"
lost message
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
24.7, 24.10 Legacy Series / Re: Cant setup WAN connection through OVPN to LAN port
December 12, 2024, 12:29:27 PM #2
24.7, 24.10 Legacy Series / Re: Cant setup WAN connection through OVPN to LAN port
December 12, 2024, 09:32:26 AM
is not work i try it
#3
24.7, 24.10 Legacy Series / Re: Cant setup WAN connection through OVPN to LAN port
December 11, 2024, 06:43:17 PM
default
how mask?
how mask?
#4
24.7, 24.10 Legacy Series / Cant setup WAN connection through OVPN to LAN port
December 11, 2024, 05:59:30 PM
There is:
-LAN 192.168.100.39 opened port 25
-OPNsense 192.168.100.1 client opvn 10.8.0.2, Port forwarding 10.8.0.2:25 to 192.168.100.39:25
-VPS 91.91.91.91, server opvn 10.8.0.1, iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 10.8.0.2:25
-WAN Client diferent IP
Clients from the Internet with any IP who should be able to connect to 192.168.100.39:25
through:
Internet clietnt WAN-> VPS 91.91.91.91:25-> 10.8.0.1:25-> 10.8.0.2:25-> 192.168.100.39:25
But at the moment it does not work, it seems like you need to configure outbound. But I can't.
According to TCPDUMP 192.168.100.39, he sends a directly response to the to the client to the client, which I think not correctly.
The answer does not go further than the Router Opnsense
-LAN 192.168.100.39 opened port 25
-OPNsense 192.168.100.1 client opvn 10.8.0.2, Port forwarding 10.8.0.2:25 to 192.168.100.39:25
-VPS 91.91.91.91, server opvn 10.8.0.1, iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 10.8.0.2:25
-WAN Client diferent IP
Clients from the Internet with any IP who should be able to connect to 192.168.100.39:25
through:
Internet clietnt WAN-> VPS 91.91.91.91:25-> 10.8.0.1:25-> 10.8.0.2:25-> 192.168.100.39:25
But at the moment it does not work, it seems like you need to configure outbound. But I can't.
According to TCPDUMP 192.168.100.39, he sends a directly response to the to the client to the client, which I think not correctly.
The answer does not go further than the Router Opnsense
#5
24.7, 24.10 Legacy Series / Re: Opnsense cant download .txt to Firewall->Aliases
November 28, 2024, 06:32:44 PMQuote from: buga on November 28, 2024, 06:32:06 PMyesQuote from: dseven on November 27, 2024, 02:42:22 PMhttps://file.io/3t6N3yErnCYP
Unfortunately it appears that GoFile doesn't provide any easy way to get the raw file directly, hence things like this exist: https://github.com/ltsdw/gofile-downloader
#6
24.7, 24.10 Legacy Series / Re: Opnsense cant download .txt to Firewall->Aliases
November 28, 2024, 06:32:25 PMQuote from: dseven on November 27, 2024, 02:42:22 PMhttps://file.io/3t6N3yErnCYP
Unfortunately it appears that GoFile doesn't provide any easy way to get the raw file directly, hence things like this exist: https://github.com/ltsdw/gofile-downloader
#7
24.7, 24.10 Legacy Series / Re: Opnsense cant download .txt to Firewall->Aliases
November 28, 2024, 06:32:06 PMQuote from: dseven on November 27, 2024, 02:42:22 PMhttps://file.io/3t6N3yErnCYP
Unfortunately it appears that GoFile doesn't provide any easy way to get the raw file directly, hence things like this exist: https://github.com/ltsdw/gofile-downloader
#8
24.7, 24.10 Legacy Series / Re: Opnsense cant download .txt to Firewall->Aliases
November 27, 2024, 01:46:33 PM
no effect
#9
24.7, 24.10 Legacy Series / Opnsense cant download .txt to Firewall->Aliases
November 26, 2024, 10:11:14 AM
this file with ip range txt https://gofile.io/d/wWXdSE
for sample
103.147.170.0/23
103.152.16.0/23
103.152.174.0/23
103.155.126.0/23
2.56.24.0/23
...
11.000 lines
Help
for sample
103.147.170.0/23
103.152.16.0/23
103.152.174.0/23
103.155.126.0/23
2.56.24.0/23
...
11.000 lines
Help
#10
24.7, 24.10 Legacy Series / Lost client ip6 connect after PC reboot
November 05, 2024, 09:25:31 AM
How to set right proxmox ip6 gateway for linux bridge opnsense fe80::be24:11ff:fe8e:c11c
Client
ping -6 fe80::be24:11ff:fe8e:c11c
no reach
opnsense restart (in PROXMOX VM)
ping -6 fe80::be24:11ff:fe8e:c11c
fe80::be24:11ff:fe8e:c11c: time<1ms
fe80::be24:11ff:fe8e:c11c: time<1ms
Client reboot
ping -6 fe80::be24:11ff:fe8e:c11c
i have two interfaces
gif0: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1280
......
inet6 fe80::be24:11ff:fe8e:c11c%gif0 prefixlen 64 scopeid 0x9
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu ......
inet6 fe80::be24:11ff:fe8e:c11c%vtnet0 prefixlen 64 scopeid 0x1
no reach
That is, I need to reboot both the computer and the router so that IP6 works. Why is this and how can I fix it?
Client
ping -6 fe80::be24:11ff:fe8e:c11c
no reach
opnsense restart (in PROXMOX VM)
ping -6 fe80::be24:11ff:fe8e:c11c
fe80::be24:11ff:fe8e:c11c: time<1ms
fe80::be24:11ff:fe8e:c11c: time<1ms
Client reboot
ping -6 fe80::be24:11ff:fe8e:c11c
i have two interfaces
gif0: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1280
......
inet6 fe80::be24:11ff:fe8e:c11c%gif0 prefixlen 64 scopeid 0x9
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu ......
inet6 fe80::be24:11ff:fe8e:c11c%vtnet0 prefixlen 64 scopeid 0x1
no reach
That is, I need to reboot both the computer and the router so that IP6 works. Why is this and how can I fix it?
#11
24.7, 24.10 Legacy Series / How add custom options on VPN: OpenVPN: Instances Client
November 03, 2024, 09:02:50 PM
i see custom options field only in
VPN: OpenVPN: Clients [legacy]
but i can use only VPN: OpenVPN: Instances
need add current --script-security
VPN: OpenVPN: Clients [legacy]
but i can use only VPN: OpenVPN: Instances
need add current --script-security
#12
24.7, 24.10 Legacy Series / Cant connect OpenVPN server TLS Error: tls-crypt unwrapping failed from OpnSens
November 02, 2024, 05:47:00 AM
Client legasy
Trust (auth&cert)
111.311.115.122 SEVER IP
222.239.212.126 CLIENT IP OpnSene (is client)
CLIENT CONFIG generated by script https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
SERVER CONFIG
SERVER VERSION
CLIENT VERSION
CLIENT LOG
CLIENT INTERFACE
SERVER ERR LOG
Trust (auth&cert)
111.311.115.122 SEVER IP
222.239.212.126 CLIENT IP OpnSene (is client)
CLIENT CONFIG generated by script https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
Code Select
client
proto udp
explicit-exit-notify
remote 111.311.115.122 49973
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_ve4XMxxxxxnkhHWL1 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxx
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxx
-----END OpenVPN Static key V1-----
</tls-crypt>SERVER CONFIG
Code Select
port 49973
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_ve4XMxxxxxnkhHWL1.crt
key server_ve4XMxxxxxnkhHWL1.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3SERVER VERSION
Code Select
# openvpn --version
OpenVPN 2.4.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 27 2024
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>CLIENT VERSION
Code Select
openvpn --version
OpenVPN 2.6.12 amd64-portbld-freebsd14.1 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
DCO version: FreeBSD 14.1-RELEASE-p5 stable/24.7-n267855-304cf693716 SMP
Originally developed by James Yonan
Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>CLIENT LOG
Code Select
2024-11-02T00:03:56 Notice openvpn_client1 UDPv4 link remote: [AF_INET]111.311.115.122:49973
2024-11-02T00:03:56 Notice openvpn_client1 UDPv4 link local: (not bound)
2024-11-02T00:03:56 Notice openvpn_client1 TCP/UDP: Preserving recently used remote address: [AF_INET]111.311.115.122:49973
2024-11-02T00:03:56 Warning openvpn_client1 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-11-02T00:03:56 Notice openvpn_client1 DCO version: FreeBSD 14.1-RELEASE-p5 stable/24.7-n267855-304cf693716 SMP
2024-11-02T00:03:56 Notice openvpn_client1 library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
2024-11-02T00:03:56 Notice openvpn_client1 OpenVPN 2.6.12 amd64-portbld-freebsd14.1 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]CLIENT INTERFACE
Code Select
ovpnc1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
groups: tun openvpn
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>SERVER ERR LOG
Code Select
tls-crypt unwrap error: packet authentication failed
TLS Error: tls-crypt unwrapping failed from [AF_INET]222.239.212.126:60982
tls-crypt unwrap error: packet authentication failed
TLS Error: tls-crypt unwrapping failed from [AF_INET]222.239.212.126:60982
tls-crypt unwrap error: packet authentication failed
TLS Error: tls-crypt unwrapping failed from [AF_INET]222.239.212.126:60982
#13
24.7, 24.10 Legacy Series / Correct security setting for Firewall with IPv6 Tunnel Broker
October 30, 2024, 07:43:07 AM
Now i hawe this rules: i think is wrong
#14
24.7, 24.10 Legacy Series / How to add with autoupdate Abuse ip DB toFirewall: Aliases?
October 29, 2024, 07:01:23 PM
https://github.com/borestad/blocklist-abuseipdb
I can do upload url from raw one time.
DB memo:
#4 Recommended usage is the maximum 30 days or less to avoid false positives.
I can do upload url from raw one time.
DB memo:
#4 Recommended usage is the maximum 30 days or less to avoid false positives.
#15
24.7, 24.10 Legacy Series / Re: How edit or delete sshlockout firewall rules?
October 29, 2024, 03:01:25 PM
Posted by: Seimus
yes indeed, the rules remain in the list but they become inoperative if the checkbox is checked.
ty
Posted by: chemlud
openAIM
yes indeed, the rules remain in the list but they become inoperative if the checkbox is checked.
ty
Posted by: chemlud
openAIM
