Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Jose

#1
Hello all, I'm not a fan/user of any social media at all hence I dint noticed this problem before, unfortunately with the nowadays marketing trends I have to sin and get involved with "WhatsApp/Instagram" just to get in touch with the "Solar Energy" business and found some problems when loading content from such sites.

Been using OPNSense since version 16.x and never had any problem on my small homelab/office network other than recently found that "Meta" child websites/apps partially work when pass through OPNSense, the webpage(Instagram) load but the content is blocked, i.e. images/videos etc but text, for WhatsApp chats is the same the media content does not load and have to turn off Wi-Fi and use cell data in order to view the images/videos, however if I connect the Linksys access point directly to the ISP cable modem the Meta websites/Apps works on all clients as intended but that's definitely not an option.

I did search the web/forums in this regards but just found some repetitive advice about "Enable syncookies" in which I've tried in either "never/always/adaptive" without success, I really hope some with knowledge in this case can bring some viable advice, other than the easy route on leaving host(s) vulnerable to DDoS.

System: (moved to Bhyve VM)
i5-2390T + 8GB RAM, 160GB HDD
HP Pro 6300SFF(WAN) + HP NC360T(LAN/OPT)

Versions:
OPNsense 25.1.4_1-amd64
FreeBSD 14.2-RELEASE-p2
OpenSSL 3.0.16

Network:
ISP --> OPNSense --> Linksys-AP --> Clients


Regards!

Edit:
Here is an example of the Meta site loading but without media content, it gets stuck in a connecting loop to ...fbcdn.net.

Here is a similar case in this regards in r/opnsense without proper solution, and again the OP Update/Solution is not an option for me. ;)
#2
Hi, this is an old yet small cosmetic bug, in some pages the device name or hostname isn't displaying properly when it contain spaces, looks like some users like to name their network devices with spaces which difficult the device identity initially, since this hasn't been fixed yet just posted as reminder. ;)

For example the "dhcpd.leases" are showing client-hostname correctly but somehow not being parsed properly.

Example images:
#3
Hello, only have basic knowledge here regarding networking/firewall in general so I think this is the best forum section for asking such question/help, really sorry if should be in another sub forum. ;)

I've recently switched from a basic OPNsense setup with just WAN + LAN, to WAN + LAN + OPT to have two routes, main one for my home LAB and secondary one for the rest of the house locations, since then I've been struggling trying to access from my workstation(192.168.1.200) the Access Point's located on the secondary route(192.168.2.1), I've followed several OPNsense how-to's around the net and read the OPNsense online manual but I was unsuccessful.

So the question is what should be the best way to do this, through NAT-Port-Forward, Firewall-Rule(s) or through Routing, also since an illustration can say a lot of things I will post an image of my setup for convenience.

Wanted scenario:
Gbe Client Admin want to access the Access Point's 192.168.2.10 and and 192.168.2.11 Web Interface, pretty sure after setting up access for one I will know how to do this for the rest, also 192.168.1.200 can ping OPT 192.168.2.1.

System specs:
OPNsense 22.7_4-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1q 5 Jul 2022
CPU: i5-2390T
RAM: 8GB
Disk: 2.5" HDD/RootOnZFS

Setup diagram:
#4
20.1 Legacy Series / ZFS Installer Test Help
March 08, 2020, 07:43:58 AM
Hello, In response to this now old thread

I've been a bit busy lately hence can't responded in time on the previous old thread. ::)

However had some time and made a "fast draft" update to the opnsense.sh developed by franco in hope to get some feedback about the ZFS installation process/functionality, it currently supports ISO files only as the source media in this test installer, but will fully support USB installers as well based on the testing feedback.

I've currently tested only on GPT/UFS and GPT/ZFS and seems to work well here, though I've only focused in the ZFS filesystem and more testing is much welcome.

Small video showing bsdinstaller working HERE

Testing sources can be found HERE

The current proposal does copy the files freshly from the source media, and does not requires for the live media to carry the base.txt etc. tarballs files, keeping the same size for convenience.

P.S. Note that the file copying process does not have a percentage gauge yet.  :-[

Regards
#5
Hello, I'm really sorry for posting a another thread about this topic, however since I posted in an already Legacy product thread, it may worth to just point for it instead of duplicating.

Here are some ideas, test files for a simple built-in OPNsense ZFS installer, actually the "bsdinstall" route is the best approach in my personal opinion, though there are several ways to accomplish this eventually.

Regards
#6
Hi, since I've tried numerous how-to also can't search for solution yet, I decided to starting a new thread in hope someone in the same boat with solution can bring some light.

I'm having a very hard time trying to get a simple web server to be accessible outside my network(for testing purposes) through No-IP/Port forward, I will post brief setup of my current network in hope to get some advice if I am doing something wrong on my end, before I consider to call my ISP in which is very slow wen it comes to customer support unfortunately. :-[

Lets start with my setup and what I'm trying to accomplish for reference, my setup is as follow:

           ISP/Locked                        Router/DHCP                WiFi/AP/Bridge            Switch/Unmanaged            Wired
[Ubiquiti Wireless Radio]----->[OPNsense 18.1.10]----->[Netis WF2419]----->[ PowerConnect 2808]----->[Clients]

HERE is an image of the above network setup/diagram.

My Web server in question is a simple Apache server running on my FreeBSD file server and currently accessible locally with the IP: 192.168.1.xxx:8080, OPNsense is handling all the Unbound DNS, DHCP and DDNS with my No-IP account, the DynDNS plugin is currently working and cached my outside WAN IP address and is reflected in the No-IP website as expected, now the odds are coming.

I configured port forwarding for the Apache IP/port as follows:

<Source>
[IF=WAN]--[Proto=TCP]--[Address=*]--[Ports=*]

<Destination>
[Address=LAN Address]--[Ports=*]

<NAT>
[NAT=192.168.1.xxx]--[Ports=8080]

My DNS Servers are as follow:
#1: 208.67.222.222
#2: 208.67.220.220
#3: 192.168.1.1

Allow DNS server list to be overridden = Unchecked
Do not use the DNS Forwarder/Resolver = Unchecked

A further test I performed under Windows "nslookup" returned also the following:
> myhostname.ddns.net
Server:  opnsense.localdomain
Address:  192.168.1.1

Non-authoritative answer:
Name:    myhostname.ddns.net
Address:  104.238.xxx.xxx (WAN IP)
>

Overall with this setup, I can access my specified "myhostname.ddns.net" and I'm redirected to external WAN which is working fine, but the port forward is not redirecting to internal Apache target IP/port for some reasons, in either default port 80 nor with 8080 etc, additionally every port tester I've used say Port not open and others say Connection refused.  :(

I really apologize for my rather messy post and I hope to get some advice from experienced OPNsense users regarding port forward behind a locked ISP router, oh and really sorry for my English. ::)

Regards