"
Hey all,
Have a lot of spare capacity in APAC region. Wanting to setup OPNsense mirror. What's best mode of contact?
Have a lot of spare capacity in APAC region. Wanting to setup OPNsense mirror. What's best mode of contact?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
Web Proxy Filtering and Caching / HAproxy Virtual Hosting
February 18, 2019, 03:44:49 AM
Hey dudes, so how does one do redirection and load balancing for the frontend based on the virtualhost?
#3
18.7 Legacy Series / Re: Setting Source IP
September 12, 2018, 02:19:50 AM
Hey all,
After messing around and testing a few things on a separate OpenBSD box. I've figured out a way to do it. Might not be the best or most elegant, but it works.
Basically added an Outbound NAT rule which targeted the Source IP of my firewall, which is the internal IP, and then set the NAT to the secondary IP which was the public IP.
After messing around and testing a few things on a separate OpenBSD box. I've figured out a way to do it. Might not be the best or most elegant, but it works.
Basically added an Outbound NAT rule which targeted the Source IP of my firewall, which is the internal IP, and then set the NAT to the secondary IP which was the public IP.
#4
18.7 Legacy Series / Re: Setting Source IP
September 11, 2018, 09:09:06 AM
Just wanted to bump this to see if anyone has an update? And any info from devs as to whether or not this is possible?
#5
18.7 Legacy Series / [SOLVED] Setting Source IP
September 01, 2018, 10:20:04 AM
Hey,
So we've implemented our new border routers, which have now been placed in front of our OPNsense firewalls now.
Anyway, the link between our border routers and firewalls are using a private IP range. Our border routers and OPNsense firewalls are peered with each other using BGP, and our OPNsense firewalls advertised /32 public IP ranges through to the border routers, which then obviously aggregate and advertise them up to our transit peers. The public IP addresses are assigned as secondary IP addresses on that interface.
So anyway, the problem I want to resolve, is I want the OPNsense firewall to rather than use the private IP address that's assigned to the inter-link address, is to use the public IP address as the source address, as to allow traffic to be routed back to it.
T.I.A
So we've implemented our new border routers, which have now been placed in front of our OPNsense firewalls now.
Anyway, the link between our border routers and firewalls are using a private IP range. Our border routers and OPNsense firewalls are peered with each other using BGP, and our OPNsense firewalls advertised /32 public IP ranges through to the border routers, which then obviously aggregate and advertise them up to our transit peers. The public IP addresses are assigned as secondary IP addresses on that interface.
So anyway, the problem I want to resolve, is I want the OPNsense firewall to rather than use the private IP address that's assigned to the inter-link address, is to use the public IP address as the source address, as to allow traffic to be routed back to it.
T.I.A
#6
18.1 Legacy Series / OSFP Route Filtering
June 19, 2018, 12:26:02 PM
Hey,
Can someone from the devs tell me how the OSPF route filtering is meant to be configured? What I want to do, is use the prefix list to specify the networks that I want to publish out via OSPF, rather than adding them individually to the OSPF process itself.
Can someone from the devs tell me how the OSPF route filtering is meant to be configured? What I want to do, is use the prefix list to specify the networks that I want to publish out via OSPF, rather than adding them individually to the OSPF process itself.
#7
18.1 Legacy Series / Re: RFH: Proper way to route traffic from WAN to LAN
June 19, 2018, 12:02:57 PM
I guess it really depends on how you want to manage it.
I use Virtual IP's and use specific Source and Destination NAT's to achieve the 1:1 NAT without publishing all services.
I use Virtual IP's and use specific Source and Destination NAT's to achieve the 1:1 NAT without publishing all services.
#8
18.1 Legacy Series / Re: ESXI OPNSense installations
June 19, 2018, 11:57:43 AM
Hi there,
I've done exactly that. I guess the biggest thing is how you manage and how you plan on managing your Virtual Networks.
For us, what we've done is simply created a Virtual Network on our Distributed Switch for each network, and then added them as interfaces to our OPNsense appliance.
We thought about going down the route of creating a VLAN Trunk port, however, that simply opened up another can of worms regarding other Admins sneaking their VM's onto networks etc.
I've done exactly that. I guess the biggest thing is how you manage and how you plan on managing your Virtual Networks.
For us, what we've done is simply created a Virtual Network on our Distributed Switch for each network, and then added them as interfaces to our OPNsense appliance.
We thought about going down the route of creating a VLAN Trunk port, however, that simply opened up another can of worms regarding other Admins sneaking their VM's onto networks etc.
#9
18.1 Legacy Series / Re: Firewall Zones
May 31, 2018, 01:17:50 PM
Ah yeah okay. I was thinking about using Floating instead. But then wasn't too sure if it'd achieve the same sort of thing.
#10
18.1 Legacy Series / Re: Firewall Zones
May 31, 2018, 12:35:09 PM
Hi,
Thanks for that. Funny you should mention it about being dated.
Anyway, more along the lines of how the likes of Fortinet, Cisco, CheckPoint etc. How they create "Zones", then assign "interfaces", be it physical or virtual, and group them together. And then using firewall rules that applied to "intra-zone" traffic, but still allow all traffic within a "zone" to flow without rules.
Thanks for that. Funny you should mention it about being dated.
Anyway, more along the lines of how the likes of Fortinet, Cisco, CheckPoint etc. How they create "Zones", then assign "interfaces", be it physical or virtual, and group them together. And then using firewall rules that applied to "intra-zone" traffic, but still allow all traffic within a "zone" to flow without rules.
#11
18.1 Legacy Series / Firewall Zones
May 31, 2018, 05:15:02 AM
Hi all,
Was wanting to know if the concept of "firewall zonies" has been or is going to be implemented into OPNsense.
Thanks,
D
Was wanting to know if the concept of "firewall zonies" has been or is going to be implemented into OPNsense.
Thanks,
D
#12
18.1 Legacy Series / GRE over IPSEC
May 01, 2018, 12:44:05 PM
Hey all,
So firstly, yes I did quickly try to search both the documentation and the forums for some quick answers, but was left still wanting.
So at the moment, I'm connecting a few sites together using IPSEC tunnels. They're working fine. However, there is a new requirement now, now that they're up. To use a dynamic routing protocol over the tunnel.
I know that from the current IPSEC tunnel it's not possible. But I know that with a GRE tunnel I can.
However, configuring this in OPNsense isn't very clear cut, or maybe it's that easy I'm over complicating it.
I'm able to establish the GRE tunnel. But how do I encrypt it?
The reason for this, is because I can't seem to use the OpenVPN option due to configuration limitations on the other end, Mikrotik router and Cisco router.
Anyway, how do I wrap it up? Do I specify the IP addresses of the GRE tunnel? Or do I specify the external IP's of each device in the IPSEC tunnels to wrap up the GRE tunnel?
Directions would be greatly appreciated.
So firstly, yes I did quickly try to search both the documentation and the forums for some quick answers, but was left still wanting.
So at the moment, I'm connecting a few sites together using IPSEC tunnels. They're working fine. However, there is a new requirement now, now that they're up. To use a dynamic routing protocol over the tunnel.
I know that from the current IPSEC tunnel it's not possible. But I know that with a GRE tunnel I can.
However, configuring this in OPNsense isn't very clear cut, or maybe it's that easy I'm over complicating it.
I'm able to establish the GRE tunnel. But how do I encrypt it?
The reason for this, is because I can't seem to use the OpenVPN option due to configuration limitations on the other end, Mikrotik router and Cisco router.
Anyway, how do I wrap it up? Do I specify the IP addresses of the GRE tunnel? Or do I specify the external IP's of each device in the IPSEC tunnels to wrap up the GRE tunnel?
Directions would be greatly appreciated.
#13
18.1 Legacy Series / Icinga2 Monitoring Agent
March 15, 2018, 07:28:36 AM
Hi guys,
Is there any plans of adding the Icinga2 monitoring agent to the package list? We've made the decision to roll out Icinga2, so it'd be nice to have that included if possible.
Thanks,
Is there any plans of adding the Icinga2 monitoring agent to the package list? We've made the decision to roll out Icinga2, so it'd be nice to have that included if possible.
Thanks,
#14
17.7 Legacy Series / Web Admin Hanging When Using Firefox on Windows
September 13, 2017, 12:27:15 AM
Hi guys,
Has anyone else experienced browser lockups when accessing the Web Admin portal using Firefox on Windows? Seems okay in macOS and Linux, but just Windows?
Has anyone else experienced browser lockups when accessing the Web Admin portal using Firefox on Windows? Seems okay in macOS and Linux, but just Windows?
#15
17.7 Legacy Series / Re: OSPF Redistribute Remote Site-to-Site IPSEC networks
August 17, 2017, 11:38:46 AM
Thank you for the suggestion! I'll give it a go and try use BGP between IPSEC tunnels.
