Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - petrus

Pages: [1]

German - Deutsch / Sicherer Betrieb lokaler Minecraft-Server - Authentifizierung über ein Portal

« on: January 21, 2024, 10:54:08 am »

Hallo, ich habe zu Hause einen Minecraft-Server, der ein eigenes VLAN hat und sowohl vom LAN als auch vom Internet aus erreichbar sein soll. Es funktioniert alles, aber ich habe Angst, den Server einfach für das ganze Internet zugänglich zu machen. Der Zugriff auf den Server soll einfach bleiben (einige Schulklassen sollen darauf zugreifen können), daher möchte ich kein VPN einrichten.

Meine Idee war, ein Portal zu konfigurieren (das integrierte Captive Portal), das nach erfolgreicher Authentifizierung die entsprechenden Firewallregeln für die Quell-IPs der authentifizierten Benutzer freischaltet.
Ich habe schon viel gesucht, aber bis jetzt nichts gefunden, außer diversen Anleitungen für ein Gastnetzwerk.
Ist soetwas mit Opnsense Bordmitteln überhaupt möglich?

Danke!

Tutorials and FAQs / Unbound + BIND How to set up a working config

« on: February 06, 2020, 04:36:05 pm »

Hi!

I've spent a lot of time trying, I might be able to save someone a few hours:
-configured a loopback interface lo1 10.1.10.10/32
-Unbound:
-listening on port 53 on internal interfaces
-local zone type: transparent
-Outgoing Network Interfaces: lo1
-custom options:

Code: [Select]

forward-zone:
  name: "."
  forward-addr:10.1.10.10@5353

-BIND listening on lo1 10.1.10.10:5353
-ACL for recursion 10.1.10.10/32
-DNSBL activated + local zones configured
-DNS forwarders set to some public DNS service

NOW COMES THE CATCH:
-it did not work until I set the
System/Settings/General/DNS Servers to blank

Petrus

18.7 Legacy Series / Not possible to connect over OpenVPN to Web GUI on a Bridge

« on: September 07, 2018, 08:47:35 pm »

Hi,

The setup:
I'm trying to create a VPN concentrator for my family network, so Opnsense is running on a vserver of a cheap provider with a single public IP (let's say it's 1.1.1.1) available. I'm trying to have a setup, with three OpenVPN servers, listening on three different ports on the single IP. The srv is listening on TCP80 and it is bound to the interface OVPN which has an IP of 10.1.1.1/24.
Everything works about this one, I can access the web GUI. The servers listening on TCP443 and on UDP443 are connected to the interfaces OVPN2 and OVPN3. These are bridged together via the interface OVPNBR.
The web GUI is set up to listen on the interfaces OVPN1-3 and OVPNBR.
OVPNBR has a different IP and network: 10.1.2.1/24
The clients receive an IP from 10.1.1.2-254 if connected on TCP80 or 10.1.2.2-254 if connected via TCP/UDP443

The Problem:
VPNs work well, I can ping 10.1.1.1 or 10.1.2.1 (the IPs on the firewall) from any VPN.
BUT I can only reach the WebGUI via the VPN connected over the TCP80.
Whatever I do I can't figure out, why? The FW logs say, that the packets are accepted.
Lighttpd is shown via sockstat, that it's listening on both IPs.

Maybe someone could have some better ideas then me, because I've reached the limits of my networking wisdom...

A little diagram of the setup will follow.

The details:

Code: [Select]

 	
OPNsense 18.7.2-amd64
FreeBSD 11.1-RELEASE-p13
OpenSSL 1.0.2p 14 Aug 2018
CPU Type 	Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz (2 cores)
RAM 6G 
VM Type, probably KVM
1 Single interface to the outside world
Disabled any IPv6 config
Tried to let lighttpd listen on any interface.

Thanks a lot!

Regards
Petrus

Pages: [1]