Messages

1

Virtual private networks / openVPN Instance: How to get split-DNS to work?

« on: July 05, 2024, 12:58:20 pm »

Hi Gang,

I have openVPN-Instance up and runnig on opnsense 24.1.9. The DNS-Server, which is configured in the Instance-Tab, is pushed to the windows-client (openVPN GUI) correctly. The client can resolve DNS-requests over this DNS-Server. Fine so far.

Windows is (always?) taking the first available DNS-Server. If the LAN adapter is placed before the virtual openVPN adapter in "ipconfig /all", Windows will take the DNS of the LAN adapter.

The Question: Is it possible to split DNS requests for specific domains? e.g. System DNS (-> #1 in nic list) is default DNS, but for test.com use the DNS-Server which is configured on virtual openVPN adapter.   

cheers
Robin

2

Web Proxy Filtering and Caching / Re: HAproxy: not able to setup two services on single IP:Port

« on: May 29, 2024, 07:43:21 am »

AWESOME! I love the community - I Love you  - many thanks!!!!

3

Web Proxy Filtering and Caching / HAproxy: not able to setup two services on single IP:Port

« on: May 28, 2024, 05:15:48 pm »

Hi Gang,

I have spent several houres to configure haproxy as a simple reverse proxy for two different services on one single IP with the same Port. I have not succeeded and now I need your help please.

Config is as follows:


Real server 1: FQDN -> "fqdn.server1.intern" / Port -> 443 / SSL / SNI / fqdn.server1.intern / verify -> "myCA"
Real server 2: FQDN -> "fqdn.server2.intern" / Port -> 80

Backend pool 1: Server -> real server 1 (rest is default)
Backend pool 2: Server -> real server 2 (rest is default)

Public server 1: listen address -> "fqdn1:443" / certificate "fqdn1 acme" / selected rule -> Rule 1
Public server 2: listen address -> "fqdn2:443" / certificate "fqdn2 acme" / selected rule -> Rule 2

Condition 1: host matches -> Host string -> "sub.domain.de"
Condition 2: host matches -> Host string -> "domain.de"

Rule 1: If condition 1 -> use backend pool 1
Rule 2: If condition 2 -> use backend pool 2

That is my understading of how reverse proxy should select the right backend server depending on the host name that is called.

Enabling realserver 1 - everything is fine
Enabling realserver 2 - realserver 2 is working fine, too. But realserver 1 presents certificate from realserver 2 and passing the connection to realserver 1


- Type is HTTP/HTTPS
- IP is static, no NAT


I´m Pulling my hairs off - can´t get this to work...

Does anyone have any ideas?

Robin








 

4

Intrusion Detection and Prevention / Re: Drop Policy and directly set Rule to "Drop" not working.

« on: May 15, 2024, 07:58:23 am »

I have exactly the same problem!
It tooks several attempts, till poilicies were working as intendet. And now, the configured action doesn´t do anything.

Long way to go for a properly working IDS...

5

Intrusion Detection and Prevention / Re: Suricata policy - v7.0.3 ?

« on: May 07, 2024, 03:19:42 pm »

Any Updates here?
Getting the policies to work is my last challenge in opensense so far...

6

Intrusion Detection and Prevention / Re: Unchecking "Enabled" on a policy doesn't stop it from processing

« on: May 07, 2024, 03:04:03 pm »

same here!
I´m trying to costumize the ruleset with policies. But no matter what settings I use in the policy, it just have no effect on the alerts its generates. 

I would be very happy about a solution