"Recent posts
#1
Virtual private networks / OPNSense Gateway IP for Wiregu...
Last post by cardblower - Today at 01:37:01 PMHi all,
hope someone can help please.
I've got a Wireguard VPN server hosted on a Linode VPS.
I can connect and use it fine (e.g browse internet) using the Wireguard client on my Windows PC, so know that that Wireguard server is working fine.
I've setup the same config on OPNSense and have the tunnel up, with handshake data passing fine. I've also created the interface.
My issue is with the gateway. I've created the gateway but have no idea what to use as the gateway IP.
I've tried allsorts...tunnel IPs, public IP of the Linode VPS...but it just does not work.
Any ideas please?
Wireguard VPS Server tunnel IP: 10.5.0.1
Peer IP (OPNSense): 10.5.0.2
many thanks for any input....
hope someone can help please.
I've got a Wireguard VPN server hosted on a Linode VPS.
I can connect and use it fine (e.g browse internet) using the Wireguard client on my Windows PC, so know that that Wireguard server is working fine.
I've setup the same config on OPNSense and have the tunnel up, with handshake data passing fine. I've also created the interface.
My issue is with the gateway. I've created the gateway but have no idea what to use as the gateway IP.
I've tried allsorts...tunnel IPs, public IP of the Linode VPS...but it just does not work.
Any ideas please?
Wireguard VPS Server tunnel IP: 10.5.0.1
Peer IP (OPNSense): 10.5.0.2
many thanks for any input....
#2
Virtual private networks / Re: Routing issue over IPsec V...
Last post by Seimus - Today at 01:36:29 PMDoes the Sophos have the route back to the PC behind OPNsense?
Does the Sophos know how to route back to the PC?
Regards,
S.
Does the Sophos know how to route back to the PC?
Regards,
S.
#3
26.1, 26,4 Series / Re: Unbound adblocking enable ...
Last post by Patrick M. Hausen - Today at 12:44:44 PMMay I suggest considering to use AdGuard Home instead for DNS blocking? There are nice mobile apps that let you disable filtering with a single tap - for 1 minute, 5 minutes, 1 hour ... etc.
#4
26.1, 26,4 Series / Re: [Solved] Problem Reverse P...
Last post by Patrick M. Hausen - Today at 12:41:23 PMYou can use HTTPS for the backend, but if you do you must pass the host header from Caddy to the backend, too. I showed how to do that here:
https://forum.opnsense.org/index.php?topic=51150.msg261846#msg261846
https://forum.opnsense.org/index.php?topic=51150.msg261846#msg261846
#5
26.1, 26,4 Series / Re: Firewall log and wireguard...
Last post by FredFresh - Today at 11:40:26 AMHi,
Somehow (for sure not done by me) it was deactivated the setting to collect the log in the firewall settings.
Now it works properly, thank you.
Somehow (for sure not done by me) it was deactivated the setting to collect the log in the firewall settings.
Now it works properly, thank you.
#6
26.1, 26,4 Series / Re: [Solved] Problem Reverse P...
Last post by Ronny1978 - Today at 11:39:18 AMHello Together.
Unfortunately, I didn't receive an email notification that the discussion had continued here. My apologies for that. Unfortunately, my knowledge of reverse proxies, headers and configurations isn't quite up to scratch yet. I'd like to use Authelia or Authentik, but I'm simply struggling to find a guide for HAProxy that I can actually understand.
However, it seems that Caddy does support implementation for these apps. That is why I decided to go with it.
And once again regarding the use of HTTPS behind a reverse proxy: I still don't understand why I should only use HTTP here. It makes no sense to me to downgrade Synology's DSM, Proxmox and the Unifi Controller to HTTP, if that is even possible. I also had the problem at Synology DSM with Yubikey as a hardware token - not if I had used Yubikey as OTP generator.
If you have further information, please let me know. I'm very interested in that.
P.S.
@viragomann: Do you use 2 Reverse Proxys? Caddy AND HAProxy?
Unfortunately, I didn't receive an email notification that the discussion had continued here. My apologies for that. Unfortunately, my knowledge of reverse proxies, headers and configurations isn't quite up to scratch yet. I'd like to use Authelia or Authentik, but I'm simply struggling to find a guide for HAProxy that I can actually understand.
However, it seems that Caddy does support implementation for these apps. That is why I decided to go with it.
And once again regarding the use of HTTPS behind a reverse proxy: I still don't understand why I should only use HTTP here. It makes no sense to me to downgrade Synology's DSM, Proxmox and the Unifi Controller to HTTP, if that is even possible. I also had the problem at Synology DSM with Yubikey as a hardware token - not if I had used Yubikey as OTP generator.
If you have further information, please let me know. I'm very interested in that.
P.S.
@viragomann: Do you use 2 Reverse Proxys? Caddy AND HAProxy?
#7
26.1, 26,4 Series / Unbound adblocking enable & di...
Last post by gspannu - Today at 10:37:08 AMHelp needed....
Does anyone know as to how to use the API to enable & disable Unbound Blocklists using an API?
I have Unbound setup with a few blocklists and combination of source nets; so most of the time Unbound Blocklists can keep running.
However, there are times when other family members use laptops/machines (that are a part of the blocklists) but just need Ad-Unblocking for a short duration. Expecting them to login into the GUI in OPNsense to disable this is a bridge too far.
Q: Is there a global API (or some mechanism without having to log into OPNsense GUI) to temporarily disable all blocklists and then enable them later.
Q: Is there a quick way to do this via a simple curl command that can execute a preformed API call? I can then create a shortcut on these machines that can be used to turn on/off Unbound blocking.
I have tried reading into the API docs, but unable to figure it out...
Does anyone know as to how to use the API to enable & disable Unbound Blocklists using an API?
I have Unbound setup with a few blocklists and combination of source nets; so most of the time Unbound Blocklists can keep running.
However, there are times when other family members use laptops/machines (that are a part of the blocklists) but just need Ad-Unblocking for a short duration. Expecting them to login into the GUI in OPNsense to disable this is a bridge too far.
Q: Is there a global API (or some mechanism without having to log into OPNsense GUI) to temporarily disable all blocklists and then enable them later.
Q: Is there a quick way to do this via a simple curl command that can execute a preformed API call? I can then create a shortcut on these machines that can be used to turn on/off Unbound blocking.
I have tried reading into the API docs, but unable to figure it out...
#8
26.1, 26,4 Series / Re: Unbound errors after 26.4 ...
Last post by franco - Today at 10:18:45 AMYes, all it needed was one manual apply from the blocklist settings.
https://github.com/opnsense/changelog/commit/8f8f17dddb
Cheers,
Franco
https://github.com/opnsense/changelog/commit/8f8f17dddb
Cheers,
Franco
#9
26.1, 26,4 Series / Re: local DNS resolution
Last post by Seimus - Today at 10:06:40 AMThe documentation for DNSmasq on OPNsense in my opinion is well made.
So you have a Pihole, and you want the DNS to be handled by Pihole for clients, and to have OPNsense as the upstream for the Pihole itself?
(Personally I would not do this, I would just setup unbound on the pihole and direct Pihole to use the local unbound resolver + then disable unbound on OPN and point OPN to Pihole as its DNS server)
https://docs.opnsense.org/manual/dnsmasq.html#dhcp-settings
DNSmasq > DHCP Settings > DHCP Options > set option dns-server[6] with the IP of the Pihole
In the docs is a DHCP Options table with all the standard used options.
The OPNsense runs by default unbound, there you do not touch it, do not put the IP of Pihole as upstream for the OPNsense Unbound.
If you do, you will create a loop.
Regards,
S.
So you have a Pihole, and you want the DNS to be handled by Pihole for clients, and to have OPNsense as the upstream for the Pihole itself?
(Personally I would not do this, I would just setup unbound on the pihole and direct Pihole to use the local unbound resolver + then disable unbound on OPN and point OPN to Pihole as its DNS server)
https://docs.opnsense.org/manual/dnsmasq.html#dhcp-settings
DNSmasq > DHCP Settings > DHCP Options > set option dns-server[6] with the IP of the Pihole
In the docs is a DHCP Options table with all the standard used options.
The OPNsense runs by default unbound, there you do not touch it, do not put the IP of Pihole as upstream for the OPNsense Unbound.
If you do, you will create a loop.
Regards,
S.
#10
Hardware and Performance / Re: Used PC as OPNsense router...
Last post by bimbar - Today at 10:04:17 AMQuote from: Stormscape on Today at 07:35:14 AMI pay 12 cents Canadian per kWh (8 cents USD, 7 Eurocents, 6 pence) so my router would have to be using a truly biblical amount of power before I'd consider changing it to something else.
Well, I pay 27 cents european.
