Messages

Is there a easy/proper way to achieve this ?

The better way of doing this would be IPsec IMHO:
https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html

I never got OpenVPN NAT to remote site working in a clean way, with dirty configs I can pass some traffic but defeats the pupose of easy and clean way.

Could you explain why we can achieve this with IPsec  and not OpenVPN?

Thank you 

Totally forgot about this. Sometimes it is hard to do something differently than you always did before ;)

Thank you working great

Cheers

I am also interested in backing up to Nextcloud as I don't use public cloud services.

How can I install the plug in for nextcloud ?

This is not a plugin, if it is not available in the backup section, it will be included in a future release without having to install anything except updates ;)

You can test it in the developer preview.

OK Thank you, how do I transform my version into developer preview or upgrade ?

I am running stable 18.1.8

cheers

thanks for the link...i will try to study the code...pcloud is commercial cloud storage provider..its not self hosting like nextcloud or owncloud.

Hi Guys

I am also interested in backing up to Nextcloud as I don't use public cloud services.

How can I install the plug in for nextcloud ?

Thank You

Hi Guys,

I'm hoping the fantastic OPNsense community can shed some light on this.

Been trying many different things for a couple of weeks none of them working.

I have 2 OPNsense firewalls installed, one on Site A and one on Site B

Site A has Public IP and LAN IP - I can control the Public IP and the Natting to Site A LAN fine.

Site B has LAN IP Only - I don't control the Public IP, hence I have a OpenVPN tunnel back to Site A

Site A: LAN 192.168.1.0/24 WAN 271.xxx.xxx.xxx OpenVPN Tunnel Network 10.6.8.0/24

Site B: LAN 192.168.2.0/24 no WAN OpenVPN Tunnel Network 10.6.8.0/24

I can access the site A LAN network from site B fine and vice-versa, no problems on that.

My goal is to be able to NAT something from Site A Public IP to the LAN seating on the other side of the tunnel on site B.

I have tried:

Stretched LAN from site A to site B via Bridging Site A LAN + OpenVPN, didn't work at all, no traffic passing either way Site A or Site B, I also did the bridge on Site B LAN + OpenVPN with no results

Specific traffic Rules on Site A to Site B and Outbound from Site B LAN configured to go via OpenVPN tunnel. Didn't work also.

Is there a easy/proper way to achieve this ?

Thank you

Hello Fellas,

Thanks for the HA Proxy FIX on 17.7.1 update (Hard Mode).

I can confirm the issues reported by a few users, of getting stuck while rebooting and delayed HA Failover are resolved now.

https://forum.opnsense.org/index.php?topic=4899.msg21493#msg21493

https://forum.opnsense.org/index.php?topic=5304.msg22070#msg22070

keep up the good work

Cheers

sorry to ask again, but anyone facing a similar issue ?

Cheers

Hi Guys,

I have been trying to get this to work for a couple of weeks now, without success, hopefully anyone can help me.

I have 2 Frontends on HAproxy  one on port 443 and one on port 4444

There is a website www.website.com on the 443 frontend that goes to a backend and server and it has ACL and action. Everything is working fine when I go to www.website.com

however on the same backend server I have another website that runs on port 4444.

What I wanted to achieve is to be able to go on www.website.com:4444 and be able to go to the website running on 4444 port, however when I try to go to www.website.com:4444 I get the error below.

the port 4444 is ruled on the firewall like 443 and everything is open, there is a dedicated backend, server and dedicated action using the same ACL for the website.com but is not working as expected, is not getting into the website running on port 4444

internal works fine both website.com and website.com:4444

hope that makes sense

cheers

will this be shipped in future releases or we need to always patch  ?

It will be available in 17.7.1 (at the latest). :)

Also where can I contribute or buy you guys a beer..?

You're always welcome to report issues, suggest enhancements or even provide some fixes:
https://github.com/opnsense/core/issues
https://github.com/opnsense/plugins/issues

On the other hand, the OPNsense projects welcomes donations too:
https://opnsense.org/donate/

Thanks for reporting this issue!


Regards
- Frank

Donated

Thank you

The fix is ready for testing:

Code Select Expand

opnsense-patch -c plugins 6a82b37

For reference: https://github.com/opnsense/plugins/pull/209


Regards
- Frank

Also where can I contribute or buy you guys a beer..?

The fix is ready for testing:

Code Select Expand

opnsense-patch -c plugins 6a82b37

For reference: https://github.com/opnsense/plugins/pull/209


Regards
- Frank

Nice one fraenki is working now  ;D Thanks for this

will this be shipped in future releases or we need to always patch  ?

Thanks both for the help

Cheers

According to the manual "crl" argument also takes directories, that seems to be the only solution of of this long line debacle. :D

I have never used HAproxy before and I'm not trying to be greedy or anything or wanting infinite ssl certificates with one system. ;D

I am just short in public IPs, only one in fact and wanted to see if I could deploy further SSLs in one box.

OPNsense has been choice number one here after ditching UTM and pfsense and so far is the best traffic eater Firewall appliance i ever seen   8)

Cheers

I know I'm late to the party... I'll try to prepare a fix later today, requires a few code changes and tests. :)


Regards
- Frank

Thanks no worries  ;D

# opnsense-patch -c plugins 00151b8

This is better...

Right, so it seems I'm getting the same error again..

Hi akron,

Looking at your output and the previous fix, the line escape was added, but the newline was missing. D'oh, sorry.

New try with *two* characters, instead of one:

https://github.com/opnsense/plugins/commit/00151b8

# opnsense-patch 00151b8


Cheers,
Franco

Thanks Franco however it says "fetch: https://github.com/opnsense/core/commit/00151b8.patch: Not Found
"  :D

I will apply this once the link its working and let you know the result.

Cheers