OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of siginigin »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - siginigin

Pages: [1]
1
19.1 Legacy Series / OPNSense HA failover switching to backup
« on: March 28, 2019, 08:51:36 am »
Hi guys,

Let's assume this simple scenario: we have 2 firewalls in HA, each has with 4 physical cables, one is direct connection between them for pfsync. CARP seems working, and pfsync is operating.

Now, what happen if I pull out just one cable from master interface. From what I've saw, backup firewall becomes master, but only for this one interface, other interfaces are still backup. So now I have split routing. Client packets behind new master interface are traveling through backup firewall, but returning packets are going through master firewall and there are dropped because of failed interface.

Cisco ASA has failover interface-policy <percent>, which simply says, that if x percent of interfaces fails, firewalls will fail over all interfaces. Is there something similar on OPNSense?

Thank you for explanation.

2
19.1 Legacy Series / HAProxy custom config
« on: March 28, 2019, 08:11:21 am »
Hi guys,

I need to have following codesnippet in /usr/local/etc/haproxy.conf in backend pool:
Code: [Select]
server kibana_E1 10.1.1.2:443 check inter 2s port 443  check-ssl verify none source 1.1.1.254
server kibana_E2 10.1.1.3:443 check inter 2s port 443  check-ssl verify none source 1.1.1.254

but throuh GUI I'm can only choose ssl instead of check-ssl as health check. This works if I do this manually in mentioned file and restart haproxy.
The problem is that this is rewritten after Apply trough GUI.

So how to do it? The only way I can see now is to edit /usr/local/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf, but not sure what it does after upgrade.

Currently I'm running 19.1.2.

Thank you for help.

3
Web Proxy Filtering and Caching / proxy custom config
« on: April 17, 2018, 09:11:23 am »
Hi guys,

I need to configure squid to have both listen for transparent and non-transparent requests. I didn't find web gui option to do this, only one of them is possible. It is possible to add http_port 3127 in /usr/local/etc/squid/squid.conf and after service squid restart it is working. However this change is overwritten after change from web gui.

How this can be done? And in general, how can I customize other things not included in web gui?

Thank you for your help.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2