1
24.1 Legacy Series / Re: Automatic outbound NAT rule not populating
« on: June 02, 2024, 05:02:04 pm »
Would like to see if this is a common issue.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
24.1 Legacy Series / Automatic outbound NAT rule not populating
« on: May 27, 2024, 03:42:04 pm »
I have a new OPNsense setup and have the lan and wan side configured. The lan side is providing dhcp configured correctly. The wan is fios that is pulling an ip and default route. The opnsense can ping Google and raw up addresses. An automatic gateway was setup and monitoring to 1.1.1.1 with great latency.
The issue is that it doesn’t matter what I have set in outbound nat no automatic entries are created. I’ve tried to find the logs for that but haven’t had any luck. I see a manual entry right now but would like to change it. I’ve done some searching and made sure options like upstream gateway are checked. The gateway says default in the rules.
I’m sure it’s something simple but happy to look through the logs if you can point me to the ones that would have relevant information on creating or not the automatic or hybrid rules.
Thanks
The issue is that it doesn’t matter what I have set in outbound nat no automatic entries are created. I’ve tried to find the logs for that but haven’t had any luck. I see a manual entry right now but would like to change it. I’ve done some searching and made sure options like upstream gateway are checked. The gateway says default in the rules.
I’m sure it’s something simple but happy to look through the logs if you can point me to the ones that would have relevant information on creating or not the automatic or hybrid rules.
Thanks
3
22.7 Legacy Series / Re: HAProxy access from internal network
« on: September 25, 2022, 08:55:33 pm »
Happy to do that and test, where do I add the override?
4
22.7 Legacy Series / Re: HAProxy access from internal network
« on: September 24, 2022, 09:22:50 pm »
Right now it's listening on 0.0.0.0:443 (and another public on 80).
My WAN changes every so often.
My WAN changes every so often.
5
22.7 Legacy Series / Re: HAProxy access from internal network
« on: September 24, 2022, 06:18:49 pm »
I'm using the HAproxy + ACME and wanted my internal site to use the offical TLS certificate instead of the self signed ones.
6
22.7 Legacy Series / Re: HAProxy access from internal network
« on: September 24, 2022, 02:27:35 am »
I'm still not able to access the reverse proxied websites from the internal subnet that the real servers are on. I can access them from another subnet and from the internet but not locally.
7
22.7 Legacy Series / Re: HAProxy access from internal network
« on: September 03, 2022, 07:28:55 pm »
I have checked that option and then rebooted the firewall but still no change. :-(
8
22.7 Legacy Series / Re: HAProxy access from internal network
« on: September 01, 2022, 09:43:49 pm »
Could this have something to do with the devices being on the same firewall interface?
Desktop -> vlan2 (firewall) > wan (firewall) -> vlan2 (firewall) -> nas
If I do the following with my laptop and phone it works:
Laptop (wifi) -> vlan3 (firewall) > wan (firewall) -> vlan2 (firewall) -> nas
Desktop -> vlan2 (firewall) > wan (firewall) -> vlan2 (firewall) -> nas
If I do the following with my laptop and phone it works:
Laptop (wifi) -> vlan3 (firewall) > wan (firewall) -> vlan2 (firewall) -> nas
9
22.7 Legacy Series / Re: HAProxy access from internal network
« on: September 01, 2022, 07:56:00 pm »
The Real Server is an internal: 10.0.0.10:5001
The Public IP is: 173.67.25.115:443
The Router Internal address: 10.0.0.1
The Public IP is: 173.67.25.115:443
The Router Internal address: 10.0.0.1
10
22.7 Legacy Series / HAProxy access from internal network
« on: August 31, 2022, 07:06:16 pm »
I'm using HAProxy + ACME on OPNsense to provide a reverse proxy to my internal services. After another small conditions issue, I now have it working as expected from the external internet on my phone (LTE connection).
I going to it using chrome and firefox by typing in the FQDN: https://server1.mydomain.com
However when I turn on wifi and am on the same network as the Real Server I get an ERR_TIMED_OUT. In HAProxy log I get a handshake failure error. I tried it using the same process with my laptop with a VPN to the internet and connecting in, the internal site loads as expected. When I disconnect the VPN an try it on the same subnet I get the same error as my phone.
I going to it using chrome and firefox by typing in the FQDN: https://server1.mydomain.com
However when I turn on wifi and am on the same network as the Real Server I get an ERR_TIMED_OUT. In HAProxy log I get a handshake failure error. I tried it using the same process with my laptop with a VPN to the internet and connecting in, the internal site loads as expected. When I disconnect the VPN an try it on the same subnet I get the same error as my phone.
Code: [Select]
2022-08-31T12:59:21-04:00 Error haproxy 173.66.23.118:2188 [31/Aug/2022:12:59:21.223] default_443/0.0.0.0:443: SSL handshake failure
11
22.7 Legacy Series / Re: HAProxy issue 403 error
« on: August 31, 2022, 06:31:58 pm »
Thank you for pointing me in the correct direction, in my rule no_host_match I forgot to add the condition of this hostname match.
I have fixed this error.
I have fixed this error.
12
22.7 Legacy Series / [SOLVED] HAProxy issue 403 error
« on: August 31, 2022, 01:16:48 am »
I recently resetup HAProxy with ACME let's encrypt using a known working setup guide.
I'm getting a 403 error with the message from the guide in the body of the site.
The haproxy log shows the following each time I try to get to the page from outside my network:
I'm happy to provide additional logs to help troubleshoot the issue.
I'm getting a 403 error with the message from the guide in the body of the site.
The haproxy log shows the following each time I try to get to the page from outside my network:
Code: [Select]
Error haproxy 154.89.5.203:44012 [30/Aug/2022:19:10:22.111] default_443~ default_443/<NOSRV> 0/-1/-1/-1/0 403 203 - - PR-- 1/1/0/0/0 0/0 "GET / HTTP/1.0"I'm happy to provide additional logs to help troubleshoot the issue.
13
General Discussion / Re: Wan failback seems not working
« on: April 21, 2022, 11:58:26 am »
I am having this exact same issue. WAN will failover to WAN2 successfully but never (or takes forever) to failback to WAN.
I don't see how adding another gateway group would help as that would need to be specified in the firewall some how for the policy based routing and you can only select one gateway / gateway group.
I don't see how adding another gateway group would help as that would need to be specified in the firewall some how for the policy based routing and you can only select one gateway / gateway group.
14
22.1 Legacy Series / Re: os-ddclient
« on: February 24, 2022, 05:28:08 am »
Just made the switch and didn't have any issues with Google Domains or Namecheap.
Looking forward to having the widget back.
Looking forward to having the widget back.
15
21.7 Legacy Series / Re: Wireguard not switching from WAN2 back to WAN1
« on: September 10, 2021, 10:57:15 am »
Any thoughts on this? it looks like there was a similar post as well but the solution was using an external VM.
Because I'm using the kernel wireguard, I can't use the dashboard service start/stop button. If I disable wireguard and start it in the VPN/Wireguard menu Wireguard automatically picks the current WAN to route of which is generally WAN1 when I'm looking at it.
Because I'm using the kernel wireguard, I can't use the dashboard service start/stop button. If I disable wireguard and start it in the VPN/Wireguard menu Wireguard automatically picks the current WAN to route of which is generally WAN1 when I'm looking at it.