Messages

1

24.1 Legacy Series / Godaddy Dynamic DNS

« on: October 13, 2024, 12:52:29 am »

Trying to configure dynamic dns with a godaddy domain, and getting "Customer identified by login and password options denied permission" as an error is the closest I've been able to get.

Username is the API Key, password is the secret key.  I do have "lock" enabled for the domain... but I don't see anything in the godaddy documentation that explains what that means... do I need to unlock it in order to be able to update the IP address automatically via the opnsense plugin?  I suspect there may be something on the godaddy side of things that's misconfigured, but I haven't been able to find anything useful to tell me what that may be.

Please let me know what I"m doing wrong.

Thanks.

2

24.7 Production Series / OpenVPN not matching common name?

« on: September 27, 2024, 04:56:13 pm »

Trying to set up a VPN server via the new instances method, but I cannot get it to match common names.  If I turn on strict matching, I simply cannot connect.  If I have strict matching turned off, I can connect, but the connection shows up as UNDEFINED under the client name, and client specific overrides are not applied.

I created a new user name (tethys), crated certificates (tethys was entered as the common name), and am logging in with the user name tethys.

No idea what to troubleshoot... everything seems like it should be set up properly.  The same config works fine under legacy.

3

23.7 Legacy Series / Re: Convert to zfs? download 23.7 still?

« on: September 22, 2024, 06:42:08 am »

Well, I did the update to 24.1.5 and as far as I can tell everything went smoothly.  Now I can just reinstall with zfs at my leisure.

One of these days I also need to get around to migrating my OpenVPN config to the new instances...

4

23.7 Legacy Series / Re: Convert to zfs? download 23.7 still?

« on: September 21, 2024, 10:57:32 pm »

The plan would be to basically upgrade immediately. Where would the older install image be available for download tho? I was hoping there would be install images on GitHub, but that doesn't seem to be the case.

5

23.7 Legacy Series / Convert to zfs? download 23.7 still?

« on: September 21, 2024, 01:42:28 am »

I am currently using ufs for the root file system of my install, but would like to migrate to zfs in order to take advantage of snapshots.  Probably the best way to do this would be to reinstall 23.7, restore config from backup, take snapshot, then update to the current release.  Is there still a download available for the last release of 23.7?  I have an older version of install media saved somewhere, but it is not the last release... I feel like installing an older version and then restoring from my newer backup could possible cause issues, and would like to do this process with the current version that I am running now.

Thoughts? feelings? recommendations? download links?

Thanks!

I have a headache at the moment, so pardon this probably poorly written post... needless to say, this is not something I am looking to take on right at this moment. Perhaps a project for tomorrow or later this weekend.

6

24.1 Legacy Series / Re: Port 80 not being redirected (help setting up reverse proxy for immich server)

« on: April 06, 2024, 09:25:32 pm »

Yes, but still does not work.  I'm no longer getting a log in prompt, now I just get nothing.

7

24.1 Legacy Series / Port 80 not being redirected (help setting up reverse proxy for immich server)

« on: April 06, 2024, 06:09:36 pm »

One thing to note, I am on the LAN at the moment.

However, I have installed nginx proxy manager on a LAN server (192.188.0.2) and have forwarded ports 80 and 443 via NAT.  But, if I go to subdomain.domain, rather than this traffic being forwarded to the proxy server and then further redirected to the appropriate server & port (192.188.0.2:2283) I am prompted to log into the router. 

How do I get the results I am looking for?

EDIT: Just had a buddy test and it is not working properly from outside the LAN either.



EDIT2:  Let's just cut to the chase here... can someone tell me how to get reverse proxy working so that I can access my immich server?  That's what I'm trying to do. 

8

24.1 Legacy Series / Re: completely locked out

« on: March 03, 2024, 08:46:58 pm »

I was able to log in via VPN connection luckily. I would still like to know how to get the local console working again tho

9

24.1 Legacy Series / completely locked out

« on: March 03, 2024, 08:37:23 pm »

Disabled the anti lock out rule for a dumb reason and am now completely locked out. Cannot even get a login prompt with a display an keyboard directly connected. What do?

10

23.7 Legacy Series / Re: Upgradethread 23.1.11_1 to 23.7

« on: August 20, 2023, 06:50:29 pm »

Update seemed to relatively smooth.  It did get stuck the first time I was able to log back into the web UI with a message that the router was still booting up, tho it did report traffic, some services were not running (tho I was able to start them manually), and was not able to access the repos (reported no internet connection).  I nervously rebooted, and everything came back up perfectly, including VPN clients.

11

23.1 Legacy Series / Re: Trouble figuring out traffic shaping: prioritize all traffic to specific IP

« on: August 15, 2023, 01:17:29 am »

Before we touch the Question about the Shaper/Shaping. You are saying even if you are streaming media via your LAN you are having drops?

How is your Network designed?
What is your OPN HW?
What is your Internet connection BW?
What is your LAN BW?
Go to this page https://www.dslreports.com/speedtest and run the test, what are the results?
Also please do ping tests between your Host 192.188.0.8 > 192.188.0.2 And 192.188.0.8 to > 1.1.1.1


In regards of the Shaper, there are plenty guides how to do it, mostly the guides even found on this forum work with FQ_CODEL SQM/AQM Shaper that will is implement to Shape WAN in order to prevent buffer bloat. Usually just turning the function, setting ECM and fine tune 2 parameters should be enough of get a A+ ranked performance over WAN. Usually its done in very simple way > 2 Ques, 2 Pipes > 2 Rules, one for download one for upload. In a specific case you need to give more BW to a specific client or APP you can to a more granular segregation and set the Weight Parameter.

However per your description, this doesn't look to be a congestion/saturation problem.

Regards,
S.

What's so special about this test?  I cannot get it to run, even without unbound or any adblocking extensions enabled.

12

23.1 Legacy Series / Re: Trouble figuring out traffic shaping: prioritize all traffic to specific IP

« on: August 14, 2023, 03:27:54 pm »

Kikusenko Firewall Micro Appliance, Mini PC Celeron J4125 Quad Core, 4 lntel i226-V 2.5G Nics Ports, AES-NI, Barebone, Soft Router, VPN, 8GB RAM 128GB SSD https://a.co/d/73zJ3Oj

13

23.1 Legacy Series / Re: Trouble figuring out traffic shaping: prioritize all traffic to specific IP

« on: August 14, 2023, 03:26:00 pm »

I'll answer what I can from where I am right now

Network starts with a Comcast cable router in gateway mode (only provides public IP) > opnsense router > my previous TPLink router set up as an AP (also serving as the main switch).

Plugged into the switch is my file server and the MoCA 2 adapter which runs the connection to my living room, from there it goes to another switch that the streamer & media PC is plugged into.

MoCA adapter provides 700mbit/s so that should be plenty of bandwidth.

At this point my plan is to put another gigabit switch between the router and AP, perhaps the TP Link is just not up to the task.

I have 7 devices connected to the network, but not all are ever really being used at the same time.

14

23.1 Legacy Series / Trouble figuring out traffic shaping: prioritize all traffic to specific IP

« on: August 14, 2023, 01:35:26 am »

I feel like this should be a fairly simple task, but I am having a hell of a time figuring out how to do it.  Quite simply, I want to prioritize all traffic to and from 192.188.0.8 above all other traffic on the network, regardless of protocol or ports.  I want this to be as close to real time routing as possible.  On a consumer router I would have just selected the device as higher priority in the QoS settings, but opnsense is clearly more powerful and granular... however, it's to the point where I have no idea how to use it.  The documentation hasn't been too much assistance either.  I don't really want to limit bandwidth to other clients... just want to have traffic to this one client weighted higher than others. 

The client is a network streamer for my stereo, and I've tried messing with pipes and queues but I'm still experiencing dropouts in streaming audio.  Never had dropouts with my old TP-Link router, and if a cheapo consumer router can do it, surely an enterprise grade system (enterprise software, at least) should be able to handle it without issue. 

Thanks & please excuse my absolutely n00b question.

Traffic works in 2 basic ways... either streaming files stored on 192.188.0.2 via UPNP or streaming music via WAN from Qobuz (online music streaming service).  I get dropouts from both, and there's plenty of bandwidth on my local network that this should never be an issue, which is why I'm convinced it's an issue of prioritizing packets.

15

23.1 Legacy Series / Re: Domains cannot be whitelisted with Unbound

« on: August 11, 2023, 01:38:12 am »

This is interesting.  I did some testing on my server and it appears to be a possible bug with the reporting and/or whitelisting of the DNSBL.

The reason it's not working for you is because of the CNAME.  Once you allowed click.redditmail.com it started resolving.  You can see that in your original screenshot.  The problem is that click.redditmail.com resolves via CNAME to thirdparty.bnc.lt which is also on the blocklist.

Unbound Reporting shows the A and AAAA records being allowed but the CNAME being blocked.  However, it only shows the original click.redditmail.com request, not the resulting CNAME.  Additionally, because of that, there's no option to allow the resulting CNAME query.

As a workaround until this gets looked at, if you do a DNS query you'll get the CNAME for the domain.  You can then add that to your list along with click.redditmail.com and it will work.  However, if the CNAME changes to a different blocked domain, you'll have to go through the whole process again.

https://github.com/opnsense/core/issues/6722

Awesome, thanks for your reply.  What tool do you recommend using to drill down into these DNS queries that are giving me trouble to find the additional domains to whitelist?  Ideally a command line tool for linux.