OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of intrepid2007 »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - intrepid2007

Pages: [1]
1
General Discussion / ExpressVPN and it's internal DNS server(s)
« on: August 11, 2020, 08:17:37 pm »
Hello,

After 1 year of pause I decided to continue with OpnSense.. I have installed version 20.1 and have it installed the way I like it...

I use 2 subnets:
Traffic from LAN clients in the 192.168.0.0/24 range is routed to the WAN
Traffic from LAN clients in the 192.168.1.0/24 range is routed to ExpresVPN

This works fine, I even can re-route DNS requests to fixed DNS servers
(for WAN: 1.1.1.1, for ExpressVPN: 156.154.70.1)

However, I am not quite satisfied with how the DNS server setup works for ExpressVPN.
When connecting to the tunnel, ExpressVPN pushes it's internal DNS server and I would like to use that particular DNS server:

Aug 11 20:06:51 ovpn-client1[4167]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.72.0.1,comp-lzo no,route 10.72.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.72.0.102 10.72.0.101,peer-id 24,cipher AES-256-GCM'

As you can see in the log above, ExpressVPN pushes it's own internal DNS server with IP address 10.72.01. Each time that a reconnect takes place, another internal IP-address may be issued. If that internal IP-address is in a different subnet, the DNS-server also is different. So filling in that DNS server in a rule the 'hardcoded' way is not quite user-friendly.

I'd like to configure OpnSense in such a way that the pushed internal DNS server from the VPN provider is used automatically. Is this possible?


2
General Discussion / [SOLVED IN 17.1.8] Number of DNS servers (4) in System --> General --> Settings
« on: May 21, 2017, 11:09:13 am »
Hi there,

First my question (it is more a request for a new feature):
The number of DNS servers in System --> General --> Settings is _limited_ to 4 DNS servers.

Are there plans to make this dynamic, so more DNS servers can be specified?
pfSense has this feature and it is quite useful.


Why am I asking this?
In my setup I assign an IP address + DNS servers to each LAN client via the DHCP server.

These DNS servers are also configured in System --> General --> Settings:
Here I assign each DNS server to a specific gateway. I want to ensure that the query goes through that gateway only. DNS forwarding/resolver is disabled.

In general, VPN providers provide 2 DNS servers.

So when you have 3 VPN client connections in your system, you would need to configure 3x2 = 6 DNS servers in System-->General-->Settings... But that is impossible at the moment. So now I 'only' configure 1 DNS server per VPN provider..

(I also have a set of firewall rules configured, each rule specify an IP-range and a specific gateway. This way I can route LAN clients in the 192.168.0.1x range to VPN provider A, LAN clients in the 192.168.0.2x range to VPN provider B etcetera... This works fine, no leaks...)


Thanks!

3
17.1 Legacy Series / Random connection drops with NordVPN
« on: March 22, 2017, 07:13:19 pm »
Hi there,

For some time I am testing OpnSense, which is installed on a ZOTAC ZBOX CI323 Nano (2 Realtek NIC's onboard). Currently I have 3 VPN providers: IPVanish, NordVPN and ExpressVPN.

Both providers have been configured, based upon the client's IP address in the LAN, traffic is passed to one of the 3 VPN providers... This works fine, even no DNS leaks!

Since 2 weeks my configuration is 'stable', it hasn't changed much anymore :-)

However I noticed something strange with the NordVPN connection and I can't explain why it happens.
Every few minutes (random) the traffic via that connection stops suddenly...  Then the VPN's timeout mechanism appeares to trigger (180 seconds) and a re-connect is forced (according to the logs).
Changing to another NordVPN VPN server doesn't help, the same thing is happening....

Both OpnSense version 16.7.x and version 17.1.3 have this issue...

I have had contact with NordVPN about this; According to them, my configuration seemed OK...

The other 2 VPN providers do not have this problem under OpnSense, no connection 'drops'.... You would then think that it is 'NordVPN' related and not OpnSense, but....

I also installed pfSense 2.3.2 and I configured it (also) the same way as in OpnSense...
With pfsense it works flawless, no connection drops...

When I grab some networktraffic in OpnSense and save it to a .pcap file, Wireshark can't import it because the .pcap appears to be corrupted... Is this something that sounds familiar to you?

When I 'repair' the .pcap file and imports it to WireShark, I see packets that does not appear to be IP packets (unknown)...

Any suggestions?

Best regards!











4
General Discussion / Another attempt: DNS issues in multi VPN setup
« on: February 10, 2017, 02:24:47 pm »
Hi there,

Another approach/attempt to get this working correctly...

What I want, is the following:

LAN clients in 192.168.0.10 - 192.168.0.19 range must connect to OpenVpn client expressvpn
LAN clients in 192.168.0.20 - 192.168.0.29 range must connect to OpenVpn client ipvanish #1
LAN clients in 192.168.0.30 - 192.168.0.39 range must connect to OpenVpn client ipvanish #2

Each vpn must use it's own manually configured dns server for resolving names...


For example:
When a client with IP 192.168.0.32 connects to the internet, it must use the ipvanish #2 gateway.
Both resolving the DNS as the DATA transfer should be handled by this gateway.

I am new to OpnSense and I have tried various scenarios. Unfortunately I still can't get it to work correctly.
Is what I want, possible with OpnSense???

When using my configuration, it appears to 'mix' the gateways and dns servers (dns resolve via expressvpn, data exchange via ipvanish)



My setup is as follows:
OpnSense version 16.7 (with the last updates installed)

LAN Interface : IP range = 192.68.0.x
OpnSense IP  : 192.168.0.254
WAN              : static, IP = 192.168.1.199 (upstream gateway set to DSL modem IP 192.168.1.254)

And I have configured 3 vpn clients (1x expressvpn, 2x ipvanish), which appear to be  working fine.


Config in OpnSense is as follows:

- In system, settings, general:
Prefer IPv4 over IPv6=checked
Gateway switching =unchecked

DNS servers:
dns server=8.8.8.8 / gateway=wan

Allow DNS server list to be overridden by DHCP/PPP on WAN=checked
Do not use the DNS Forwarder/Resolver as a DNS server for the firewall=checked

- In firewall -> rules i have the following rules in the LAN section:

rule 1: Anti-Lockout Rule

rule 2: DNS
interface=lan
protocol=tcp/ip
source/invert= unchecked
source=any
destination=any
destination port range = dns - dns
gateway=default

rule 3: expressvpn
interface=lan
tcp/ip version=ipv4
Protocol=any
Source / Invert=unchecked
Source=expressvpn (the alias with ip addresses)
Destination=any
Destination port range=any
Gateway=opt_expressvpn_vpnv4

rule 4 and rule 5: ipvanish#1 / ipvanish#2
same as expressvpn rule, only the gateway is different

DNS resolver service is enabled (using default settings -all checkboxes are unchecked-).


The opnsense's dhcp server issues specific ip addresses based upon the mac address of the client's NIC.

Has anyone ideas to get me in the right direction????


5
General Discussion / VPN client connection: Howto override DNS settings????
« on: January 28, 2017, 12:16:13 am »
Hi there,

In OpnSense 16.7 I have configured a OpenVPN client and the connection is up and running.. This VPN connection is one of two VPN connections running.

For a particular reason I want to 'override' the DNS servers which have been assigned/pushed to this VPN connection automatically. Is there some setting in the VPN settings (Advanced configuration) that enables me to do this?

thanks!


6
General Discussion / route LAN traffic to VPN connection _or_ WAN (direct to internet connection)
« on: December 25, 2016, 01:55:28 am »
Hello,

I am new to OpnSense and I recently started playing with it to see what it's possibilities are...
The software runs on a mini-pc with 2 NIC's (a LAN port and WAN port).

My goal is to configure the router in such a way that it routes LAN traffic to:

1. a VPN connection _

_or_

2. to the WAN (direct)

depending on the IP address of the device in the LAN.

First of all I'd like to know if that's possible, because until now I can't get it to work like that....
The documentation of OpnSense is rather rudimentary for beginners like me, so I am kind of stuck here....

My setup:

LAN IP mini pc : static (10.0.0.1/8), DHCP server is enabled
WAN IP mini pc: DHCP (192.168.1.13)

Also configured is an OPT1 interface (VPN client connection)

The WAN port is connected to the DSL modem (IP=192.168.1.254)
The LAN port is connected to my laptop (IP=10.0.0.100)

I have been playing with these settings:

In [Firewall -> Rules] I have defined two rules in LAN:
IPv4 TCP/UDP    *    *    *    53 (DNS)    *       'DNS'
IPv4 *    *    *    10.0.0.100/8    *    WAN_DHCP  'LAN to WAN'
IPv4 *    *    *    10.0.0.101/8    *    OPT1_VPNV4  'LAN to VPN'

In [Firewall -> NAT -> Outbound] I have defined two entries:
OPT1    any     *    *    *    OPT1 address    *    NO
WAN    any     *    *    *    WAN address    *    NO

I am not sure if I am in the right direction....
Any ideas on how I could get this to work?


Thanks!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2