OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of orsomannaro »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - orsomannaro

Pages: [1]
1
General Discussion / VLAN routing
« on: February 01, 2023, 09:59:11 am »
In my DMZ I have a VPS running a mail-server and I want to reach its webmail interface even through a VLAN subnet.

So, on OPNSense I created the "vSrvDMZ" VLAN with DMZ as "Parent" and in the VPS I add a NIC attached to it.

OPNSense Live View shows me that when I try to connect to webmail from LAN using the IP address of the VLAN interface, the network traffic successfully reaches the mail server through the VLAN interface but comes back through the DMZ interface, correctly using the default gateway of the VPS.

I'm in doubt as to what is the correct way to handle this thing. Natting traffic on OPNSense? Or is it possible to configure the NIC of the VPS to forward traffic from the VLAN through the same VLAN?

Thanks for any help.

2
Virtual private networks / Management VLAN and DMZ
« on: December 17, 2022, 09:36:19 am »
I'm just getting started with VLAN and I need some help from more experienced to properly design the management VLAN.

I have an OPNsense appliance with 3 NICs: WAN, LAN, DMZ. In this case LAN and DMZ are already isolated, but to start playing with VLAN, I'm planning to use one VLAN for servers and workstations attached to the LAN interface and one for servers attached to the DMZ interface.

My question is: should there be only one management VLAN, used to manage both the servers in the LAN and the servers in the DMZ, or is it better to create two separate management VLANs, one for the LAN and one for the DMZ?

(I have this doubt because I've always read "management VLAN", in the singular, but it doesn't seem right to me to put LAN and DMZ administration services under the same broadcast domain)

Thank you.

3
Virtual private networks / Wireguard connection ok but no handshake
« on: December 13, 2022, 05:29:39 pm »
I'm trying to set up a Wireguard VPN. The connection takes place (firewall logs say so) but no handshake occurs with either Ubuntu or Windows client. I made several tests, also manually setting Outbount rules, but without being able to solve.

Note:
- WAN is a hiperlan connection and I manage 8 public IPs (configured as Virtual IPs on OPNsense)
- In the firewall rule for WAN port 51820 I had to set as "Destination" the Alias (PubCloud) of the public IP address used for the VPN connection (otherwise it would not work, probably due to the multiple IPs).

OPNsense config:

I took some screenshots ... I tried to follow the official OPNsense documentation (as well as checking some how-to on the Internet) assigning the wg1 device to an dedicated interface.

VPN:
VPN-WireGuard-local
VPN-WireGuard-endpoint
VPN-WireGuard-status
VPN-WireGuard-handshakes

Interface:
Interfaces-Assignments
Interfaces-WireGuard1
System-Routes-Status

Firewall:
Firewall-Log-port_51820
Firewall-Rules-WAN
Firewall-Rules-WireGuard _Group
Firewall-Rules-WireGuard1

Client config:

[Interface]
Address = 10.10.10.2/32
PrivateKey = YP8<8<8<8<8<8<8<8<8<8<8<8<8<c=

[Peer]
Endpoint = 185.x.x.x:51820
PublicKey = A18<8<8<8<8<8<8<8<8<8<8<8<8<Ww=
AllowedIPs = 10.10.10.0/24, 192.168.0.0/24
PersistentKeepalive = 15

Thanks for any help!

4
General Discussion / [SOLVED] Backup OPSsense configuration with wget
« on: March 03, 2017, 02:56:26 pm »
I'm migrating from PfSense to OPNsense.

To backup the configuration settings I'm following this guide:

https://wikit.firewall-services.com/doku.php/tuto/sauvegardes/sauvegarde_pfsense_2

but the script for OPNsense doesn't work:

Code: [Select]
#!/bin/bash -e
 
OUT='/var/backups/opnsense'
TMP=$(mktemp -d)
URL='https://opnsense.domain.tld'
LOGIN='backupusr'
PASS='p@ssw0rd'
 
# Submit the login form with the previous values, and save a new CSRF token
/usr/bin/wget -q -O /dev/null --keep-session-cookies --save-cookies $TMP/cookies.txt --no-check-certificate  \
   --post-data "login=Login&usernamefld=$LOGIN&passwordfld=$PASS" $URL/diag_backup.php
 
# Save only the config
/usr/bin/wget -q --keep-session-cookies --load-cookies $TMP/cookies.txt --save-cookies $TMP/cookies.txt --no-check-certificate \
    --post-data "download=Download%20Configuration&donotbackuprrd=yes" $URL/diag_backup.php -O $OUT/config-pfsense.xml \
 
rm -f $TMP/*.txt
rmdir $TMP

Somebody can help me to adjust the script code in the right way?


Thanks for your help.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2