Messages

166

German - Deutsch / Re: Unbound startet nicht nach Reboot

« on: October 22, 2019, 08:20:58 am »

Hallo. Ist das bei jedem Reboot so?

Hast du eventuell in den custom options ein include eingetragen wo das File jetzt nicht mehr vorhanden ist?

fg

167

General Discussion / Re: Config Two completely separate home networks with one shared internet connection

« on: October 05, 2019, 07:11:16 am »

Have also a look on francos post from here to understand how opnsense handels packets https://forum.opnsense.org/index.php?topic=6587.msg30876#msg30876

168

General Discussion / Re: Config Two completely separate home networks with one shared internet connection

« on: October 04, 2019, 12:11:50 pm »

Hi,

Firewall rules control what traffic is allowed to enter an interface on the firewall. Once traffic is passed on the interface it enters an entry in the state table is created.

You should read the rule like this:

(MYLAN) Interface
IPv4 *   MYLAN net   *   *   *   *   *   Default allow LAN to any
Every IPv4 packet which arrives (incoming) at “MYLAN Interface” is checked if
-IP is within the MYLAN range,
-Port *
-Destination *

if everything matches the paket is allowed.

Ok?

br

169

General Discussion / Re: Config Two completely separate home networks with one shared internet connection

« on: October 04, 2019, 06:19:07 am »

Hi.

OpnSense works on per Interface level (incomin).
Search a bit for incoming rules this is how it works,

Br

170

General Discussion / Re: Config Two completely separate home networks with one shared internet connection

« on: October 03, 2019, 07:09:51 am »

According to your config you (MYLAN) has access to everything, at least on IPv4.

Br

171

General Discussion / Re: Config Two completely separate home networks with one shared internet connection

« on: September 25, 2019, 06:46:08 am »

Hi,

if you have separate LANs, then basically if you do not define an allow rule access from one LAN to another is not possible. But we do not know your setup in detail so any advice is a guessing game ;-).

br

172

General Discussion / Re: Config Two completely separate home networks with one shared internet connection

« on: September 17, 2019, 06:54:44 am »

Hi,

for sure you can do that. It‘s possible with multiple ways, physical interfaces or via VLANs.

However, who owns the box has full control over the traffic, question is if your neighbour trusts you

br

173

19.7 Legacy Series / Re: Unbound custom parameters

« on: September 14, 2019, 07:57:55 pm »

Thanks for the information, looking forward for the plugin.

174

19.7 Legacy Series / Re: Unbound custom parameters

« on: September 14, 2019, 03:10:29 pm »

Within 19.7.4 there is „support file-based custom-includes“ mentioned as new unbound feature.

I‘m not sure if this is the replacement for „Unbound custom parameter“?

br

175

German - Deutsch / Re: Firewall Regeln verständnis

« on: August 11, 2019, 09:29:36 pm »

Hi, eventuell eine Host Firewall aktiviert?

176

German - Deutsch / Re: Firewall Regeln verständnis

« on: August 11, 2019, 09:15:03 pm »

Hi, die korrekte Rule um von 192.168.178.0/24 (WAN net) in dein 10.28.0.0/24 Netz (LAN net) ICMP zu erlauben wäre:

Interface WAN:
Protocoll IPv4 ICMP | Source * | Port * | Destination LAN net //

Dann kannst du aber nur vom WAN net in dein LAN net pingen

fg

177

19.7 Legacy Series / Re: Unbound custom parameters

« on: August 06, 2019, 08:51:45 pm »

Hi,

I'm also using the custom options for different purposes, e.g

• DNS Blacklist include
• server
  tls-cert-bundle: "/etc/ssl/cert.pem"
  forward-zone:
  name: "."
  forward-tls-upstream: yes
  ...
• server:
  #Access control for Internal IPv4/6
  access-control-view: 192.168.xx.0/24 lanview
  access-control-view: xxxx:xxxx:xxxx:xxxx::/64 lanview
  view:
  name: "lanview"
  local-zone: "xxxxxxxx" transparent
  local-data: "xxxxxxxx A xxxxxxxxx"
  local-data: "xxxx A xxxxxxxxxx"

This should be covered in the alternative solution too.

br

178

19.1 Legacy Series / Re: Password secure encrpytion/hashing

« on: July 08, 2019, 10:03:00 pm »

Hi,

Can you please ping me the link where is the source code documentation?

https://github.com/opnsense/core/blob/ebcd30c97135d62d2c568185318fd4bbb812c9fe/src/etc/inc/auth.inc#L555

br

179

19.1 Legacy Series / Re: Password secure encrpytion/hashing

« on: July 08, 2019, 07:32:37 pm »

Hi.

There's no salt present

Usually bcrypt generates the salt randomly automatically, so I assume its the same in opnsense.

Edit: Found it myself
https://www.php.net/manual/en/password.constants.php

Br

180

19.1 Legacy Series / WAN (pppoE) change down and up (reboot needed)

« on: July 03, 2019, 06:29:31 pm »

Hi community.

Since a couple of weeks I've the following issue. After around two weeks the WAN interface (pppoE) change to down and up again on regular base ~10min.

The firewall needs to be restarted to get a stable connection again.

OPNsense 19.1.9-amd64
FreeBSD 11.2-RELEASE-p10-HBSD
OpenSSL 1.0.2s 28 May 2019


In the log I found this error.

Code: [Select]

configd.py: unable to sendback response [OK ] for [interface][newip][['pppoe0']] {86f78e9b-99e7-4bd3-b73e-3ea0a6f4bead}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Attached a screenshot of the log with additional infos, any idea to fix the issue?

Thanks

br