Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - sashxp

Pages: [1]

German - Deutsch / Client IPv6 Adressen und DynDNS-Dienste

« on: April 05, 2021, 12:02:22 pm »

Hallo zusammen,

ich glaube, ich habe noch ein großes Wissensdefizit in Bezug auf IPv6 und freue mich sehr über eure Hilfe!

Ist-Zustand:

Deutsche Glasfaser Anschluss, mit einer CG Nat IPv4 Adresse und einer IPv6 Adresse (56er Präfix). Konfiguriert ist der DG-Anschluss mittels dieser Anleitung: https://beechy.de/deutsche-glasfaser-ipv6-vs-pfsense/
Damit bekomme ich sowohl auf der OPNSense eine IPv6-Adresse, wie auch bei den Clients - die Clients erhalten die Adresse per SLAAC von der DG.

Nun möchte ich einen kleinen Webserver über IPv6 betreiben, habe dafür in meinem Netz einen NGINX als Reverse PRoxy laufen, der auch prinzipiell über IPv6 erreichbar ist.

Nur - jetzt das Problem: wie bekomme ich es hin, ohne auf jedem Client einen DynDNS Client zu installieren, dass bei einer neuen IPv6 IP-Adresse, der DynDNS Eintrag neu gesetzt wird?
Ich habe schon einen DynDNS-Eintrag für mein Wireguard Interface, das funktioniert schon einmal super. Läuft aber auch direkt auf der OPNSense und kann so direkt die IPv6 übergeben.

Wie gehe ich hier mit einem Client vor? Wie macht ihr das?

Oder bin ich komplett auf dem falschen Dampfer?

lg
sash

General Discussion / (Mullvad) WireGuard VPN Tunnel and Port Forwarding

« on: July 07, 2020, 07:13:49 pm »

Hi,

i've got a Problem with my WireGuard VPN Setup. I have an vm, which only use the VPN. To get this done i use Policy based Routing. I've created a rule where my internal IP 10.10.99.214 uses this special Gateway to get out.

In Mullvad i've configured, that Port 24020 will be forwarded:

In Opnsense i've nothin special configured, i'll let everything out and Port 24020 in:

But the Port isn't reachable. I've checked via Terminal if the WG-Device will be reached by the portcheck - here is the Result:

Code: [Select]

curl https://ipv4.am.i.mullvad.net/port/24020
{"ip":"185.209.xxx.xxx","port":24020,"reachable":false}

in TCPDUMP i see the packages:

Code: [Select]

root@OPNsense:~ # tcpdump port 24020 -n -i wg1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg1, link-type NULL (BSD loopback), capture size 262144 bytes
19:05:21.835267 IP 46.166.184.225.51756 > 10.65.211.67.24020: Flags [S], seq 3635128962, win 64240, options [mss 1380,sackOK,TS val 959671111 ecr 0,nop,wscale 7], length 0
19:05:22.861666 IP 46.166.184.225.51756 > 10.65.211.67.24020: Flags [S], seq 3635128962, win 64240, options [mss 1380,sackOK,TS val 959672140 ecr 0,nop,wscale 7], length 0

Am i missing something? Have i misconfigured something? Any suggestion?

19.7 Legacy Series / Bootloop and Kernel Exception with Trace while Configuring Wireguard

« on: August 30, 2019, 04:23:02 pm »

Hi guys,

i think i've found a serious Bug. I've added 2 Devices like this to get Wireguard to Work and to configure policy based routing (Copy & Paste out of the backup.xml)

Code: [Select]

    <opt3>
      <if>wg0</if>
      <descr>WGVPN</descr>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
    </opt3>
    <opt4>
      <if>wg1</if>
      <descr>WGAZIRE</descr>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
    </opt4>

and i've configured wireguard to use these Interfaces. While activating these Interfaces the System reboot.

I've attached the Stack-Trace which i've already sent by Mail through the webinterface.

Code: [Select]

User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
FreeBSD 11.2-RELEASE-p14-HBSD  07680caafe9(stable/19.7) amd64
OPNsense 19.7.3 6255e8ae7
Plugins os-dnscrypt-proxy-1.5 os-dyndns-1.17 os-freeradius-1.9.3 os-igmp-proxy-1.4 os-maltrail-1.1 os-postfix-1.10 os-upnp-1.3 os-wireguard-1.1 
Time Fri, 30 Aug 2019 00:36:39 +0200
OpenSSL 1.0.2s  28 May 2019
PHP 7.2.21

I hop i could help to get the error fixed.

sash

General Discussion / Problem getting Wireguard-VPN Roadwarrior Setup to work

« on: August 05, 2019, 09:46:21 pm »

Hi Guys,

i can't get my new Wireguard VPN Setup to work. I can't see established connection but i cant see my Mistake!? Perhaps some of the Wireguard Experts could help me a bit?!

1. Server Setup, i have configured the following things on the OPNSense Site:

upload pictures

2. On the iPhone i have configured as following:

Perhaps i have missed just a little? So, please help me :-)

i have read the following Links:
https://forum.opnsense.org/index.php?topic=11737.0
https://forum.opnsense.org/index.php?topic=13461.0
https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-quicklook/
the great site from mimugmail https://www.routerperformance.net/opnsense/opnsense-and-wireguard/

sash

17.1 Legacy Series / [SOLVED] Problem Updating 17.1.3 to 17.1.4

« on: March 30, 2017, 06:52:37 pm »

Hi,

i get the following Error with the Update. Is it the right solution to unset the vital flag?

I'll ask that, because i haven't done this in other updates...

bye
sash

Quote

***GOT REQUEST TO UPGRADE: all***
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (37 candidates): .......... done
Processing candidates (37 candidates): .......... done
Checking integrity... done (1 conflicting)
- py27-setuptools-32.1.0_1 conflicts with py27-setuptools27-32.1.0 on /usr/local/bin/easy_install
Cannot solve problem using SAT solver, trying another plan
Checking integrity... done (0 conflicting)
The following 38 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
   py27-sqlite3-2.7.13_7
   opnsense-17.1.3
   py27-setuptools27-32.1.0

New packages to be INSTALLED:
   py27-setuptools: 32.1.0_1

Installed packages to be UPGRADED:
   squid: 3.5.24 -> 3.5.24_2
   png: 1.6.28 -> 1.6.29
   pkgconf: 1.3.0_3 -> 1.3.0,1
   php70-zlib: 7.0.16 -> 7.0.17
   php70-xml: 7.0.16 -> 7.0.17
   php70-sqlite3: 7.0.16 -> 7.0.17
   php70-sockets: 7.0.16 -> 7.0.17
   php70-simplexml: 7.0.16 -> 7.0.17
   php70-session: 7.0.16 -> 7.0.17
   php70-pdo: 7.0.16 -> 7.0.17
   php70-openssl: 7.0.16 -> 7.0.17
   php70-mcrypt: 7.0.16 -> 7.0.17
   php70-ldap: 7.0.16 -> 7.0.17
   php70-json: 7.0.16 -> 7.0.17
   php70-hash: 7.0.16 -> 7.0.17
   php70-gettext: 7.0.16 -> 7.0.17
   php70-filter: 7.0.16 -> 7.0.17
   php70-dom: 7.0.16 -> 7.0.17
   php70-curl: 7.0.16 -> 7.0.17
   php70-ctype: 7.0.16 -> 7.0.17
   php70: 7.0.16 -> 7.0.17
   opnsense-update: 17.1.3 -> 17.1.4
   opnsense-lang: 17.1.3 -> 17.1.4
   ntp: 4.2.8p9_4 -> 4.2.8p10_2
   lzo2: 2.09 -> 2.10_1

Installed packages to be REINSTALLED:
   py27-ujson-1.35 (direct dependency changed: py27-setuptools)
   py27-requests-2.11.1 (direct dependency changed: py27-setuptools)
   py27-pytz-2016.10,1 (direct dependency changed: py27-setuptools)
   py27-netaddr-0.7.18 (direct dependency changed: py27-setuptools)
   py27-MarkupSafe-1.0 (direct dependency changed: py27-setuptools)
   py27-Jinja2-2.8 (direct dependency changed: py27-Babel)
   py27-Babel-2.3.4 (direct dependency changed: py27-setuptools)
   openvpn23-2.3.14_1 (options changed)
   dnsmasq-2.76,1 (options changed)

Number of packages to be removed: 3
Number of packages to be installed: 1
Number of packages to be upgraded: 25
Number of packages to be reinstalled: 9

The operation will free 20 MiB.
pkg-static: Cannot delete vital package: opnsense!
pkg-static: If you are sure you want to remove opnsense,
pkg-static: unset the 'vital' flag with: pkg set -v 0 opnsense
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

Pages: [1]