Topics

1

21.7 Legacy Series / IP address resolution of the firewall itself

« on: January 09, 2022, 01:56:51 am »

I've been on OPNsense for a while now, but one thing has always bugged me.

From within the lan, when I ping the OPNsense server, I get the IP address assigned by the ISP as opposed to the internal network subnet (192.168.10.x) - from a Windows machine. I use unbound. Dhcp clients are registered.

Windows example:

C:\Windows\System32>ping sense

Pinging sense.lan [x.y.115.212] with 32 bytes of data:
Reply from x.y.115.212: bytes=32 time<1ms TTL=64

Linux seems to be fine, but there is a short delay before the pings return.

gurpal@proxmox:~$ ping sense
PING sense.lan (192.168.10.1) 56(84) bytes of data.
64 bytes from sense.lan (192.168.10.1): icmp_seq=1 ttl=64 time=0.163 ms

Is there something mysterious Windows clients are doing? When I do ipconfig, it all looks great to me.

thanks

2

20.1 Legacy Series / openvpn - dns push options only for Remote profiles?

« on: May 04, 2020, 06:29:37 pm »

So I found out the hard way that Peer to Peer modes in opnsense's openvpn module just don't include the dns/domain push options in the resulting server config.

Why is that?

What i'm looking to do is essentially extend my homelab with a VPS. The stuff inside the VPS is to be ringfenced and included within the homelab scope. I thought a peer to peer would be the best option as I can push at least dns from the intranet. The idea is to have a permanent tunnel up (not dependent on a physical user).

Using the Remote method, it implies physical "users", but there aren't any. I suppose I could treat a "user" as a machine and do it that way?

[Not possible to run opnsense inside the VPS either, so making it more important to get the openvpn client config right]

3

20.1 Legacy Series / lighttpd question

« on: May 02, 2020, 02:35:46 am »

(newbie) Hi, I see that a lighttpd "package" is available on opnsense.

In the past I have used lighttpd to simulate redirection of web pages like so:

Code: [Select]

$HTTP["host"] =~ "plex|plex.lan" {
  url.redirect = ("" => "http://myserver:32400/web")
  url.redirect-code = 302
}
So the point of this was that the name (http: // plex) is resolved by a web server local to the DNS server and I'll have an alias set up to repoint to a different host (eg. myserver). Think of them as intranet "shortcuts" for webapps. In fact I use this in pihole on a different setup where the DNS resolver works seemlessly with lighttpd - all on the same host.

Problematic as this may sound/be, is there a way to reuse lighttpd on the opnsense host in a similar way (and making sure the management GUI still works) ?

Edit: or a different way of accomplishing the same thing but from the same host. eg. nginx. I dont know too much about reverse proxies. I just know this trick above and it's worked for years.

Thanks

4

20.1 Legacy Series / Modem access side-effect?

« on: May 01, 2020, 01:10:55 pm »

Hi newbie here.

I followed the tutorial here to get modem access in bridged mode (https://forum.opnsense.org/index.php?topic=8616.msg38219#msg38219) - it works as expected (although i don't fully understand the need for the floating rule).

1. I've noticed that OPNsense GUI is also available via the Virtual IP. Bonus, maybe? Any risk to this? Any way (or a real need) to disable that somehow?

2. I have a TP-LINK W9970 which has additional physical ports. Now i can get a laptop configured with a static IP in the modem's private subnet which allows me to get to the modem's GUI. Is there not a way to simply connect a wire from one of the free ports physically to a switch and access the modem with simpler rules? And would that be without VLANs and all that? ie. no need for the virtual IP etc in (1).

thank you