1
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
German - Deutsch / Load balancing & Fail over
« on: December 29, 2023, 12:36:56 pm »
Hallo,
ich habe hier 2 VDSL Anschlüsse und einen LTE Zugang. Ich hätte gerne Load balancing für die VDSL-Anschlüsse und den LTE als fail over. Dazu habe ich eine Gateway-Gruppe gebaut mit den beiden VDSL als Tier 1 und dem LTE als Tier 2. Bei den Gateways habe ich das Monitoring aktiviert und den Haken bei "Upstream gateway" gesetzt.
Jetzt sehe ich aber immer wieder Traffic auf dem LTE, wie verhindere ich das bzw. wie mache ich das richtig?
TIA
Matthias
ich habe hier 2 VDSL Anschlüsse und einen LTE Zugang. Ich hätte gerne Load balancing für die VDSL-Anschlüsse und den LTE als fail over. Dazu habe ich eine Gateway-Gruppe gebaut mit den beiden VDSL als Tier 1 und dem LTE als Tier 2. Bei den Gateways habe ich das Monitoring aktiviert und den Haken bei "Upstream gateway" gesetzt.
Jetzt sehe ich aber immer wieder Traffic auf dem LTE, wie verhindere ich das bzw. wie mache ich das richtig?
TIA
Matthias
3
23.7 Legacy Series / Routing or TCP Relay
« on: December 09, 2023, 02:35:34 pm »
Hi,
my setup looks like this:
MailServer -> OpnSense1 -> Wireguard (Internet) -> OpnSenese2 -> Internet
Port 25 of the mail server has to be routet to OpnSese2 to reach other mail servers. IMHO there are two possible solutions:
1. A policy based route on OpnSense2 pointing to the LAN address of OpnSense2 where the packets get nated and routed out to the internet.
2. A TCP relay on OpnSese2 used at the mailserver.
For 1. I can't figure out how to configure the routing in OpnSesnse1 and for 2. I don't know which plugin to use. A Mail-Relay on OpnSense2 is no option for me.
Any suggestions?
TIA
Matthias
my setup looks like this:
MailServer -> OpnSense1 -> Wireguard (Internet) -> OpnSenese2 -> Internet
Port 25 of the mail server has to be routet to OpnSese2 to reach other mail servers. IMHO there are two possible solutions:
1. A policy based route on OpnSense2 pointing to the LAN address of OpnSense2 where the packets get nated and routed out to the internet.
2. A TCP relay on OpnSese2 used at the mailserver.
For 1. I can't figure out how to configure the routing in OpnSesnse1 and for 2. I don't know which plugin to use. A Mail-Relay on OpnSense2 is no option for me.
Any suggestions?
TIA
Matthias
4
21.1 Legacy Series / Thanks for the new traffic graphs
« on: March 05, 2021, 08:38:27 am »
I just want to say "thank you" for the really nice new traffic graphs and especially for the new traffic widget. Exactly what I needed. Great work!
5
20.7 Legacy Series / Re: Unbound service routinely stopping/crashing following 20.7.7 update
« on: December 26, 2020, 10:15:03 am »
Same here, just FTR. For me it crashes about every second day. I will apply the patch.
6
20.7 Legacy Series / Re: ipv6 wan stops working after a while
« on: November 15, 2020, 10:47:45 am »8
20.7 Legacy Series / Re: IPv6 radvd stops working
« on: November 10, 2020, 08:05:58 am »
I don't think so. There are no "in6_ifadd: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx is already configured" messages. External IPv6 connectivity works. Only internal systems loose their auto configured default gateway because radvd stops working and so the IPv6 default gateway does not get advertised and times out at the clients. The workaround for my problem is to restart radvd.
9
20.7 Legacy Series / IPv6 radvd stops working
« on: November 08, 2020, 11:57:42 am »
Hi,
since I've upgraded to 20.7 about every month radvd stops working and so IPv6 on my internal interfaces as the default route expires and isn't renewed. I've to restart radvd. After this everything is back to normal.
How to debug and fix this?
TIA
Matthias
since I've upgraded to 20.7 about every month radvd stops working and so IPv6 on my internal interfaces as the default route expires and isn't renewed. I've to restart radvd. After this everything is back to normal.
How to debug and fix this?
TIA
Matthias
10
20.7 Legacy Series / Re: current setup to cluster
« on: October 14, 2020, 04:49:36 pm »
Cool, thanks, I will give it a try.
11
20.7 Legacy Series / Re: current setup to cluster
« on: October 14, 2020, 02:37:21 pm »
Thanks, well, my intention was to avoid to rekonfiguriere all 18 interfaces :-)
What about my few hundred firewall rules? The rules are bound to interfaces ...
An option may be to get two new appliances and migrate everything, also some thing I wanted to avoid.
What about my few hundred firewall rules? The rules are bound to interfaces ...
An option may be to get two new appliances and migrate everything, also some thing I wanted to avoid.
12
20.7 Legacy Series / Re: current setup to cluster
« on: October 14, 2020, 01:55:31 pm »
Ok, thanks but how to do this? Is there any documentation or a howto?
13
20.7 Legacy Series / current setup to cluster
« on: October 14, 2020, 12:39:05 pm »
Hi,
I've a running setup on a single appliance and I want to add a second appliance to create a cluster. Is it possible to do this without wiping my existing setup?
TIA
Matthias
I've a running setup on a single appliance and I want to add a second appliance to create a cluster. Is it possible to do this without wiping my existing setup?
TIA
Matthias
14
General Discussion / Re: UDP Broadcast Relay
« on: October 14, 2020, 12:16:13 pm »
Just want to thank you for this great plugin. You made my day. Sonos and CIFS/SMB lookups perfectly work across VLANs.
15
19.7 Legacy Series / Policy based routing for IPSEC (not tunnel)
« on: January 30, 2020, 03:29:25 pm »
Hi,
I've 3 up links, A, B and C. A is my default gateway. I use policy based routing to direct LAN (and VLAN) traffic to one of these up links. This works as expected.
I've configured my IPSEC VPN to use the interface of up link C. Now I need the IPSEC VPN to use the gateway of up link C. To get this I need policy based routing entries for firewall local traffic (ESP, ISADMP, NAT-T). I can see auto generated rules on up link C for the IPSEC traffic with the gateway of up link C to be set as gateway. But what I found is that they do not get used.
When I do "ipsec up con1" and look at my up link A interface by tcpdump I see the ESP traffic on A instead of C.
When I initial IPSEC from the remote site I see the ESP packages arrive on C and the answers of OpnSense on A.
How to get this working?
TIA
I've 3 up links, A, B and C. A is my default gateway. I use policy based routing to direct LAN (and VLAN) traffic to one of these up links. This works as expected.
I've configured my IPSEC VPN to use the interface of up link C. Now I need the IPSEC VPN to use the gateway of up link C. To get this I need policy based routing entries for firewall local traffic (ESP, ISADMP, NAT-T). I can see auto generated rules on up link C for the IPSEC traffic with the gateway of up link C to be set as gateway. But what I found is that they do not get used.
When I do "ipsec up con1" and look at my up link A interface by tcpdump I see the ESP traffic on A instead of C.
When I initial IPSEC from the remote site I see the ESP packages arrive on C and the answers of OpnSense on A.
How to get this working?
TIA