631
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
632
General Discussion / Re: NordVPN Firewall Rules for only one Alias?
« on: October 13, 2022, 03:34:21 pm »
So you want one or more devices to use the NordVPN gateway?
I explained this a couple of days ago in the german QNAP forum with screenshots, hope this helps:
https://forum.qnapclub.de/thread/61003-qvpn-soll-sat-empf%C3%A4nger-vort%C3%A4uschen-er-w%C3%A4re-in-deutschland-nur-dns-l%C3%A4uft-nicht/?postID=448566#post448566
I explained this a couple of days ago in the german QNAP forum with screenshots, hope this helps:
https://forum.qnapclub.de/thread/61003-qvpn-soll-sat-empf%C3%A4nger-vort%C3%A4uschen-er-w%C3%A4re-in-deutschland-nur-dns-l%C3%A4uft-nicht/?postID=448566#post448566
633
22.7 Legacy Series / Re: How to map all outbound DNS requests to the local resolver in IPv6 networks?
« on: October 13, 2022, 06:47:02 am »
For some reason ::1 don't work for me too.
Instead I'm using the Sense's ULA, created as virtual IP.
Instead I'm using the Sense's ULA, created as virtual IP.
634
22.7 Legacy Series / Re: failover question
« on: October 12, 2022, 07:08:35 am »
It would be nice if you wrote about what you are referring to.
I assume https://docs.opnsense.org/manual/how-tos/multiwan.html
The rule is placed above (before) the default allow rule on each interface that uses the gateway group.
To be honest: I never understood this rule, but never cared about as I have such a rule anyway for redirecting DNS.
What are you intended to do?
For Failover only, you need to use different tiers, where the main gateway ist the lower one.
I assume https://docs.opnsense.org/manual/how-tos/multiwan.html
The rule is placed above (before) the default allow rule on each interface that uses the gateway group.
To be honest: I never understood this rule, but never cared about as I have such a rule anyway for redirecting DNS.
What are you intended to do?
For Failover only, you need to use different tiers, where the main gateway ist the lower one.
635
22.7 Legacy Series / Re: How to handle VLAN isolation for IPv6?
« on: October 10, 2022, 06:38:11 am »
You can use "This Firewall" in your rules, which will contain all v4 and/or v6 addresses of the sense itself, v6 prefix changes are taken into account.
636
General Discussion / Re: Simple rule not working
« on: October 08, 2022, 06:31:10 pm »
Depends on how much you need to block... for a few networks I would allow any for LAN and create a block rule for each network that should not be reachable.
637
General Discussion / Re: Simple rule not working
« on: October 07, 2022, 04:33:43 pm »
WAN_net means for your sense the network between Fritzbox and the sense.
With this rule, you only have access from LAN to this small network (WAN sense and LAN/DMZ Fritzbox).
For the issue with resetting states see this Thread: https://forum.opnsense.org/index.php?topic=30392.msg146651#msg146651
With this rule, you only have access from LAN to this small network (WAN sense and LAN/DMZ Fritzbox).
For the issue with resetting states see this Thread: https://forum.opnsense.org/index.php?topic=30392.msg146651#msg146651
638
German - Deutsch / Re: breitbandmessung-App vs iperf3 vs Windows & Linux
« on: October 05, 2022, 11:20:28 am »
Ich vermute mal "der andere Laptop" hat irgendwelche Zimperchen und liefert daher so abweichende Ergebinsse.
Wie hast Du iperf3 ausgeführt? Klingt für mich danach, als hättest Du damit nur den Upload gemessen.
Upload:
iperf3 -c HOST
Download:
iperf3 -c HOST -R
Wie hast Du iperf3 ausgeführt? Klingt für mich danach, als hättest Du damit nur den Upload gemessen.
Upload:
iperf3 -c HOST
Download:
iperf3 -c HOST -R
639
22.7 Legacy Series / Re: AdGuard not updating
« on: October 04, 2022, 04:44:24 pm »
No problems here. Updated from 0.107.09 to 0.107.15 a few minutes ago.
640
German - Deutsch / Re: Wireguard Roadwarrior - kein Handshake
« on: October 04, 2022, 12:31:39 pm »
Den Port hast Du jetzt angegeben?
AllowedIPs = 0.0.0.0/0, ::/0
Ist unter Windows meiner Erfahrung nach keine gute Idee (dürfte aber nichts mit dem Handshake zu tun haben, sondern nur mit dem Routing).
Ich verwende hier
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
weil Windows die default Route nicht überschreibt, was mit dieser Konstellation quasi umgangen wird.
AllowedIPs = 0.0.0.0/0, ::/0
Ist unter Windows meiner Erfahrung nach keine gute Idee (dürfte aber nichts mit dem Handshake zu tun haben, sondern nur mit dem Routing).
Ich verwende hier
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
weil Windows die default Route nicht überschreibt, was mit dieser Konstellation quasi umgangen wird.
641
22.7 Legacy Series / Re: OS ddclient - How to use an URL provided by the DynDNS service in "custom"?
« on: October 03, 2022, 01:56:45 pm »
I am using both at the moment... The old plugin does the productive DDNS and the new one is for testing purposes, as I am not able at the moment to get it to work for every provider in use and in IPv6/IPv4 multi WAN environment...
642
German - Deutsch / Re: Wireguard Roadwarrior - kein Handshake
« on: October 02, 2022, 12:21:31 pm »Oder bezieht sich das auf den Endpoint Port in der Config von WG auf der Sense?
Jap.
643
German - Deutsch / Re: Wireguard Roadwarrior - kein Handshake
« on: October 02, 2022, 10:06:21 am »
Du musst beim peer den Port angeben, wenn dieser vom Standard abweicht.
644
22.7 Legacy Series / Re: NAT Portforwarding with TPC/UDP and IPv4+6
« on: September 25, 2022, 05:00:07 pm »
Does the alias "Server" contain both, v4 and v6 adresses?
I think it should be better to use one alias and one redirect rule for each.
I think it should be better to use one alias and one redirect rule for each.
645
General Discussion / Re: firewall rules not block
« on: September 23, 2022, 12:31:36 pm »
If a connection is already established due to the ruleset, a new block rule will not apply until the connection is closed. Then the new block rule applies and a new connection cant be established.
Reset states forces all connections to close.
Reset states for pass rules is not necessary, because a connection cannot be estabslished before, so there is no state "overriding" the new rule.
See also https://docs.opnsense.org/manual/firewall.html
Reset states forces all connections to close.
Reset states for pass rules is not necessary, because a connection cannot be estabslished before, so there is no state "overriding" the new rule.
See also https://docs.opnsense.org/manual/firewall.html
Quote
Note
When changing rules, sometimes its necessary to reset states to assure the new policies are used for existing traffic. You can do this in Firewall ‣ Diagnostics ‣ States.