Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - andreab

Pages: 1 [2]

Tutorials and FAQs / Re: HOWTO - Routing Traffic over Private VPN

« on: March 13, 2018, 01:03:51 am »

Hi,

I'm on 18.1.4 but I have not seen any progress regarding my situation.
My routing table still looks exactly the same as before, and I experience the same problems as before.

A couple of things I've noticed with the VPN on (and therefore with no connectivity):
1) checking the firewall log I can see that my ping to the google DNS servers (8.8.8.

is allowed, but since I get no response, I assume the "reply" messages are blocked on the way back;
2) if I am pinging something (eg 8.8.8.

while I enable the VPN, the ping keeps working - so something is blocking new connections, but not already established ones.

Regards,
Andrea

Tutorials and FAQs / Re: HOWTO - Routing Traffic over Private VPN

« on: March 06, 2018, 02:36:22 am »

Hi,

Just to give everyone an update on this - I have patched OPNsense to the latest (18.1.3) but the issues reported in my previous comment (#29) still remain a problem.

Let me know if you experience anything different please.

Regards,
Andrea

Tutorials and FAQs / Re: HOWTO - Routing Traffic over Private VPN

« on: February 14, 2018, 02:43:22 am »

Hi,

Here is my situation with this issue.

I'm fully updated on 18.1.2_2.

I followed this how-to when I was still on 17.7.something (one of the latest ones, in case that matters).

The only thing I did different is "Step 8, the Manual outbound NAT generation" bit, as the only way to keep the automated and manual rules in place at the same time is by using the "hybrid" setting.
Of course I also tried to use manual but it does not make any difference.

In my setup I want to have all traffic coming from a VLAN (10.55.59.0/24) to be routed through the OpenVPN connection, while untagged traffic coming from 10.55.55.0/24 will reach the internet directly.

The correct gateway for the network is 10.55.50.1, while the gateway for the OpenVPN connection is something like 46.246.85.1.

Problem #1
When OpenVPN is connected to its server, 10.55.59.0/24 correctly goes on the internet through the encrypted tunnel, but unfortunately 10.55.55.0/24 has no Internet access whatsoever (tested with something like "ping 8.8.8.8" or curl).

If it helps understanding, checking the routes I can see this:

% netstat -nr
Routing tables

Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 46.246.85.1 UGS ovpnc1
default 10.55.50.1 UGS igb0
10.55.50.0/24 link#1 U igb0
10.55.50.1 00:e0:4c:65:25:da UHS igb0
10.55.50.2 link#1 UHS lo0
10.55.55.0/24 link#2 U igb1
10.55.55.1 link#2 UHS lo0
10.55.59.0/24 link#14 U igb1_vla
10.55.59.1 link#14 UHS lo0
10.55.60.0/24 link#3 U igb2
10.55.60.1 link#3 UHS lo0
10.55.61.0/24 link#10 U igb2_vla
10.55.61.1 link#10 UHS lo0
10.55.62.0/24 link#11 U igb2_vla
10.55.62.1 link#11 UHS lo0
46.246.85.0/27 46.246.85.1 UGS ovpnc1
46.246.85.1 link#9 UH ovpnc1
46.246.85.21 link#9 UHS lo0
84.200.69.80 00:e0:4c:65:25:dd UHS igb3
84.200.70.40 00:e0:4c:65:25:dd UHS igb3
127.0.0.1 link#6 UH lo0
128.0.0.0/1 46.246.85.1 UGS ovpnc1
178.73.195.98/32 10.55.50.1 UGS igb0
192.168.5.0/24 link#4 U igb3
192.168.5.1 00:e0:4c:65:25:dd UHS igb3
192.168.5.131 link#4 UHS lo0
192.168.17.0/24 192.168.5.1 UGS igb3
192.168.20.0/24 192.168.5.1 UGS igb3
192.168.40.0/24 192.168.5.1 UGS igb3

Problem #2
ovpnc1 has higher priority than igb0, so the router itself goes on the internet through OpenVPN, and I don't want that.

Any tips on debugging the current issues will be appreciated.

Regards,
Andrea

17.7 Legacy Series / Re: HAProxy '+' sign do add server missing

« on: January 22, 2018, 10:40:47 am »

oh yeah, I can see that now... :-/
The intros are useful, particularly when you don't know HAProxy very well.

Thanks so much for the prompt response!

Regards,
Andrea

17.7 Legacy Series / [SOLVED] HAProxy '+' sign do add server missing

« on: January 22, 2018, 04:01:48 am »

Hi,

I run Opnsense 17.7, I've just enabled the HAProxy plugin but I can't seem to find a way to add servers to get started.
See image attached.

According to the documentation (https://docs.opnsense.org/manual/how-tos/haproxy.html) there should be a '+' sign to use in order to add servers.
Could anyone kindly point out what I am missing?

Regards,
Andrea

17.7 Legacy Series / Re: certificate for Firefox Certificate Internal

« on: November 30, 2017, 02:59:04 am »

Hi!

I had to fiddle a bit to get this to work but I think I nailed it. :-)

Franco - thank you for your explanation, it's been the best I could find so far.

I want to extend a bit on what I did exactly in case that might help someone else in my situation.

1) I created my internal self-signed CA (under System: Trust: Authorities).
2) Then under "System: Trust: Certificates" I "Create an internal Certificate" selecting "Server Certificate" as Type, and selecting the CA created at step 1)
3) I've exported the CA certificate created at step 1) into my Linux system but that was not enough, as Firefox seems to use a separate store for the CA, so I had to import it into Firefox too separately.
4) Switched the SSL certificate used for HTTPS under "System: Settings: Administration" to the newly created at step 2), and save.

Hope it helps.

Regards,
Andrea

Pages: 1 [2]