should look after?
Cheers
Klaus
#12
Web Proxy Filtering and Caching / Re: How to make a persistent change to squid.conf
December 21, 2022, 03:19:51 PMQuote from: franco on March 10, 2022, 01:48:37 PM
It's documented here:
https://docs.opnsense.org/development/backend/templates.html#target-overwrites
I have read this docs now three times and still don't understand how this will help me to add additional configuration lines to squid.conf
If someone has used the templates to change squid.conf and share his knowledge I would be happy to create a Pull Request (PR) for the docs.
@franco : Or is there any other site / wiki where we can share/find such HowTo's ??
Hint #1 found in https://forum.opnsense.org/index.php?topic=5892.msg24457#msg24457
#13
Web Proxy Filtering and Caching / Re: Web Proxy - Feature Request
December 21, 2022, 03:13:59 PM #14
Web Proxy Filtering and Caching / Re: Fetching of intermediate Certificates
December 21, 2022, 02:54:35 PMQuotei inserted the following lines
Sorry to ask, but WHERE did you insert these lines?
#15
Documentation and Translation / Migration Notes for 22.10
November 20, 2022, 04:36:42 PM
The docs at https://docs.opnsense.org/releases/BE_22.10.html?highlight=migration
advise to
But sadly there is no link to these "migration notes".
Where can I find the "migration notes" ??
Thx Klaus
advise to
QuotePlease make sure to read the migration notes before upgrading.not only once but twice.
But sadly there is no link to these "migration notes".
Where can I find the "migration notes" ??
Thx Klaus
