1
23.1 Legacy Series / Re: Import trusted certificate via shell
« on: March 15, 2023, 01:22:53 am »
That is so awesome - Thanks a lot for sharing bartjsmit! Will try it out
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
23.1 Legacy Series / Import trusted certificate via shell
« on: March 11, 2023, 04:57:58 am »
Hi,
I have a centralized Let's Encrypt server that manages multiple domains and would like to keep that setup separate as it involves quite a bit of automation.
Preferably I would like to migrate my current StrongSwan VPN server (running in a VM) along with its domain certificate into my awesome OPNsense desktop appliance so I could retire that VPN VM.
Is there a way to import the 3 cert files (certs/server-cert.pem, cacerts/chain.pem, private/server-key.pem) via SCP/API; import them from my VM managing the certificates? And have that import setup on a schedule that would be available to the OPNsense IPsec VPN service in an automated fashion?
Thanks in advance!
I have a centralized Let's Encrypt server that manages multiple domains and would like to keep that setup separate as it involves quite a bit of automation.
Preferably I would like to migrate my current StrongSwan VPN server (running in a VM) along with its domain certificate into my awesome OPNsense desktop appliance so I could retire that VPN VM.
Is there a way to import the 3 cert files (certs/server-cert.pem, cacerts/chain.pem, private/server-key.pem) via SCP/API; import them from my VM managing the certificates? And have that import setup on a schedule that would be available to the OPNsense IPsec VPN service in an automated fashion?
Thanks in advance!
3
23.1 Legacy Series / Re: looping back from a NATed private IP via its own public IP, any port, no-go
« on: February 18, 2023, 08:54:24 am »
You guys rock! Worked like a charm - thanks a lot!
4
23.1 Legacy Series / looping back from a NATed private IP via its own public IP, any port, no-go
« on: February 16, 2023, 10:04:53 pm »
Hi,
I just bought an OPNsense DEC740 and upgraded to latest firmware 23.1.1. I have set it up as a simple router with single NATed subnet (129.168.214.0/24) with the following forwarded ports, 80, 443.
What used to work with my old router was to reach a web server running on the private network from another computer on the same subnet via the public IP/FQDN (www.8ccr.com) but I have not been able to get that to work, only from an external device coming in so I know port forwarding is working.
This works:
External IP:80 -> www.8ccr.com:80 (71.183.45.64:80) --> WAN Interface:80 > NATed to private IP:80 (192.168.214.10/24)
This does NOT work:
192.168.214.7 -> www.8ccr.com:80 (71.183.45.64:80) -> WAN interface:80 -> NATed back to private IP:80 (192.168.214.10/24)
I performed two Packet Captures on the WAN interface; one for the external IP and one for the internal (during the tests above). I can see the traffic from the external but not from the internal so it looks like the internal request is not even reaching the WAN interface.
I am sure I am missing a setting somewhere since this was all working with my old router, I just haven't been able to find it for loopback kind of traffic in OPNsense.
Thanks in advance for any pointers.
I just bought an OPNsense DEC740 and upgraded to latest firmware 23.1.1. I have set it up as a simple router with single NATed subnet (129.168.214.0/24) with the following forwarded ports, 80, 443.
What used to work with my old router was to reach a web server running on the private network from another computer on the same subnet via the public IP/FQDN (www.8ccr.com) but I have not been able to get that to work, only from an external device coming in so I know port forwarding is working.
This works:
External IP:80 -> www.8ccr.com:80 (71.183.45.64:80) --> WAN Interface:80 > NATed to private IP:80 (192.168.214.10/24)
Code: [Select]
user@external:~$ nc -vz www.8ccr.com 80
Connection to www.8ccr.com 80 port [tcp/http] succeeded!This does NOT work:
192.168.214.7 -> www.8ccr.com:80 (71.183.45.64:80) -> WAN interface:80 -> NATed back to private IP:80 (192.168.214.10/24)
Code: [Select]
user@internal:~$ nc -vz www.8ccr.com 80
nc: connect to www.8ccr.com (71.183.45.64) port 80 (tcp) failed: Connection timed outI performed two Packet Captures on the WAN interface; one for the external IP and one for the internal (during the tests above). I can see the traffic from the external but not from the internal so it looks like the internal request is not even reaching the WAN interface.
I am sure I am missing a setting somewhere since this was all working with my old router, I just haven't been able to find it for loopback kind of traffic in OPNsense.
Thanks in advance for any pointers.
Pages: [1]