OPNsense Forum

English Forums => General Discussion => Topic started by: seb101 on August 01, 2019, 10:03:41 pm

Title: Replicating some OpenWRT Configs
Post by: seb101 on August 01, 2019, 10:03:41 pm

Hi,

I'm migrating to OPNsense from OpenWRT.  I'm trying to setup my router like for like before I switch, I'm mostly done but there are a few configs I can't work out how to replicate in OPNsense.  I'd appreaciate any help.

Firstly are a few firewall rules realted to IPv6 ICMP:

Code: [Select]

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
How would those look in PF? 


Secondly, my OpenVPN server has been fine-tuned over the years.  Specifically I cant work out how to use tls-crypt (instead of tls-auth) or specify my cipher-list through the gui.  Do I just add these in as 'custom' config lines in the free-text box?


In general do the 'advanced settings' free text boxes on the config pages for services just expect config lines in the same format they would appear in the individiual apps native config files?  Are there any caveats/limitations?

Thanks a million!

Title: Re: Replicating some OpenWRT Configs
Post by: whiskerp on January 21, 2021, 05:02:32 pm

You can put your certificate between <tls-crypt> and </tls-crypt> tags in the Custom Configuration box.