Topics

1

18.7 Legacy Series / dhcp relay on WAN

« on: February 08, 2019, 12:13:38 pm »

We have a problem with DHCP relay over our WAN interface of a branch office in our network.

Our setup is 2 OPNsense firewalls/routers on 2 sites and site 1 is the upstream router for site 2. The internetbreakout is on site 1. Between site 1 and site 2 is 172.16.253.0/30 subnet and no NAT

 INTERNET <--> OPNsense1 <--> OPNsense2

On both sites we have DHCP server but we would like to turn off the DHCP server on site 2 and relay DHCP requests to the DHCP server on site 1. This is not possible because the DHCP server is behind the WAN interface of OPNsense2...

WHY??

2

Web Proxy Filtering and Caching / transparent proxy to other IP than 127.0.0.1

« on: February 07, 2019, 10:45:00 am »

Hi,

i'm trying to follow the webproxy setup.
Manually the webproxy works with manual settings to 3128 but now i want to change it to transparent.

My setup is:

client @ vlanX (10.80.24.0/24)
opnwebprxy  @ vlanY (10.80.25.32)

Through opngateway (10.80.5.1) i try to create a NAT rule to forward http & https to that 10.80.25.32.
The squid answers:

The following error was encountered while trying to retrieve the URL: /
Invalid URL
Some aspect of the requested URL is incorrect.
Some possible problems are:
Missing or incorrect access protocol (should be http:// or similar)
Missing hostname
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed.


"Transparent" is already enabled on squid.
I did not enable the CA yet but im first testing it with a non-ssl site.


So: @
interface vlanX
ipv4tcp
source: vlanXnet
source-range: any any
dest: any
dest-range: http http
redirect: 10.80.25.32
target-port: 3128
enable nat-reflection
rule NAT

Moved the rules on the top as i've read this somewhere.

Any idea what i could be missing?

Thanks

3

18.1 Legacy Series / upgrade problems

« on: April 08, 2018, 07:46:19 am »

Hi,


For a while I'm trying to upgrade from 1.7 to 1.8 without success.

After an  export and import NAT does not work anymore.

From the host i can ping the internet but from my private it cannot be reached: "errors loading the rules /tmp/rules.debug.158"

The lines in there look like this:

scrub on re1_vlan534 all
scrub on re1_vlan536 all
scrub on re1_vlan538 all
scrub on re0_vlan34 all
scrub on gif0 all

157:no rdr proto carp all
158:nat on re0_vlan34 inet from (re1:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
159:nat on re0_vlan34 inet from (re1_vlan502:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
160:nat on re0_vlan34 inet from (re1_vlan504:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
161:nat on re0_vlan34 inet from (re1_vlan506:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
nat on re0_vlan34 inet from (re1_vlan508:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule
nat on re0_vlan34 inet from (re1_vlan510:network) to any port $500 -> re0_vlan34 static-port # Automatic outbound rule

I already switched from "automatic" to "manual" NAT-outbound setting, hoping the wrong bit would flip back to functional state.


Any idea where this could be coming from?

4

Web Proxy Filtering and Caching / default block all; allow whitelist

« on: March 11, 2018, 11:20:55 am »

Hi,

looking into webproxy to whitelist access to windowsupdate.com etc. for certain IP's.

Tried to allocate "*.*, 0.0.0.0/0.0.0.0"  to the blacklist but it only accepts single entries thus far: "meuk.com".

Is it possible through the GUI or should i create squid ACL lists at shell level?


Thanks

5

Development and Code Review / ipv6 alias causes crash

« on: October 22, 2017, 09:32:33 am »

Hi,

when making an alias for an ipv6-range, the box (Alix-APU) has big problem to calculate this:

ipv6:range:low::0 - ipv6:range:between:ffff:ffff:ffff:ffff
ipv6:range:between+1::0 - ipv6:range:high:ffff:ffff:ffff:ffff

and needs to be restored from previous config


The problem does not appear when using the following notation:

ipv6:range:low::0/54
ipv6:range:blck1:0/53
ipv6:range:blck2:0/52

as helped with the following site:
https://www.ultratools.com/tools/rangeToipv6CIDRResult



So, whenever using the "-" notation... the box crashes whenever i hit the apply button.


I don't know if someone is observing the same..

6

17.7 Legacy Series / USB transmission failed

« on: October 17, 2017, 02:00:14 pm »

Hi,

during the second boot (after the resize partition) on my Alix APU, i get these messages :

USB transmission failed
USB transmission failed
USB transmission failed

with some ehci messages in between...

A slow USB-stick continues to boot after 3 of those messages, other sticks endlessly hang during boot.


Is there a fix that i can use (sysctl-adjustment)?


Thanks,
Martijn

7

17.7 Legacy Series / backup restore question

« on: October 16, 2017, 08:42:37 pm »

Hi all,

forgot to use a nano image on my usb stick.
When things started to act weird i rebooted the device but now it hangs on "configuring firewall".
Just before the reboot i made a backup  (5 MB in size, must be with RRD)

When i use that backup to restore a fresh image (only vlan and interfaces restore) it already gets stuck on "configuring firewall"..


Does anybody know why the thing keeps hanging on the "configuring firewall"?


I just switched from PF to OPN and that took me a whole day of work copying all that info by hand.....

Thanks