1
23.1 Production Series / Re: ddclient bugs
« on: February 18, 2023, 05:49:14 pm »
yes indeed, I think the plugin need some bug fixing pls
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
23.1 Production Series / ddclient bugs
« on: February 10, 2023, 09:45:59 am »
Dear all
Just wanted to bring attention to the ddclient plugin which seems not to be working perfectly on the recent releases
Normally it should show up that it has picked up the current wan IP and did update successfully
But I've used it on easydns and it seems to be working not while pressing apply button but when the whole system is restarted.
And it doesn't show up IP in green.
I think it needs further checking on the latest release.
I've tested it on easydns and I can't see it working properly.
I will try other providers and see.
Just wanted to bring attention to the ddclient plugin which seems not to be working perfectly on the recent releases
Normally it should show up that it has picked up the current wan IP and did update successfully
But I've used it on easydns and it seems to be working not while pressing apply button but when the whole system is restarted.
And it doesn't show up IP in green.
I think it needs further checking on the latest release.
I've tested it on easydns and I can't see it working properly.
I will try other providers and see.
3
20.7 Legacy Series / Re: Multi Site VPN and routing to each site without CSO
« on: September 28, 2020, 01:37:15 pm »Hi Samnet,Did really get you on this
you need to assign an interface to ovpn client B and C, and then set static routes accordingly.
Also, you need to correct your tunnels configuration.
You have configured a S2S as a multi client network.
I.E.
Site B 192.168.33.0/24 GW 10.10.22.2 (Ovpn GW Site A)
Site C 192.168.22.0/24 GW 10.10.23.2 (Ovpn GW Site A)
And check the rules on OVPN tab
Regards
Do I need to do static route?
8 have managed to get it working by inserting remote network on each site
Would this be ok?
Also what gateway do mean?
4
20.7 Legacy Series / Multi Site VPN and routing to each site without CSO
« on: September 24, 2020, 09:41:27 am »
Dear All
Im struggling to make the proper Multisite VPN to interconnect between all sites.
I recall doing it few years back but cant replicate this in the new opnsense edition. not sure if this is version restriction or something related.
I have:
Site A (Openvpn Server) Ip 192.168.11.0/24 / OVPN Tunnel IP 10.10.11.0/30 (note Ive selected /30 not /24)
Site B (Openvpn Client) Ip 192.168.22.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)
Site C (Openvpn Client) Ip 192.168.33.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)
Site B and C can ping and connect to Site A and vice versa.
but I cant get site B and C to communicate (even through Site A and yes Im fine with single point of failure on site A) I just want it to work.
I recall doing this in the past editions by adding the subnet in the "IPv4 Remote Network" of each client. but this didnt work I tried adding even on the server remote network. can someone clarify how this can be done?
Im struggling to make the proper Multisite VPN to interconnect between all sites.
I recall doing it few years back but cant replicate this in the new opnsense edition. not sure if this is version restriction or something related.
I have:
Site A (Openvpn Server) Ip 192.168.11.0/24 / OVPN Tunnel IP 10.10.11.0/30 (note Ive selected /30 not /24)
Site B (Openvpn Client) Ip 192.168.22.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)
Site C (Openvpn Client) Ip 192.168.33.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)
Site B and C can ping and connect to Site A and vice versa.
but I cant get site B and C to communicate (even through Site A and yes Im fine with single point of failure on site A) I just want it to work.
I recall doing this in the past editions by adding the subnet in the "IPv4 Remote Network" of each client. but this didnt work I tried adding even on the server remote network. can someone clarify how this can be done?
5
20.7 Legacy Series / Re: Transparent proxy with SSL
« on: September 16, 2020, 08:17:03 am »
thanks for clarification.
can you pls suggest any way for controlling URL access in a network with 100 desktops / laptops / mobiles many of them logging via Active Directory win2012
can you pls suggest any way for controlling URL access in a network with 100 desktops / laptops / mobiles many of them logging via Active Directory win2012
6
20.7 Legacy Series / Re: Transparent proxy with SSL
« on: September 15, 2020, 10:54:49 pm »Im still not getting this right, do you mean its impossible to see full URLs without MITM?forget this method, I just want to control url access even via httpsand no. you can not view requested url (if you mean exactly full url) without mitm. only tcp info, tls hello and sni info (if any).
is this a no go area at all?
I recall splice option in pfsense which used to slightly control https to some extend, is there a splice option in opnsense?
7
20.7 Legacy Series / Re: Multiple VIP and static routes
« on: September 15, 2020, 10:46:07 pm »
Thanks for sharing the info. can you pls lay out the steps needed for this to work,
I will need to do this for
1. email server
2. voip
3. ftp ...etc
all having separate public IPs
I will need to do this for
1. email server
2. voip
3. ftp ...etc
all having separate public IPs
8
20.7 Legacy Series / Multiple VIP and static routes
« on: August 26, 2020, 02:01:56 am »
Hi
Im having a problem on my current opnsense, I have several VIPs like xxx.xx.xx.190 (default gw)
xxx.xx.xx.191 (opnsense wan ip) xxx.xx.xx.192 (vip and doing port forward to exchange server in my lan) xxx.xx.xx.193 (vip and doing port forward to ftp server) ...etc
my main target is to get the exchange get back to internet via ip xxx.xx.xx.192 and not via the xxx.xx.xx.191 which is opnsense.
is this possible and how?
Im having a problem on my current opnsense, I have several VIPs like xxx.xx.xx.190 (default gw)
xxx.xx.xx.191 (opnsense wan ip) xxx.xx.xx.192 (vip and doing port forward to exchange server in my lan) xxx.xx.xx.193 (vip and doing port forward to ftp server) ...etc
my main target is to get the exchange get back to internet via ip xxx.xx.xx.192 and not via the xxx.xx.xx.191 which is opnsense.
is this possible and how?
9
20.7 Legacy Series / Re: Transparent proxy with SSL
« on: August 24, 2020, 10:59:53 pm »hmmmm how can you do transparent SSL proxy without using a CA for which you have the private key?forget this method, I just want to control url access even via https
10
20.7 Legacy Series / Re: Transparent proxy with SSL
« on: August 24, 2020, 10:59:00 pm »Hi!
Can you please give more info about "transparent SSL mode that PFSense has where there is no need to add the CA in every client"?
of course there is splice option which I cant find it in opnsense.
11
20.7 Legacy Series / Transparent proxy with SSL
« on: August 21, 2020, 11:18:41 pm »
Dear All
I know this has been asked before but no one actually compared the transparent SSL mode that PFSense has where there is no need to add the CA in every client and can do transparent SSL with no extra install on each client.
How can we achieve this transparent SSL proxy without touching CA?
I know this has been asked before but no one actually compared the transparent SSL mode that PFSense has where there is no need to add the CA in every client and can do transparent SSL with no extra install on each client.
How can we achieve this transparent SSL proxy without touching CA?
12
20.7 Legacy Series / Re: Connecting to Active Directory (AD) via IPSEC
« on: August 19, 2020, 04:41:24 pm »
this is done already from what I recall, the way packets are shown is
Wanip 72.xx.xx.96:45556 to AD server ip 10.xx.x.2:389
ive done a packet capture and I can see 5 requests coming out but no AD handshake
Wanip 72.xx.xx.96:45556 to AD server ip 10.xx.x.2:389
ive done a packet capture and I can see 5 requests coming out but no AD handshake
13
20.7 Legacy Series / Re: Connecting to Active Directory (AD) via IPSEC
« on: August 18, 2020, 10:58:45 pm »
thx for this, can you pls explain more on how to do this?
14
20.7 Legacy Series / Connecting to Active Directory (AD) via IPSEC
« on: August 18, 2020, 01:37:18 pm »
Dear sirs;
Im trauggling to find a proper way to connect my opnsense to active directory via ipsec vpn tunnel.
Im sure it will not be the case for ovpn. but the main problem the DC that has AD in is actually using those terrible licensed firewalls that has only ipsec and kerio vpn. so I have configured the ipsec and opnsense is conecting via ipsec to DC and I can ping the AD server.
the crazy part is that I cant get the opnsense to join the AD. Ive done a packet capture and what Im seeing it that AD isnt giving a clear replies. and the funny part is that IPSEC is actually throwing the WAN ip as source. which is bit funny, but can someone share his experience on this??
can this work?
Firewall on AD windows 2012 is off btw.
Im trauggling to find a proper way to connect my opnsense to active directory via ipsec vpn tunnel.
Im sure it will not be the case for ovpn. but the main problem the DC that has AD in is actually using those terrible licensed firewalls that has only ipsec and kerio vpn. so I have configured the ipsec and opnsense is conecting via ipsec to DC and I can ping the AD server.
the crazy part is that I cant get the opnsense to join the AD. Ive done a packet capture and what Im seeing it that AD isnt giving a clear replies. and the funny part is that IPSEC is actually throwing the WAN ip as source. which is bit funny, but can someone share his experience on this??
can this work?
Firewall on AD windows 2012 is off btw.
15
Web Proxy Filtering and Caching / Re: Create ACL like the classic way using opnsense gui
« on: August 11, 2020, 09:12:16 pm »
any ideas pls?