Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - lrosenman

Pages: [1]

20.1 Production Series / netgraph change: will https://github.com/aus/pfatt need adjustment?

« on: January 30, 2020, 04:01:56 am »

Given that I *DEPEND* on the pfatt module to authorize my ONT, will the netgraph change called out in the release notes cause me grief?

thanks (I don't dare try it as I don't want to be knocked offline).

General Discussion / [SOLVED] Use an IPSEC connected DNS or LDAP server from the firewall itself

« on: September 04, 2019, 03:45:26 am »

I have the following setup:
|---> <VIA ipsec 172.20.0.0/16, reachable from the LAN>
<LAN 192.168.200.11/22> ----+
|---> <VIA ipsec 10.64.0.0/16, reachable from the LAN>

If I try to set the system to use 172.20.100.34 as a DNS server it doesn't get any response,
same with 10.64.0.4.

If I ping using -S 192.168.200.11 it all works.

What am I missing in the routing tables?

root@home-fw:~ # netstat -rn |more
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 76.250.252.1 UGS ngeth0
10.64.0.0/16 10.128.0.2 UGS ipsec100
10.128.0.1 link#18 UHS lo0
10.128.0.2 ipsec1000 UHS ipsec100
10.128.0.3 link#19 UHS lo0
10.128.0.4 ipsec1000 UHS ipsec200
76.250.252.0/22 link#11 U ngeth0
76.250.255.117 link#11 UHS lo0
127.0.0.1 link#7 UH lo0
172.20.0.0/16 10.128.0.4 UGS ipsec200
172.31.0.0/16 10.128.0.4 UGS ipsec200
192.168.16.0/24 link#15 U em0_vlan
192.168.16.1 link#15 UHS lo0
192.168.17.0/24 link#16 U em0_vlan
192.168.17.1 link#16 UHS lo0
192.168.18.0/24 link#17 U em0_vlan
192.168.18.1 link#17 UHS lo0
192.168.40.0/24 link#12 U em0_vlan
192.168.40.1 link#12 UHS lo0
192.168.64.0/24 link#13 U em0_vlan
192.168.64.1 link#13 UHS lo0
192.168.192.0/24 link#14 U em0_vlan
192.168.192.1 link#14 UHS lo0
192.168.200.0/22 link#1 U em0
192.168.200.11 link#1 UHS lo0

19.7 Legacy Series / Updated to 19.7.r_1, but upgrade wants to do it again :(

« on: July 10, 2019, 06:02:11 pm »

did the upgrade, but the system wants to do it again.

Why?

I'd put the upgrade log in, but it's too big.

BTW: it would be nice if the limits on attachments, post size, etc were raised on the forums.

19.7 Legacy Series / Am I missing something?

« on: July 04, 2019, 01:53:48 am »

What am I missing here on the dev branch?

19.1 Legacy Series / dhcp6c: No Rewriting of the config when a new interface is added

« on: April 20, 2019, 07:52:35 pm »

Can someone look at:
https://github.com/opnsense/core/issues/3406

19.1 Legacy Series / IPv6: Track Interface: Doesn't allow the full range of IPv6 Prefix id's

« on: April 09, 2019, 12:58:53 pm »

I get a /60 from ATT, which should allow prefix id's 0-15 (4 bits). The GUI for track interface says 15 & 14 are out of bounds.

This is in addition to the problem of adding a new interface that tracks WAN *NOT* rewriting the dhcp6c_<WAN>.conf file and restarting dhcp6c.

19.1 Legacy Series / Let's Encrypt: Doesn't seem to know it's working?

« on: April 04, 2019, 03:35:59 pm »

I've got a valid LE cert on my FW, but the certifcates in the GUI show validation failed, and I can't seem to find the cronjob.

ideas?

(I force renewed from the GUI, hence the new issue date).

Documentation and Translation / VLAN: How to set up to get a IPv6 prefix from DHCP?

« on: April 04, 2019, 12:35:09 am »

I'm on 19.1, and have the pfatt stuff working, and my LAN gets an IPv6 prefix just fine.

I'm testing, and when I configure a VLAN on that interface and configure the subinterface the subinterface JUST gets a link-local address, and not a routable prefix out of the /60 block ATT passed me.

Does anyone have doc/faq/etc on what I might be missing?

19.1 Legacy Series / [SOLVED] DHCP: update a foreign (to OPNSense) nameserver with nsupdate/t-sig?

« on: April 02, 2019, 10:52:02 pm »

I'm coming back to OPNSense after a LONG break and was wondering if the DHCPD in current production can support doing DNS updates to a foreign (to OPNSense) DNS server (my server on a different network, using BIND 9.13.x) via an NSUPDATE type message, but using T-SIG keys?

17.7 Legacy Series / 6RD status?

« on: September 23, 2017, 03:39:28 am »

I'm currently back to pfSense as they correctly support ATT Fiber's 6rd IPv6. I really(!) prefer Opnsense, but *NEED* 6RD to work.

What's the current 6rd status in Opnsense 17.7?

17.7 Legacy Series / ATT Fiber/IPv6/DMZ+ mode

« on: August 08, 2017, 08:01:33 pm »

I've just moved into a nice new house with ATT Fiber. ATT'S RG (Pace 5268AC) doesn't pass IPv6 through to the DMZ+ host (will be the firewall). It *DOES* however allow IPV6 to other devices connected to it's own switch.

Should I be able to route IPv6 from another interface to my LAN and do Firewall stuff? My suspicion is YES, but I'm not near it right now.

Basically the setup:
+--->WAN port on OPNSENSE (IPv4/DMZ+)----+
ATTONT->ONT PORT on 5268AC ---| |----> LAN port on OPNSENSE
+--->OPT1 port on OPNSENSE (IPv6/DHCPv4) .+

Would this allow me to have dual stacked hosts on the LAN ?

Development and Code Review / [RFE] add traffic per rule in the GUI

« on: January 22, 2017, 05:59:18 pm »

I'm a convert from pfSense. One of the nice things they have in their GUI is the traffic (pkts/bytes) PER RULE in
the rules list.

This is useful to see if the rules are working.

Any chance in a future release of getting something like that?

Pages: [1]