"Recent posts
#1
German - Deutsch / Re: MTU bei PPPoe | Deutsche G...
Last post by engels0n - Today at 07:00:48 PMHi carepack,
alles untouched lassen war quasi meine Standardeinstellung, die auch Drops hatte.
Darum bin ich quasi erst angefangen mich mit dem Thema zu beschäftigen ...
Ja, NIC WAN ist exklusiv für OPNSense
alles untouched lassen war quasi meine Standardeinstellung, die auch Drops hatte.
Darum bin ich quasi erst angefangen mich mit dem Thema zu beschäftigen ...
Ja, NIC WAN ist exklusiv für OPNSense
#2
25.7, 25.10 Series / Re: Reporting: Columns not rem...
Last post by vimage22 - Today at 06:50:48 PMOK, great, I will try that.
#3
25.7, 25.10 Series / Re: 25.7.11_1 host discovery i...
Last post by OPNenthu - Today at 06:48:56 PMI'm seeing connections logged only, not disconnects.
Monit was built for this. I think we should be able to set up a File monitor for /var/log/hostwatch/latest.log and add a test with:
Following the example here: https://forum.opnsense.org/index.php?topic=50310.msg256309#msg256309
I haven't tested it yet, though.
Monit was built for this. I think we should be able to set up a File monitor for /var/log/hostwatch/latest.log and add a test with:
Code Select
content = "new station"
Following the example here: https://forum.opnsense.org/index.php?topic=50310.msg256309#msg256309
I haven't tested it yet, though.
#4
German - Deutsch / Re: HAProxy X-Forwarded-For fu...
Last post by viragomann - Today at 06:34:35 PMDann sollte dieselbe Zeile in der Konfig auch dasselbe Ergebnis produzieren.
Wie gesagt, woher deine zweite Zeile bez. X-Forwarded-For kommt, weiß ich nicht, glaube aber auch nicht, dass sie den Header eliminieren könnte.
Hast du im Frontend auch X-Forwarded-For aktiviert? Bei mir ist es nicht.
Hier auf meiner Heim-OPNsense habe ich unverschlüsselten Traffic zum Backend und kann bestätigen, dass der X-Forwarded-For Header im pcap zu sehen ist. Allerdings läuft hier Caddy davor.
Aber wie gesagt, hinter HAproxy bekomme ich den Header auch am Backendserver.
Wie gesagt, woher deine zweite Zeile bez. X-Forwarded-For kommt, weiß ich nicht, glaube aber auch nicht, dass sie den Header eliminieren könnte.
Hast du im Frontend auch X-Forwarded-For aktiviert? Bei mir ist es nicht.
Hier auf meiner Heim-OPNsense habe ich unverschlüsselten Traffic zum Backend und kann bestätigen, dass der X-Forwarded-For Header im pcap zu sehen ist. Allerdings läuft hier Caddy davor.
Aber wie gesagt, hinter HAproxy bekomme ich den Header auch am Backendserver.
#5
General Discussion / Re: Is there a way to emulate ...
Last post by Patrick M. Hausen - Today at 06:30:23 PMQuote from: meyergru on Today at 11:49:18 AMThe standard is IEEE 802.1x, but you need to have a switch or AP that conforms to it.
There is a little less complex but Cisco proprietary protocol named VQP (VLAN Query Protocol) by which switches ask a VMPS (VLAN Membership Policy Server) for VLAN assignment based on MAC address. Of course a default VLAN can be defined with e.g. guest access policy.
VMPS can be FreeRADIUS, OpenVMPS or similar. Needs Cisco brand switches, though, and do check the feature set before buying.
#6
General Discussion / Re: Is there a way to emulate ...
Last post by Seimus - Today at 06:25:51 PMWell something like this can be done with ZenArmor.
It has a functionality where by default you block access for all new/Untrusted devices. And only after you tag them as trusted they have access to Internet. But ZA may be not the right choice for you.
I agree here that the way how it should be done is over access layer using 802.1x.
Regards,
S.
It has a functionality where by default you block access for all new/Untrusted devices. And only after you tag them as trusted they have access to Internet. But ZA may be not the right choice for you.
I agree here that the way how it should be done is over access layer using 802.1x.
Regards,
S.
#7
25.7, 25.10 Series / Re: in dnsmasq dhcp: leases: b...
Last post by Monviech (Cedrik) - Today at 06:12:27 PMI thought it required dbus initially to send the command. I guess I assumed wrong.
#8
Virtual private networks / Re: Unable to stablish first I...
Last post by vick - Today at 06:08:22 PMI set up the IPsec road warrior client specifically to use with iOS and macOS. The only difference I made from the documentation was to use a proper certificate from Lets Encrypt rather than making my own CA. This works great and doesn't require me to install my CA into each device.
The only flaw here is that there is no automation for the ACME plugin to refresh the certificate in the IPsec configuration. Has anyone written one or have hints as to how one might do so?
The only flaw here is that there is no automation for the ACME plugin to refresh the certificate in the IPsec configuration. Has anyone written one or have hints as to how one might do so?
#9
25.7, 25.10 Series / Re: in dnsmasq dhcp: leases: b...
Last post by franco - Today at 06:07:23 PMdhcp_release(6) works on the surface: it basically fakes the client releasing the lease.
I don't mind integrating it if it works as a stand alone tool, but there's no ETA and the work still needs to be done.
Cheers,
Franco
I don't mind integrating it if it works as a stand alone tool, but there's no ETA and the work still needs to be done.
Cheers,
Franco
#10
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by Maurice - Today at 06:02:03 PMOPNsense 25.7.11 aarch64 packages and sets released. Includes hotfix 25.7.11_1.
