OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of manus »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - manus

Pages: [1]
1
17.1 Legacy Series / HAProxy stability
« on: June 07, 2017, 09:39:52 pm »
Since 4 or 5 minor release, we have a 100% CPU on HAProxy after some time (1-2 months).
Only a reboot solve the problem.
Anybody with this problem too?

When HAProxy will be updated to 1.7.x? or at minima to last 1.6 (1.6.12)?

2
16.1 Legacy Series / [SOLVED] HAPRoxy bug & missing feature (1.1)
« on: June 04, 2016, 02:52:28 pm »
- In Global Parameters, Custom options have no effect (nothing in /usr/local/etc/haproxy.conf).
- Add Custom options in Default Parameters and Statistics Configuration.
- Add default-server entry for backend and server must be after default-server in final file (server is recommended to be last entry in all case):
Code: [Select]
default-server port 21 inter 10s downinter 15s rise 3 fall 2 slowstart 60s weight 100- Unable to create server without port (to use frontend port):
Code: [Select]
server MyServerName 10.10.5.1: check- Unable to create frontend with port range:
Code: [Select]
bind 31.9.36.15:20-21
bind 31.9.36.15:49000-49500- If you add a frontend without ssl&certificate after one with ssl&certificate, the frontend without ssl&certificate got a certificate and ssl option:
Code: [Select]
bind 31.9.36.15:2222 name 31.9.36.15:2222 ssl   crt /var/etc/haproxy/ssl/5752ccd0803c0.pem
instead of:
Code: [Select]
bind 31.9.36.15:2222 name 31.9.36.15:2222- Service unable to run with this in global ("Some configuration options require full privileges, so global.uid cannot be changed."):
Code: [Select]
uid                         80

3
16.1 Legacy Series / Add option to enable IPFW
« on: February 18, 2016, 12:10:10 pm »
Could you add an option in interface or through a config file to enable IPFW.
Currently we can't use default rc file because /usr/local/opnsense/service/templates/OPNsense/IPFW/rc.conf.d rewrite the firewall_enable.
So to use IPFW, I need to add a traffic shaper rules&co to use IPFW or modify previous file.
The best will be to get :
- an option in interface to enable IPFW (firewall_enable)
- an option to add ipfw_load=”YES” in /boot/loader.conf or other way to load kernel module at boot
- a field to give a full path to a file with rules to execute after:
# reload ipfw rules
/sbin/ipfw -f /usr/local/etc/ipfw.rules

Why? because I use a compiled HAProxy in transparent mode. But some can use it for others things.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2