Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Lxndr

#1
Quote from: Lxndr on December 10, 2022, 08:40:41 PM
Hi guys,

Ignore my previous post, this is working, when I try reaching any of my internal hosts/services using the mobile network or from a computer outside my network, I do reach my proxy, but when I try from inside the network, the routing does not happen, so I do have an issue but it's not related to the port forwarding, looks like my adguard or maybe the dns setup on opnsense is not correctly setup. I'll need to look into that more in depth.

Hi all,

sorry to bother you guys again, following the above message I'm trying to setup Nextcloud AIO behind swag reverse proxy but I've come into an issue where I can't get Nextcloud to validate the domain, I keep getting the error below despite having a port forwarding rule:

The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/'; by entering your domain there as ip-address and port 443 as port.

The forwarding rule points to the reverse proxy and seems fine as Swag is working and managed to get the  certificate from let's encrypt, but when using https://portchecker.co/ or https://canyouseeme.org/ both tell me that port 443 is closed; any ideas why that is?

Do note that both swag and nextcloud AIO are both running on docker on different containers.

I'm not sure if the issue is at the Opnsense or the swag level, appreciate if anyone has an idea on this

Thanks

EDIT: Managed to sort myself out, seems like I had an issue with my internet connection, so after rebooting Opnsense and the ISP Fiber Optical interface, things got back to normal, so all good now.
#2
Hi all,

I'm trying to setup Nextcloud AIO behind swag reverse proxy but I've come into an issue where I can't get Nextcloud to validate the domain, I keep getting the error below despite having a port forwarding rule:

The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/'; by entering your domain there as ip-address and port 443 as port.

The forwarding rule points to the reverse proxy and seems fine as Swag is working and managed to get the  certificate from let's encrypt, but when using https://portchecker.co/ or https://canyouseeme.org/ both tell me that port 443 is closed; any ideas why that is?

Do note that both swag and nextcloud AIO are both running on docker on different containers.

Here's my port forwarding rule




Thanks

EDIT: Managed to sort myself out, seems like I had an issue with my internet connection, so after rebooting Opnsense and the ISP Fiber Optical interface, things got back to normal.
#3
Hi guys,

Ignore my previous post, this is working, when I try reaching any of my internal hosts/services using the mobile network or from a computer outside my network, I do reach my proxy, but when I try from inside the network, the routing does not happen, so I do have an issue but it's not related to the port forwarding, looks like my adguard or maybe the dns setup on opnsense is not correctly setup. I'll need to look into that more in depth.
#4
Hi all,

I'm trying to setup a reverse proxy in order to expose some services on to the web.

for test purposes I'm currently only exposing a uptime-kuma container, I can access it no problem internally but not getting access when coming from outside my network, this is what I've currently have setup as port forwarding rule pointing to swag my reverse proxy:




what I have in the firewall rules section:



and this is what I get as result when accessing using the domain:



I'm not seeing what may be wrong here, any idea of what I may have done wrong here?

Thanks in advance for your help
#5
Quote from: Lxndr on November 24, 2021, 07:22:36 PM
Hello,

Guys I have a question concerning the use of NextDNS within AdGuard, I have AdGuard running on 2 separate RPIs,  so in case one fails we still have a DNS working, of course OpnSense points to both, my issue here is that First of all, I had to add the relevant https://dns.nextdns.io/xxxxx on the in the Dns upstream session and add the "normal IPs' (45.X.X.X.)in the section below concerning the DNS bootstramp, to get it working on the 1st RPI, but added that same information on the 2nd one I get an error stating that it's impossible to use https://dns.nextdns.io/xxxxx please check that the name is correct.

Not sure what I'm doing wrong here so any advise will be appreciated, please note that if I use the Cloudflare https://family.cloudflare-dns.com/dns-query with the 1.X.X.3 that works for the 2nd RPI, is there a limitation to 1 global device per network for the usage of NextDNS within AdGuard?

Any one has already had this issue, is it the expected behaviour?

thanks in advise for taking the time to help out, any advise will be highly appreciated.
Anyone to advise on the above please? Thanks
#6
Hello,

Guys I have a question concerning the use of NextDNS within AdGuard, I have AdGuard running on 2 separate RPIs,  so in case one fails we still have a DNS working, of course OpnSense points to both, my issue here is that First of all, I had to add the relevant https://dns.nextdns.io/xxxxx on the in the Dns upstream session and add the "normal IPs' (45.X.X.X.)in the section below concerning the DNS bootstramp, to get it working on the 1st RPI, but added that same information on the 2nd one I get an error stating that it's impossible to use https://dns.nextdns.io/xxxxx please check that the name is correct.

Not sure what I'm doing wrong here so any advise will be appreciated, please note that if I use the Cloudflare https://family.cloudflare-dns.com/dns-query with the 1.X.X.3 that works for the 2nd RPI, is there a limitation to 1 global device per network for the usage of NextDNS within AdGuard?

Any one has already had this issue, is it the expected behaviour?

thanks in advise for taking the time to help out, any advise will be highly appreciated.
#7
Thanks Yeraycito!
#8
Quote from: yeraycito on November 12, 2021, 06:36:18 PM
Hello, you can do it in the following way.

1 - Go to the NextDns website and copy the address that appears in the Dns over https section: https://dns.nextdns.io/xxxxx

2 - Disable Unbound

3 - In Adguard - Settings - DNS settings you set that address.
Thanks Yeraycito

One additional question, is there anyway to keep the Unbound enabled?
#9
Hi all,

Just thought I would let you guys know that the migration has been done, my UDM Pro was shut down yesterday and it's back in the box, I'm running OPNSense on a Dell r210ii and will be migrating that a Opnsense appliance within the next year if all goes well.

I do have a couple of questions following the migration:

As mentioned on a previous post, I was using Untangle in bridge mode behind the UDM Pro, so wanted to know if I should keep the untangle box in bridge mode behind OpnSense of if I should consider installing Sensei and call it a day?

What's the best option concerning the usage of certificates, I'm using Ngnix Proxy Manager with LE, but was considering using Opnsense to handle the certificates /getting a wildcard certificate if possible, any advise or recommendations on this?

Thanks in advance
#10
Hi all,

I've just migrated my firewall from the ubiquiti unifi udm pro to opnsense, I've been reading the forum for several months now and following my migration I'm quite curious on how to go about implementing NextDNS in addition to my Adguard/Unbound setup, so after following Yeracito's guide on how to use Adguard home standalone with Unbound in Opnsense I want to follow yet again another Yeracito's set of instructions but I believe that there were some changes between the version Yeracito was using when he posted his print screens and the latest Opnsense version which I'm currently running as I don't have a miscellaneous section under Services / Unbound nor Unbound /General / Custom Options.

Could someone guide me on which Unbound section I should be using to set this up?

Quote from: yeraycito on April 13, 2021, 09:04:18 PM
Installation;

Let's go to   https://nextdns.io/    and register for free. Once registered you are given a personalised ID and dns.

Opnsense instalation:

- Follow the tutorial explained above for Adguard.

- Unbound - General - Custom Options: add                 ( XXXXXX is a custom ID in NextDns )


server:
      tls-cert-bundle: "/etc/ssl/cert.pem"
  forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 45.90.28.0#XXXXXX.dns1.nextdns.io
    forward-addr: 2a07:a8c0::#XXXXXX.dns1.nextdns.io
    forward-addr: 45.90.30.0#XXXXXX.dns2.nextdns.io
    forward-addr: 2a07:a8c1::#XXXXSS.dns2.nextdns.io

Thanks in advance.
#11
General Discussion / Re: OPNsense Migration
August 28, 2021, 11:38:57 AM
Hi there,

Like you I'm new here and i'm working on migrating my network to Opnsense coming from a tandem of Ubiquiti Unifi and Untangle, I did played with PfSense for a few months but despite it being a very powerfull firewall I was not comfortable with it, I have not yet migrated to OpnSense since I only started my journey with it not more than a couple of weeks ago so I'm still learning it and from what I've seen and been doing with it, I see no reason why the migration would be painful especially if you're coming from PfSense; I must probably have more issues than what you could have on yours..

Not sure what you migration path is but if you'll be running OpnSense on a different hardware, I would first of all recreate your network (VLAN, Rules, etc) in OpenSense and if you can afford to have some down time switch boxes to tests in the night when no one is using the network.

As you've been using PFsense for some time the logic behind of how OpnSense work should not be unfamiliar to you or that different, it would most probably come down to the interface and how things are displayed adnd layout, at least that is my experience with both of them so far, so don't think you will have any major issues migrating to OpnSense.

Not sure if this will be helpful to you but that's what I think, hopefully some of the other guys around that have been using it for far longer will provide their views, anyways, good luck and let us know how the migration goes! :)
#12
Awesome! Thanks.
#13
Hello,

Cookiemonster, Greelan,

Appreciate you guys taking the time to answer my questions. :)

@Greelan,

I had an USG Pro with cloudkey prior to the prior to replacing them with the all in one solution the UDM-Pro provides, also thanks for the book recommendation, I've just downloaded it on my kindle.


I'm using Nginx proxy Manager to handle certificates for my internal services and I see that OpnSense can handle this internally, are you guys using certificates as well and if so are you using OpnSense to handle them or are you using and external solution like NPM or Traeffik, would it be better to let OpnSense handle this ?

I own 3 domains,  is there any issue or limitations on handling more than one domain?

Can I choose where my logs are stored as currently all the logs froms my hardware are stored in my nas?

I've just installed OpnSense on a VM on my Proxmox server, if I wish to move it to a dedicated hardware, I assume there's no issues with recovering a backup file to reinstall on new hardware?

Any hardware recommendations for a 3 wans, 1 lan and 3 vlans setup? mais link will be 1G/1G fiber, IPS/IDS activated?

Thanks again
#14
Hi OPNSense community,

I'm currently looking for options to replace my current setup which consist on a Ubiquiti UDM-Pro and Untangle in bridge mode but certain limitations have me reconsidering other options.

On the UDM-Pro side firmware issue have me stuck on an older version of the firmware as people are having issues with the newer firmware versions, also the fact that only 2 wan connections can be used and the second one can only be used in failover mode are among the things that are in my list of issues, and with Untangle which I was planning to use as my main firewall after removing the UDM-Pro, their recent change on their home licences cost got me started to look for alternatives and while I've been testing pfsense for several months now but something is just bothering me but can't figure out exactly what, so to kept searching and have decided to give Opnsense a try.

Apologies if what I'm about to says is obvious for you all but please keep in mind that I'm a complete noob when it come to Opnsense, but just by looking at UI alone compared to pfsense is makes it much more user friendly for my point of view and doesn't makes you scratch your head askig yourself where to find what you're looking for, but that's not the purpose of my post here today.

I have a few questions:

I currently run DNS server on my Synology nas and 2 raspberry pi to run adguard home for adblocking, can you confirm that I can keep that setup, what DNS upstream server should be set on Opnsense, should I point to my Synology DNS or to an external DNS provider like Cloudflare?

Has anyone here jumped ship from the UDM-Pro to OpnSense and a standalone Unifi controller (physical or docker)? was the migration path smooth or was it a bumpy ride but still no regrets whatsoever?

Are there any issues with IOT devices and mDNS setup?

Any good book you would recommend me to read in order to get deeper knowledge on OpnSense?

From a hardware perspective if all testing goes well and according to plan I will invest on a low power hardware appliance so that I can turn of my r210 running Untangle and save some money on power.

I had some other questiosn in my mind when started writing this but they just vanished, will post them later if they come back.

Anyways, thabk you all for your time reading and hopefully answering.

Hava great weekend