Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - blacklistme

Pages1
#1
Virtual private networks / openVPN Instance: How to get split-DNS to work?
July 05, 2024, 12:58:20 PM
Hi Gang,

I have openVPN-Instance up and runnig on opnsense 24.1.9. The DNS-Server, which is configured in the Instance-Tab, is pushed to the windows-client (openVPN GUI) correctly. The client can resolve DNS-requests over this DNS-Server. Fine so far.

Windows is (always?) taking the first available DNS-Server. If the LAN adapter is placed before the virtual openVPN adapter in "ipconfig /all", Windows will take the DNS of the LAN adapter.

The Question: Is it possible to split DNS requests for specific domains? e.g. System DNS (-> #1 in nic list) is default DNS, but for test.com use the DNS-Server which is configured on virtual openVPN adapter.   

cheers
Robin
#2
Web Proxy Filtering and Caching / Re: HAproxy: not able to setup two services on single IP:Port
May 29, 2024, 07:43:21 AM
AWESOME! I love the community - I Love you  :D - many thanks!!!!
#3
Web Proxy Filtering and Caching / HAproxy: not able to setup two services on single IP:Port
May 28, 2024, 05:15:48 PM
Hi Gang,

I have spent several houres to configure haproxy as a simple reverse proxy for two different services on one single IP with the same Port. I have not succeeded and now I need your help please.

Config is as follows:


Real server 1: FQDN -> "fqdn.server1.intern" / Port -> 443 / SSL / SNI / fqdn.server1.intern / verify -> "myCA"
Real server 2: FQDN -> "fqdn.server2.intern" / Port -> 80

Backend pool 1: Server -> real server 1 (rest is default)
Backend pool 2: Server -> real server 2 (rest is default)

Public server 1: listen address -> "fqdn1:443" / certificate "fqdn1 acme" / selected rule -> Rule 1
Public server 2: listen address -> "fqdn2:443" / certificate "fqdn2 acme" / selected rule -> Rule 2

Condition 1: host matches -> Host string -> "sub.domain.de"
Condition 2: host matches -> Host string -> "domain.de"

Rule 1: If condition 1 -> use backend pool 1
Rule 2: If condition 2 -> use backend pool 2

That is my understading of how reverse proxy should select the right backend server depending on the host name that is called.

Enabling realserver 1 - everything is fine
Enabling realserver 2 - realserver 2 is working fine, too. But realserver 1 presents certificate from realserver 2 and passing the connection to realserver 1


- Type is HTTP/HTTPS
- IP is static, no NAT


I´m Pulling my hairs off - can´t get this to work...

Does anyone have any ideas?

Robin








 
#4
Intrusion Detection and Prevention / Re: Drop Policy and directly set Rule to "Drop" not working.
May 15, 2024, 07:58:23 AM
I have exactly the same problem!
It tooks several attempts, till poilicies were working as intendet. And now, the configured action doesn´t do anything.

Long way to go for a properly working IDS...
#5
Intrusion Detection and Prevention / Re: Suricata policy - v7.0.3 ?
May 07, 2024, 03:19:42 PM
Any Updates here?
Getting the policies to work is my last challenge in opensense so far...
#6
Intrusion Detection and Prevention / Re: Unchecking "Enabled" on a policy doesn't stop it from processing
May 07, 2024, 03:04:03 PM
same here!
I´m trying to costumize the ruleset with policies. But no matter what settings I use in the policy, it just have no effect on the alerts its generates. 

I would be very happy about a solution :)
Pages1