* Added note to create NAT outbound rule for redirect-gateway to work
https://github.com/opnsense/core/issues/7318
* Added a brief info abount redirect-gateway
---------
Co-authored-by: Thomas Cekal <admin@cekal.org>
* Update caddy.rst - Some terminology changes for the new os-caddy version.
* Update caddy.rst - Small Typo fixed.
* Update caddy.rst - DNS01 is not needed for Dynamic DNS to work
* Update caddy.rst - Another small typo.
* Update caddy.rst
Add HTTP-01 challenge redirection option
* Update caddy.rst
- Added Tutorial section for the HTTP-01 challenge redirection
- A few more changes to get the docs in line with the new os-caddy-1.5.3 update
* Update caddy.rst - Add HTTP Response Code and Message
* Update caddy.rst - Add Header Manipulation
* Update caddy.rst - Added short tutorial how to use the most common header manipulation.
* Update caddy.rst - Improve header manipulation tutorial with the most common usecase, reverse proxying to an upstream webserver with vhosts.
* Update caddy.rst - Format fix
* Update caddy.rst - Add new fields for forward_auth support
* Update caddy.rst - Add configuration example for Authelia
* Update caddy.rst - Reformat doc
* Update caddy.rst
* Update caddy.rst - Again a few typos
* Revert all changes regarding forward_auth in caddy.rst
Since implementing this feature properly would take a redesign how the current handle/reverse_proxy structure works, it is unfeasible for now.
I am unsure the usecase is really there either. With basic_auth implemented, it's far easier to restrict access in a less convoluted way.
Combining basic_auth with http logs and crowdsec, makes bruteforcing also impossible, IP addresses are banned quite swiftly.
* Update source/manual/how-tos/caddy.rst - Typo
Co-authored-by: Dany Marcoux <github@dmarcoux.com>
* Update source/manual/how-tos/caddy.rst - Typo
Co-authored-by: Dany Marcoux <github@dmarcoux.com>
---------
Co-authored-by: Dany Marcoux <github@dmarcoux.com>
While setting up a reverse proxy for the OPNsense web UI, I stumbled on
this error. Without this configuration change, we get the following
error after logging in to https://opn.example.com
> The HTTP_REFERER "https://opn.example.com/" does not match the predefined settings
* Update wireguard-client.rst - Add MTU and MSS hints
* Update wireguard-s2s.rst - Add MTU and MSS hints
* Update wireguard-s2s.rst - changed mss values
* Update wireguard-s2s.rst - Reworked How-To completely
* Update wireguard-client.rst - adjusted mss value
* Update wireguard-client.rst - Different mss values for IPv4 and IPv6
* Update wireguard-s2s.rst - Improved some aspects
* Update wireguard-client.rst - Improved some aspects
Normalization rules should have different MSS values for either IPv4, or IPv4+IPv6.
Changed the protocol back to any, since I'm unsure if selecting TCP only means IPv4 TCP, since there is also only IPv6 selectable.
* Update wireguard-s2s.rst
- Omitted Source Port in Firewall rules
- Added tip and note about dynamic WAN IP
* Update wireguard-s2s.rst - Terminology changes 23.7.6
- Changed Local to Instance
- Changed Endpoint to Peer
- Added information about CARP vhid tracking to mitigate HA problems.
- Added note about Keepalive for NATed sites.
* created ipsec-swanctl-rw-ikev2-eap-mschapv2.rst
* Update vpnet.rst
Changed the position of Legacy and New > 23.1
Added how-tos/ipsec-swanctl-rw-ikev2-eap-mschapv2 to doctree in New > 23.1
* Update ipsec-swanctl-rw-ikev2-eap-mschapv2.rst
General structure of How-To added
* Update ipsec-swanctl-rw-ikev2-eap-mschapv2.rst
Populated Prerequisites
* Update ipsec-swanctl-rw-ikev2-eap-mschapv2.rst
* Update ipsec-swanctl-rw-ikev2-eap-mschapv2.rst
Populated IPsec connection settings for roadwarriors
* Update ipsec-swanctl-rw-ikev2-eap-mschapv2.rst
Fixed IP address formatting in pools
* Update ipsec-swanctl-rw-ikev2-eap-mschapv2.rst
* ipsec-swst Version completedanctl-rw-ikev2-eap-mschapv2.rst - Fir
* Update vpnet.rst - Switched Positions for client config
* Update ipsec-swanctl-rw-ikev2-eap-mschapv2.rst - Version 1.0
* Update ipsec-swanctl-rw-ikev2-eap-mschapv2.rst
- Added DNS configuration payload information to pools and clients https://github.com/opnsense/core/pull/6864
- Added hint that ncp client is not affiliated with Deciso B.V.
* Update ipsec-swanctl-rw-ikev2-eap-mschapv2.rst - Added Routing
hint for Windows RAS Client in Split Tunneling mode.
* Update nat_reflection.rst
- Fixed typo (asynchronous should be asymmetrical traffic)
- Added note about "reply-to" in specific setups with VPN WAN
* Update nat_reflection.rst
- Fixed VTI NAT description, referenced the tunables to make it work
Monviech
Ad Schellevis
Stephan de Wit
Thomas C
Hritwik
Dany Marcoux
SatMagnus
Silejonu
Thore Goebel
Andreas Dolp
doktornotor
satrapes
Daniel Aleksandersen
Hiigaraa
Thomas
Matt Jolly