Messages

1

Tutorials and FAQs / Re: Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: October 02, 2024, 03:58:24 pm »

Trying to figure out how to do subfolders.
Followed the steps in page 1 of this topic and everything works beautifully. 8 domains and multiple subdomains.

Now I would like to do this:
foo.example.com --> 192.168.1.10/
bar.example.com --> 192.168.1.10/subfolder/

I've found a handful of posts from other sites but most of them are from '95 and very vague.

2

24.7 Production Series / Domains STILL cannot be whitelisted with Unbound

« on: September 26, 2024, 04:10:21 pm »

Digging up an old post: https://forum.opnsense.org/index.php?topic=35218.0
This still seems to be a problem.
Trying to open up a mail chimp link, click.mailchimp.com is being blocked by seven black list.
After clicking on "Whitelist" in the reports tab it successfully added the link to the whitelist in Unbound but still blocks the site. Doing a DNS search and manually adding the offending CNAME record: mandrillapp.com the mail chimp link works.
Anyone have an idea as to when this will be resolved. We use mail chimp in our company and if at some point the CNAME record changes, I'll have to go through this process again.

3

General Discussion / Captive portal files location?

« on: August 28, 2024, 08:16:59 pm »

Does anyone know where the templates are located in OPNsense?

I have 2 templates for a company's public wifi. One for when they are open and one for when they are closed.
As I can't see any way of setting a timer in the GUI to switch them, I thought of just uploading both sets of templates then use a cron job to rotate them.

Any ideas?

4

General Discussion / Firewall block not working with alias (List of IP's)

« on: August 27, 2024, 07:29:26 pm »

I have a rule setup that blocks access from the LAN(NWIC1-NWIC2) to a vlan(PlexNet).
If I specify a single IP for the source the rule works but I have a dozen ip's to block so I added them to an alias.
Changing the firewall rule from single IP to the defined alias list blocks everything to the vlan.
It should block everything from the lan > vlan except the specified hosts in the list.

Interface- LAN
Direction- in
Protocol- any
Source Invert- Checked
Source- Admin
Destination- vlan

5

General Discussion / Re: VLAN not working on LAN but works on any other physical interface

« on: August 25, 2024, 12:01:37 am »

I have DHCP configured for the vlan.

6

General Discussion / VLAN not working on LAN but works on any other physical interface

« on: August 24, 2024, 09:40:32 pm »

Hey everyone, been pulling my hair out most of the day now. This is driving me nuts!

I have a 4 port Protectli Vault. igc0=WAN, igc1=LAN and the other 2 (igc3 & igc4) are assigned interfaces.

I can not get a vlan to work on the LAN port but will work on either of the other 2 interfaces.
The VLAN interface will not give out an IP address from DHCP but I can ping it from the LAN IP.
If I setup vlans on either of the other 2 interfaces, they give out IP's, ping and have full access to internal and external networks with proper rules applied.

Testing with a WiFi AP that supports vlan and with my Proxmox server.

7

Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy

« on: August 18, 2024, 02:30:53 am »

For anyone in the future reading this, here is a summery of what I did to strip the www from the domain name.

• Condition
  Name: StripWWW
  Condition type: Host starts with
  Host Prefix: www.example.ca
• Rule
  Name: StripWWW
  Select Conditions: StripWWW
  Execute functions: http-request redirect
  HTTP Redirect: scheme https://example.com
• Public Services
  Name: StripWWW
  Listen Addresses: 0.0.0.0:443 0.0.0.0:80
  Select Rules: StripWWW

8

Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy

« on: August 18, 2024, 02:22:15 am »

Yes, I had changed my GUI port.
Been playing around with the rules since I sent my last message.
Figured it out by trial and error. I was looking at the rule for redirecting http > https and it has a "scheme" in the HTTP Redirect so I added it to my rule. "scheme https://example.com"
No backend or real server needed.

9

Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy

« on: August 18, 2024, 12:26:09 am »

Sorry, still trying to wrap my head around OPNsense, migrateing from Untangle.
I guess that is what I'm missing (Public Service) but this wont apply "HAProxy configtest found critical errors"

10

Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy

« on: August 17, 2024, 11:41:21 pm »

See pic.

11

Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy

« on: August 17, 2024, 10:20:20 pm »

Didn't really want to use the pass through or modify from ssh, but that's what googling for hours has led me to.

I have already tried with no luck:
Condition> Host contains: www.example.com
Rule> if selected conditions, http-request redirect - https://example.com

12

Web Proxy Filtering and Caching / Re: Strip www. from url in HAProxy

« on: August 16, 2024, 09:31:39 pm »

How do I go about doing this from the GUI? Or is this something I need to do from the a ssh terminal?

13

24.7 Production Series / Issue with ACME deleting certs after upgrade to 24.7.1

« on: August 08, 2024, 08:54:15 pm »

Just did the update and needed to change the subdomain of one of my domains.
In HAProxy, removed the cert from Public Services, then deleted the cert from ACME and created a new with the different sub.
Went back into HAProxy to change the cert and now I have 2 certs with the same info.
Went through the process again and now I see 3 copies of the same cert.
I tried all 3 and they all show the same old domain sub in Chrome.
Why are the 3 same certs still showing? Only 1 shows in the ACME certs menu.
Checked in System->Settings->Admin->SSL Certificate. All 3 show their too.
Can I remove them from command line?

14

General Discussion / Re: SSL load time for OPNsense dashboard

« on: August 07, 2024, 01:27:42 pm »

What happens when you add an entry for it in your hosts file?

Yup, that did the trick. Loads as quick as the direct approach. Thanks!

15

General Discussion / SSL load time for OPNsense dashboard

« on: August 07, 2024, 04:11:07 am »

When I log into the OPNsense dashboard from:

Code: [Select]

https://192.168.5.1:4433the page loads almost instantly but when I log in from:

Code: [Select]

https://opnsense.example.com:4433it can take a 1~2 min to load. Once loaded, the SSL cert is valid.

I tried adding a host override in Unbound but that didn't make any difference.