Topics

1

Greek - Ελληνικά / Δυσκολία μετάβασης pfSense σε OPNsense

« on: February 24, 2021, 08:29:16 pm »

Το θέμα που έχω είναι να φτιάξω κάποια config, από το παλαιό firewall σε OPNSense, αλλά δυστυχώς βρίσκω συνεχώς δυσλειτουργίες του συστήματος. Οφθαλμοφανή ρυθμίσεις που έπρεπε να δουλεύουν, δεν δουλεύουν, και γενικά δεν ανταποκρίνεται το σύστημα όπως θα αναμενόταν.

το documentation είναι ανακριβή και γενικά δεν φαίνεται ακόμα σε ώριμο επίπεδο.
Έχω αφιερώσει αρκετή ώρα σε προσπάθειες ώστε να πετύχω κάποια configurations, που με pfSense γίνονταν σχετικά εύκολα, σε αυτό είναι για να τραβάς τα μαλλιά σου.
Λέω μήπως είναι ψυχολογικό λόγω του ότι γνωρίζω καλύτερα το pf, και ξανά από την αρχή προσπάθεια, και πάλι τα ίδια. να κάνει παράξενα πράγματα , να εκτελώ σύμφωνα με documentation ή guides και να μισοδουλεύει. Ενώ με pf κανένα πρόβλημα.

Αντιμετωπίζει κάποιος κάτι παρόμοιο, ή μήπως κάτι κάνω λάθος ? ή μήπως το κάνουν επίτηδες έτσι για να έχουν εισόδημα αυτοί που προσφέρουν υπηρεσίες υποστήριξης ?

2

21.1 Legacy Series / OpenVPN Site to Site pc's not pinging

« on: February 11, 2021, 09:29:52 pm »

Hello everyone,

i have setup a VPN Server and VPN Client on a site to site configuration using OpenVPN with shared key.

Tunnel is ok, gateways are up after i added the virtual interface. I have added allow rule on OpenVPN interface and the firewalls can ping each other from Lan's. 192.168.35.1 can ping 192.168.20.1 and vice versa.
VPN Settings are double checked and identical.

The problem is that dhcp clients on lan 35 and lan 20 cannot ping each other. 
I repeat firewalls can ping each other's gateway (IP .1), so is not a matter of VPN, i guess is a matter of rules?

What might be the problem? Anyone suggest something to troubleshoot or there is a guide available ?

3

20.1 Legacy Series / High Availability Setup with Single WAN IP

« on: February 21, 2020, 06:56:05 pm »

Hello to everyone,

I have managed to setup CARB on Sync interface and also on 2 LAN networks with Virtual IP's and DHCP Service etc. (Including WAN i'm using 4 ethernet interfaces - 1 onboard, 2 on PCIex,1 on PCI)

My issue is on WAN side, i have an FTP Server on a single public IP, port forwarding to one of my LANs, having the 2nd LAN isolated and safe from outside. (Not VLAN, 2 different physical interfaces going to 2 different switches), and all FTP clients know this single public IP.

Is it possible to make High Availability setup using 2 OPNSense hardware on a single WAN IP ? I have /29 from my ISP, but this seems to not help. A test i already made is setting the WAN IP on both systems, but there is a conflict between them because both systems are trying to get the same public IP, causing the gateway to not responding on the master, even if the backup machine is on backup mode. Can't set the second public IP on WAN available from my ISP, because of the FTP Server already running with several clients sending to the known public IP as of today.

If there is no high availability solution for a single WAN IP, then there is no need for me to setup high availability, and the best thing to do is to have second hardware available with imported settings from the main unit. And if something happen i will do the change over manually.

What are your recommendations ? Is there anything else i can do ? Is there any way to have high availability from single WAN IP ?

Thank you.