OPNSense


HAProxy Simple Configuration for local webserver

Parameters for this setup

Local webserver is on ip address 192.168.1.200 and uses port 80

Step 1: Define a Real server

afbeelding.png

  1. Define a Virtual service->Backend Pool
    • Name: anything you like
    • Servers: The server you defined in the step 1 (remember to press TAB after entering server name) 

afbeelding.png

afbeelding.png

Step 2: Define a condition:

afbeelding.png

Step 3: Define a rule

afbeelding.png

Step 4: Define a Virtual Service

Under Public Service:

afbeelding.png

afbeelding.png

Adguard Home communications error to 127.0.0.1#53: connection refused

When you cannot update OPNsense and you see an error in a SSH session when you try to run:

root@OPNsense:~ # dig @127.0.0.1 -p 53 google.com

dig @127.0.0.1 -p 53 google.com

You probably have a wrong binding in the Adguard config file.

To solve this issue:

nano AdGuardhome.yaml
cd /usr/local/AdGuardHome

Change the bind (from a local ip address) to:

dns:
  bind_hosts:
    - 0.0.0.0

Then restart Adguard Home

Disable IPv6 in OPNSense

Set IPv6 on all interfaces on ' None' and also remove the ' Allow IPv6' vinkje.

afbeelding.png

Remove also the ' Allow IPv6' rule in de firewall rules:

afbeelding.png

How to enable the HAProxy statistics page in OPNsense

Step 1: Edit Global Settings

In the left-hand menu, go to Services , select HAPproxy and then and then Settings.

afbeelding.png

Step 2: Configure Statistics in Frontend Settings

      • stats enable
        stats uri /haproxy?stats
        stats realm Haproxy\ Statistics
        stats auth admin:password123
        Replace admin with your desired username and password with a strong password.
      • Click on “Save” and then apply changes by clicking on “Apply”.

afbeelding.png


Step 3: Configure Firewall Rules

  1. Allow Access to the Statistics Port:

    • Navigate to Firewall > Rules > LAN
    • Create a new rule with these parameters:
      • Action: Pass
      • Protocol: TCP
      • Destination: This Firewall
      • Destination Port Range: Other and the 8822
      • Description: Access the Statistics page
      • Leave everything else to the default values
      • Save the rule and click on “Apply Changes”.

afbeelding.png


Step 4: Test Access to the Statistics Page

  1. Open a web browser from a device allowed by your firewall rules.
  2. Enter the URL for accessing statistics, such as:
http://192.168.2.1:8822/haproxy?stats

Enter the username and password you configured earlier when prompted.

If everything is configured correctly, you should see HAProxy’s statistics page displaying real-time data about connections, backends, frontends, etc.

afbeelding.png