"Quote from: mimugmail on September 22, 2020, 07:02:36 PMNBMA for Ethernets? Could you explain?
NBMA should be used in usual networks
Thanks,
Patrick
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#10576
20.7 Legacy Series / Re: Does opnsense not let you put vlan's into ospf?
September 22, 2020, 08:00:33 PMThanks,
Patrick
#10577
German - Deutsch / Re: OPNsense / *sense (Online) Usergroup?
September 21, 2020, 08:05:13 PM
Alles klar! Dann melde ich mich Freitag um 16:30 ins Wochenende ab.
#10578
German - Deutsch / Re: Mehrere Netzwerke durch IPSec VPN-Tunnel routen
September 18, 2020, 04:32:23 PM
Genau das hatte ich gemeint. Sorry, war zwischendurch busy. Danke für die Rückmeldung und schön dass es nun klappt.
Kaum macht man's richtig, schon geht's ;) Genau so ist es tatsächlich auch gedacht.
Kaum macht man's richtig, schon geht's ;) Genau so ist es tatsächlich auch gedacht.
#10579
German - Deutsch / Re: VOIP über VPN funktioniert unter 20.7 nicht mehr
September 18, 2020, 04:29:15 PMQuote from: franco on September 18, 2020, 03:29:58 PMWenn ich mich nicht irre, ist das nicht ganz richtig. Wurde der Treiber nicht beim Wechsel von FreeBSD 11 nach 12 auf iflib umgestellt? Vielleicht hilft es, mal den FreeBSD Bugtracker zu durchsuchen.
Das einzige was sich ändert sind die Features der Netzwerkkarten
Ansonsten ist "alle Hardwarefeatures aus" leider immer erst mal eine gute Idee. Ich hatte sogar in einem Digital Ocean Droplet, also einer VM, eine unterirdische Performance, sobald NAT ins Spiel kam. Immer wenn Hardware Offloading eingeschaltet war. Ohne geht's.
Gruß
Patrick
#10580
20.7 Legacy Series / Re: os-bind plugin - zones not added to named.conf
September 17, 2020, 05:56:08 PM
File is not updated at all (no timestamp change) and this is logged:
This is the plugin version:
Code Select
Sep 17 17:22:11 opnsense configd.py[71064]: generate template container OPNsense/Bind
Sep 17 17:22:13 opnsense configd.py[71064]: [5622535e-1a63-4749-a349-3d1a66664ba4] Inline action failed with OPNsense/Bind OPNsense/Bind/named.conf 'collections.OrderedDict object' has no attribute 'allownotifyslave' at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/template.py", line 264, in _generate content = j2_page.render(cnf_data) File "/usr/local/lib/python3.7/site-packages/jinja2/asyncsupport.py", line 76, in render return original_render(self, *args, **kwargs) File "/usr/local/lib/python3.7/site-packages/jinja2/environment.py", line 1008, in render return self.environment.handle_exception(exc_info, True) File "/usr/local/lib/python3.7/site-packages/jinja2/environment.py", line 780, in handle_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.7/site-packages/jinja2/_compat.py", line 37, in reraise raise value.with_traceback(tb) File "/usr/local/opnsense/service/modules/../templates/OPNsense/Bind/named.conf", line 115, in top-level template code zone "{{ domain.domainname }}" { type {{ domain.type }}; {% if domain.type == 'slave' %}masters { {{ domain.masterip }}; }; {% if domain.allownotifyslave != '' %} allow-notify { {{ domain.allownotifyslave.replace(',', '; ') }}; };{% endif %} file "/usr/local/etc/namedb/slave/{{ domain.domainname }}.db"; {% else %}file "/usr/local/etc/namedb/master/{{ domain.domainname }}.db"; {% endif %}{% if domain.allowtransfer is defined %} allow-transfer { {{ allow_transfer.name }}; };{% endif %}{% if domain.allowquery is defined %} allow-query { {{ allow_query.name }}; };{% endif %} }; File "/usr/local/lib/python3.7/site-packages/jinja2/environment.py", line 430, in getattr return getattr(obj, attribute) jinja2.exceptions.UndefinedError: 'collections.OrderedDict object' has no attribute 'allownotifyslave' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lo
This is the plugin version:
Code Select
root@opnsense:/usr/local/etc/namedb # pkg info os-bind
os-bind-1.13
Name : os-bind
Version : 1.13
Installed on : Thu Sep 17 09:34:19 2020 CEST
#10581
20.7 Legacy Series / Re: os-bind plugin - zones not added to named.conf
September 17, 2020, 05:03:41 PM
I did hit save - tried a dozen times including reinstalling the plugin, even cleaning the bind config from the saved XML and reimporting, all that.
As for the version - I am running 2.7.2. How would I check and update plugins?
As for the version - I am running 2.7.2. How would I check and update plugins?
#10582
20.7 Legacy Series / Re: os-bind plugin - zones not added to named.conf
September 17, 2020, 04:50:28 PMCode Select
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on port 53530 { 127.0.0.1; };
listen-on-v6 port 53530 { ::1; };
max-cache-size 80%;
dnssec-validation no;
};
key "rndc-key" {
algorithm hmac-sha256;
secret "*************************";
};
controls {
inet 127.0.0.1 port 9530
allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
zone "localhost" { type master; file "/usr/local/etc/namedb/master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
zone "0.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
logging {
channel default_log {
file "/var/log/named/named.log" versions 3 size 5m;
print-time yes;
print-severity yes;
print-category yes;
};
channel query_log {
file "/var/log/named/query.log" versions 3 size 5m;
print-time yes;
};
channel rpz_log {
file "/var/log/named/rpz.log" versions 3 size 5m;
print-time yes;
};
category default { default_log; };
category general { default_log; };
category queries { query_log; };
category rpz { rpz_log; };
category lame-servers { null; };
};
#10583
20.7 Legacy Series / Re: os-bind plugin - slave/secondary zones?
September 17, 2020, 01:52:06 PM
Added and gets written to the zone file:
But the zone does not get added to named.conf ...
Code Select
root@opnsense:/usr/local/etc/namedb # cat master/fritz.box.db
$TTL 86400
@ IN SOA opnsense.ettlingen.hausen.com. root.opnsense.ettlingen.hausen.com. ( 2009171350 21600 3600 3542400 3600 )
@ A 192.168.93.1
@ NS fritz.box.
But the zone does not get added to named.conf ...
#10584
20.7 Legacy Series / Re: os-bind plugin - slave/secondary zones?
September 17, 2020, 10:44:02 AM
Master zones don't make it into named.conf, either ...
#10585
20.7 Legacy Series / Re: os-bind plugin - slave/secondary zones?
September 17, 2020, 09:46:03 AM
Configured slave zone - please see attachment.
Zone is not in named.conf:
The Jinja template responsible for getting the zones into the config is:
Looks like `{% if helpers.exists('OPNsense.bind.domain.domains.domain') %}` does not evaluate to true.
Kind regards,
Patrick
Zone is not in named.conf:
Code Select
root@opnsense:/usr/local/etc/namedb # fgrep intern.punkt.de named.conf
root@opnsense:/usr/local/etc/namedb #
The Jinja template responsible for getting the zones into the config is:
Code Select
{% if helpers.exists('OPNsense.bind.domain.domains.domain') %}
{% for domain in helpers.toList('OPNsense.bind.domain.domains.domain') %}
{% if domain.enabled == '1' %}
{% set allow_transfer = helpers.getUUID(domain.allowtransfer) %}
{% set allow_query = helpers.getUUID(domain.allowquery) %}
zone "{{ domain.domainname }}" { type {{ domain.type }}; {% if domain.type == 'slave' %}masters { {{ domain.masterip }}; }; {% if domain.allownotifyslave != '' %} allow-notify { {{ domain.allownotifyslave.replace(',', '; ') }}; };{% endif %} file "/usr/local/etc/namedb/slave/{{ domain.domainname }}.db"; {% else %}file "/usr/local/etc/namedb/master/{{ domain.domainname }}.db"; {% endif %}{% if domain.allowtransfer is defined %} allow-transfer { {{ allow_transfer.name }}; };{% endif %}{% if domain.allowquery is defined %} allow-query { {{ allow_query.name }}; };{% endif %} };
{% endif %}
{% endfor %}
{% endif %}
Looks like `{% if helpers.exists('OPNsense.bind.domain.domains.domain') %}` does not evaluate to true.
Kind regards,
Patrick
#10586
20.7 Legacy Series / os-bind plugin - zones not added to named.conf
September 16, 2020, 10:30:43 PM
Hi all,
does anyone know if secondary zones are supposed to work? In my installation they seem to be a no-op.
Just asking if I should file a bug report or if this is simply open for improvement.
Looking for tasks for Hacktoberfest, anyway ;)
Kind regards,
Patrick
does anyone know if secondary zones are supposed to work? In my installation they seem to be a no-op.
Just asking if I should file a bug report or if this is simply open for improvement.
Looking for tasks for Hacktoberfest, anyway ;)
Kind regards,
Patrick
#10587
20.7 Legacy Series / Re: Transparent proxy with SSL
September 16, 2020, 10:28:08 AMQuote from: samnet on September 16, 2020, 08:17:03 AMGet an AD integrated Proxy product, force proxy via group policy, deny Internet access for everyone but proxy on OPNsense.
thanks for clarification.
can you pls suggest any way for controlling URL access in a network with 100 desktops / laptops / mobiles many of them logging via Active Directory win2012
#10588
German - Deutsch / Re: Allg. Frage: Wozu Compiler auf einer Firewall ?
September 16, 2020, 10:21:29 AMQuote from: micneu on September 16, 2020, 07:11:46 AMBisschen harsch formuliert vielleicht, aber prinzipiell richtig. Zumal die z.B. von PCengines & Co. verwendeten Transcend SSDs eine TBW jenseits von Gut und Böse haben. Ich erwarte auch, dass die "ewig" halten.
hmmm, hat man heute nicht standard mässig eine ssd am laufen, ich habe jetzt seit ca. 2015 pfSense/OPNsense am laufen und das immer auf Hardware mit SSD. Was anderes würde ich heute auch NICHT mehr empfehlen und wer heute noch eine magnetplatte oder USB Stick oder ähnlich in einer Firewall einsetzt hat selber schuld.
#10589
Web Proxy Filtering and Caching / Re: HAProxy SSH/HTTPS multiplexing
September 15, 2020, 06:40:09 PM
Sslh can do that:
https://github.com/yrutschle/sslh
I am looking for things to contribute to OPNsense for Hacktoberfest, anyway ... hmmm ... ;)
https://github.com/yrutschle/sslh
I am looking for things to contribute to OPNsense for Hacktoberfest, anyway ... hmmm ... ;)
#10590
German - Deutsch / Re: OPNsense / *sense (Online) Usergroup?
September 14, 2020, 09:10:39 PM
Es gibt auch Apps für iOS und Android, die besser funktionieren als die mobilen Browser. Oder wie schon geschrieben Chrome auf $DESKTOP.
URL eingeben und gut ist. Man kann kryptische URLs als globales Passwort würfeln oder tatsächlich authentifizieren, z.B. gegen Keycloak, aber für semi-öffentliche Treffen tuts meist eine URL.
URL eingeben und gut ist. Man kann kryptische URLs als globales Passwort würfeln oder tatsächlich authentifizieren, z.B. gegen Keycloak, aber für semi-öffentliche Treffen tuts meist eine URL.
