1
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
3
Virtual private networks / Re: Site to Site connection by using ZeroTier
« on: April 24, 2024, 06:28:59 pm »
Hello guys,
I just want to share what i've been successfully done atfer
struggling couple days to solve it.
I have 3 opnsense server node at 3 different cities.
Each of them are using Internet Service provider with private IP
a.k.a "behind CGNAT" (no Public ip address at all).
All of those 3 opnsense server using >> "zerotier plugin" <<
to connect to zerotier central service.
For furter Reference, i did setup each of opnsense server base one
tutorial on youtube: https://www.youtube.com/live/Zp5vKPLAYdc?feature=shared
I did setup each of them as follows:
Opensense City 1 (Jakarta) -- Zerotier Assigned IP: 10.144.77.1
in this server i have two LAN Subnet:
-- Main Office: 192.168.1.0/24
-- Family: 192.168.2.0/24
-- Servers Farm:: 192.168.3.0/24
Opensense City 2 (Bali) -- Zerotier Assigned IP: 10.144.77.2
In this server i have three LAN Subnet:
-- Motel Room: 10.10.0.0/16
-- Bar: 10.20.0.0/16
-- Management Office: 10.30.0.0/24
Opensense City 3 (San Diego-CA) -- Zerotier Assigned IP:10.144.77.3
In this server I have two LAN Subnet:
-- Family: 192.168.99.0/24
-- Servers Farm: 192.168.88.0/24
Afther finished doing that tutorial i do have same problem with him,
sometimes connected couple minutes then droped then connect again.
Or sometimes it doesn't connected at all all day long. Also it have spikes
of the "Zerotier packets" on each of the server - i assumed it was
called >> "software laser issue" <<, to solve it i do couple things as follow:
At Zerotier Central web Application: >> Advanced>Managed-Routes << i put following
route configuration as follows:
192.168.1.0/24 via 10.144.77.1
192.168.2.0/24 via 10.144.77.1
192.168.3.0/24 via 10.144.77.1
10.10.0.0/16 via 10.144.77.2
10.20.0.0/16 via 10.144.77.2
10.30.0.0/24 via 10.144.77.2
192.168.99.0/24 via 10.144.77.3
192.168.88.0/24 Via 10.144.77.3
Then I put "local.conf" configuration code on every opnsense server
(Jakarta, Bali, San Diego-CA). This can be done via opnsense web gui administration
which is at >> "VPN:Zerotier:Settings" << as follows:
{
"physical": {
"192.168.1.0/24": {
"blacklist": true
},
"192.168.2.0/24": {
"blacklist": true
},
"192.168.3.0/24": {
"blacklist": true
},
"10.10.0.0/16": {
"blacklist": true
},
"10.20.0.0/16": {
"blacklist": true
},
"10.30.0.0/24": {
"blacklist": true
},
"192.168.99.0/24": {
"blacklist": true
},
"192.168.88.0/24": {
"blacklist": true
}
}
}
Save & Apply !
It requires to restart every single opnsense server above
(Jakarta, Bali, and San Diego-CA) to work properly.
In result,
any of PC computer/laptop/phone (whithout installing zerotier on PCs/laptop/phone) that connected
to LAN network on one city could connect to any PC Computer/server on the two others cities
and vice versa. For example, i have laptop connected to LAN on opnsense server at jakarta
that have ip address: 192.168.1.7, it can connect file sharing on the NAS Server
on the opnsense San Diego-CA, simply connect to NAS Server local ip address 192.168.88.8.
If you would like to limit it, - based on your needs - you have to configure 2 things as follow:
1. Configure >> "Advanced>Managed Routes" << on Zerotier central web Application.
2. Configure firewalls rules at >> "Firewall:Rules:Ztier" << on every single opnsense server
connected to zerotier central.
I hope this can help others who have same difficulty to solve.
Regards,
Mukky Van Djava.
I just want to share what i've been successfully done atfer
struggling couple days to solve it.
I have 3 opnsense server node at 3 different cities.
Each of them are using Internet Service provider with private IP
a.k.a "behind CGNAT" (no Public ip address at all).
All of those 3 opnsense server using >> "zerotier plugin" <<
to connect to zerotier central service.
For furter Reference, i did setup each of opnsense server base one
tutorial on youtube: https://www.youtube.com/live/Zp5vKPLAYdc?feature=shared
I did setup each of them as follows:
Opensense City 1 (Jakarta) -- Zerotier Assigned IP: 10.144.77.1
in this server i have two LAN Subnet:
-- Main Office: 192.168.1.0/24
-- Family: 192.168.2.0/24
-- Servers Farm:: 192.168.3.0/24
Opensense City 2 (Bali) -- Zerotier Assigned IP: 10.144.77.2
In this server i have three LAN Subnet:
-- Motel Room: 10.10.0.0/16
-- Bar: 10.20.0.0/16
-- Management Office: 10.30.0.0/24
Opensense City 3 (San Diego-CA) -- Zerotier Assigned IP:10.144.77.3
In this server I have two LAN Subnet:
-- Family: 192.168.99.0/24
-- Servers Farm: 192.168.88.0/24
Afther finished doing that tutorial i do have same problem with him,
sometimes connected couple minutes then droped then connect again.
Or sometimes it doesn't connected at all all day long. Also it have spikes
of the "Zerotier packets" on each of the server - i assumed it was
called >> "software laser issue" <<, to solve it i do couple things as follow:
At Zerotier Central web Application: >> Advanced>Managed-Routes << i put following
route configuration as follows:
192.168.1.0/24 via 10.144.77.1
192.168.2.0/24 via 10.144.77.1
192.168.3.0/24 via 10.144.77.1
10.10.0.0/16 via 10.144.77.2
10.20.0.0/16 via 10.144.77.2
10.30.0.0/24 via 10.144.77.2
192.168.99.0/24 via 10.144.77.3
192.168.88.0/24 Via 10.144.77.3
Then I put "local.conf" configuration code on every opnsense server
(Jakarta, Bali, San Diego-CA). This can be done via opnsense web gui administration
which is at >> "VPN:Zerotier:Settings" << as follows:
{
"physical": {
"192.168.1.0/24": {
"blacklist": true
},
"192.168.2.0/24": {
"blacklist": true
},
"192.168.3.0/24": {
"blacklist": true
},
"10.10.0.0/16": {
"blacklist": true
},
"10.20.0.0/16": {
"blacklist": true
},
"10.30.0.0/24": {
"blacklist": true
},
"192.168.99.0/24": {
"blacklist": true
},
"192.168.88.0/24": {
"blacklist": true
}
}
}
Save & Apply !
It requires to restart every single opnsense server above
(Jakarta, Bali, and San Diego-CA) to work properly.
In result,
any of PC computer/laptop/phone (whithout installing zerotier on PCs/laptop/phone) that connected
to LAN network on one city could connect to any PC Computer/server on the two others cities
and vice versa. For example, i have laptop connected to LAN on opnsense server at jakarta
that have ip address: 192.168.1.7, it can connect file sharing on the NAS Server
on the opnsense San Diego-CA, simply connect to NAS Server local ip address 192.168.88.8.
If you would like to limit it, - based on your needs - you have to configure 2 things as follow:
1. Configure >> "Advanced>Managed Routes" << on Zerotier central web Application.
2. Configure firewalls rules at >> "Firewall:Rules:Ztier" << on every single opnsense server
connected to zerotier central.
I hope this can help others who have same difficulty to solve.
Regards,
Mukky Van Djava.
4
22.1 Legacy Series / Re: Unexpected TLS ClientHello on clear port
« on: January 13, 2023, 09:48:53 am »
dear @chemlud,
thank you for your kind explaination... this is my first experience using captive portal on opnsense.
what i learn from this behavior are, when a shitty device try to connect to wifi captive portal, all of sudden will appear those msg on opnsense monitor screen, and when the shitty device has success login then those msg disapear from opnsense monitor screen.
since it wasn't error and it just kind a informative message, Is it any possible way to make those msg not showing on the opnsense monitor screen ?...
Thx.
thank you for your kind explaination... this is my first experience using captive portal on opnsense.
what i learn from this behavior are, when a shitty device try to connect to wifi captive portal, all of sudden will appear those msg on opnsense monitor screen, and when the shitty device has success login then those msg disapear from opnsense monitor screen.
since it wasn't error and it just kind a informative message, Is it any possible way to make those msg not showing on the opnsense monitor screen ?...
Thx.
5
22.1 Legacy Series / Re: Unexpected TLS ClientHello on clear port
« on: January 12, 2023, 07:40:23 pm »
dear @chemlud,
thank you for your reply
turning off all of AP or wifi devices or turning off the captive portal will stop the message on the opnsense screen for sure.
but when i enable the captive portal again, and let some device connected via captive portal that message are begin to appears again, even i have been restart the opnsense several times. However all wifi devices connected are working perfect.. including captive portal are working perfect as well...
I just wondering how to solve that error msg ?..
thx
thank you for your reply
turning off all of AP or wifi devices or turning off the captive portal will stop the message on the opnsense screen for sure.
but when i enable the captive portal again, and let some device connected via captive portal that message are begin to appears again, even i have been restart the opnsense several times. However all wifi devices connected are working perfect.. including captive portal are working perfect as well...
I just wondering how to solve that error msg ?..
thx
6
22.1 Legacy Series / Re: Unexpected TLS ClientHello on clear port
« on: January 12, 2023, 07:08:38 pm »
I have the same problem,
In my case, same problem appears when Captive portal are active. but if i de-activated captive portal, that problem disapear. This happen when any of device are connected to the wifi via captive portal for both android and pc.
Is there any solution suggestion yet ?
Thx
In my case, same problem appears when Captive portal are active. but if i de-activated captive portal, that problem disapear. This happen when any of device are connected to the wifi via captive portal for both android and pc.
Is there any solution suggestion yet ?
Thx
7
General Discussion / Re: maximum number of lan interfaces supported
« on: November 18, 2022, 07:40:46 am »
This maybe outdated,
But recently i have same problem, i've been using lan card with 4 port of LAN. opnsense only detecting 3 port, there are one port missing. And also BIOS in my motherboard not detecting one of two RAM Slot (bios only detecting one RAM Slot)
Long story short,
there are couple of needles on the processor slot at motherboard are not properly stiffed. It is so small, i have to use magnificent glass to see it. After i made them proper using 2 sewing needles then everything is back to normal. If you have this symptom, it's better check, to avoid problem when its operate in the future, for some reason if the processor getting hot those needle on the processor slot could be not stiffed as it suppose to be.
But recently i have same problem, i've been using lan card with 4 port of LAN. opnsense only detecting 3 port, there are one port missing. And also BIOS in my motherboard not detecting one of two RAM Slot (bios only detecting one RAM Slot)
Long story short,
there are couple of needles on the processor slot at motherboard are not properly stiffed. It is so small, i have to use magnificent glass to see it. After i made them proper using 2 sewing needles then everything is back to normal. If you have this symptom, it's better check, to avoid problem when its operate in the future, for some reason if the processor getting hot those needle on the processor slot could be not stiffed as it suppose to be.
btw:
when have the configuration:
1 onboard ethernet,
2 pcie ethernet,
1 usb ethernet,
i can see 4 interfaces in opnsense (re0,re1,re2,ue0)
but with:
1 onboard ethernet,
3 pcie ethernet,
i see only 3 interfaces in opnsense (re0, re1, re2)
although there are also 4 physical interfaces available.
what's wrong?
Pages: [1]