Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - dannyyy

Pages: [1]

Tutorials and FAQs / [Howto] Enabling the Web GUI / SSH on your management interface

« on: November 23, 2024, 12:03:10 pm »

Hi,

I had my difficulties to enable the remote management (HTTPS / SSH) on another network interface than LAN.
Most I read in the documentation as well as on community forums (e.g. Reddit, OpnSense Forum, ...) gave me wrong advises. Same for ChatGPT and any other LLM.

In this example, I use OPT1 as the management interface. But also works with any other

Go to System -> Settings -> Administration
- Configure the Web GUI / SSH as you like
- Make sure, that the services binds to the network interface OPT1 (I personally have it temporarily bound to LAN and OPT1 until LAN can be deactived)
Go to Filewall -> Rules -> Floating
- Adding an interface bound rule will not work. I haven't found any combination of rule settings, that gave me access
- I just mention the important properties to set. Feel free to adapt it to your needs afterwards
  Action: Pass
  Disabled: no
  Quick: yes
  Interface / Invert: no
  Interface: <empty> (DO NOT SELECT ANY, OTHERWISE IT WON'T WORK!)
  Direction: in
  TCP/IP Version : IPv4
  Protocol: TCP
  Source / Invert: no
  Source: OPT1 net
  Destination / Invert: no
  Destination: This Firewall (ANY DIDN'T WORK IN MY CASE)
  Destination port range: HTTP or SSH

With these settings, I was able to use HTTPS and using their default ports.

24.7 Production Series / Re: DDNS - Cloudflare Not working

« on: November 23, 2024, 11:40:18 am »

I also stumbled over all the "Dynamic DNS" issues for Cloudflare. At the end of this thread it was still not clear, how to configure it properly.

Thus, you can find my exact settings I used to get it running.

General Settings
Enabled: yes
Verbose: yes (optional)
Allow IPv6: no (don't have)
Interval: 300
Backend: ddclient

Account
Enabled: yes
Description: my.domain.com
Service: Cloudflare
Username: <empty>
Password: <API Token with access to edit DNS for the respective zone>
Wildcard: no
Zone: domain.com
Hostname(s): my.domain.com
Check ip method: Interface
Interface to monitor: WAN
Check ip timeout: 10
Force SSL: yes

Virtual private networks / Routing traffic through central Wireguard node

« on: December 10, 2023, 05:02:19 pm »

Hi,

I have the following - simplified - network topology:

Code: [Select]

┌────────────────┐                       ┌───────────────┐                       ┌─────────────────┐
│                │                       │               │                       │                 │
│ Servers        │.2 192.168.252.0/24  .1│ OPNsense      │.1 192.168.251.0/24  .2│ MikroTik (IoT)  │
│ 172.16.32.0/24 ├───────────────────────┤ 172.16.8.0/24 ├───────────────────────┤ 172.16.64.0/24  │
│                │wg0    Wireguard    wg0│               │wg1    Wireguard    wg0│                 │
└───────┬────────┘                       └───────┬───────┘                       └────────┬────────┘
        │                                        │                                        │
        │                                        │                                        │
        │                                        │                                        │
        │                                        │                                        │
 xxxxxxxxxxxxxxxx                           xxxxxxxxxxxx                            xxxxxxxxxxxxxx
 x              x                           x          x                            x            x
 x Internet     x                           x Internet x                            x Internet   x
 x (Datacenter) x                           x (Fibre)  x                            x (Cellular) x
 x              x                           x          x                            x            x
 xxxxxxxxxxxxxxxx                           xxxxxxxxxxxx                            xxxxxxxxxxxxxx

Currently, the two tunnels can reach the allowed subnets of its endpoint. e.g. ("OPNSense" can reach 172.16.64.0/24 and 172.16.32/0).

What I like to achieve is, that "MikroTik" can reach the subnet of "172.16.32.0/24".
Therefore, I configured on "MikroTik" AllowedIPs: 192.168.251.1/32,172.16.8.0/24,172.16.32.0/24.

But I'm unable to ping or reach anything on "Servers". On the "OPNsense" I don't see any blocked traffic. But I see that the traffic was forwarded or at least passed (screenshot).
Could the route back be the issue? Where and what has to be added (routing table on "Servers" or additional AlloedIPs on "Servers"?

Thank you and have nice Sunday
Cheers Danny

Pages: [1]