Topics

Hello,

I'm looking for the best way to have https enabled on all my internal servers. After years of delaying this, guess I should finally attack the issue.
Today, I'm having:

• Internet: dynamic public IP
  (fe 195.195.195.10)
• Domain: own domain, hosted by webhostingprovider, and a A-forwarder, forwarded to mooo.com.
  And mooo.com is getting public IP from opnsense.
  (fe LAN.mydomain.org > mydomain.mooo.com > 195.195.195.10
• Server A (10.10.10.10), port natted on opnsense: WAN:16666 > 10.10.10.10:443
  Server B (10.10.10.11), port natted on opnsense: WAN:16667 > 10.10.10.11:443
  Server B (10.10.10.11), port natted on opnsense: WAN:16668 > 10.10.10.11:80
  ...

When I'm now going to http://lan.mydomain.org:16668, I'm arriving nicely at http://10.10.10.11:80.



Is is possible to put a kind of subdomain-certificate (?) on opnsense? Of what's the best way to do this? Is there somewhere a nice how-to for opnsense for these kind of setups?

I've got a PV inverter form Solaredge.
This works great. It sends his data to the cloud on regular base. And does this for over 3 years now.

But the last 3 months, after opnsense upgrade/change of settings..., the data is blocked sometimes (approx 2 weeks?)
When I reset the 'states' (firewall > diagnostics > state reset), it works again without any further manipulation.
I didn't notice other simular problems. At this point, only the PV inverter has connectivity issues.

Any tips what I should check to debug this?

Hello,

A while ago, I moved all my Virtual machines (included opnsense) from one server to another. Opnsense works fine through the GUI, but on CLI level, it hangs after the interfaces. Seems like the menu won't get through? See atachment for more info.

Could this has something to do with the ssh-key?

opnsense was taking every day nicely a backup to gdrive.

But of course, when I now need to recover it, it's not possible to restore it.
Because the backup was encrypted. And I don't know the password.

Is there any way to recover it? I found an old backup, so i've now restored a backup of about 1 year ago. In here you can 'see' the password with wildcards. No idea if there's a way to recover it that way?

I was wondering what you guys usually as VPN solution.

Today, I'm running openvpn, with openvpn clients.
But of course, a lot of steps (installation thirdparty software, certificates, settings, credentials...) to get this running on the remote clients.

I was trying to you use IPSEC since the client part is really fun on devices like ios and android. "Click-click" and you're on your way.
Except for windows (10). The build-in VPN software of windows isn't connection like it should. Strange, since you can select IPSEC handling. And the roadwarrior doesn't describe anything for windows client? I Find this a bit strange since most end users are windows users, no? :$

I was wondering how you guys use/see this ...

I've got 2 networks (WAN 192.168.0.0 and DMZ 192.168.1.0).

On the WAN network, I've got my providers modem (192.168.0.1), and my providers digirecorder (192.168.0.2). These devices must be on the same network, for interactive services.
On the DMZ, I've got a mediaserver (192.168.1.2).

From the digirecorder, I would like to allow DLNA towards the mediaserver. But I can't figure out what I should do. The digirecorder can't be configured, this does a discovery on the 'lan' (=WAN).
So I was thinking of 'natting' the mediaserver on the WAN network. But this doesn't seem to work.

Any idea what I should do, and how?