Topics

1

General Discussion / New user and certificates

« on: August 20, 2024, 03:20:37 pm »

Since one update made this summer I have a annoying change.

When adding a user and a certificate. it now does not use my CA instead it does a self-signed certificate.
making adding users that should use OpenVPN get wrong certificate adding alot of extra work.

how to make my CA as the default CA instead of Self-signed.
(CA is in the opensense config.. but will be wrong authority)

2

High availability / Link-net with CARP and HA

« on: September 12, 2023, 01:40:29 pm »

Well new here.  Guess this is asked but cannot find it.

I have a /25 net that is delivered to me via a "LINK Net" on 2 connections.  so I have 2 machines setup like:

port1 to ISP with IP z.z.z.2 witth carp to z.z.z.1, port 2 to our WAN switch with ip x.x.x.2 and carp to x.x.x.1

(and a 2nd opnsense with port1 to ISP with IP z.z.z.z.3 with carp to z.z.z.1 and port 2 to our WAN switch with IP x.x.x.3 and carp to x.x.x.1

so this linknet is a small /29 just to handle the link..

thing is.. I seems not to be able to pass any traffic EXCEPT pings to my WAN net.
if I check firewall logs I see the default deny rule triggers on my traffic. but even if setting rules on all ports to allow all it is refused.

so what more do I need to do to allow traffic to pass though.. NOT NATed between those 2 ethernet ports?

Any good tutorial to handle this?


SO YES.  there are public IPs on both sides.
(if possible to have a 3rd network with NAT for managment it would be a plus)