Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - opojomo

Pages: [1]

German - Deutsch / Fritzbox-VPN dahinter OPNsense

« on: March 18, 2022, 07:27:24 am »

Hallo,

ich habe ein VPN zwischen zwei Fritzboxen. Die Adressen des entfernten Netzwerks lassen sich erfolgreich pingen, sofern ich direkt mit der Fritzbox verbunden bin.

Eine OSF steht hinter der Fritzbox und soll nun auch Verbindungen über die Fritzbox (WAN) auf das entfernte Netzwerk zulassen. Dies habe ich mit Regeln bereits auf der OSF eingerichtet.
Führe ich dann als Firewall-Client ein tracert durch, geht die Anfrage zunächst an das Gateway des interfaces (ungleich der OSF-WAN-Adresse) und danach zur Fritzbox. Alles gut also. Leider schränkt die Fritzbox die Anfragen aber scheinbar ein, sodass sie das Routing nur vornimmt, wenn die Anfrage von der OSF-WAN-Adresse stammt.

Gibt es eine Möglichkeit dies zu erreichen? Wie wäre die Vorgehensweise? Ich habe mir vorgestellt, dass sämtliche Anfragen, die die OSF selbst nicht beantworten kann, mit ihrer eigenen WAN-Adresse an die Fritzbox weitergereicht wird - die OSF also ihre IP noch dazwischen schiebt.

Danke für eure Unterstützung!

General Discussion / Make use of unused ethernet ports

« on: May 24, 2021, 09:23:18 am »

Hello all,

in my setup i have an opnsense with three ethernet ports. One port is used to connect to the WAN device (FritzBox) and another is used to be connected to my switch where all devices are directly and indirectly connected to.

This leaves me with one port unused. Is there a possibility to make use of this unused port? I was thinking about connecting it to the WAN device (WAN although has only 100Mbit download/ 40 Mbit upload), or connecting it to the switch, so traffic can go through both ports (1GB + 1GB = 2GB?)

Very thankful for your help.

Best regards

General Discussion / VLAN for central network services

« on: May 12, 2021, 12:22:54 pm »

Hello all,

i have had the following idea and would love to hear from you experts what you think of it.

I have an OPNsense and nine VLANs configured. I want all clients in each VLAN to use Unbound DNS configured in OPNsense and also the NTP service provided by OPNsense.

I created a VLAN [2] called NetServices without DHCP. I created a floating rule including every vlan interface allowing access to VLAN [2]. In every VLAN DHCP configuration i entered the NetServices address to be used as DNS and NTP.

With this set up, Unbound DNS now only listens on NetServices address and nslookup of the opnsense hostname will only return this address. I did not like it, when every client on every subnet could see which subnets are configured inside OPNsense (which happens, when Unbound DNS listens on every net).

What do you think? What are your practices?

Best regards

General Discussion / Accessing OPNsense by its Hostname

« on: May 08, 2021, 10:11:51 am »

Hello all,

I am used to access my hosts by their hostname on the local domain, like opnsense.opojomo.local

With OPNsense itself there is something I do not understand. If I try to access opnsense.opojomo.local the IP I get from the DNS (Unbound DNS) is always [when I flush DNS of course] a random gateway (=OPNsense) IP address of one of my VLANs. Thus, if the IP returned by the DNS is not a specific IP [one from a VLAN that shall have access to OPNsense, others must not] I will not get access to OPNsense.

I have set Unbound DNS overwrite for opnsense.opojomo.local -> 172.16.1.1, still, the IP my clients get are always different.

How may I resolve this issue?

Thanks in advance for your help!

Best regards

Pages: [1]