Messages

1

General Discussion / Re: Multi-WAN (3): 2+1 Failover & Priority

« on: June 03, 2021, 02:02:24 pm »

If you use shared forwarding, that I believe is enabled by default, you will have traffic shaper and policy routing.

https://docs.opnsense.org/manual/firewall_settings.html#shared-forwarding

I've not used both simultaneosly but if you play around a bit you can make it work as intended.

2

General Discussion / Re: Multi-WAN (3): 2+1 Failover & Priority

« on: June 01, 2021, 10:21:03 pm »

Hi Kallex,
for your first question, you need to define 2 gateway groups with three tiers each, indicating the gateways in order on each tier.
Then with policy routing you can select which gateway group is used based on IP address or LAN segment or whatever criteria you choose.
You can find the docs here: https://docs.opnsense.org/manual/how-tos/multiwan.html

For your second question, have a look at traffic shaping: https://docs.opnsense.org/manual/shaping.html
I really don't know if you can combine traffic shaping with gateway groups, but you can try.

For your thrird question you will need to define you DDNS in services >> dynamic dns, but again, you need to try if you can pass your active gateway IP to your domain name.
In this case you could use DNS-SRV key types on the DNS server. This way you could define your services with priorities on the DNS side and it should answer queries based on the priority and availability, so when you loose a WAN the DNS server would know it and pass an alternate IP address on queries.

3

General Discussion / Re: WAN with private IP space, LAN with public...

« on: May 13, 2021, 02:24:04 pm »

Hi... check this option and see what happens: Firewall > Settings > Advanced > Disable force gateway

4

General Discussion / Re: Custom DDNS - How to see the HTTP Response

« on: May 07, 2021, 03:08:13 pm »

Just try the updating url in your browser and see what you get. The DDNS service will usually respond with something like IPv4: <address> or IPv6: <address> whet it succeed

5

21.1 Production Series / Re: APC UPS (NUT) config problem

« on: May 05, 2021, 11:28:22 pm »

May be a lack of permissions?

6

21.1 Production Series / Re: Vlan host rule passing all traffic

« on: April 26, 2021, 02:08:23 am »

Hi, can you show the rules?

7

21.1 Production Series / Re: Lets Encrypt renewal and certificate synchornization

« on: April 06, 2021, 04:37:32 pm »

Oh... yes. I didn't catch that.
Thank you very much @marjohn56

8

21.1 Production Series / Re: Lets Encrypt renewal and certificate synchornization

« on: April 06, 2021, 04:26:39 pm »

Very useful. 
Does your script survive an OPNSense Update? or you have to reconfigure it after updating?

9

21.1 Production Series / Re: Lets Encrypt renewal and certificate synchornization

« on: April 06, 2021, 04:05:54 pm »

Are you using the "Remote backup" command of the "System > Settings > Cron" page ?

10

21.1 Production Series / Re: Lets Encrypt renewal and certificate synchornization

« on: April 06, 2021, 03:59:15 pm »

...and then I have a script which uses rsync that uploads the certs to the web server...

Hi @marjohn56,
How do you trigger the script?

11

21.1 Production Series / Re: WAN IPv6 can't be delegated and 'track interface' doesn't seem to work. Options?

« on: March 23, 2021, 03:26:44 pm »

Ok, now I stated to see the bigger picture. My ISP wants me to have only one subnet. It is very stingy.

12

21.1 Production Series / Re: WAN IPv6 can't be delegated and 'track interface' doesn't seem to work. Options?

« on: March 23, 2021, 01:48:21 am »

@Maurice, that's right. I believe that I'm thinking in IPv6 as it were IPv4.
Now, I have a question. How can be achieved an IPv6 configuration with more than one VLAN?
There should be some subnetting in the config

13

21.1 Production Series / Re: WAN IPv6 can't be delegated and 'track interface' doesn't seem to work. Options?

« on: March 22, 2021, 10:59:30 pm »

- Use ULAs and IPv6 NAT. Results in IPv6 almost never being used.

I think I have a workaroud to the issue of "IPv6 never used" beause of ULAs
It is, I have to say, even more a monstruosity than the fact of using NAT.
Instead of using ULAs I used GUAs, I know, it is not fine, but I've been using this for a week and it's working very fine and stable.
I know that my ISP assigned me a /64 segment so I can use these addresses as I need.
I have some VLANs, so I choosed a /80 preffix changing the last 16 bits of the network address in each VLAN.

14

21.1 Production Series / Re: My OPNSense cant route IPv6

« on: March 15, 2021, 11:58:57 pm »

Yes... I thought that it was for tha same reason.
I needed to give it a try due to NPT is a better solution than NAT.
My ISP left me with NAT as the only option.

But it works great!!!!
It passes all IPv6 tests.

15

21.1 Production Series / Re: My OPNSense cant route IPv6

« on: March 15, 2021, 08:20:04 pm »

As it is working very well right now, I made a test box with an old motherboard, just to experiment without messing up my system.
I tested NPTv6, but I'm not sure if I did it right. It didn't work.