"Recent posts
#1
General Discussion / Re: default deny rule blocking...
Last post by multazimd - Today at 03:36:04 PMIts an IPSec Route based VPN. Here is the logical architecture diagram of the traffic that is working for us from remote end over public to opnsense.
Remote End -> OPNSENSE External Interface -> OPNSENSE VPN Tunnel -> OPNSENSE Internal Interface -> F5 LB -> App Machine
We have requirements for our app machines to reverse call certain private URLs on remote end via VPN Tunnel established above and We are not able to get this working.
Below is the logical architecture we are trying to achieve:
App Machine -> F5 -> OPNSENSE Internal Interface -> OPNSENSE VPN Tunnel Interface -> Remote End URL
Unfortunately traffic is being dropped at OPNSENSE Internal interface by default deny rule which we do not have control over.
Remote End -> OPNSENSE External Interface -> OPNSENSE VPN Tunnel -> OPNSENSE Internal Interface -> F5 LB -> App Machine
We have requirements for our app machines to reverse call certain private URLs on remote end via VPN Tunnel established above and We are not able to get this working.
Below is the logical architecture we are trying to achieve:
App Machine -> F5 -> OPNSENSE Internal Interface -> OPNSENSE VPN Tunnel Interface -> Remote End URL
Unfortunately traffic is being dropped at OPNSENSE Internal interface by default deny rule which we do not have control over.
#2
25.1, 25.4 Legacy Series / Re: Failing IPv6 connectivity ...
Last post by funtowne - Today at 03:28:00 PMClosing this out with a fix if you missed it:
Validate your MTU settings. DNSMASQ does not seem to configure MTU correctly if you are using PPPoE on WAN. RADVD does not have this issue. I set the "MSS" of my WAN interface to 1492 (PPPoE standard) and IPv6 now works flawlessly with DNSMASQ as my Router Advertisement service.
Validate your MTU settings. DNSMASQ does not seem to configure MTU correctly if you are using PPPoE on WAN. RADVD does not have this issue. I set the "MSS" of my WAN interface to 1492 (PPPoE standard) and IPv6 now works flawlessly with DNSMASQ as my Router Advertisement service.
#3
Web Proxy Filtering and Caching / Re: Nginx configuration securi...
Last post by psychofaktory - Today at 03:17:55 PMAddendum:
Under "Access," none of the buttons in any of the suboptions can be used anymore.
The same applies to "Miscellaneous" -> "SYSLOG destinations," as well as in the "HTTP(S)" tab, all submenus from "Cache path" downwards.
Under "Access," none of the buttons in any of the suboptions can be used anymore.
The same applies to "Miscellaneous" -> "SYSLOG destinations," as well as in the "HTTP(S)" tab, all submenus from "Cache path" downwards.
#4
Web Proxy Filtering and Caching / Nginx configuration security h...
Last post by psychofaktory - Today at 02:58:07 PMIn the Nginx configuration under "HTTP(S)" -> "Security headers," the web interface appears to be defective.
When creating a new security header or editing an existing one, the "Cancel" or "Save" buttons that are normally present are missing from all tabs.
The tabs "Script," "Image," "Stylesheet," "Medium," "Frame," "Font," "WebSockets," "Worker," and "Form" cannot be accessed at all.
Tested under OPNsense Business 25.10.2 (amd64) and OPNsense 26.1.2_5 (amd64) with both the Edge browser (145.0.3800.70, 64-bit) and Firefox ESR (140.7.1esr, 64-bit).
When creating a new security header or editing an existing one, the "Cancel" or "Save" buttons that are normally present are missing from all tabs.
The tabs "Script," "Image," "Stylesheet," "Medium," "Frame," "Font," "WebSockets," "Worker," and "Form" cannot be accessed at all.
Tested under OPNsense Business 25.10.2 (amd64) and OPNsense 26.1.2_5 (amd64) with both the Edge browser (145.0.3800.70, 64-bit) and Firefox ESR (140.7.1esr, 64-bit).
#5
German - Deutsch / Re: WireGuard keine Auflösung ...
Last post by Patrick M. Hausen - Today at 02:57:20 PMEs gibt zwei Varianten des Editors. Eine mit einer fetten Schaltfläche für Attachments unten und eine ohne. Der orange "Reply" Button z.B. führt zum vollständigen Editor. Ebenso die "Preview" Funktion.
#6
26.1 Series / Re: Kea DHCPv4 How to remove d...
Last post by Patrick M. Hausen - Today at 02:55:55 PM@nero355 yet it is a common workflow to onboard a new device with a static reservation to
- connect it to the network
- check DHCP for a new dynamic lease
- create a static reservation
- nuke the dynamic lease
- power cycle the device
I am willing to bet every sysadmin does this. Regardless of standards and lease expiry - just power cycle the thing, done.
Therefore it would be nice if Kea on OPNsense supported deletion of leases on the server side. As far as I read in the various discussions on Github it might be coming.
- connect it to the network
- check DHCP for a new dynamic lease
- create a static reservation
- nuke the dynamic lease
- power cycle the device
I am willing to bet every sysadmin does this. Regardless of standards and lease expiry - just power cycle the thing, done.
Therefore it would be nice if Kea on OPNsense supported deletion of leases on the server side. As far as I read in the various discussions on Github it might be coming.
#7
26.1 Series / Re: [ISC vs. KEA] Is the effec...
Last post by Patrick M. Hausen - Today at 02:47:24 PMI apologize - I wrote nonsense because I confused the "Ignore Client UIDs" and Kea's "Match client-id".
I have "Match client-id" unchecked, because otherwise static assignments based on MAC address do not work. Unfortunately that's how far my experience with DHCP reaches.
I have "Match client-id" unchecked, because otherwise static assignments based on MAC address do not work. Unfortunately that's how far my experience with DHCP reaches.
#8
Web Proxy Filtering and Caching / Re: nginx: HTTP/3 (QUIC) only ...
Last post by psychofaktory - Today at 02:44:08 PMThat fixes it for now:
https://github.com/opnsense/plugins/pull/5184
After this adjustment, however, the "HTTP/3 (QUIC)" option had to be set for all HTTP servers, which was not a problem for me.
https://github.com/opnsense/plugins/pull/5184
After this adjustment, however, the "HTTP/3 (QUIC)" option had to be set for all HTTP servers, which was not a problem for me.
#9
Hardware and Performance / Re: Burst of packages causes s...
Last post by Seimus - Today at 02:35:42 PMThose are only live graphs.
If you want to keep some history statistics you would have to implement netflow.
Regards,
S.
If you want to keep some history statistics you would have to implement netflow.
Regards,
S.
#10
Hardware and Performance / Re: Burst of packages causes s...
Last post by Sprudeldude - Today at 02:21:46 PMThank you for the response!
Is there any history of it?
Is there any history of it?
