Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ruggerio

#286
18.1 Legacy Series / Re: RFC Unbound: CNAMES
March 20, 2018, 07:22:13 AM
Sorry about this.

After researching lots, i found, that unbound is no 100% the choose for this.

I changed to dnsmasq, which i know from Linux, it brings the functionality.

Question: is the actual implementation from dnsmasq in opnsense using dnssec?

Thx,
Roger
#287
As i am new in opnsense, thats why i told i could mismatch. If you find the solution, i would glad to know also.  ;)
#288
18.1 Legacy Series / RFC Unbound: CNAMES
March 19, 2018, 12:58:25 PM
Hello,

CNAMES are commonly used in Network Environments. Could you please add the Option in unbound to add CNAME's to existing A-Records?

Thanks,
Roger
#289
i  would say works as designed, but could mismatch.

you would have to route the complete traffic from your vpn through your Network.

What i saw is, that if contacting an ip outside the lan-range, it will Bypass vpn. So, you need to fix the DNS-Server in your Client.

btw. i gave up on ikev1 because of the Routing issues. Openvpn does this with one click. (even if ipsec was my favourite).

Roger
#290
Hi Netranger,

Thanks for your reply. Yes, i installed the rule, tried just "Download ACL", reentered, no category, then Download and apply ACS, still no change.

I Setup the box with the latest 18.1.4 Version. But i remember, it has been working with 18.1.2.

Unfortunately, also the logs do not tell that much.

i will download shallalist and try to install it via 127.0.0.1 (if i find out the webroot)

Roger
#291
Hi,

I installed opnsense and wanted to filter web traffic with the remote access lists.

But neither Shallalist nor UT1 (according to doc) do download the lists. There are no categories at all.

I saw this happening already in 17.1 (according to the forums) but manually downloading did not the trick.

Any ideas?

Thanks!
Roger
#292
Hi,

i have a working ipsec connection, which i would like that my clients at home use also for surfing. On any client, i installed the route 0.0.0/0, which i assume will redirect all traffic via tunnel.

The thing is, that i cannot go to internet like this. On the firewallside, i see dns-requests leaving the firewall, but no response comes back. So i assume, that the connection is not natted, so it goes to 192.168.0.0/24 (which is quite wrong).

Also, on outgoing nat, i see just rules for lan networks and localhost. There should also be a rule for ipsec? How can i do that? I did not find any rtfm :(

TIA
Roger
#293
I had this issue also. funnierwise, i added a rule on the ipsec Interface, target "this Firewall" - afterwards, it worked.

btw. - is your traffic to Internet passing through opnsense or directly from your android-device to the Internet? i never got "Routing all traffic through the tunnel" working.

hth
#294
*Addendum*

It works 50%, as if i add an external DNS-Server. But, my Goal is, that all traffic passes through the internal net.

Roger
#295
Hi,

I installed IPSEC according to the Roadwarrior-Manual from the Homepage.

The Problem is, that it seems, that traffic to Internet via ipsec is working outgoing, but it seems somehow blocked on the way back.

Also, i found no rule for the ipsec-network on the outgoing nat-tab.

Does anybody have an idea, what i did wrong or what i've been missing?

Cheers!