Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - rudiratlos63

Pages1 2 3
#1
26.1 Series / Re: Serivce Network Time and Mac OS sntp: Exchange failed: Server not synchronized
March 07, 2026, 07:48:13 PM
Hi,
das versuche ich ja erfolglos.
1. Wie kann ich den redirect machen?
#2
26.1 Series / Re: Serivce Network Time and Mac OS sntp: Exchange failed: Server not synchronized
March 07, 2026, 01:29:08 PM
Ich denke ich habe es gefunden, unter NetworkTime/Status: de.pool.ntp.org .POOL. 16 sagt, dass die zeit mit diesem pool nicht gesynct werden konnte.
Ein zusätzlicher preferred Eintrag time.cloudflare.com und do not use de.pool.ntp.org bringt den Status mit einem  Active Peer und ein Stratum 3.
Danach war von der MAC OS cli: sntp <myOPNsenseIP> erfolgreich: +0.013941 +/- 0.026170 ....

was mich wundert: sntp de.pool.ntp.org +0.013529 +/- 0.024695 de.pool.ntp.org 85.220.190.246
von der MAC OS cli ist erfolgreich. Anscheinend kommuniziert time.cloudflare.com über einen anderen Port, abweichend von 123
#3
26.1 Series / Serivce Network Time and Mac OS sntp: Exchange failed: Server not synchronized
March 07, 2026, 10:13:04 AM
Hello,
in NetworkTime/General I have defined: prefer, de.pool.ntp.org
In Firewall/Rules/INT is defined: pass, INT, direction:in, ip4, UDP, Source: INTnet, Destination: INTaddr, port:123

test on mac os cli: sntp -S de.pool.ntp.org
result: +0.014647 +/- 0.023983 de.pool.ntp.org 162.159.200.123

test on mac os cli: sntp -S <myInternalOPNsenseIP>
result:   
sntp: Exchange failed: Server not synchronized
sntp_exchange {
        result: 9 (Server not synchronized)
        header: E4 (li:3 vn:4 mode:4)
       stratum: 00 (0)
          poll: 03 (8)
     precision: 00 (1.000000e+00)
         delay: 0000.0000 (0.000000000)
    dispersion: 0000.0000 (0.000000000)
           ref: 52415445 ("RATE")
         t_ref: 00000000.00000000 (0.000000000)
            t1: ED5669AC.E574D594 (3981863340.896313999)
            t2: ED5669AC.E574D594 (3981863340.896313999)
            t3: ED5669AC.E574D594 (3981863340.896313999)
            t4: ED5669AC.E5F7B5AE (3981863340.898310999)
        offset: FFFFFFFFFFFFFFFF.FFBE8FF300000000 (-0.000998500)
         delay: 0000000000000000.0082E01A00000000 (0.001997000)
          mean: 00000000ED5669AC.E574D59400000000 (3981863340.896314144)
         error: 0000000000000000.0000000000000000 (0.000000000)
          addr: 10.8.81.1
}
sntp: Exchange failed: Timeout
sntp_exchange {
        result: 6 (Timeout)
        header: 00 (li:0 vn:0 mode:0)
       stratum: 00 (0)
          poll: 00 (1)
     precision: 00 (1.000000e+00)
         delay: 0000.0000 (0.000000000)
    dispersion: 0000.0000 (0.000000000)
           ref: 00000000 ("    ")
         t_ref: 00000000.00000000 (0.000000000)
            t1: ED5669AC.E60A84BE (3981863340.898597999)
            t2: 00000000.00000000 (0.000000000)
            t3: 00000000.00000000 (0.000000000)
            t4: 00000000.00000000 (0.000000000)
        offset: FFFFFFFF8954CB29.8CFABDA100000000 (-1990931670.449299097)
         delay: FFFFFFFF12A99653.19F57B4200000000 (-3981863340.898598194)
          mean: 0000000000000000.0000000000000000 (0.000000000)
         error: 0000000000000000.0000000000000000 (0.000000000)
          addr: 10.8.81.1
}
sntp: Exchange failed: Timeout
sntp_exchange {
        result: 6 (Timeout)
        header: 00 (li:0 vn:0 mode:0)
       stratum: 00 (0)
          poll: 00 (1)
     precision: 00 (1.000000e+00)
         delay: 0000.0000 (0.000000000)
    dispersion: 0000.0000 (0.000000000)
           ref: 00000000 ("    ")
         t_ref: 00000000.00000000 (0.000000000)
            t1: ED5669AD.E77D1FE6 (3981863341.904252999)
            t2: 00000000.00000000 (0.000000000)
            t3: 00000000.00000000 (0.000000000)
            t4: 00000000.00000000 (0.000000000)
        offset: FFFFFFFF8954CB29.0C41700D00000000 (-1990931670.952126503)
         delay: FFFFFFFF12A99652.1882E01A00000000 (-3981863341.904253006)
          mean: 0000000000000000.0000000000000000 (0.000000000)
         error: 0000000000000000.0000000000000000 (0.000000000)
          addr: 10.8.81.1
}
sntp: Exchange failed: Timeout
sntp_exchange {
        result: 6 (Timeout)
        header: 00 (li:0 vn:0 mode:0)
       stratum: 00 (0)
          poll: 00 (1)
     precision: 00 (1.000000e+00)
         delay: 0000.0000 (0.000000000)
    dispersion: 0000.0000 (0.000000000)
           ref: 00000000 ("    ")
         t_ref: 00000000.00000000 (0.000000000)
            t1: ED5669AE.E8ED1BF7 (3981863342.909867999)
            t2: 00000000.00000000 (0.000000000)
            t3: 00000000.00000000 (0.000000000)
            t4: 00000000.00000000 (0.000000000)
        offset: FFFFFFFF8954CB28.8B89720480000000 (-1990931671.454933882)
         delay: FFFFFFFF12A99651.1712E40900000000 (-3981863342.909867764)
          mean: 0000000000000000.0000000000000000 (0.000000000)
         error: 0000000000000000.0000000000000000 (0.000000000)
          addr: 10.8.81.1
}
+0.015877 +/- 0.032075 10.8.81.1 10.8.81.1
#4
High availability / Master not taking over CARP IP
February 08, 2026, 04:41:09 PM
My HA is working, but the Master will not be promoted to Master after a reboot.
My CARP IPs have the folowing VirtualIP CARP settings:
Backup Server: Advbase set to 1 and Advskew set to 100, Disable preempt: off
Master Server: Advbase set to 1 and Advskew set to 0,   Disable preempt: on
#5
High availability / Re: CARP and Unbound DNS response
February 07, 2026, 06:00:17 PM
thank you for your patience. Now it works.
#6
High availability / Re: CARP and Unbound DNS response
February 06, 2026, 06:46:09 PM
I#ve got the following error:

There were error(s) loading the rules: /tmp/rules.debug:187: no translation address with matching address family found. - The line in question reads [187]: rdr on vtnet1 inet6 proto {tcp udp} from {(vtnet1:network)} to $CARP_DMZ_IP port {53} -> 127.0.0.1 port 53 # CARP DNS forwarding
#7
High availability / Re: CARP and Unbound DNS response
February 05, 2026, 07:01:03 PM
Where should I do this?
I have Adguard running on DNS Port 53. Unbound runs on Port 5354
#8
High availability / Re: CARP and Unbound DNS response
February 05, 2026, 03:55:05 PM
Hello Patrick,
this is not working. same result. pls. see attached screenshots. I've defined the nat rule you suggested.
#9
High availability / CARP and Unbound DNS response
February 04, 2026, 05:14:29 PM
Hello,
I have a CARP-IP (10.8.99.1) on my INT ernal Interface and a physical IP (10.8.99.3).
my client gets per KEAdhcp the DNS serverIP as CARP-IP (10.8.99.1).
a nslookup to google.com from client cli gets the error, that the info is expected from 10.8.99.1#53, but 10.8.99.3#3 responded.
The client drops the dns info, because its not from the CARP-IP.
How to configure, that Unbound uses the CARP-IP and not the physical IP from node1 in the HA config.
#10
Web Proxy Filtering and Caching / Homeassistant behind nginx proxy not working
February 25, 2024, 04:05:34 PM
Hi, I try to run Homeassistant (running on port 8123) behind the nginx plugin.
in homeassistant configuration.yaml in section http: I have the entries use_x_forwarded_for: true and trusted_proxies: <lan address of opnsense>

in nginx logs http access, I get error status codes 304 400 499

according to
https://community.home-assistant.io/t/reverse-proxy-using-nginx/196954

there are headers needed like:
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

but I can not get it to run.

Is there a way to set the headers via the opnsense web gui?
#11
German - Deutsch / Re: Einstellungen OPNsense hinter FritzBox - Zugriff von außen
February 24, 2024, 02:43:53 PM
installiere auch das crowdsec plugin.
#12
German - Deutsch / Re: Einstellungen OPNsense hinter FritzBox - Zugriff von außen
February 24, 2024, 02:23:53 PM
Hi,
habe ähnliche konfig. FritzBox (FB) und dahinter eine esxi vm mit opnsense.
In der FB habe ich die opnsense ip als exposed host eingetragen. Die FB filtert somit nicht. das soll alles opnsense machen. dyndns macht ausschließlich opnsense. Ich habe noch in der dmz (2.eth anschluß) einen mailserver, hängen, der smtp anbietet sowie eine weboberfläche zum emial handling.
Dafür verwende ich nginx proxy. haproxy habe ich nicht installiert. nginx hört auf port 443 und leitet das zum port 80 des mailservers. das zertifikat handling macht somit ausschließlich nginx auf der opnsense mit dem acme client.
ich habe mehrere zertifakte für webmail.mydomain.xx ftp.mydomain.xx usw. nginx proxy kann dann anhand dieser domains auf die enzelnen upstream server in der dmz verzweigen.

in der firewall alias section:
definiere einen alias namen webaccess mit dem content 80 und 443
weitere aliase, je nach Bedarf e.g. für ftp ical usw.

in der firewall rules WAN section jeweils einen entry erzeugen:
protocol:IP4 Source:* Port:* Destination:WAN address Port:webaccess Gateway:* Schedule:*

NAT brauchst du für die einzelnen nginx upstream server nicht. Brauchst du nur für services die den nginx proxy nicht verwenden. e.g. ftp





#13
Web Proxy Filtering and Caching / Re: Youtube Restricted Mode when using opnsense
February 10, 2024, 02:08:40 PM
any news or solutions for that problem?
#14
24.1, 24.4 Legacy Series / Re: acme not working anymore (since 21 Dec 2023)
February 09, 2024, 06:29:06 PM
according to this message:
https://forum.opnsense.org/index.php?topic=38694.0
I reinstalled acme. But same result. certs can not be renewed
#15
24.1, 24.4 Legacy Series / Re: acme not working anymore (since 21 Dec 2023)
February 05, 2024, 05:05:38 PM
my response for http://<internal IP of my openses>/.well-known/acme-challenge/XXXXidXXXXX
is still forbidden.  Opensense Version OPNsense 24.1_1-amd64
Pages1 2 3