1
Web Proxy Filtering and Caching / Re: Web categorization and dashboards
« on: January 10, 2024, 03:27:13 am »
To solve my own question - ntopng
This is exactly what I was looking for
This is exactly what I was looking for
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Virtual private networks / Re: Wireguard - Can't access LAN, Can access internet
« on: January 08, 2024, 11:52:11 am »
I'm going to say that this is now RESOLVED, but not fully SOLVED with a root cause.
I had first installed the wireguard kmod version and was unable to access LAN clients.
I assumed maybe this version of the plugin wasnt as mature, so removed and installed the Go version
I didn't like feeling defeated, so I removed wireguard interface, plugin, rules / NATs, and decided to start again (Now only takes a few mins for me to set up after so many attempts)
I then took a look at the Wireguard - Log File and from the previous installation there were entries related to setting up a routing command an exiting with error code "1" with a response of " ". (I stupidly cleared the log rather than taking a screenshot or copy/paste!) - basically it was telling me that wireguard was unable to set routes related to 192.168.4.0 (LAN)
So this final attempt at removing all rules / interfaces and starting fresh (plus lots of reboots at each step!!!) has now got it performing as desired.
Surprised that the routing error wasn't easily visible in the dashboard or any indication that a key function - routing - was unable to be applied
I had first installed the wireguard kmod version and was unable to access LAN clients.
I assumed maybe this version of the plugin wasnt as mature, so removed and installed the Go version
I didn't like feeling defeated, so I removed wireguard interface, plugin, rules / NATs, and decided to start again (Now only takes a few mins for me to set up after so many attempts)
I then took a look at the Wireguard - Log File and from the previous installation there were entries related to setting up a routing command an exiting with error code "1" with a response of " ". (I stupidly cleared the log rather than taking a screenshot or copy/paste!) - basically it was telling me that wireguard was unable to set routes related to 192.168.4.0 (LAN)
So this final attempt at removing all rules / interfaces and starting fresh (plus lots of reboots at each step!!!) has now got it performing as desired.
Surprised that the routing error wasn't easily visible in the dashboard or any indication that a key function - routing - was unable to be applied
3
Web Proxy Filtering and Caching / Web categorization and dashboards
« on: January 07, 2024, 05:57:51 am »
I’m a bit lost with options.
I have just installed adguard home which is great for blocking the trackers and providing some very light insights to web traffic. But I’m looking for the next step for my home network.
I don’t want to deploy pac files or specific proxy settings if I don’t have to.
Goal: I would like to have some nice dashboarding to tell me what are the sites and categories those sites fall within. I don’t necessarily want to block anything. I just want visibility and reporting
After years using this capability in the enterprise setting with web sense, Palo Alto’s etc. I really want that visibility at home.
So please throw some options at me.
My setup-
Promos, opnsense, adguard home plugin
I have just installed adguard home which is great for blocking the trackers and providing some very light insights to web traffic. But I’m looking for the next step for my home network.
I don’t want to deploy pac files or specific proxy settings if I don’t have to.
Goal: I would like to have some nice dashboarding to tell me what are the sites and categories those sites fall within. I don’t necessarily want to block anything. I just want visibility and reporting
After years using this capability in the enterprise setting with web sense, Palo Alto’s etc. I really want that visibility at home.
So please throw some options at me.
My setup-
Promos, opnsense, adguard home plugin
4
Virtual private networks / Wireguard - Can't access LAN, Can access internet
« on: January 06, 2024, 12:08:19 am »
Hi all - yes another Wireguard question.
I have attempted to use the kmod and go version with same result.
Currently I can access the internet from my peer (iPhone / Mac) but cannot access any LAN devices. I feel I have exhausted all options, so hoping for fresh eyes to help.
I am leaning towards a routing issue, but I can't work out how to resolve.
Environment: (/24 subnetting)
Proxmox host - 192.168.4.2
Opnsense VM - 192.168.4.254 (LAN), 10.1.1.1 (wireguard tunnel)
iPhone peer - 10.1.1.2
Opnsense can ping itself (10.1.1.1) and can ping the peer (10.1.1.2)
LAN servers such as Ubuntu LXC (192.168.4.105) or Proxmox host (192.168.4.2) both cannot ping the peer
I do not enable any firewalls on proxmox or the LXC's / VM's
I have run a pve-firewall disable to ensure no firewall is running from proxmox
I have added source NAT rules to try to force wireguard traffic from LAN back to wireguard interface but it doesnt appear to make any difference.
I have openVPN configured and this all runs fine. I was hoping to convert to wireguard but i've spent far too much time trying to solve this.
Some screenshots:
LAN rules
LAN host pinging wiregueard peer
LAN host pinging peer
OPNSense can ping the peer
No traffic on wireguard interface when LAN host pinging
Route table
Wireguard Rules
Wireguard to LAN detailed. log
Wireguard to LAN allow
I have attempted to use the kmod and go version with same result.
Currently I can access the internet from my peer (iPhone / Mac) but cannot access any LAN devices. I feel I have exhausted all options, so hoping for fresh eyes to help.
I am leaning towards a routing issue, but I can't work out how to resolve.
Environment: (/24 subnetting)
Proxmox host - 192.168.4.2
Opnsense VM - 192.168.4.254 (LAN), 10.1.1.1 (wireguard tunnel)
iPhone peer - 10.1.1.2
Opnsense can ping itself (10.1.1.1) and can ping the peer (10.1.1.2)
LAN servers such as Ubuntu LXC (192.168.4.105) or Proxmox host (192.168.4.2) both cannot ping the peer
I do not enable any firewalls on proxmox or the LXC's / VM's
I have run a pve-firewall disable to ensure no firewall is running from proxmox
I have added source NAT rules to try to force wireguard traffic from LAN back to wireguard interface but it doesnt appear to make any difference.
I have openVPN configured and this all runs fine. I was hoping to convert to wireguard but i've spent far too much time trying to solve this.
Some screenshots:
LAN rules
LAN host pinging wiregueard peer
LAN host pinging peer
OPNSense can ping the peer
No traffic on wireguard interface when LAN host pinging
Route table
Wireguard Rules
Wireguard to LAN detailed. log
Wireguard to LAN allow
5
23.7 Legacy Series / DHCP clients lose IP addressing
« on: December 30, 2023, 09:18:59 pm »
Hi all,
Opnsense running dhcpv4 service with default lease times
LAN and WAN connected to a simple unmanaged switch
Eero 6 connected to the same switch
When I take opnsense offline, my dhcp clients release their IPs within a minute of opnsense going offline. Am I missing something fundamental here? I always thought clients would hold on to their IPs for the lifetime of the lease and at the half-time point would seek to renew their lease.
It’s only an issue when I’m doing maintenance activities recently (upgrades for software / hardware / tweaking). I would have thought my LAN clients would:
A) hold their leases
B) still be able to communicate on the LAN
As the clients are on the LAN, flat /24 home network, connected to the same switch, that communication would still work. LAN comms should not have to go via opnsense
It almost feels like when opnsense goes offline, a release broadcast is sent. I notice all my dhcp clients change to apipa (169.254.x.x) addressing very quickly after opnsense is offline
How can I resolve this?
I just want clients to hold their lease and still communicate locally when opnsense is offline
Example of why this is an issue:
Opnsense offline, my local machine loses IP and changes to apipa, I then can’t access admin UIs such as proxmox / Home Assistant which have no reliance on routing through opnsense. I can manually set my IP and gain access but I would prefer to keep all clients as dhcp
Thank you
Opnsense running dhcpv4 service with default lease times
LAN and WAN connected to a simple unmanaged switch
Eero 6 connected to the same switch
When I take opnsense offline, my dhcp clients release their IPs within a minute of opnsense going offline. Am I missing something fundamental here? I always thought clients would hold on to their IPs for the lifetime of the lease and at the half-time point would seek to renew their lease.
It’s only an issue when I’m doing maintenance activities recently (upgrades for software / hardware / tweaking). I would have thought my LAN clients would:
A) hold their leases
B) still be able to communicate on the LAN
As the clients are on the LAN, flat /24 home network, connected to the same switch, that communication would still work. LAN comms should not have to go via opnsense
It almost feels like when opnsense goes offline, a release broadcast is sent. I notice all my dhcp clients change to apipa (169.254.x.x) addressing very quickly after opnsense is offline
How can I resolve this?
I just want clients to hold their lease and still communicate locally when opnsense is offline
Example of why this is an issue:
Opnsense offline, my local machine loses IP and changes to apipa, I then can’t access admin UIs such as proxmox / Home Assistant which have no reliance on routing through opnsense. I can manually set my IP and gain access but I would prefer to keep all clients as dhcp
Thank you
Pages: [1]