Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Lip90

Pages: [1] 2 3

German - Deutsch / Re: von VLAN Netz auf ipsec entferntes Netz zugreifen

« on: July 11, 2022, 07:26:20 pm »

Mir kommt gerade..., kann es sein das die Gegenstelle der ipSEC Verbindung (Fritzbox) nichts von der 192.168.30.0 weiß und deshalb die Pakete nicht durchgehen?

German - Deutsch / Re: von VLAN Netz auf ipsec entferntes Netz zugreifen

« on: July 11, 2022, 07:16:16 pm »

192.168.30.0/24

German - Deutsch / Re: von VLAN Netz auf ipsec entferntes Netz zugreifen

« on: July 11, 2022, 06:38:41 pm »

reicht das?

German - Deutsch / von VLAN Netz auf ipsec entferntes Netz zugreifen

« on: July 11, 2022, 11:02:37 am »

Hallo Leute,

ich bekomme es nicht hin das mein VLAN 20 auf ein entferntes ipSEC Netz welches dauerhaft zwischen der opnsense der Fritzbox steht zugreifen kann. An den Firewall Rules liegt es nicht, die sind auf any.

Muss ich hier separat Routen oder ein Outbound eintragen?

21.7 Legacy Series / Adguard + Unbound no Autostart

« on: May 07, 2022, 05:16:35 pm »

Hello,

i'm trying desperately to get Adguard to work in combination with Unbound. Basically, only the autostart with AdGuard does not work. As soon as Adguard should be loaded via autostart. 50% of the services no longer start. Adguard doesn't start automatically either. I used this guide for Adguard https://hoerli.net/opnsense-adguardhome-werbefrei-trackerfrei-und-behind-a-good-firewall/

Had someone a idea?

Tutorials and FAQs / Re: Tutorial 2021/09: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: September 14, 2021, 09:43:05 pm »

It looks like that sni don’t work by OpenVPN

Gesendet von iPhone mit Tapatalk

Tutorials and FAQs / Re: Tutorial 2021/09: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: September 14, 2021, 09:41:28 pm »

Your first question:
For both.

The second:
Yes i can access the Seafile server with any config. The haproxy give every request to the ssl backend.

Gesendet von iPhone mit Tapatalk

Tutorials and FAQs / Re: Tutorial 2021/09: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: September 14, 2021, 09:23:55 pm »

Still the Same

Code: [Select]

2021-09-14T21:21:05	haproxy[3256]	80.187.80.8:10670 [14/Sep/2021:21:21:05.818] 0_SNI_frontend SSL_backend/SSL_server 1/0/37 0 -- 1/1/0/0/0 0/0	 
2021-09-14T21:21:05	haproxy[3256]	80.187.80.8:10670 [14/Sep/2021:21:21:05.818] 1_HTTPS_frontend/192.168.64.1:443: SSL handshake failure	 
2021-09-14T21:21:01	haproxy[3256]	80.187.80.8:10495 [14/Sep/2021:21:21:01.658] 0_SNI_frontend SSL_backend/SSL_server 1/0/36 0 -- 1/1/0/0/0 0/0	 
2021-09-14T21:21:01	haproxy[3256]	80.187.80.8:10495 [14/Sep/2021:21:21:01.658] 1_HTTPS_frontend/192.168.64.1:443: SSL handshake failure

Tutorials and FAQs / Re: Tutorial 2021/09: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: September 14, 2021, 08:49:09 pm »

does not work too. i don't think he matched the names

Tutorials and FAQs / Re: Tutorial 2021/09: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: September 14, 2021, 08:23:42 pm »

Still the same

. Any other idea

German - Deutsch / Re: HAProxy Openvpn + Seafile Server

« on: September 14, 2021, 08:22:11 pm »

Tutorials and FAQs / Re: Tutorial 2021/09: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: September 14, 2021, 01:08:53 pm »

@TheHellSite

I think the problem is with the SNI frontend. Here the SSL backend is specified as the default backend. He doesn't even look at the MAP file. he forwards everything to the SSL backend. When I set the openvpn backend as default Backend for a test in the SNI frontend, openvpn work but the other things not.

do you have an idea how I can solve this?

Tutorials and FAQs / Re: Tutorial 2021/09: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: September 13, 2021, 07:43:52 pm »

here is the extract of my configuration. I think that is all correct.

Code: [Select]

dev tun
persist-tun
persist-key
proto tcp-client
cipher AES-256-CBC
auth SHA256
client
resolv-retry infinite
remote vpn.xxxxx.dedyn.io 443 tcp
lport 0

Tutorials and FAQs / Re: Tutorial 2021/09: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: September 13, 2021, 12:34:49 pm »

Hi, I changed the interface, the problem remains the same. It looks like the VPN access is not forwarded by the SNI but by the HTTPS server, right? Unfortunately I don't know how to work around the problem.

Code: [Select]

2021-09-10T19:59:30	haproxy[11387]	xx.xx.xx.162:25819 [10/Sep/2021:19:59:30.212] 0_SNI_frontend SSL_backend/SSL_server 1/0/39 0 -- 1/1/0/0/0 0/0	
2021-09-10T19:59:30	haproxy[11387]	xx.xx.xx.162:25819 [10/Sep/2021:19:59:30.212] 1_HTTPS_frontend/192.168.64.1:443: SSL handshake failure	
2021-09-10T19:59:26	haproxy[11387]	xx.xx.xx.162:25707 [10/Sep/2021:19:59:26.004] 0_SNI_frontend SSL_backend/SSL_server 1/0/35 0 -- 1/1/0/0/0 0/0

Tutorials and FAQs / Re: Tutorial 2021/09: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: September 10, 2021, 08:09:51 pm »

I need your help again.

Code: [Select]

root@OPNsense:~ # cat /usr/local/etc/haproxy.conf
#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbproc                      1
    nbthread                    4
    maxconn                     10000
    tune.ssl.default-dh-param   4096
    spread-checks               2
    tune.chksize                16384
    tune.bufsize                16384
    tune.lua.maxmem             0
    log /var/run/log local0 debug

defaults
    log     global
    option redispatch -1
    maxconn 5000
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: 0_SNI_frontend (Listening on 0.0.0.0:80 0.0.0.0:443)
frontend 0_SNI_frontend
    bind 0.0.0.0:443 name 0.0.0.0:443
    bind 0.0.0.0:80 name 0.0.0.0:80
    mode tcp
    default_backend SSL_backend
    # tuning options
    timeout client 30s

    # logging options
    option tcplog

    # ACTION: NOSSLservice_rule
    # NOTE: actions with no ACLs/conditions will always match
    use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/613b963c5f0851.94679524.txt)]

# Frontend: 1_HTTP_frontend (Listening on 192.168.64.1:80)
frontend 1_HTTP_frontend
    bind 192.168.64.1:80 name 192.168.64.1:80 accept-proxy
    mode http
    option http-keep-alive
    option forwardfor
    # tuning options
    timeout client 30s

    # logging options
    option httplog
    # ACL: NoSSL_condition
    acl acl_6138b110159553.96461818 req.ssl_ver gt 0

    # ACTION: HTTPtoHTTPS_rule
    http-request redirect scheme https code 301 if !acl_6138b110159553.96461818

# Frontend: 1_HTTPS_frontend (Listening on 192.168.64.1:443)
frontend 1_HTTPS_frontend
    http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    bind 192.168.64.1:443 name 192.168.64.1:443 accept-proxy ssl curves secp384r1  no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/6138b32401a006.77997133.certlist
    mode http
    option http-keep-alive
    option forwardfor
    # tuning options
    timeout client 15m

    # logging options
    option httplog

    # ACTION: PUBLIC_SUBDOMAINS_map-rule
    # NOTE: actions with no ACLs/conditions will always match
    use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/6138b15d48a964.28077676.txt)]

# Backend: SSL_backend ()
backend SSL_backend
    # health checking is DISABLED
    mode tcp
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    server SSL_server 192.168.64.1 send-proxy-v2 check-send-proxy

# Backend: SEAFILE_backend ()
backend SEAFILE_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server SEAFILE_server 192.168.30.16:80

# Backend: OPENVPN_backend ()
backend OPENVPN_backend
    # health checking is DISABLED
    mode tcp
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    server OPENVPN_server 127.0.0.1:1194

Code: [Select]

2021-09-10T20:00:44	haproxy[11387]	192.168.1.231:51903 [10/Sep/2021:20:00:44.614] 0_SNI_frontend SSL_backend/SSL_server 1/0/4 0 -- 1/1/0/0/0 0/0	 
2021-09-10T20:00:44	haproxy[11387]	192.168.1.231:51903 [10/Sep/2021:20:00:44.615] 1_HTTPS_frontend/192.168.64.1:443: SSL handshake failure	 
2021-09-10T20:00:40	haproxy[11387]	192.168.1.231:51902 [10/Sep/2021:20:00:40.526] 0_SNI_frontend SSL_backend/SSL_server 1/0/5 0 -- 1/1/0/0/0 0/0	 
2021-09-10T20:00:40	haproxy[11387]	192.168.1.231:51902 [10/Sep/2021:20:00:40.527] 1_HTTPS_frontend/192.168.64.1:443: SSL handshake failure	 
2021-09-10T19:59:30	haproxy[11387]	xx.xx.xx.162:25819 [10/Sep/2021:19:59:30.212] 0_SNI_frontend SSL_backend/SSL_server 1/0/39 0 -- 1/1/0/0/0 0/0	 
2021-09-10T19:59:30	haproxy[11387]	xx.xx.xx.162:25819 [10/Sep/2021:19:59:30.212] 1_HTTPS_frontend/192.168.64.1:443: SSL handshake failure	 
2021-09-10T19:59:26	haproxy[11387]	xx.xx.xx.162:25707 [10/Sep/2021:19:59:26.004] 0_SNI_frontend SSL_backend/SSL_server 1/0/35 0 -- 1/1/0/0/0 0/0

MAP_file:

OPENVPN_settings:

Pages: [1] 2 3