Messages

1

Tutorials and FAQs / Re: Add basic auth to HAProxy

« on: January 06, 2019, 10:42:59 pm »

+1 for put the auth in the gui!

but i have the same problem as akron.
After i fill the auth forms correct i just get an

Code: [Select]

{"message":"Basic auth failed"}
Did you find a solution akron?

Cheers Chris

Hello, yes I've got a solution,

the way this works is you configure the basic auth on backend if you dont have basic auth at the webserver level.

if you want HAPROXY to pass the basic auth to the webserver, disable it on the backend object and your webserver will serve the basic auth.

didnt work for me first time because haproxy process for some reason was messed up, restarted and is working as expected.

2

Tutorials and FAQs / Re: Add basic auth to HAProxy

« on: December 27, 2018, 12:22:06 am »

For future reference: os-haproxy 2.10 (available in the upcoming OPNsense 18.7.8 ) finally adds support for HTTP Basic Auth.
See https://github.com/opnsense/plugins/pull/970#issuecomment-437688137

This is great, thank you, however after updating, the basic auth is not passing through to backend servers as before the update, pretty sure is related?

for example, before there was no basic auth option on backend or frontend and haproxy passed the header to backend, meaning the backend webserver would serve the basic auth normally, now is not doing it with same backend server, any way to tell haproxy not to use frontend basic auth and use backend webserver instead ?

Thank you

3

18.1 Legacy Series / Re: [solved] Nexcloud: communication failure

« on: June 27, 2018, 02:52:54 pm »

Hey akron, what @fabian says, and a question: did you check the certificate with another connection, did that work?
My guess, there's something wrong with the crt.
Btw. I simply pushed the crt. to the store and that was it, no CA (need to set that up in spare time, heck, I may use Opnsense for that  )

Greetings mark

I am confuse, I am getting another error now ssl_verify_result":20

what I did was to put the SSL crt /usr/local/share/certs the crt contains the certificate data followed by private key, is this correct? also I tried to put in pem format no change

4

18.1 Legacy Series / Re: [solved] Nexcloud: communication failure

« on: June 27, 2018, 12:05:27 pm »

Very likely another certificate validation error. I would check host name and time range of the certificate but I don't know this code.

I have put the CA certificate on the path mentioned and now I get another error:

config[29464]: {"url":"https:\/\/cloud.domain.com\/remote.php\/dav\/files\/opnsense\/","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":1,"redirect_count":0,"total_time":0.25138,"namelookup_time":0.078396,"connect_time":0.086301,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"192.168.1.5","certinfo":[],"primary_port":443,"local_ip":"192.168.1.1","local_port":42651}

would be easier to implement on the webui ignore SSL certificate validation ? that would be perfect as we could use any self signed SSL

thank you

5

18.1 Legacy Series / Re: Nexcloud: communication failure

« on: June 26, 2018, 07:44:34 pm »

Hey fabian, thanks for the clear answer.

Your first Q. :yes using self signed cert. for my server, all is a localdomain.

Next: what say the logs:

Code: [Select]

config[23141]: {"url":"https:\/\/cloud.localdomain\/nextcloud\/remote.php\/dav\/files\/backer\/","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":18,"redirect_count":0,"total_time":0.164199,"namelookup_time":0.004971,"connect_time":0.005542,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"10.10.100.6","certinfo":[],"primary_port":443,"local_ip":"10.10.100.1","local_port":42812}
Than: no hehe I did not forget the 's'    I click on it from another webpage I don't know what I was thinking here, I don't do that, just the address

I allraedy 'knew' app password should be okay with 2fa but still tested I, wanted to be sure that was not an issue when I post here, thanks.

Hello,

I have a similar issue, with number 20

is there any fix ?

config[80861]: {"url":"https:\/\/cloud.domain.com\/\/remote.php\/dav\/files\/opnsense\/","content_type":null,"http_code":0,"header_size":0,"request_size":0,"filetime":-1,"ssl_verify_result":20,"redirect_count":0,"total_time":0.033315,"namelookup_time":4.9e-5,"connect_time":0.007027,"pretransfer_time":0,"size_upload":0,"size_download":0,"speed_download":0,"speed_upload":0,"download_content_length":-1,"upload_content_length":-1,"starttransfer_time":0,"redirect_time":0,"redirect_url":"","primary_ip":"192.168.1.5","certinfo":[],"primary_port":443,"local_ip":"192.168.1.1","local_port":32217}


Thank you

6

18.1 Legacy Series / Re: NAT to Remote Network via OpenVPN Tunnel

« on: June 26, 2018, 12:47:16 am »

Is there a easy/proper way to achieve this ?

The better way of doing this would be IPsec IMHO:
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html

I never got OpenVPN NAT to remote site working in a clean way, with dirty configs I can pass some traffic but defeats the pupose of easy and clean way.

Could you explain why we can achieve this with IPsec  and not OpenVPN?

Thank you 

7

Development and Code Review / Re: WebDav backups

« on: May 25, 2018, 05:10:28 pm »

Totally forgot about this. Sometimes it is hard to do something differently than you always did before

Thank you working great

Cheers

8

Development and Code Review / Re: WebDav backups

« on: May 23, 2018, 04:54:31 pm »

I am also interested in backing up to Nextcloud as I don't use public cloud services.

How can I install the plug in for nextcloud ?

This is not a plugin, if it is not available in the backup section, it will be included in a future release without having to install anything except updates

You can test it in the developer preview.

OK Thank you, how do I transform my version into developer preview or upgrade ?

I am running stable 18.1.8

cheers

9

Development and Code Review / Re: WebDav backups

« on: May 23, 2018, 04:19:23 pm »

thanks for the link...i will try to study the code...pcloud is commercial cloud storage provider..its not self hosting like nextcloud or owncloud.

Hi Guys

I am also interested in backing up to Nextcloud as I don't use public cloud services.

How can I install the plug in for nextcloud ?

Thank You

10

18.1 Legacy Series / NAT to Remote Network via OpenVPN Tunnel

« on: January 31, 2018, 02:29:47 pm »

Hi Guys,

I'm hoping the fantastic OPNsense community can shed some light on this.

Been trying many different things for a couple of weeks none of them working.

I have 2 OPNsense firewalls installed, one on Site A and one on Site B

Site A has Public IP and LAN IP - I can control the Public IP and the Natting to Site A LAN fine.

Site B has LAN IP Only - I don't control the Public IP, hence I have a OpenVPN tunnel back to Site A

Site A: LAN 192.168.1.0/24 WAN 271.xxx.xxx.xxx OpenVPN Tunnel Network 10.6.8.0/24

Site B: LAN 192.168.2.0/24 no WAN OpenVPN Tunnel Network 10.6.8.0/24

I can access the site A LAN network from site B fine and vice-versa, no problems on that.

My goal is to be able to NAT something from Site A Public IP to the LAN seating on the other side of the tunnel on site B.

I have tried:

Stretched LAN from site A to site B via Bridging Site A LAN + OpenVPN, didn't work at all, no traffic passing either way Site A or Site B, I also did the bridge on Site B LAN + OpenVPN with no results

Specific traffic Rules on Site A to Site B and Outbound from Site B LAN configured to go via OpenVPN tunnel. Didn't work also.

Is there a easy/proper way to achieve this ?

Thank you
 

11

17.7 Legacy Series / HA Proxy Stuck - Hang on reboot - Delayed HA Failover

« on: September 01, 2017, 06:24:48 pm »

Hello Fellas,

Thanks for the HA Proxy FIX on 17.7.1 update (Hard Mode).

I can confirm the issues reported by a few users, of getting stuck while rebooting and delayed HA Failover are resolved now.

https://forum.opnsense.org/index.php?topic=4899.msg21493#msg21493

https://forum.opnsense.org/index.php?topic=5304.msg22070#msg22070

keep up the good work

Cheers

12

17.1 Legacy Series / Re: HAProxy alternative port on FrontEnd

« on: July 26, 2017, 02:55:15 pm »

sorry to ask again, but anyone facing a similar issue ?

Cheers

13

17.1 Legacy Series / HAProxy alternative port on FrontEnd

« on: July 25, 2017, 05:28:40 pm »

Hi Guys,

I have been trying to get this to work for a couple of weeks now, without success, hopefully anyone can help me.

I have 2 Frontends on HAproxy  one on port 443 and one on port 4444

There is a website www.website.com on the 443 frontend that goes to a backend and server and it has ACL and action. Everything is working fine when I go to www.website.com

however on the same backend server I have another website that runs on port 4444.

What I wanted to achieve is to be able to go on www.website.com:4444 and be able to go to the website running on 4444 port, however when I try to go to www.website.com:4444 I get the error below.

the port 4444 is ruled on the firewall like 443 and everything is open, there is a dedicated backend, server and dedicated action using the same ACL for the website.com but is not working as expected, is not getting into the website running on port 4444

internal works fine both website.com and website.com:4444

hope that makes sense

cheers

14

17.1 Legacy Series / Re: HAProxy front end SSL certificate limit?

« on: July 25, 2017, 05:15:44 pm »

will this be shipped in future releases or we need to always patch  ?

It will be available in 17.7.1 (at the latest).

Also where can I contribute or buy you guys a beer..?

You're always welcome to report issues, suggest enhancements or even provide some fixes:
https://github.com/opnsense/core/issues
https://github.com/opnsense/plugins/issues

On the other hand, the OPNsense projects welcomes donations too:
https://opnsense.org/donate/

Thanks for reporting this issue!


Regards
- Frank

Donated

Thank you

15

17.1 Legacy Series / Re: HAProxy front end SSL certificate limit?

« on: July 25, 2017, 04:40:23 pm »

The fix is ready for testing:

Code: [Select]

opnsense-patch -c plugins 6a82b37
For reference: https://github.com/opnsense/plugins/pull/209


Regards
- Frank

Also where can I contribute or buy you guys a beer..?