Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - SimpleRezo

#1
Hi

I have fanced an issue: if I set the IP address of the DHCP gateway, NAT rules (checks through pfctl -sn) are not generated anymore.

Is it expected ?
#2
@franco, OK thanks for the reply. I was asking because it has been published for 24.1.2 and 24.1.5.
About python3.9, good to know, we will delete it manually. Already tried on our test instance, it works.

@meyergru: no we don't, only official one and our private repo (with no python dependencies).
#3
Hi

Thanks for the last release 24.1.8 :)

Unfortunately I cannot find the packages set for 24.1.8 on mirrors, only base and kernel sets are available.

  https://mirror.ams1.nl.leaseweb.net/opnsense/FreeBSD:13:amd64/24.1/sets/
  https://opnsense.c0urier.net/FreeBSD:13:amd64/24.1/sets/

BTW, does python 3.9 is still necessary on 24.1.7+ ? Currently updated system have both version (3.11 and 3.9)...

BR

Clément
#4
General Discussion / Nano image UEFI
December 11, 2023, 05:53:51 PM
Hi !

Nano image is MBR only, is it planned to have a UEFI (or hybrid) one ?
Would be nice for situation where installer is not an option (we are evaluating protectli VP4630 hardware: unfortunely it is only supporting UEFI boot) :/

Regards
#5
Quote from: franco on June 10, 2022, 01:32:33 PM
If it's not in any attached network it's not "near" either. I'd call this "far" enough. :)

Frankly, I don't want to debate semantics for the configuration you chose to apply. You seem to have your reasons for not having a gateway that is locally reachable so you need to configure it as such.


Cheers,
Franco

The gateway of course is on the same network - actually can be closer since it's directly linked -, and locally reachable !

As mentionned in my initial message:
  IP static: 192.168.1.1/24
  IP gateway: 192.168.1.254

And as I explained in my second message: "We have also been able to create the gateway without using "far", but it requires to Apply configuration first: so my guess is now the check is made on the "current" IP address and not the new one."
#6
That's a weird solution since the gateway is not "far", and that's a regression bug.

We have also been able to create the gateway without using "far", but it requires to Apply configuration first: so my guess is now the check is made on the "current" IP address and not the new one.
#7
Hi

With the last version (22.1.8_1) we are facing a bug when trying to setup static IPv4 WAN.

We cannot add the gateway, the GUI always answer "The gateway address does not lie within one of the chosen interface's IPv4 subnets". Of course, it's not the case ! I tried with 192.168.1.1/24 and 192.168.1.254 as gateway.

I have noticed:
- that an error 500 occurs on POST system_gateways_edit.php without any details (and no error repport)
- the same bug occuring when IP has been saved and we try to setup gateway through System / Gateways
- the only "workaround" is to enable "Far gateway"

Regards
#8
OK I see, thank your answer!
#9
Anyone ? :-[
#10
I have setup a VxLAN using Interfaces/Other Types/VxLAN on LAN IP: it works, but it does not going up on OPNsense startup. I have to go on the page and do "Apply" on every reboot.

How can I make the VxLAN automatically going up ?
#11
Hi

Let's encrypt certificate of opnsense.c0urier.net has expired on 13.07.2021...

Regards
#13
General Discussion / Re: Central management
April 25, 2021, 02:20:37 AM
Quote from: olest on April 23, 2021, 07:11:23 AM
I have sent you a PM

I will answer you for your PM, but for everyone else interested, we have created a page describing our solution:
  https://srbox.simplerezo.com/

The solution is internally used for production, and we are just starting Early Access for third parties.

Quote from: olest on April 23, 2021, 07:12:39 AM
Quote from: KlausP on January 26, 2021, 09:28:15 AM
How will be the communication between the centralized administration opnsense and the other opnsenses when I place a centralized device to internet?
Is there e.g. a cyclic polling of configuration possible or do I need a direct reachability from the central device to satelites or can I use a VPN wich is started from the satelite to the central instance?

I need that information too.
Can central administration be done without a public ip at the clients?

Our solution works without a Public IP and any exposed ports :)
#14
21.1 Legacy Series / CloudFlare mirror issues
April 22, 2021, 02:31:14 PM
Hi

Since few days, a lot of package are broken when fetching them through CloudFlare:
[1/2] Fetching libsodium-1.0.18.txz: .......... done
pkg-static: cached package libsodium-1.0.18: size mismatch, fetching from remote
[2/2] Fetching libsodium-1.0.18.txz: .......... done
pkg-static: cached package libsodium-1.0.18: size mismatch, cannot continue
Consider running 'pkg update -f'


(wpa_supplicant.txz is also affected).

Changing mirror fix the issue, I just want to let you know about this.

Regards

Clement
SimpleRezo
#15
General Discussion / Re: Central management
January 19, 2021, 11:18:55 AM
We are managing more than 50+ OPNsense here, all around the world ;)

So we have developped:
  - a central management solution (cloud)
  - a plugin (with some API extensions)
  - a Zabbix template

So with this, OPNSense is provisionned from our CMS:
  - custom settings (hostname, dns, plugins...)
  - authentication
  - firewall rules
  - autossh service to an "hub" for dynamic IP/restricted WAN, and tunneling for GUI access
  - full supervision by Zabbix (including running services)
  - configuration/status (DHCP leases) access directly from our CMS
  - remote upgrade, with scheduling
  - alerts by email / slack : gateway status, services...
  - daily XML backuping

This solution is currently oriented for our usage, but we can easily extend it.
You can contact us if you are interested!