121
21.1 Legacy Series / Re: 21.1.7_1 Upgrade - Fatal error: Uncaught Error:
« on: June 18, 2021, 02:02:12 pm »
I had this error during 21.1.6 to 21.1.7 update.
Everything is working fine.
Everything is working fine.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
122
General Discussion / Re: Multi-WAN (3): 2+1 Failover & Priority
« on: June 03, 2021, 02:02:24 pm »
If you use shared forwarding, that I believe is enabled by default, you will have traffic shaper and policy routing.
https://docs.opnsense.org/manual/firewall_settings.html#shared-forwarding
I've not used both simultaneosly but if you play around a bit you can make it work as intended.
https://docs.opnsense.org/manual/firewall_settings.html#shared-forwarding
I've not used both simultaneosly but if you play around a bit you can make it work as intended.
123
General Discussion / Re: Multi-WAN (3): 2+1 Failover & Priority
« on: June 01, 2021, 10:21:03 pm »
Hi Kallex,
for your first question, you need to define 2 gateway groups with three tiers each, indicating the gateways in order on each tier.
Then with policy routing you can select which gateway group is used based on IP address or LAN segment or whatever criteria you choose.
You can find the docs here: https://docs.opnsense.org/manual/how-tos/multiwan.html
For your second question, have a look at traffic shaping: https://docs.opnsense.org/manual/shaping.html
I really don't know if you can combine traffic shaping with gateway groups, but you can try.
For your thrird question you will need to define you DDNS in services >> dynamic dns, but again, you need to try if you can pass your active gateway IP to your domain name.
In this case you could use DNS-SRV key types on the DNS server. This way you could define your services with priorities on the DNS side and it should answer queries based on the priority and availability, so when you loose a WAN the DNS server would know it and pass an alternate IP address on queries.
for your first question, you need to define 2 gateway groups with three tiers each, indicating the gateways in order on each tier.
Then with policy routing you can select which gateway group is used based on IP address or LAN segment or whatever criteria you choose.
You can find the docs here: https://docs.opnsense.org/manual/how-tos/multiwan.html
For your second question, have a look at traffic shaping: https://docs.opnsense.org/manual/shaping.html
I really don't know if you can combine traffic shaping with gateway groups, but you can try.
For your thrird question you will need to define you DDNS in services >> dynamic dns, but again, you need to try if you can pass your active gateway IP to your domain name.
In this case you could use DNS-SRV key types on the DNS server. This way you could define your services with priorities on the DNS side and it should answer queries based on the priority and availability, so when you loose a WAN the DNS server would know it and pass an alternate IP address on queries.
124
General Discussion / Re: WAN with private IP space, LAN with public...
« on: May 13, 2021, 02:24:04 pm »
Hi... check this option and see what happens: Firewall > Settings > Advanced > Disable force gateway
125
General Discussion / Re: Custom DDNS - How to see the HTTP Response
« on: May 07, 2021, 03:08:13 pm »
Just try the updating url in your browser and see what you get. The DDNS service will usually respond with something like IPv4: <address> or IPv6: <address> whet it succeed
126
21.1 Legacy Series / Re: APC UPS (NUT) config problem
« on: May 05, 2021, 11:28:22 pm »
May be a lack of permissions?
127
21.1 Legacy Series / Re: Vlan host rule passing all traffic
« on: April 26, 2021, 02:08:23 am »
Hi, can you show the rules?
128
21.1 Legacy Series / Re: Lets Encrypt renewal and certificate synchornization
« on: April 06, 2021, 04:37:32 pm »
Oh... yes. I didn't catch that.
Thank you very much @marjohn56
Thank you very much @marjohn56
129
21.1 Legacy Series / Re: Lets Encrypt renewal and certificate synchornization
« on: April 06, 2021, 04:26:39 pm »
Very useful. 
Does your script survive an OPNSense Update? or you have to reconfigure it after updating?
Does your script survive an OPNSense Update? or you have to reconfigure it after updating?
130
21.1 Legacy Series / Re: Lets Encrypt renewal and certificate synchornization
« on: April 06, 2021, 04:05:54 pm »
Are you using the "Remote backup" command of the "System > Settings > Cron" page ?
131
21.1 Legacy Series / Re: Lets Encrypt renewal and certificate synchornization
« on: April 06, 2021, 03:59:15 pm »...and then I have a script which uses rsync that uploads the certs to the web server...
Hi @marjohn56,
How do you trigger the script?
132
21.1 Legacy Series / Re: WAN IPv6 can't be delegated and 'track interface' doesn't seem to work. Options?
« on: March 23, 2021, 03:26:44 pm »
Ok, now I stated to see the bigger picture. My ISP wants me to have only one subnet. It is very stingy.
133
21.1 Legacy Series / Re: WAN IPv6 can't be delegated and 'track interface' doesn't seem to work. Options?
« on: March 23, 2021, 01:48:21 am »
@Maurice, that's right. I believe that I'm thinking in IPv6 as it were IPv4.
Now, I have a question. How can be achieved an IPv6 configuration with more than one VLAN?
There should be some subnetting in the config
Now, I have a question. How can be achieved an IPv6 configuration with more than one VLAN?
There should be some subnetting in the config
134
21.1 Legacy Series / Re: WAN IPv6 can't be delegated and 'track interface' doesn't seem to work. Options?
« on: March 22, 2021, 10:59:30 pm »- Use ULAs and IPv6 NAT. Results in IPv6 almost never being used.
I think I have a workaroud to the issue of "IPv6 never used" beause of ULAs
It is, I have to say, even more a monstruosity than the fact of using NAT.
Instead of using ULAs I used GUAs, I know, it is not fine, but I've been using this for a week and it's working very fine and stable.
I know that my ISP assigned me a /64 segment so I can use these addresses as I need.
I have some VLANs, so I choosed a /80 preffix changing the last 16 bits of the network address in each VLAN.
135
21.1 Legacy Series / Re: My OPNSense cant route IPv6
« on: March 15, 2021, 11:58:57 pm »
Yes... I thought that it was for tha same reason.
I needed to give it a try due to NPT is a better solution than NAT.
My ISP left me with NAT as the only option.
But it works great!!!!
It passes all IPv6 tests.
I needed to give it a try due to NPT is a better solution than NAT.
My ISP left me with NAT as the only option.
But it works great!!!!
It passes all IPv6 tests.