Hi,
We have bought a DEC4280 firewall to replace our current Cisco one.
We have configured WireGuard as our VPN with OpenID Connect as authentication on Captive Portal.
We have Unbound DNS disabled, we have internal DNS server.
The issue we have is that, in order to the Captive Portal to redirect to the right Microsoft Endpoints (ex. login.microsoft.com) I have to put the Microsoft Endpoints ip's addresses to the Captive Portal field "Allowed addresses", and this is unfeasible because of the many ip's that Microsoft uses.
We have tried to "Disable firewall rules" on the Portal and create them manually according to the Opnsense Docs on the Wireguard Interface, but with no luck.
Any help with this will be appreciated, thanks!
Best Regards,
Paulo Pereira
Anyone that can help us with this?
At least can anyone tell me if the ability to put firewall aliases on the Captive Portal "Allowed Addresses" will be possible?
Thank you.
Paulo Pereira
Troubleshooting this could involve checking the current firewall ruleset (policy and NAT), routes, aliases, wireguard configuration and more.
When disabling firewall rules for a captive portal zone, all needed configuration should work on the interface receiving the traffic (in your case the wireguard interface). Allowing microsoft endpoints could then be done via a json alias for example: https://docs.opnsense.org/manual/aliases.html#url-table-in-json-format-ips
If you need professional help with such a setup, we also offer business support:
https://shop.opnsense.com/product-categorie/support/
Hi Cedrik,
Thank you for your resposnse. We will acquire then a business support subscription.
Best Regards,
Paulo Pereira
Hello Paulo,
thank you for understanding. This is a highly specific configuration, the functionality in the business edition to use OIDC is rather new. I do not think community wise there can be done much here.
See you in business support :)
~Cedrik