OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of fog »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - fog

Pages: [1]
1
21.7 Production Series / Unbound DNS script
« on: September 24, 2021, 08:51:08 am »
It is possible to ad or modify unbound dns host overrides periodically by a crontab script?

I have to call 'ipsec leases' which get:
no files found matching '/usr/local/etc/strongswan.opnsense.d/*.conf'
Leases in pool '172.16.0.0/16', usage: 2/65534, 2 online
       172.16.0.1   online   'gateway2'
       172.16.0.2   online   'gateway1'

Now I have to add or modify host overrides:
gateway2 example.com A 172.16.0.1
gateway1 example.com A 172.16.0.2

There doesn't seem to be a solution to add a static mapping https://forum.opnsense.org/index.php?topic=24667.0

2
Virtual private networks / Static mappings for ipsec mobile client users
« on: September 08, 2021, 04:23:15 pm »
Hi,
i use a setup similar to https://docs.opnsense.org/manual/how-tos/ipsec-road.html for connection of some Sierra Wireless Gateway RV 50 - but only with PSK.
I define users GWY001..GWY004 with unique  IPsec Pre-Shared Key.

All is working, but the IP from the Virtual IPv4 Address Pool depends in the order of registration.
Now has GWY004 the first IP.

It is possible to define static IP's to the users?
Similar to Services: DHCPv4: [LAN]: DHCP Static Mappings for this interface.

If the service VPN: IPsec: Lease Status is restarted, all leases are gone and the IP addresses are reassigned in the order of registration.
Now I have to look in VPN: IPsec: Lease Status to get the IP for a specific gateway.

Or it is possible to add this ip leases to DNS Overrides of Unbound DNS?


Regards,
fog

3
21.7 Production Series / Routed Ipsec failed if last digit of local ip is greater than 32
« on: August 28, 2021, 11:33:59 am »
Hi,
an error occurs if the last digit of the Local Address in phase 2 of a routed ipsec vpn is greater than 32. The General Log show an invalid subnet mask:
Code: [Select]
opnsense[59451] /vpn_ipsec.php: The command '/sbin/ifconfig 'ipsec1' 'inet' '10.36.238.100/-68' '10.36.238.1'' returned exit code '1', the output was 'ifconfig: 10.36.238.100/-68: bad value (width invalid)'

It works with 10.36.238.2 .. 10.36.238.32.
see more errors in https://forum.opnsense.org/index.php?topic=22886.msg117655#msg117655

The Audit Health show no problems:
Code: [Select]
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.7.1 (amd64/OpenSSL) at Sat Aug 28 11:17:10 CEST 2021
>>> Check installed kernel version
Version 21.7.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.7.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .................................................................... done
***DONE***
Regards,
fog

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2