Topics

1

20.1 Legacy Series / How to redirect domain to a custom IP address AND specific port?

« on: May 31, 2020, 11:39:17 pm »

Is there a way to redirect all LAN traffic to a particular address (e.g. www.google.com) to a particular IP at a specific port (e.g., 192.168.1.20:8000)?

I want to redirect all Google searches to this internal IP address at a non-standard port.  I'm guessing you can do this by making a custom DNS entry in unbound?  But I need the traffic directed to a particular port, and I don't think DNS does that.  I would appreciate any ideas on how to achieve this.

2

20.1 Legacy Series / Change the web proxy "access denied" page

« on: May 24, 2020, 07:42:23 pm »

I recently set up a transparent proxy to filter traffic for selected devices on the network. It works great.

But when you try to access a blacklisted page, the proxy gives this message that says "access denied" and to contact your administrator. Is there a way to customize that page to say something else?

Or even silently redirect any blacklisted page access attempts to another website randomly selected from a list?

3

19.1 Legacy Series / BIND Periodically Dying

« on: May 09, 2019, 10:39:00 pm »

Hello,

I'm using BIND to run DNSBL and it has been working great for a while.  But recently (and this coincides with upgrade to the most recent version of OpnSense), I find that BIND sometimes exits due to an error that I do not understand, and I'd have to manually restart it.  I've pasted the BIND log below (in reverse chron order).  Does anyone know why this is happening?

Is there a way to make BIND automatically restart upon exit?  Or at least get a notice that it died?

Thanks!


09-May-2019 07:46:38.754    general: critical: exiting (due to assertion failure)
09-May-2019 07:46:38.754    general: critical: #7 0x0 in ??
09-May-2019 07:46:38.754    general: critical: #6 0x3479b784c36 in ??
09-May-2019 07:46:38.754    general: critical: #5 0x14c5f2204d in ??
09-May-2019 07:46:38.754    general: critical: #4 0x14c5e53ab1 in ??
09-May-2019 07:46:38.754    general: critical: #3 0x14c5e50bd0 in ??
09-May-2019 07:46:38.754    general: critical: #2 0x14c5e4a428 in ??
09-May-2019 07:46:38.754    general: critical: #1 0x14c5f021fa in ??
09-May-2019 07:46:38.754    general: critical: #0 0x14c5d192c0 in ??
09-May-2019 07:46:38.754    general: critical: resolver.c:4895: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back trace
09-May-2019 07:46:38.754    lame-servers: info: FORMERR resolving 'c-0.19-a7000081.80081.1770.f17.2fc8.210.0.ig6b68dgmvuczv4udl6dz2i2g5.avts.mcafee.com/A/IN': 127.0.0.1#53
09-May-2019 07:46:38.754    resolver: notice: DNS format error from 127.0.0.1#53 resolving c-0.19-a7000081.80081.1770.f17.2fc8.210.0.ig6b68dgmvuczv4udl6dz2i2g5.avts.mcafee.com/A for client 192.168.128.237#58153: non-improving referral

4

18.1 Legacy Series / Cannot check for firmware updates

« on: July 05, 2018, 08:45:46 am »

Hello,

I keep getting this error when I try to check for firmware updates:  "Firmware status check was aborted internally. Please try again."

I've tried checking multiple times and it never works.  Is there any way to manually do this or get around this problem?  My mirror is LeaseWeb (San Francisco), LibreSSL, Production.  I've tried other  servers and get the same error.

Thanks!

5

18.1 Legacy Series / Interaction of Tor and VPN

« on: May 01, 2018, 08:17:51 am »

Hello,

I've set up a VPN client and firewall rules to redirect all non-local traffic to go out via the VPN gateway.  DNS is via unbound in resolver mode, and the outgoing interface is the VPN as well.  In effect, all non-local traffic on LAN is going out the VPN.  See attached picture of my firewall rules.

I recently set up Tor just to play around with it.  See attached Tor settings.  When I set by browser to use Sock5 proxy at the Opnsense router:9050 (see attached Firefox settings), I am successfully connecting via the Tor network (confirmed using Tor check).

My question is:  does Tor and VPN interact in this set up?  Is the Tor outgoing traffic bypassing the VPN and going to the internet via WAN?  Or is it going out via the VPN gateway?  It seems like the Tor traffic (from my browser to Opnsense router, then Opnsense router to Tor entry point) is leaving the Opnsense router via the VPN gateway.  But I'm not really sure. 

Similarly, how does DNS lookup work in this Tor setup?  In Firefox, I checked "Proxy DNS when usign SOCKS v5."  Does that mean DNS queries from my browser are all going through Tor?  Does that mean that DNS queries are bypassing unbound?

I would appreciate if someone could educate me on how this works.

Thanks!

6

18.1 Legacy Series / Weird Problem with Mutliple OpenVPN Clients

« on: April 17, 2018, 01:42:26 am »

Hello,

I'm new to OPNsense and have installed 18.1.6.  I'm a previous pfsense user and so far I'm liking OPNsense a lot.  But I'm encountering a weird issue with load balancing multiple OpenVPN clients and I hope you can help.

I have a VPN service that allows 5 concurrent connections.  Historically, I would connect 4 clients from the router, then load balance between the 4 gateways to increase total throughput (I have gigabit fiber so I could actually use the speed from concurrent connections).

The problem is that when I try to do this in OPNsense, I'm not getting any connections (or unstable connections).  I thought maybe I played with the settings too much in the process of getting familiar with OPNsense, so I started from scratch again (reformat, clean reinstall, then update to 18.1.6).  I went step by step to setup the various settings. 

Here is the set up.  So far, I have made minimal changes to the settings (basically, just standard things in the System section).  I have setup the WAN, LAN, OPT1 and OPT2 interfaces, which are the four ethernet ports on my router.  I have NOT made any changes to the Firewall section -- just the standard settings that allow everything through on the LAN.  The internet on the LAN port works fine.

Then I go and set up two OpenVPN servers (I run two servers, one on TCP 443 and one on UDP 80, for me to connect remotely into my home network).  I then set up three OpenVPN clients to my VPN service.  They all connect fine (and to be clear, I connect to my VPN service in such a way that the virtual addresses of the three client connections are in distinct subnets so that they would not share the same gateway).

Here is where the problem starts.  I noticed that I can get internet service on my LAN port only if I have 1 or 2 VPN clients running, but NOT if I have 3 VPN clients running.  I noticed this because I was surfing the web and it stopped when I connected the third client.  I thought it was weird, so I tried to disconnect one of them.  Sure enough, I'm able to surf on the LAN port if I have 2 clients (doesn't matter which two, I have tried all the combinations), but not if I have 3 clients. 

I don't understand why this would happen, especially since right now, I have NOT defined interfaces for the 3 VPN clients (i.e., there are no gateways associated with the three clients), and my firewall rules do NOT attempt to pass any traffic through the VPN client connections.  Also, I have not changed the Unbound settings (the outgoing network interface is the default "all").

In theory, the OpenVPN clients should not affect anything because they're just connected and sitting there, not being used.  But it seems like somehow they do affect something, but I am not sure what.  I do not see any obvious errors.

I appreciate any help you can give me.