Messages

196

18.7 Legacy Series / Re: Haproxy and Letsencrpyt integration

« on: December 12, 2018, 02:20:37 pm »

Thanks all for your help.

The last thing was a error in the frontend. The listening adress had to be my WAN-IP.

Thats grumpy too, as i have ddns running. So i have to change the ip manually each time if it changes.

197

18.7 Legacy Series / Re: Haproxy and Letsencrpyt integration

« on: December 12, 2018, 08:33:00 am »

*grumpy* i just get 400 and no cert i think i reinstall everything on letsencrypt and haproxy for this. It did not create a public frontend, whilst installing le.

198

18.7 Legacy Series / Re: HAPROXY: Which Ports to which target to open for reverse proxy

« on: December 12, 2018, 08:30:46 am »

Thx, i think i had this, but i gonna retry. Maybe i just did something wrong.

199

18.7 Legacy Series / Re: HAPROXY: Which Ports to which target to open for reverse proxy

« on: December 11, 2018, 07:53:17 am »

OK, and then just a rule on wan to allow port 80 and 443?

i tried before to insert my domain in the form domain.tld:80 domain.tld:443 - this did not work either. I thought, this will make it listening to wan port?

200

18.7 Legacy Series / Re: Haproxy and Letsencrpyt integration

« on: December 11, 2018, 07:51:24 am »

the howto for the haproxy is quite old. The printscreens do not show the tabs used now, this can be very irritating.

Where can i switch between test and prod?

201

19.1 Legacy Series / Re: Suricata: Not logging alerts in Tab alerts

« on: December 11, 2018, 07:49:43 am »

i had to reset my opnsense and my backups crashed. Therefore, i had to reinstall my machine.

I updated immediately to 19.1b... and it worked! I hat logentries from suricata. It seems, that the "fresh" install solved the problem.

If the problem comes back, i'll inform.

202

19.1 Legacy Series / Re: Default Gateway indication in Dashboard

« on: December 10, 2018, 03:47:10 pm »

Thx for posting, solved.

In fact, "disable Gateway monitoring" was checked on my opnsense. I hope this is not default, as i do not remember changing it.

203

18.7 Legacy Series / HAPROXY: Which Ports to which target to open for reverse proxy [solved]

« on: December 10, 2018, 10:25:00 am »

Hi,

Which ports do i have to open on the wan-interface, when using haproxy (listening on 127.0.0.1:80 and 127.0.0.1:443) public frontend?

Do i just have to set on wan interface allow all to this firewall port 80 and 443?

204

18.7 Legacy Series / Re: Haproxy and Letsencrpyt integration

« on: December 10, 2018, 10:22:53 am »

i am back on prod 18.7.8 and installed acme via extensions. Isn't there just the production version?

Or do you mean to execute the acme.sh via ssh directly and not via webinterface?

205

18.7 Legacy Series / Haproxy and Letsencrpyt integration [solved]

« on: December 08, 2018, 04:01:51 pm »

Hi,

i installed haproxy and the le-plugin according to the documenation. i have now 2 things:

1) calling my website from the internet brings me a certificate error. this is, i think, according to the fact, that i cannot install a le-certificate for haproxy

2) trying to have a certificate from le, just ends up in status '202' after acknowleding token and nonce and what else..

I installed the le-plugin with the ha-integration, leaving all to standard, but i cannot ge le certifying my haproxy.

and btw.: which firewall-rules do i have to set to have haproxy as a reverseproxy for my webserver? is a rule (allow from wan to this firewall, port 80 and 443) enough? Portforwarding does not work in that case.

206

19.1 Legacy Series / Default Gateway indication in Dashboard [solved]

« on: December 07, 2018, 12:07:43 pm »

Hi,

In the Dashboard, under Gateways, my WAN_DHCP-Gateway is show as offline, but i have connection. Is this a bug?

Roger

207

18.7 Legacy Series / Re: HA-Proxy problem: error_ssl_protocol

« on: December 03, 2018, 08:16:01 pm »

The thing is, that haproxy has no certifkcate from acme at all.

It is on the backendserver already installed.

208

18.7 Legacy Series / HA-Proxy problem: error_ssl_protocol

« on: November 27, 2018, 12:07:39 pm »

Hi,

I installed 2 backend-servers, one with ssl, one with nossl. I installed 1 frontend for both, with actions and conditions. HAProxy works, but if i want to connect via wan, i get a ssl-error in my browser.

The certificate still is on my server, it's a letsencrypt-cert. I think, i did someting wrong in the config. Does the webserver (the backend) still need a certificate? Or does this error come because of not having an official cert (not a selfsigned one)?

I think, except this, it would work...

Thx!

209

Intrusion Detection and Prevention / Re: Suricata and vlans

« on: November 26, 2018, 02:55:44 pm »

i am not aware of your architecture and wishes, but how big is your installation? I personally (@home!!!!) just inspect traffic on WAN, as i don't want traffic to get inspected, if i am in a "secure" zone.

If you have vlans, have you entered the networks in suricata?

210

19.1 Legacy Series / Re: Suricata: Not logging alerts in Tab alerts

« on: November 16, 2018, 03:46:44 pm »

ok - what i can say so far is, that  since changing to 19.1 beta, eve.json and rules.json aren't filled anymore. The last entry is from my 18.7.7. stable environement.