"Recent posts
#1
German - Deutsch / Re: wechsel von 100 auf 250 Mb...
Last post by meyergru - Today at 02:22:50 PMDas letzte Posting im Thread ist zwei Jahre her. Der VMG3006 wurde inzwischen durch den neueren VMG4005 ersetzt.
#2
25.7, 25.10 Series / Units in helptext
Last post by Jyling - Today at 02:07:36 PMShould this help text mention the unit?
#3
German - Deutsch / Re: wechsel von 100 auf 250 Mb...
Last post by wolfe - Today at 02:06:07 PMHi Monviech,
kannst Du mir mehr zu deiner Konfiguration schicken?
Ich will unsere LANCOMs durch OPNsense und vmg3006 ersetzen.
Nutze auch einne ESXi.
kannst Du mir mehr zu deiner Konfiguration schicken?
Ich will unsere LANCOMs durch OPNsense und vmg3006 ersetzen.
Nutze auch einne ESXi.
#4
25.7, 25.10 Series / Re: Weird search engine behavi...
Last post by Jyling - Today at 02:03:14 PMNone of that.
UPDATE: The plot thickens. I can open Google from one VM but not from LAN PCs or other VMs. I took an old web browser on the VM where it does not work and tried to open google:
The domain list in the cert does not cover their WWW.
But on the VM where it works, the cert is completely different and does cover the WWW:
How is it possible that different devices on the same LAN get different certs from google and google only?
UPDATE: The plot thickens. I can open Google from one VM but not from LAN PCs or other VMs. I took an old web browser on the VM where it does not work and tried to open google:
The domain list in the cert does not cover their WWW.
But on the VM where it works, the cert is completely different and does cover the WWW:
How is it possible that different devices on the same LAN get different certs from google and google only?
#5
25.7, 25.10 Series / Re: dnsmasq and ipv6 config
Last post by Monviech (Cedrik) - Today at 01:04:22 PMEither you configure the IPv6 statically, or you use track interface and use the dnsmasq constructor, pointing each DHCPv6 range to the interface it should construct the RAs from.
E.g. this example works when having LAN on "Track Interface" /or/ a static IPv6 address
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv6-and-router-advertisements
E.g. this example works when having LAN on "Track Interface" /or/ a static IPv6 address
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv6-and-router-advertisements
#6
25.7, 25.10 Series / Re: Weird search engine behavi...
Last post by meyergru - Today at 01:02:02 PMWhat did you finish setting up in your router? Some kind of transparent proxy? Crowdsec, suricata, zenarmor or any other kind of blocking or traffic inspection?
If the certificate is not being trusted, it can be either of: you are being transferred to the wrong site because your DNS is malfunctioning or the certificate is manipulated by some kind of man-in-the-middle, like a transparent proxy and you have not installed their CA certificate in your browser.
You could see that by inspecting the certificate and see if it matches the domain you wanted to call. The error message suggests that it is a different domain, so the interesting question is: which is it and why did your DNS request return its IP instead of the correct one?
If the certificate is not being trusted, it can be either of: you are being transferred to the wrong site because your DNS is malfunctioning or the certificate is manipulated by some kind of man-in-the-middle, like a transparent proxy and you have not installed their CA certificate in your browser.
You could see that by inspecting the certificate and see if it matches the domain you wanted to call. The error message suggests that it is a different domain, so the interesting question is: which is it and why did your DNS request return its IP instead of the correct one?
#7
25.7, 25.10 Series / Re: Weird search engine behavi...
Last post by Jyling - Today at 12:27:40 PMSince the yesterday's morning, google.com and bing.com were intermittently on and off available or not, but in the afternoon they mostly worked.
This morning, again google is failing:
Error code: SSL_ERROR_BAD_CERT_DOMAIN
There is no cert at all, plain HTTP. There is nothing in the news on Bing. Am I the only one experiencing this? If I am, then this is pointing at the router, is it not? But how could it be possible that only the 2x major search engines and everything that is served from google cloud are affected?
This morning, again google is failing:
Error code: SSL_ERROR_BAD_CERT_DOMAIN
There is no cert at all, plain HTTP. There is nothing in the news on Bing. Am I the only one experiencing this? If I am, then this is pointing at the router, is it not? But how could it be possible that only the 2x major search engines and everything that is served from google cloud are affected?
#8
25.7, 25.10 Series / Re: Not Creating Routes Receiv...
Last post by Maurice - Today at 12:25:00 PMMost systems ignore explicit routes advertised in RAs, even if they do accept RAs and use them for SLAAC, setting the default route etc. I don't think FreeBSD / OPNsense is an exception (let me know if I'm wrong).
That's where reality differs from the RFCs. While it seems like a good idea to autoconfigure specific routes from information in RAs, most vendors have decided not to implement this.
Cheers
Maurice
That's where reality differs from the RFCs. While it seems like a good idea to autoconfigure specific routes from information in RAs, most vendors have decided not to implement this.
Cheers
Maurice
#9
25.7, 25.10 Series / Re: dnsmasq and ipv6 config
Last post by OzziGoblin - Today at 11:58:32 AMIn the end I've reverted to snapshot, I can't figure out the required IPv6 DHCP settings if not using ISC and RA.
Hopefully I can continue using ISC until I can get it working in a lab and then put into my system
Hopefully I can continue using ISC until I can get it working in a lab and then put into my system
#10
German - Deutsch / Re: HA Setup erkennt keinen LA...
Last post by Monviech (Cedrik) - Today at 11:53:54 AMAuf jedem interface wo eine CARP IP addresse ist werden Multicasts gesendet. Wenn die backup firewall keine multicasts von der master firewall mehr bekommt auf mindestens einem Interface was CARP konfiguriert hat wird sie master.
Wenn nicht mehr geht hier anfangen:
https://docs.opnsense.org/manual/how-tos/carp.html#troubleshooting
Wenn nicht mehr geht hier anfangen:
https://docs.opnsense.org/manual/how-tos/carp.html#troubleshooting
