Topics

1

18.7 Legacy Series / radvd file location?

« on: January 18, 2019, 10:52:08 am »

Is there a file that contains the contents of the output of the command `radvdump`?  I need to enable radvd on my dd-wrt wireless router to be able to get an ipv6 address and it would work best if I can just copy its radvd to the radvd location on dd-wrt.

2

18.7 Legacy Series / WAN Interface not obtaining IPv6 prefix.

« on: January 14, 2019, 11:18:12 am »

I have my WAN configured to use DHCPv6 to request only a /64 prefix, and have DHCPv6 server configured to dish out addresses with the entire /64 subnet.

But when I try to renew the DHCP lease for the WAN to actually obtain a prefix, it doesn't seem to grab one. 

Running dhcp6c manually to see what happens yields the following: (em0 is WAN interface, em1 is LAN)

Code: [Select]

root@opnsense:/var/etc # dhcp6c -Df em0
Jan/14/2019 05:14:39: extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:23:cf:17:58:1c:c1:de:06:d7:70
Jan/14/2019 05:14:39: cfparse: fopen(/usr/local/etc/dhcp6c.conf): No such file or directory
Jan/14/2019 05:14:39: reset a timer on em0, state=INIT, timeo=0, retrans=891
Jan/14/2019 05:14:39: Sending Solicit
Jan/14/2019 05:14:39: a new XID (c0b30) is generated
Jan/14/2019 05:14:39: set client ID (len 14)
Jan/14/2019 05:14:39: set elapsed time (len 2)
Jan/14/2019 05:14:39: send solicit to ff02::1:2%em0
Jan/14/2019 05:14:39: reset a timer on em0, state=SOLICIT, timeo=0, retrans=1091
Jan/14/2019 05:14:41: Sending Solicit
Jan/14/2019 05:14:41: set client ID (len 14)
Jan/14/2019 05:14:41: set elapsed time (len 2)
Jan/14/2019 05:14:41: send solicit to ff02::1:2%em0
Jan/14/2019 05:14:41: reset a timer on em0, state=SOLICIT, timeo=1, retrans=2083
Jan/14/2019 05:14:43: Sending Solicit
Jan/14/2019 05:14:43: set client ID (len 14)
Jan/14/2019 05:14:43: set elapsed time (len 2)
Jan/14/2019 05:14:43: send solicit to ff02::1:2%em0
Jan/14/2019 05:14:43: reset a timer on em0, state=SOLICIT, timeo=2, retrans=3982


3

18.7 Legacy Series / IPv6 addresses not accessible over internet.

« on: January 02, 2019, 11:16:53 am »

I have an experimental gitlab server accessible only on IPv6 (I set the listen address to "[::]")

I can access it over IPv6 fine, but only on my home network.  If I try to access it over the internet (say from my phone over LTE [confirmed LTE had ipv6 by going to ipv6.google.com]), the connection times out. 

My WAN interface is using DHCPv6, and the server is confirmed to have IPv6 connectivity.

Why can't I access it using ipv6 over internet?

4

19.1 Production Series / Adding LDAP Users?

« on: December 31, 2018, 01:57:00 am »

I was following the docs on how to add LDAP auth to OPNSense.  I added an LDAP server and using the tester, I authenticated against it successfully.

But how do I go about adding an LDAP user to opnsense?  I tried going to System -> Access -> Users but I don't see a cloud import icon anywhere.

5

18.7 Legacy Series / Use Extra NIC for VLAN support.

« on: December 30, 2018, 12:01:22 pm »

I have 2 NICs in the server I use with OPNSense (2 port/4 port).  Currently, the 2 port has my WAN interfance and LAN interface (plugged into an unmanaged switch).

Because the switch is unmanaged, it doesn't support VLAN tagging, so when the wireless router tries to use a VLAN it gets stripped away.

But can I use the 4 ports on the other NIC as extra LAN ports, so say any traffic coming from bce0 is assigned to a certain VLAN, that way I can just plug the wireless router directly into that.

6

18.7 Legacy Series / IKEv2/Wireguard Client

« on: December 12, 2018, 01:12:24 am »

I have Algo set up a VPN on a VPS instance that I use my for a VPN most of the time.   It only supports IKEv2 and Wireguard.

Currently there's some issues on Xbox that only affect the Northeast, but tunnelling with a VPN (not located in northeast US) fixes the issue. 

Can I configure OPNSense to tunnel all traffic (possibly only for 1 client) through a VPN tunnel?

7

Web Proxy Filtering and Caching / Nginx Proxy not working?

« on: November 14, 2018, 02:46:03 am »

Here are my settings: https://imgur.com/a/2aa6CRY

I'm trying to use the nginx plugin to add a few proxy addresses to my network.  For example, I want to proxy `nzb.example.com:80` to `10.0.1.11:6789`, but with the above settings, when I go to nzb.example.com, it times out when trying to connect.

Any advice on configuring this plugin?

8

Web Proxy Filtering and Caching / HAProxy configuration questions

« on: October 23, 2018, 11:09:50 am »

I'm trying to configure HAProxy to allow outside access to some services (like webgui's for various services).

As an example, I'm trying to allow `freeipa.example.com:443` redirect to `ipa.example.com:443` (this being the hostname of the virtual machine.  Internal DNS resolves this to 10.0.0.15)

But connections timeout when I try to connect to them.  I also tried port forwarding 443 to 10.0.0.1 (the IP of opnsense)

Any help?  Am I doing something fundamentally wrong?

(Attached is my Real Server, Backend Pool, and Virtual Service configurations)
Edit: attachments too large.  Here's imgur album: https://imgur.com/a/DRvd5AM

9

18.7 Legacy Series / Am I doing Port Forwarding Wrong?

« on: October 17, 2018, 12:00:42 am »

I'm trying to get port forward working, but it just doesn't seem to be working.

My Xbox has an Open NAT, but I'm not sure which of the 3 rules I have enabled are allowing that.
Plex isn't accessible outside my network.
And when I try to ssh using `ssh user@example.com -p 22333`, the connection times out.

I also can't connect to the VPN server.

How do I get port forwarding working

10

18.7 Legacy Series / Unable to port forward SSH and unable to SSH on IPv6?

« on: October 11, 2018, 09:10:46 am »

I'm trying to make it so that when I ssh mydomain.com on port 22555, it will redirect it to 10.0.0.15 on port 22.

My NAT port forward rule is as follows:
Source Address: *
Source Ports: *
Destination Address: WAN address
Destination Ports: 22555
NAT IP: 10.0.0.15
NAT Ports: 22

But it doesn't seem to be letting me connect when I try `ssh user@mydomain.com -p 22555` my VPS.

Also when I try to `ssh ipv6:addr:here -p 22555` or `ssh ipv6:addr:here`, it also times out.

What am I doing wrong?

11

18.7 Legacy Series / LDAP Discovery with Unbound DNS

« on: October 01, 2018, 12:07:27 am »

I'm using FreeIPA on my network for authentication, and puppet to provision them.  For puppet (using the sssd module) to properly enroll them, it needs to be able to discover the freeipa server with dns. 

When trying to join, it tells me this:

Code: [Select]

* Using domain name: example.com
 * Calculated computer account name from fqdn: PUPPETMASTER
 * Calculated domain realm from name: EXAMPLE.COM
 * Discovering domain controllers: _ldap._tcp.example.com
 ! No LDAP SRV records for domain: _ldap._tcp.example.com: Name or service not known
 ! Couldn't find usable domain controller to connect to
adcli: couldn't connect to example.com domain: Couldn't find usable domain controller to connect to
How can I add the SRV records to my dns with unbound dns?  The only options listed for records are A, AAAA, and MX.

12

18.7 Legacy Series / Unbound DNS not resolving for external connections

« on: September 20, 2018, 06:25:53 am »

I'm using unbound DNS as my DNS for my OPNSense installation.  The interface for it is set to all, but for some reason it won't resolve for external connections. 

Like I have an override:

Name: bt
Domain: example.com
Host: 10.0.1.11
Type: A

And when I try to access the host on my network it works just fine.  But when I try it from anything outside my network, it fails to connect.

13

18.7 Legacy Series / Port Forwarding with Plex not working.

« on: September 13, 2018, 12:08:13 pm »

I'm trying to allow plex to access outside my home network, but it says it can't connect.

Plex is running in a docker container in `network_mode: host`, so no docker subnet.

I have a NAT rule :

Source port: 32400
Source IP: any
Destination port: 32400
Destination host: 10.0.1.11
Redirect target port: 32400
Redirect target IP: 10.0.1.11

But when I try to allow plex access outside my network, it fails to connect.

14

18.7 Legacy Series / Unbound DNS Help?

« on: September 06, 2018, 12:51:28 pm »

First of all, does anyone know of a good unbound DNS tutorial that will work well with OPNSense?

My goal: to get vpn.example.com to resolve to lan address when querying from home network, and to public IP when querying externally.

I use Unbound DNS as it was the default.

I'm sort of new to OPNSense and don't understand how exactly to set it up.

The host has a hostname `vpn.example.com` and an IP 10.0.0.11.

How can I be able to access it by 10.0.0.1 when querying vpn.example.com on my home network, and have it show `xx.xx.xxx.xxx` when querying from another network, yet still resolve to the proper host?

15

18.7 Legacy Series / Enable themes after installing?

« on: September 06, 2018, 01:24:32 am »

I just installed the rebellion dark theme plugin, but I can't seem to find where to enable it.