Topics

1

Documentation and Translation / Documentation of config.xml settings

« on: July 21, 2020, 10:28:19 am »

Is there a source of documentation regarding possible settings in /conf/config.xml?
I want to write a tool to migrate parts of a fortigate configuration into OPNsense and therefore I'm especially interested in documentation regarding firewall rules.

I found https://github.com/opnsense/core/blob/master/src/etc/config.xml.sample but there is not much documentation about firewall rules.

2

20.1 Legacy Series / [solved] High Availablity setup, CARP and accessing the internet (VM setup)

« on: May 18, 2020, 04:36:00 pm »

In preparation for a OPNsense Rollout I am testing the High Availablity setup with VirtualBox.

In short I can not access the WAN from the LAN even tho the OPNsense nodes can.

Following the documentation https://docs.opnsense.org/manual/how-tos/carp.html I came up with this setup:

	192.168.178.0/24				192.168.1.0/24
	/	192.168.178.151 WAN	VM OPNsense1	192.168.1.1   LAN	\
FritzBox/AVM Router	-	192.168.178.10   WAN VIP	CARP	192.168.1.10 LAN VIP	-	VM Debian Test Client
	\	192.168.178.152 WAN	VM OPNsense2	192.168.1.2   LAN	/

There also exists a direct connection between the two OPNsense VMs for pfSync (10.0.0.1 and 10.0.0.2).

I summed up the behavior in this list:

• The syncronisation seems to work.
• I can't access the internet or the WAN on the Debian client and my reqests don't show up in the firewall log
• Pinging the OPNsense nodes directly works.
• I tried to ping the LAN VIP and got no response.
• However using arping i get a response from this address.
• Furthermore DNS resolve works on 192.168.1.1 and 192.168.1.2 but not on 192.168.1.10

I could not find any helpful information regarding this issue and would be grateful for help and hints.