OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of erje »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - erje

Pages: [1]
1
22.1 Legacy Series / Backup / restore broken?
« on: June 25, 2022, 10:28:08 am »
Hello,

When restoring a backup through Web GUI or console, at least the unbound settings are not being restored. The Unbound settings are present in the backup.xml.

Also specifying unbound restore only through the Web GUI does not have any effect.

Other settings that are relevant in my setup seems to have restored properly (Firewall, interfaces,...)

2
22.1 Legacy Series / Serial Console not primary
« on: June 18, 2022, 12:58:04 pm »
Dear community,

When installing the OPNsense serial version, after installation the serial console is not set as primary. Is this expected behaviour?

Earlier this week I upgraded from OPNsense 21.x to OPNsense 22.1.8_1-amd64 on an APU4d4. After the update it looked like that the APU4d4 hang during pre boot, where looking for a device to boot from. Even though I am pretty sure I heard the beep, I was not able to connect to the web GUI. (Cold) restarting always resulted in the same frozen pre boot screen on the serial console.

Eventually I downloaded the installation image OPNsense-22.1.2-OpenSSL-serial-amd64.img and booted from USB key. Once running the live image, I started the installation process. Luckily I was able to load the old configuration file, still on the SDD from the previous installation.

After a system reboot I found the serial console again stuck at pre boot but this time I could hear the beep after a short while and eventually I could login to the web GUI with the IP setup from my old configuration.

Best regards,
Robbert

3
20.1 Legacy Series / High Availability pfsync and DNS issues
« on: April 15, 2020, 06:36:56 pm »
Hello community,

For several weeks now, I tried to setup a fully working HA setup with two APU4d boards. I got to a point where I no longer know what to look for.

This is what I try to setup:
<Image 1: schema>


What is working:

- The configuration is synced from the Master to the Backup node. This was working automatically with OPNsense 19.x but since I upgraded to v20.1.4 it seems I have to force the sync manually. Or I am not patience enough?
- State sync is working. When I pull the Master LAN, the Backup LAN becomes Master. Same thing when I pull the WAN.


What is not working:

- When I pull Master WAN, internet connection is lost. Only when I also pull the Master LAN, internet works again. I am guessing I am missing a firewall rule for the PFSYNC?

<Image 2: Firewall rules PFSYNC>

- I don't have a DNS lookup unless I change the DNS server in [Services]-[DHCPv4]-[LAN]. But I understand that I should enter the LAN VIP? When I do, nothing gets resolved. When I enter google DNS (8.8.8.8 ) it works.

<Image 3: DHCP settings>

While trying several configuration changes, occasionally thought I had it working until it stopped working again. I think caches or existing connections or something else got me tricked. Is there anything I should reset/flush after making (DNS) changes other then requesting a new DHCP release?

I also noticed that the Unbound enable switch is not synchronized between Master and Backup. Is this correct behavior?

I am not 100% sure about the NAT outbound settings. I included a picture of my settings too.
<Image 4: Firewall NAT Outbound>

Any push into the right direction would be very much appreciated!

Thanks,
Robbert

4
19.7 Legacy Series / multiple host overrides within single domain
« on: January 28, 2020, 12:13:09 am »
Dear community,

I have setup a DNS forward for mydomain.com. Behind this domain I have multiple computers running with different services. Computer1 has internal IP 10.0.0.1 with services on port 443, 8070 and 3031, computer2 with IP 10.0.0.2 with services on 443, 12320, 12322, computer3 10.0.0.3 ... etc

With port forwards in OPNsense I can access them all from outside i.e. https://mydomain.com or https://mydomain.com:5443 or https://mydomain.com:3030.

To access the services from within the LAN I believe that best practice is to use unbound and create overrides. This work fine for 1 host but I can't figure out how to set this up for multiple hosts.

Any advice would be very much appreciated as I'm stuck for hours now.

Eventually I would like to have subdomains to redirect to the right computer/service. So instead of mydomain.com:5443 I use private.mydomain.com. Is this possible with SVR records?

Thanks,
Robbert


OPNsense 19.7.10-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.0.2u 20 Dec 2019

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2