Messages

46

22.1 Legacy Series / Re: Loadbalancing - still broken

« on: June 20, 2022, 12:36:55 am »

Unbound isn't needed for that at all.

But as long as you can't make a gateway group the default gateway, I don't see how load balancing is supposed to actually work in OPNsense.

47

Virtual private networks / Re: Routing issues with far gateway over VPN

« on: June 19, 2022, 05:04:17 pm »

Why don't you use OPNsense3 directly as gateway for LAN Clients after creating a VPN conntection between OPNsense3 and OPNsense1?  If you use openVPN, that already gives you a gateway, and you can simply use a firewall rule on the LAN interface to route the traffic through that gateway if it doesn't bother you that it would circumvent the routing table.  Or you could make the VPN gateway the default gateway.

Routes don't become suddenly dynamic when there are multiple routes to the same destination.  It may suffice to give routes (gateways) different weights, or perhapts you could use STP, or maybe OSPF.

What's the point anyway?  And have you considered using tor?

48

Virtual private networks / Re: Routing issues with far gateway over VPN

« on: June 19, 2022, 01:05:16 pm »

Yes, and I don't understand this idea.  I asked about that a while ago.

I would understand "unreachable" or perhaps "disconnected" gateway, but not "far".  Does it mean you need a different interface and a route to reach a "far" gateway?  Or does it need to be renamed?  Or do you need to connect something somehow to something?  What's the idea here?

And I guess you can assume that most gateways exist outside of the subnet of a particular interface.  So what.  Maybe call it an "irrelevant" gateway?  Or, assuming that the very number of gateways that are outside of the subnet of a particular interface may be greater than the number of gateways within the subnet, it's more likely that these gateways are more relevant than a single gateway because there are so many of them, you might want to call it a "foreign" or "outside" gateway?

And what's the furthest gateway?  Going in a straight line or following the curvature of the planet?  Perhaps it's an alien gateway?

So what is it?  What makes you think you could directly reach alien gateways?  You got to go to Halo first :~Z

49

22.1 Legacy Series / Re: Switching to static IPV6 and dhcpv6 server - help/advice needed

« on: June 19, 2022, 12:55:39 pm »

Well, "didn't look right" is about as helpful as "something doesn't work" ...

50

22.1 Legacy Series / use watchdog

« on: June 19, 2022, 01:06:47 am »

Hi,

on hardware that has a hardware watchdog, do I need to do anything other than to enable the watchdog in the BIOS?

51

22.1 Legacy Series / critical: failed to initialize guest agent channel

« on: June 19, 2022, 01:04:47 am »

Hi,

isn't the quemu guest agent supposed to work?  It won't run and says it can't initialize, so I disabled it ...

52

Virtual private networks / Re: Routing issues with far gateway over VPN

« on: June 19, 2022, 01:00:24 am »

What actually is a "far" gateway?

53

Virtual private networks / Re: Routing over IPsec S2S

« on: June 18, 2022, 10:48:49 pm »

But wireguard already creates routes.  There would be some kind of duplication if I were to create a gateway from the wireguard interface and use it to create rules, or wouldn't there?

I suppose one could block traffic from a specific VLAN to go anywhere else but through the wireguard tunnel, but that would be quite different from forcing all traffic in a given VLAN to go through the wireguard tunnel.

54

22.1 Legacy Series / Re: Outbound NAT with dual wan

« on: June 18, 2022, 10:31:59 pm »

You don't do manual NAT.  Since there isn't a way to make a gateway group the default gateway, OPNsense isn't really multi-WAN capable.

There are some settings which are difficult to find that allow to fall back to a gateway which is still active when the default gateway is down, and another one to prevent that or something like that.  Using firewall rules to force traffic through a particular gateway is inadvisable because that circumvents the routing table.

If you want port forwarding on multiple WAN interfaces, add the port forwards on each of these WAN interfaces.

Keep things simple.

55

22.1 Legacy Series / Re: Multiple Gateway issues

« on: June 18, 2022, 10:16:08 pm »

Are you trying to access your servers from the router?

56

22.1 Legacy Series / Re: Switching to static IPV6 and dhcpv6 server - help/advice needed

« on: June 15, 2022, 02:53:20 am »

Ok, so it didn't look right ...

57

Virtual private networks / Re: OpenVPn multiple networks

« on: June 15, 2022, 02:49:30 am »

Have you set up all the routes as needed?

58

Virtual private networks / Re: WG Site-to-site - only RDP and VNC work

« on: June 14, 2022, 11:20:44 pm »

You could take a look at the firewall log and/or make a packet capture to figure out what happens to these ICMP packages.  You don't need to set up any NAT for that.

59

22.1 Legacy Series / Re: Switching to static IPV6 and dhcpv6 server - help/advice needed

« on: June 14, 2022, 08:18:29 am »

You probably need to specify the prefix length (which seems to be 48).

I don't know what an ND prefix is; apparently Cisco uses it to indicate what not to use to create IPv6 addresses with.  You probably don't need to convert your WAN IPv6 into static:  Since it's static, I would expect to always get it.  Or does it change?  I guess tracking the interface takes care of not creating undesirable addresses.

Since this is for the purpose of setting up traffic shaping, you probably don't need to do anything about the WAN interface.  It should suffice to use these weird DUID/MAC things nobody knows how to get other than taking them from a lease for making static DHCPv6 entries for (some of) the devices on your network.

60

22.1 Legacy Series / Re: Speedtest - Select WAN Port

« on: June 14, 2022, 07:57:54 am »

What kind of speed test are you referring to?