CubelaPetar/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Petar Cubela
2025-02-08 21:56:24 +01:00
commit 1f9564ca6a
471 changed files with 74368 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
projects/radiochemie/opnsense-on-sophosHW-END.md Normal file
View File

@@ -0,0 +1,6 @@
## Open Things
- [ ] Clustering
- [ ] tight Firewall Rules (VPN -> GA)
- [ ] integrate to OPNcentral

6
projects/radiochemie/opnsense-on-sophosHW-HA.md Normal file
View File

@@ -0,0 +1,6 @@
## HA
### Use a XG and a SG?
- Not possible
- For CARP (Common Address Redundancy Protocol) the HW needs to be equal

50
projects/radiochemie/opnsense-on-sophosHW-intro.md Normal file
View File

@@ -0,0 +1,50 @@
## Goals
- 2x WAN - 1 external and 1 internal (GA-Network)
- Static Routing via WANlrz for BACnet SW
- 1x LAN - `10.52.12.0/24`
## Facts
### WAN
> **Note:** Such a setup requires extended considerations and settings which is discussed in [[opnsense-on-sophosHW-multi_wan]].
> WANpub will be the primary WAN port
> WANlrz is temporarily used for the BACnet software and will be disabled after 2-4 months. The Campus-GA network will in future only be reachable by vpn.
#### External WAN
(primary WAN, in future ga netz ueber vpn)
- Network: `129.187.9.243/29`
- Gateway: `129.187.9.246`
- DNS Server: `129.187.104.5` (How reachable?)
#### Second WAN
- `192.157.165.50/24` (Campus GA-Netz, for BACnet SW. 2-4 Months living)
### LAN
- Interne Netzwerke(20241208):
- `10.52.12.0/24` Hauptgebäude GA (VLAN12)
- `10.52.50.0/24` GA-Netz (VLAN50)
- Interne Netzwerke(20241216):
- `10.52.12.0/24` LAN
### Port Forwarding
- BACnet `47808/udp`
### OpenVPN
- Set up for access to GA network
### Location
- FRM Versorgungsgebaeude
## Vor Ort Einsatz
- port forwarding in both direction to second esxi nic
- <https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense>

17
projects/radiochemie/opnsense-on-sophosHW-multi_wan.md Normal file
View File

@@ -0,0 +1,17 @@
## Specific
In our setup we won't use Failover as the second WAN is primarily such that it has access to the Campus GA-network (`192.157.165.0/24` ? )
## General
### Multi WAN
Multi WAN scenarios are commonly used for failover or load balancing, but combinations are also possible with OPNsense.
#### Configure Failover
To setup Failover the following steps need to be taken:
1. Add monitor IPs to the gateways
2. Add a gateway group
3. Configure DNS for each gateway
4. Use policy based routing to utilize our gateway group
5. Add a firewall rule for DNS traffic that is intended for the firewall itself

3
projects/radiochemie/opnsense-on-sophosHW-ressources.md Normal file
View File

@@ -0,0 +1,3 @@
- [multi-wan](https://docs.opnsense.org/manual/how-tos/multiwan.html)
- [hacarp](https://docs.opnsense.org/manual/hacarp.html)
- [carp](https://docs.opnsense.org/manual/how-tos/carp.html)

1
projects/radiochemie/ovpn-mixed-otp.md Normal file
View File

@@ -0,0 +1 @@
erstelle einen separaten nutzer fuer externe Besucher der TUM, welcher mit otp eingestellt ist fuer die Authentifizierung.