Topics

1

General Discussion / Random network dropouts - how do I troubleshoot this?

« on: March 29, 2024, 05:54:42 pm »

Hey all,

Running into this weird issue, every device on my network is experiencing random connectivity issues. Wireless or wired. I can see that every 5-10 minutes or so if I leave a continious ping against opnsense when all our devices experience a momentary 'pause' - i get requiest timeouts at the same time:

64 bytes from 192.168.1.1: icmp_seq=2346 ttl=64 time=0.872 ms
64 bytes from 192.168.1.1: icmp_seq=2347 ttl=64 time=0.439 ms
Request timeout for icmp_seq 2348
Request timeout for icmp_seq 2349
Request timeout for icmp_seq 2350
Request timeout for icmp_seq 2351
64 bytes from 192.168.1.1: icmp_seq=2352 ttl=64 time=0.785 ms
64 bytes from 192.168.1.1: icmp_seq=2353 ttl=64 time=0.797 ms
64 bytes from 192.168.1.1: icmp_seq=2354 ttl=64 time=0.710 ms

that every few minutes - any advice is appreciated, i'm not exactly sure where to start. I've tried the basics, restarting opnsense, rebooting or unplugging switches and nothing...

2

23.7 Legacy Series / [SOLVED] Block rule not working on Wyze cameras somehow?

« on: December 05, 2023, 08:36:12 am »

I have a few cameras around the house that I wanted to block from having internet access so I created a simple rule:

1) Alias listing IP's of the cameras
2) LAN Firewall Rule that blocks the alias list.

I tested this by sticking my iphone's ip address on it and yes it cannot access the internet.
I enabled firewall logs on the block rule and I see that traffic is being blocked per IP
BUT somehow when i get my iphone off of my local wifi and onto cellular and launch the Wyze app, somehow I am still getting the camera feed?

I feel like im taking crazy pills can someone check me? Attached pics of the setup.

3

General Discussion / HAProxy and OctoPrint

« on: April 02, 2022, 12:27:46 am »

Hey all,

I was hoping someone might be able to point me in the right direction. I use HAProxy installed on OPNsense for most of my internal services. I've got it all working except I'm having a weird issue with OctoPrint. Octoprint requires some back end pool passthroughs in order to properly re-write.

In my scenario i'm trying to make this work such as https://www.domain.com/octoprint which is how i do with my most of internal services.

According to this documentation it should look something like this: https://community.octoprint.org/t/reverse-proxy-configuration-examples/1107

Code: [Select]

backend octoprint
  reqrep ^([^\ :]*)\ /octoprint/(.*)  \1\ /\2
  reqadd X-Script-Name:\ /octoprint
  option forwardfor
  server octoprint1 127.0.0.1:5000
and

Code: [Select]

backend octoprint
  ...
  reqadd X-Scheme:\ https if { ssl_fc }
  ...to indicate https requests.

What they recommend however for our version of HAProxy doesn't use reqrep and reqadd so after a bit of research I ended up with this as pass-through options:

Code: [Select]

http-request replace-path ^([^\ :]*)\ /octoprint/(.*)  \1\ /\2
http-request add-header X-Script-Name /octoprint
option forwardfor
acl needs_scheme req.hdr_cnt(X-Scheme) eq 0
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
I am presented with a login screen to octoprint it just loops me when I try to login. On the octoprint log side it seems to terminate the connection right after I try logging in, however when just loading the front end I see that nearly all items load except for one particular JS file.

Any help is appreciated, maybe I'm not passing through the write things or I'm not using the UI properly in some way.

Thanks in advance,
Jon

4

General Discussion / Newbie Help: Cloudflare only way access HAProxy... rule?

« on: January 19, 2022, 10:25:14 am »

Hi All,

I've enabled HAProxy and I would like to put cloudflare infront for statistics gathering + some extra security. I would like to make it so that the only way my resources could be accessed are if going through Cloudflares DNS.

I found a list of cloudflares IP's and currently I have a rule setup for HA proxy which is relatively simple, basically allow any source to access the router on port 443.

I havent done too much custom rules yet but would i simply need to make an alias which contains all of cloudflares IP's and then set that as the source for this rule?

Any help is really appreciated - thank you!
Jon

5

21.1 Legacy Series / Should I update root.hints for Unbound?

« on: February 07, 2021, 10:04:51 am »

Hi All,

Very new to opnsense...

I noticed that the latest roots.hints available from ftp://FTP.INTERNIC.NET/domain/named.cache was updated last on Jan 11th, 2021 but the default roots.hints file that comes with OPNSense is from July 9th, 2018. Would it be a good idea to update it, and if so is there a best way to do it?