Topics

1

18.1 Legacy Series / Route based on url / domain ?

« on: July 13, 2018, 11:51:03 pm »

Hi !

I use an ExpressVPN connection on my opnsense 18.1.11 firewall.  However, i do not want to route all traffic to the VPN, just a small part of it..

This is easily done by setting a few static routes for specific ip adresses or ip ranges and force those to use the ExpressVPN gateway while the rest will use the default GW.

However, what i would like to do is to base these routes on a certain Domain name or URL, instead of an IP address. This way it will also work if the sites in question using DNS round robing or a loadbalancer kind of setup to distribute their load over multiple servers..

Can one do such a thing with OPNSense ?

2

18.1 Legacy Series / whatsmyip.com shows my internal IP behind NAT ?? How to block it ?

« on: July 13, 2018, 11:42:05 pm »

I opened the whatsmyip.com website, which showed my public IP.  No surprise there.

However, it also showed the inside IP address of my laptop ?

Is there any way to block this information ? I just want my outside IP to show, not which internal machine is behind the session ?!

3

18.1 Legacy Series / Setup IPv6 over IPv4 tunnel with Hurricane Electric - Howto doesn't work

« on: July 13, 2018, 09:25:47 pm »

I am trying to setup a IPv6 over IPv4 Tunnel using the Hurricane electric service, by using the howto at https://wiki.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html

For this i am using my 18.1.11 OPNsense system.

It seems that the Howto no longer fits the menu's and settings on this version of OPNSense, and i cant get it to work properly.


Step1 - Add a gif tunnel
The howto says i must include the /64 mask at the "GIF tunnel local address", however, this is not accepted. I can only enter the IPv6 address, without the /64 mask.

Step 2 - Configure the GIF tunnel as a new interface
So i assign the GIF tunnel to a new interface, the edit the interface. I give it a new name and description and leave everything else as-is, like the howto says.

After this is done, i cheked if this works. I ping my own IPv6 address, which works. The i ping the IPv6 address for the far side interface. This works as well.

Then the howto mentions "The newly created interface must now be set as the default IPv6 gateway under System->Gateways->All"  This no longer fits the menu structure on v18.1.11 so i go to System-> Gateways -> Single.

There i should edit the new gateway entry called TUNNELBROKER_V6 and check the default gateway option ans save.  However, there is no new gateway entry, just my regular IPv4 gateway ??

I tried creating an entry manually and check the  default gateway option, but this is not accepted. So i entered the IPv6 address on the far side (Hurricane electric side). This not accepted either, OPnSense states that the gateway address i entered does not fall within any of the subnets configured on my interfaces.

I tried entering my local IPv6 address as a gateway, which strangely IS accepted, but off course does not work.


At his point i am stuck. I tried following the howto several times and even had a look at a few pfSense howto's etc. I seem to remember that i tried this on pfSense a long time ago, and there a gateway entry was configured automatically.


Help ??