Messages

91

Web Proxy Filtering and Caching / Squid Proxy Administration Questions

« on: December 19, 2021, 04:00:28 pm »

Hello,

i have setup Squid Proxy today, and have some Questions to specific Settings:

Web Proxy - Administration - General Proxy Settings - Use alternate DNS-servers

As i use Unbound with DNS Crypt Proxy, what would be the Use Case to specify here different / alternate DNS Servers for the Proxy?

Web Proxy - Administration - Forward Proxy - Access Control List - Allowed destination TCP port and Allowed SSL ports

Is this configuration here the place for "Punch a whole" through the Proxy?

Under Allowed destination TCP port are some ports already predefined, are this just example Ports? Whats the difference between Allowed destination TCP port and Allowed SSL ports in point of configuration?


Web Proxy - Administration - Forward Proxy - SSL no bump sites

Is there an Option to somehow Upload a Domain List what should be excluded directly? Without have to enter manually a lot of Domains?

Thx!

92

21.7 Legacy Series / URL TableIP Alias empty not updating after Upgrade to 21.7.7

« on: December 17, 2021, 06:29:17 pm »

Hello,

after upgrade to 21.7.7. my Spamhaus etc. Alias with the URL TableIPs was empty and update was also not possible. Tried also with several reboots, but nada.

Created the same Alias new again, and URL Table IPs are loaded fine afterwards.

How to prevent this in future? I mean why after an upgrade, the really basic stuff is not working anymore...

Thx!

93

Virtual private networks / Re: OpenVPN + Policy Based Routing + Firewall Rules Question

« on: December 07, 2021, 08:34:30 pm »

Perfect, thanks Franco for your Help!

94

Virtual private networks / Re: OpenVPN + Policy Based Routing + Firewall Rules Question

« on: December 07, 2021, 05:44:51 am »

Hi Franco,

thanks for the update. For me is the part of the Note regarding "using a default gateway" with higher priority not complete clear.

For Example to understand, if i would like to Route a specific Client Pc not over the VPN Gateway and instead over the normal WAN Gateway, i have to add the Rule with the higher priority over the VPN Gateway "using a default gateway"?

Thx!

95

Virtual private networks / OpenVPN + Policy Based Routing + Firewall Rules Question

« on: December 03, 2021, 01:58:07 pm »

Hello,
I have a understanding question regarding firewall rules and policy based routing over OpenVPN connection https://docs.opnsense.org/manual/firewall.html to the following Note:

Note
When using policy based routing, don’t forget to exclude local traffic which shouldn’t be forwarded. You can do so by creating a rule with a higher priority, using a default gateway.

Please see attached screenshots of my Firewall Rules.

How exactly can I exclude the local traffic which shouldn’t be forwarded to the OpenVPN connection in my case, as I actually just want to allow http / https traffic to internet for the VLAN10 over the specific OpenVPN single gateway?

Reading the Note over and over again just confuse me more…

Thx!

96

General Discussion / Re: Merge Unbound / DNSCrypt Proxy settings custom-options.conf

« on: December 01, 2021, 10:51:20 am »

Thx, just saw further down in the documentation, to use instead of custom-options.conf for more permanent solution Templates ?

Now im wondering which is the best route to go

97

General Discussion / Re: Merge Unbound / DNSCrypt Proxy settings custom-options.conf

« on: December 01, 2021, 10:35:06 am »

Any One?
Thx

98

General Discussion / Merge Unbound / DNSCrypt Proxy settings custom-options.conf

« on: November 29, 2021, 04:55:50 pm »

Hello,

i use the Unbound custom-options.conf actually with the following settings for DNSCrypt Proxy:

Code: [Select]

server:
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
I saw here in this Guide https://nguvu.org/pfsense/pfsense-baseline-setup/#dns%20resolver to make the DNS Resolver authoritative for the local Domain, adding the following snippet to the custom-options:

Code: [Select]

server:
local-data: "local.lan. 10800 IN SOA pfsense.local.lan. root.local.lan. 1 3600 1200 604800 10800"
My question, can i just add additionally the second setting to the custom-options.conf? Do i need to keep here a specific order somehow?


Thx!

99

Tutorials and FAQs / Re: HOWTO - Routing Traffic over Private VPN

« on: November 29, 2021, 03:21:11 pm »

Hello,
have a question regarding the openvpn client tunnel configuration, specific regarding the setting Dont add/remove routes as some VPN Guides suggest to enable mark this setting.

When i enable the setting, my VPN Client Connection stops working, when i disable the setting, the Tunnel comes Up and start to work again.

What should be the correct setting here?

Any Idea?

Thx!

100

Virtual private networks / Re: Connect to OpenVPN via two firewalls behind another

« on: November 27, 2021, 12:12:57 pm »

Hello,
i would also be interested in this topic. Did you get the configuration to work?
Thx!

101

General Discussion / Re: Full Backup / Clone SSD possible, how?

« on: November 27, 2021, 10:50:04 am »

The config.xml should include ANYTHING needed to configure the firewall

No, unfortunately not. If you have for Example installed DNSCrypt Proxy Version 211 manually, and if you are using NTOpng Geo Maps and copied over the GEO Files manually to use it, this Files are not available in case of XML Restore...

102

General Discussion / Re: Full Backup / Clone SSD possible, how?

« on: November 26, 2021, 09:01:44 am »

thanks a lot, the restore of the image worked, fw is up and running again

it would be really great, if there would be the possibility in future to implement this in a script / or plugin, and also have the option to send the image to a shared network folder.

Thank you All for your Help!

103

General Discussion / Re: Full Backup / Clone SSD possible, how?

« on: November 25, 2021, 06:39:33 pm »

@pmhausen

Thx, image is created , how exactly write back?

104

Virtual private networks / Prevent Ipv6 auto Gateway creation OpenVpn

« on: November 25, 2021, 05:12:09 pm »

Hello,

im trying to Setup OpenVPN Client Connection. But every time I create the connection, under System – Gateways – Single there are 2 Gateways automatically created, one for IPv4 and one for IPv6.

Is there a option to disable the automatic Gateway creation for the IPv6 Gateway?

Thx!

105

General Discussion / Re: Full Backup / Clone SSD possible, how?

« on: November 25, 2021, 12:43:34 pm »

Thx, yes, system is not virtualized. and possible offline option? install freebsd in virtual box and connect both drives via USB, and use dd?