OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of bunchofreeds »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - bunchofreeds

Pages: [1] 2 3
1
General Discussion / Add Block button next to DHCP Lease
« on: March 03, 2024, 09:57:41 pm »
Hi,

Any thoughts on adding a 'Block' button next to the 'Add Static Mapping' and 'Delete' buttons in the DHCP lease section?

For when my kids piss me off and I want to quickly block their access for a specific MAC at that time.
And then an unblock for after they apologise.

lol

I'm sure it would have other uses..

2
General Discussion / Unbound and DNS Round Robin
« on: March 03, 2024, 08:16:52 pm »
HI,

Does anyone know if it's possible to have a simple failover using unbound and round robin DNS?
Also configurable within OPNsense?

From the unbound documentation it seems possible... assuming I'm reading this right...

https://nlnetlabs.nl/documentation/unbound/unbound.conf/
       rrset-roundrobin: <yes or no>
              If yes, Unbound rotates RRSet order in response (the random num-
              ber  is  taken  from the query ID, for speed and thread safety).
              Default is yes.

Just not sure how to implement or if it would actually work?

My requirement is a simple failover of a web GUI presented by Proxmox hosts.
Currently, each host presents the GUI and allows access to the cluster underneath. I can browse to each host directly and have this experience.
When a host restarts for maintenance etc. perhaps DNS Round Robin would resolve to another host.

I do currently use HAproxy for this so understand this approach, however I'm looking to remove the proxy entirely as I have moved to Cloudflared tunnels for my other services.
But not for this last simple fail over scenario with Proxmox.

This is not production and just my home lab. But I still strive for 'good' :)

3
Web Proxy Filtering and Caching / Cloudflare > HaProxy > Home Assistant - Show Client IP
« on: February 01, 2024, 01:46:52 am »
Hi all,

I currently proxy through Cloudflare (strict/full) then to HAproxy (OPNsense plugin) then to a local instance of Home Assistant.

I'd like to keep the Client IP intact so I can see in Home Assistant what originating Client IP connected.
Currently I see the Cloudflare IP which is not 'ideal' for me :)

From reading I see that Cloudflare, being the first Proxy in my chain, DOES pass on the Client IP but not using the usual X-Forwarded-For but instead within the http header as CF-Connecting-IP
https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/

This means my HAproxy cannot pass this onto Home Assistant through X-Forward-For currently

From further reading, I see I could 'possibly' configure my HAproxy to pick up the CF-Connecting-IP and add to X-Forward-For when a Cloudflare IP Address is seen
https://github.com/haproxy/haproxy/issues/90#issuecomment-718286982

Can anyone help me with how I can apply this configuration to my OPNsense/HAProxy?

Thanks for any help with this

Furthermore, I have X-Forwarded-For disabled in HAProxy for my Public Service as I've read this should only be added once at the first proxy, all other proxies in the chain should add their respective IP's to this header as they are passed. Enabling this also breaks Home Assistant for me, complaining it sees two when there should only be one.

Also... :) I have aliases for Cloudflare IP ranges which would be good to use for this if possible, to replace what is in the linked script... 


4
Web Proxy Filtering and Caching / HAProxy - ERROR: ACL data not found
« on: December 05, 2023, 09:23:35 pm »
Hello,

I am seeing these errors in my haproxy.conf file and wondering if it's related to an issue I'm having with haproxy.
They're within the #logging options secition of one of my Front Ends.

   # ERROR: ACL data not found (3b074c79-c094-4ee9-ba9e-5f5axxxxb2f2)
   # ACL INVALID:  (3b074c79-c094-4ee9-ba9e-5f5axxxxb2f2)

Firstly, I'm not even sure they're real errors as they are commented out in the conf file??

I have three sites I host for personal use:
Proxmox Cluster - Internal only
Apache Guacamole - External
Home Assistant - External

I access the External sites via Cloudflare proxy using their Strict Full and Origin cert applied to haproxy.
There is a single Public Service for these sites that uses the Cloudflare origin certificate.

I access the internal site directly via a VIP associated to haproxy.
There is a second public service for this site that OPNsense uses letsencrypt to obtain a cert for.

This setup works great but after each restart of OPNsense, the haproxy service fails to start.
It's related to the Cloudflare public service.
I have to log into Cloudflare and disable the DNS proxy for each CNAME associated to these sites.
Then wait a minute or two and restart the haproxy service.
Then enable the Cloudflare proxy for these CNAME's again.

Once done everything works great, but is annoying :)

Thanks for any advice on this.


5
Web Proxy Filtering and Caching / HAproxy Certificate Maintenance GUI
« on: August 01, 2023, 10:15:01 pm »
Hi all,

I've recently been updating my HAproxy setup to use Cloudflare Proxy then onto my local HAproxy for distribution into my home network.

I've noticed the Services>HAproxy>Maintenance>SSL Certificates GUI is empty and pretty sure this has always been empty. Saying 'No Results Found!'

Is this supposed to sync with System>Trust>Certificates and show alignment with what certs are used in HAproxy?

Just wondering why it's empty and if it should be empty?

My HAproxy setup is working correctly with a set of ULR's being available externally via cloudflare using my cloudflare origin cert and a set being available internally using lets encrypt certs.

Thanks

6
General Discussion / Update Firewall Alias from Cloudflare API
« on: July 25, 2023, 10:35:54 pm »
Hi,

Is it possible to update an OPNsense Firewall Alias that holds all Cloudflare IP addresses using their API?

https://developers.cloudflare.com/fundamentals/get-started/setup/allow-cloudflare-ip-addresses/
https://www.cloudflare.com/ips/
https://developers.cloudflare.com/api/#cloudflare-ips-properties

Thanks for any help with this

 

7
23.7 Legacy Series / os-ddclient with Cloudflare API token
« on: July 21, 2023, 01:55:18 am »
Hi,
Looking forward to updating to the next release 23.7 and thought I'd try os-ddclient again in preparation.

Seems I'm struggling again getting it to work with a Cloudflare API token.

Is anyone able to to get this to work and perhaps provide a detailed config to get it running.
I'm trying to update two names using two separate API keys.
I'd prefer not to have to use the Global API key for this.


8
Web Proxy Filtering and Caching / HAproxy - Home Assistant - Refresh
« on: October 12, 2022, 11:36:08 pm »
Hi,

I have Home Assistant running behind HAproxy on OPNsense successfully.

My issue is that on the first browse to home assistant (opening home assistant in a new browser session), it seems to complete one refresh after about 30 seconds. This returns you to the login screen.
After this it is fine and keeps you logged in.
Opening another tab and logging into Home Assistant after this does not cause the refresh.

The android app works fine.

I've read a bit about possible timeouts and entering extended times into HAproxy.
OPNsense/HAproxy has a web GUI and I'm not sure where to enter these options as the GUI does not seem to match what would be put into HAproxy config.

Home Assistant configuration.yaml has 'use_x_forwarded_for: true' and my OPNsense as trusted.

Has anyone encountered this or have any ideas how to resolve it? 

9
22.7 Legacy Series / System Log WAN errors on boot
« on: August 04, 2022, 06:22:04 am »
Hi,

I'm seeing this set of errors in the System>General logs on a reboot.
My connectivity seems fine however

Just wondering what they are about as I hate seeing errors
I've recently applied some fixes regarding a WAN DHCP lease renewal issue, but pretty sure these were showing before that.

Code: [Select]
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.routing_configure: The WAN_DHCP monitor address is empty, skipping.
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.routing_configure: ROUTING: keeping current default gateway '100.100.100.1'
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.routing_configure: ROUTING: setting IPv4 default route to 100.100.100.1
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.routing_configure: ROUTING: IPv4 default gateway set to wan
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.newwanip: The WAN_DHCP monitor address is empty, skipping.
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway '100.100.100.1'
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 100.100.100.1
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.newwanip: On (IP address: 100.100.100.100) (interface: WAN[wan]) (real interface: vtnet1).
2022-08-04T15:35:30 Error opnsense /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
2022-08-04T15:35:23 Error opnsense /usr/local/etc/rc.newwanip: IP renewal deferred during boot on 'vtnet1'

10
22.7 Legacy Series / Error opnsense/usr/local/etc/rc.newwanip every 2 minutes
« on: July 31, 2022, 11:18:59 pm »
Hi,

Firstly I've just noticed this now in the System>Logs>General and not sure if this is new to 22.7.
I am seeing this error every two and a half minutes.
It's not causing any noticeable issue to connectivity.
I'm on OPNsense 22.7_4-amd64 running as a Proxmox VM.
I've hidden my real WAN IP address.

Anyone else seeing this or know how to resolve it?

2022-08-01T09:07:33   Notice   opnsense   plugins_configure hosts (execute task : unbound_hosts_generate())   
2022-08-01T09:07:33   Notice   opnsense   plugins_configure hosts (execute task : dnsmasq_hosts_generate())   
2022-08-01T09:07:33   Notice   opnsense   plugins_configure hosts ()   
2022-08-01T09:07:33   Error   opnsense   /usr/local/etc/rc.newwanip: On (IP address: 100.100.100.100) (interface: WAN[wan]) (real interface: vtnet1).   
2022-08-01T09:07:33   Error   opnsense   /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'   
2022-08-01T09:07:33   Notice   dhclient   Creating resolv.conf   
2022-08-01T09:05:04   Notice   opnsense   plugins_configure hosts (execute task : unbound_hosts_generate())   
2022-08-01T09:05:04   Notice   opnsense   plugins_configure hosts (execute task : dnsmasq_hosts_generate())   
2022-08-01T09:05:04   Notice   opnsense   plugins_configure hosts ()   
2022-08-01T09:05:04   Error   opnsense   /usr/local/etc/rc.newwanip: On (IP address: 100.100.100.100) (interface: WAN[wan]) (real interface: vtnet1).   
2022-08-01T09:05:04   Error   opnsense   /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'   
2022-08-01T09:05:03   Notice   dhclient   Creating resolv.conf   
2022-08-01T09:02:33   Notice   opnsense   plugins_configure hosts (execute task : unbound_hosts_generate())   
2022-08-01T09:02:33   Notice   opnsense   plugins_configure hosts (execute task : dnsmasq_hosts_generate())   
2022-08-01T09:02:33   Notice   opnsense   plugins_configure hosts ()   
2022-08-01T09:02:33   Error   opnsense   /usr/local/etc/rc.newwanip: On (IP address: 100.100.100.100) (interface: WAN[wan]) (real interface: vtnet1).   
2022-08-01T09:02:33   Error   opnsense   /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'   
2022-08-01T09:02:33   Notice   dhclient   Creating resolv.conf

11
General Discussion / Reporting > Insight - How to see what device used data
« on: July 30, 2022, 11:23:23 pm »
I'm looking in Reporting > Insight and can't find out how to isolate what specific device used a large lump of data in a 10 minute period a day ago.
Is it possible to set a smaller time window within the 'Details' TAB, like an hour on a certain day to show usage results rather than a whole day? Then I would be able to isolate the device more easily.

12
22.1 Legacy Series / Legacy dyndns plugin after 22.7 upgrade
« on: July 25, 2022, 04:53:41 am »
Hi,

What will the experience be like after an upgrade from 22.1 to 22.7 if I am currently using the legacy DynDNS plugin?
If I need to - Will I be able to complete an in-place upgrade and still keep running the legacy plugin for the time being as os-ddclient is progressed.

Thanks

13
General Discussion / Remove NTOPNG
« on: February 28, 2022, 02:15:04 am »
Hi,

I'd like to completely remove ntopng beyond removing the plugin and redis.

Can anyone help with what files/folders/logs I can safely remove from the system to recover any space it consumed.

Thanks for any help with this

14
22.1 Legacy Series / Is version 22 being built on FreeBSD 13
« on: December 28, 2021, 09:34:33 pm »
Hi,

Is version 22.x of OPNsense being built on FreeBSD 13 now instead of Hardened BSD.

I ran up a test OPNsense and set to development, but the updated version still said hardened BSD in the dashboard.

Thanks

15
Hardware and Performance / Intel x710 and PPPoE
« on: November 15, 2021, 12:29:46 am »
Hi,

Does anyone know if the Intel x710 Network cards are good for hardware accelerating a WAN PPPoE type connection with OPNsense?

https://www.intel.com/content/www/us/en/developer/articles/technical/dynamic-device-personalization-for-intel-ethernet-700-series.html

Thanks

Pages: [1] 2 3
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2