"Recent posts
#21
Development and Code Review / Re: Automating configuration o...
Last post by Monviech (Cedrik) - Today at 09:02:17 AMSo far not all components have an API yet but thats the long term goal, some features like Router Advertisements are migrated to MVC as we speak: https://opnsense.org/roadmap/
Maybe here you can find some inspiration how to automate non api components?
https://github.com/O-X-L/ansible-opnsense
Maybe here you can find some inspiration how to automate non api components?
https://github.com/O-X-L/ansible-opnsense
#22
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by Monviech (Cedrik) - Today at 08:44:37 AMOkay thank, this one is the interesting one
-rwxr-xr-x 1 root root 67496 Jun 16 2023 mod_proxy_msrpc.so
We use exactly the same (as stated in my first response)
So it must be something else, maybe we find something obvious when comparing configurations.
-rwxr-xr-x 1 root root 67496 Jun 16 2023 mod_proxy_msrpc.so
We use exactly the same (as stated in my first response)
So it must be something else, maybe we find something obvious when comparing configurations.
#23
Development and Code Review / Automating configuration of OP...
Last post by jakobsen-lrz - Today at 08:43:47 AMHello,
i hope this is the right forum for this question, but i have a bit of a problem. I need a way to configure a Firewall using scripts and automation, but some things (AuthServers, Gateways, dhcpd, router advertisements, and Interface Assignments) cant be configured using the API.
What is the most elegant way to configure these other things using a script? The only way that i found, was using a php script that includes config.inc, and running that through the php interpreter.
Thanks.
i hope this is the right forum for this question, but i have a bit of a problem. I need a way to configure a Firewall using scripts and automation, but some things (AuthServers, Gateways, dhcpd, router advertisements, and Interface Assignments) cant be configured using the API.
What is the most elegant way to configure these other things using a script? The only way that i found, was using a php script that includes config.inc, and running that through the php interpreter.
Thanks.
#24
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by humnab - Today at 08:42:11 AMHello,
thats the content of ls -lla /var/chroot-reverseproxy/usr/apache/modules/
Thanks!
thats the content of ls -lla /var/chroot-reverseproxy/usr/apache/modules/
Thanks!
Code Select
-rw-r--r-- 1 root root 17381 Jun 16 2023 httpd.exp
-rwxr-xr-x 1 root root 9832 Jun 16 2023 mod_access_compat.so
-rwxr-xr-x 1 root root 18080 Jun 16 2023 mod_alias.so
-rwxr-xr-x 1 root root 5704 Jun 16 2023 mod_allowmethods.so
-rwxr-xr-x 1 root root 13956 Jun 16 2023 mod_auth_basic.so
-rwxr-xr-x 1 root root 34636 Jun 16 2023 mod_auth_digest.so
-rwxr-xr-x 1 root root 26308 Jun 16 2023 mod_auth_form.so
-rwxr-xr-x 1 root root 9860 Jun 16 2023 mod_authn_core.so
-rwxr-xr-x 1 root root 9828 Jun 16 2023 mod_authn_file.so
-rwxr-xr-x 1 root root 13992 Jun 16 2023 mod_authn_socache.so
-rw-r--r-- 1 root root 30436 Jun 16 2023 mod_authnz_aua.so
-rwxr-xr-x 1 root root 18092 Jun 16 2023 mod_authz_blacklist.so
-rwxr-xr-x 1 root root 22212 Jun 16 2023 mod_authz_core.so
-rwxr-xr-x 1 root root 13956 Jun 16 2023 mod_authz_dbd.so
-rwxr-xr-x 1 root root 9868 Jun 16 2023 mod_authz_groupfile.so
-rwxr-xr-x 1 root root 9860 Jun 16 2023 mod_authz_host.so
-rwxr-xr-x 1 root root 5700 Jun 16 2023 mod_authz_user.so
-rwxr-xr-x 1 root root 79776 Jun 16 2023 mod_avscan.so
-rw-r--r-- 1 root root 18120 Jun 16 2023 mod_backtrace.so
-rwxr-xr-x 1 root root 13920 Jun 16 2023 mod_buffer.so
-rwxr-xr-x 1 root root 34532 Jun 16 2023 mod_cache_disk.so
-rwxr-xr-x 1 root root 71696 Jun 16 2023 mod_cache.so
-rwxr-xr-x 1 root root 34572 Jun 16 2023 mod_cache_socache.so
-rwxr-xr-x 1 root root 18112 Jun 16 2023 mod_cookie.so
-rw-r--r-- 1 root root 9804 Jun 16 2023 mod_custom_blockpage.so
-rwxr-xr-x 1 root root 34532 Jun 16 2023 mod_deflate.so
-rw-r--r-- 1 root root 7460 Jun 24 2010 mod_envbyip.so
-rwxr-xr-x 1 root root 9824 Jun 16 2023 mod_env.so
-rwxr-xr-x 1 root root 13960 Jun 16 2023 mod_expires.so
-rwxr-xr-x 1 root root 22308 Jun 16 2023 mod_ext_filter.so
-rwxr-xr-x 1 root root 9892 Jun 16 2023 mod_file_cache.so
-rwxr-xr-x 1 root root 18080 Jun 16 2023 mod_filter.so
-rw-r--r-- 1 root root 13988 Jun 16 2023 mod_firehose.so
-rwxr-xr-x 1 root root 59280 Oct 27 2023 mod_form_hardening.so
-rwxr-xr-x 1 root root 18180 Jun 16 2023 mod_headers.so
-rwxr-xr-x 1 root root 51044 Jun 16 2023 mod_include.so
-rwxr-xr-x 1 root root 26276 Jun 16 2023 mod_info.so
-rwxr-xr-x 1 root root 5712 Jun 16 2023 mod_lbmethod_bybusyness.so
-rwxr-xr-x 1 root root 5712 Jun 16 2023 mod_lbmethod_byrequests.so
-rwxr-xr-x 1 root root 5712 Jun 16 2023 mod_lbmethod_bytraffic.so
-rwxr-xr-x 1 root root 14032 Jun 16 2023 mod_lbmethod_heartbeat.so
-rwxr-xr-x 1 root root 30544 Jun 16 2023 mod_log_config.so
-rwxr-xr-x 1 root root 9860 Jun 16 2023 mod_log_debug.so
-rwxr-xr-x 1 root root 18080 Jun 16 2023 mod_macro.so
-rwxr-xr-x 1 root root 18112 Jun 16 2023 mod_mime.so
-rwxr-xr-x 1 root root 30632 Jun 16 2023 mod_mpm_prefork.so
-rwxr-xr-x 1 root root 43012 Jun 16 2023 mod_mpm_worker.so
-rwxr-xr-x 1 root root 30536 Jun 16 2023 mod_negotiation.so
-rw-r--r-- 1 root root 22148 Jun 16 2023 mod_pcap.so
-rwxr-xr-x 1 root root 59340 Jun 16 2023 mod_proxy_balancer.so
-rwxr-xr-x 1 root root 13992 Jun 16 2023 mod_proxy_connect.so
-rwxr-xr-x 1 root root 9832 Jun 16 2023 mod_proxy_express.so
-rwxr-xr-x 1 root root 30564 Jun 16 2023 mod_proxy_fcgi.so
-rwxr-xr-x 1 root root 9832 Jun 16 2023 mod_proxy_fdpass.so
-rwxr-xr-x 1 root root 30568 Jun 16 2023 mod_proxy_hcheck.so
-rwxr-xr-x 1 root root 38732 Jun 16 2023 mod_proxy_html.so
-rwxr-xr-x 1 root root 38820 Jun 16 2023 mod_proxy_http.so
-rwxr-xr-x 1 root root 67496 Jun 16 2023 mod_proxy_msrpc.so
-rwxr-xr-x 1 root root 18180 Jun 16 2023 mod_proxy_scgi.so
-rwxr-xr-x 1 root root 154504 Jun 16 2023 mod_proxy.so
-rwxr-xr-x 1 root root 14036 Jun 16 2023 mod_proxy_uwsgi.so
-rwxr-xr-x 1 root root 22216 Jun 16 2023 mod_proxy_wstunnel.so
-rwxr-xr-x 1 root root 9828 Jun 16 2023 mod_ratelimit.so
-rwxr-xr-x 1 root root 26340 Jun 16 2023 mod_remoteip.so
-rwxr-xr-x 1 root root 13992 Jun 16 2023 mod_reqtimeout.so
-rwxr-xr-x 1 root root 9860 Jun 16 2023 mod_request.so
-rw-r--r-- 1 root root 13928 Jun 16 2023 mod_reverse_auth.so
-rwxr-xr-x 1 root root 71748 Jun 16 2023 mod_rewrite.so
-rw-r--r-- 1 root root 617532 Jun 16 2023 mod_security2_beta.so
-rw-r--r-- 1 root root 650424 Jun 16 2023 mod_security2.so
-rwxr-xr-x 1 root root 34496 Jun 16 2023 mod_sed.so
-rwxr-xr-x 1 root root 9832 Jun 16 2023 mod_session_cookie.so
-rwxr-xr-x 1 root root 22248 Jun 16 2023 mod_session_crypto.so
-rwxr-xr-x 1 root root 13992 Jun 16 2023 mod_session_dbd.so
-rw-r--r-- 1 root root 51084 Jun 16 2023 mod_session_server.so
-rwxr-xr-x 1 root root 18116 Jun 16 2023 mod_session.so
-rwxr-xr-x 1 root root 13956 Jun 16 2023 mod_setenvif.so
-rwxr-xr-x 1 root root 18088 Jun 16 2023 mod_slotmem_shm.so
-rwxr-xr-x 1 root root 13992 Jun 16 2023 mod_socache_dbm.so
-rwxr-xr-x 1 root root 13968 Jun 16 2023 mod_socache_memcache.so
-rwxr-xr-x 1 root root 13964 Jun 16 2023 mod_socache_redis.so
-rwxr-xr-x 1 root root 22156 Jun 16 2023 mod_socache_shmcb.so
-rwxr-xr-x 1 root root 237392 Jun 16 2023 mod_ssl.so
-rwxr-xr-x 1 root root 22212 Jun 16 2023 mod_status.so
-rwxr-xr-x 1 root root 18084 Jun 16 2023 mod_substitute.so
-rwxr-xr-x 1 root root 9748 Jun 16 2023 mod_unique_id.so
-rwxr-xr-x 1 root root 13952 Jun 16 2023 mod_unixd.so
-rwxr-xr-x 1 root root 30472 Jun 16 2023 mod_url_hardening.so
-rwxr-xr-x 1 root root 9828 Jun 16 2023 mod_version.so
-rw-r--r-- 1 root root 14088 Jun 16 2023 mod_waf_exceptions.so
-rwxr-xr-x 1 root root 18152 Jun 16 2023 mod_watchdog.so
-rw-r--r-- 1 root root 18204 Jun 16 2023 mod_whatkilledus.so
-rwxr-xr-x 1 root root 26340 Jun 16 2023 mod_xml2enc.so
#25
Virtual private networks / Re: Routing OpenVPN Traffic th...
Last post by Monviech (Cedrik) - Today at 08:16:08 AMDoes the IPsec tunnel have an SA open that allows the OpenVPN source network through, and the other side of the IPsec tunnel to return packets to that source?
#26
Virtual private networks / Routing OpenVPN Traffic throug...
Last post by cidimir - Today at 08:06:14 AMI have an ipsec VPN set up between Site A (192.168.168.0/24) and Site B (10.0.0.0/24).
Site A is behind a Sonicwall; Site B is behind OPNSense. They can ping, file share, RDP, etc. correctly.
I've configured OpenVPN on the OPNSense box (assigning users an IP in the range 10.10.10.0/24 upon successful connection.) OpenVPN users can successfully reach the Site B LAN network (10.0.0.0/24) no problem.
What I want is for them to also be able to reach the Site A network; to ping or RDP to 192.168.168.x and for that to successfully go through OpenVPN, through the ipsec tunnel, and respond back.
However, a traceroute OpenVPN -> Site A won't even go through the OpenVPN tunnel unless 192.168.168.0/24 is a local route on the OpenVPN instance.
My current ipsec config has two children:
Local Remote
10.0.0.0/24 192.168.168.0/24
10.10.10.0/24 192.168.168.0/24
My OpenVPN instance has 10.0.0.0 and 192.168.168.0 as local networks for routing.
What am I missing? Any help would be appreciated.
Site A is behind a Sonicwall; Site B is behind OPNSense. They can ping, file share, RDP, etc. correctly.
I've configured OpenVPN on the OPNSense box (assigning users an IP in the range 10.10.10.0/24 upon successful connection.) OpenVPN users can successfully reach the Site B LAN network (10.0.0.0/24) no problem.
What I want is for them to also be able to reach the Site A network; to ping or RDP to 192.168.168.x and for that to successfully go through OpenVPN, through the ipsec tunnel, and respond back.
However, a traceroute OpenVPN -> Site A won't even go through the OpenVPN tunnel unless 192.168.168.0/24 is a local route on the OpenVPN instance.
My current ipsec config has two children:
Local Remote
10.0.0.0/24 192.168.168.0/24
10.10.10.0/24 192.168.168.0/24
My OpenVPN instance has 10.0.0.0 and 192.168.168.0 as local networks for routing.
What am I missing? Any help would be appreciated.
#27
High availability / Re: HA setup with no WAN CARP ...
Last post by MysteryIron - Today at 06:51:39 AMCan we do something like this? I was able to get IP from my ISP to my virtual switch. But I am running into routing issues at my virtual switch.
[Modem] → hostpci0 (0000:06:00) → Virtual Switch VM
↓
[Virtual Switch bridges to two virtio NICs]
↓ ↓
vtnet5 (opnsense1) vtnet5 (opnsense2)
↓ ↓
[WAN] [WAN]
I was able to get opnsense1 as primary and opensense2 as backup. Failover etc all are working. My trouble is getting the routing done at Virtial Switch. I used Alpine Linux for my virtual switch.
All this on a Micro Firewall with 6 port - 2.5GB nics on motherboard / J6413 processor. I see CPU spiking up, but if this fix works, I won't mind throwing more cores to this.
[Modem] → hostpci0 (0000:06:00) → Virtual Switch VM
↓
[Virtual Switch bridges to two virtio NICs]
↓ ↓
vtnet5 (opnsense1) vtnet5 (opnsense2)
↓ ↓
[WAN] [WAN]
I was able to get opnsense1 as primary and opensense2 as backup. Failover etc all are working. My trouble is getting the routing done at Virtial Switch. I used Alpine Linux for my virtual switch.
All this on a Micro Firewall with 6 port - 2.5GB nics on motherboard / J6413 processor. I see CPU spiking up, but if this fix works, I won't mind throwing more cores to this.
#28
German - Deutsch / Re: VPN lässt sich nach Verwen...
Last post by RalfOE - Today at 06:40:58 AMVielen Dank.
Ich hatte schon erwartet, dass es so einfach ist.
Das wäre dann damit gelöst.
Ich hatte schon erwartet, dass es so einfach ist.
Das wäre dann damit gelöst.
#29
General Discussion / Re: UPNP Broken
Last post by lmnsour - Today at 05:28:42 AMOk, fixed it. Stupid error / typo on IP address... Thanks for the assist @franco!
#30
General Discussion / Re: Micron exits consumer mark...
Last post by lmnsour - Today at 05:01:50 AMThe entire market is trending towards online subscriptions. Software subscriptions (Windows in on the war path to a Windows subscription model), gaming (Geforce Now), and soon hardware. Our kids will have to rent CPU cores, Memory, GPUs, etc... if someone (cough *STEAM*) doesn't step in.
Game development is also going down the proverbial "cooperate greed" toilet. I don't believe lack of graphics and HDD space optimizations are solely fueled laziness but part of a *wink *wink towards hardware developers such as Nvidia to drive up high end component demand and reliance on scaling and frame gen. Helldivers 2 just released a beta version that decreases HDD space by almost 1/3rd, from 130ish to 30ish GBs.
It's all a racket and I'm slowly turning into the old grumpy guy complaining about the good'ole days!
Game development is also going down the proverbial "cooperate greed" toilet. I don't believe lack of graphics and HDD space optimizations are solely fueled laziness but part of a *wink *wink towards hardware developers such as Nvidia to drive up high end component demand and reliance on scaling and frame gen. Helldivers 2 just released a beta version that decreases HDD space by almost 1/3rd, from 130ish to 30ish GBs.
It's all a racket and I'm slowly turning into the old grumpy guy complaining about the good'ole days!
