Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - vividou

Pages1
#1
General Discussion / [Solved] Randomize ipv6 WAN address
December 04, 2024, 06:32:53 PM
Hello,

My opnsense is configured for ipv6 as follow:

GUI:
Code Select
Interfaces > WAN >  IPv6 Configuration Type = DHCPv6
                    Prefix delegation size = 56

But the WAN ipv6 contains the MAC address.

Shell:
Code Select
# ifconfig
wan:
    inet6 xxxx::xxff:fexx:xxxx prefixlen 64 autoconf pltime 7200 vltime 21600


Is there a way to make it more random, without the MAC address?

Thanks
#2
General Discussion / OpenVPN client DNS from unbound+DNSCrypt?
March 19, 2019, 08:54:43 AM
Hello,

As DNS, I am using unbound with the DNSCrypt plugin as described is this post: https://forum.opnsense.org/index.php?topic=10670.0

Currently to force the DNS to my OpenVPN clients, I register the DNS in the DNS Servers fields of the OpenVPN settings, but I would like to use the one privided by my opnsense setting (unbound+DNSCrypt).

Is it possible to force my OpenVPN clients to use the DNS provided by this setup?
How to do that?



Thanks
#3
18.1 Legacy Series / update 18.1.3: audit security problem?
March 05, 2018, 07:18:01 PM
Hello,

After updating Opnsense to the version 18.1.3, the security audit returns the following message:
Code Select
***GOT REQUEST TO AUDIT SECURITY***
vulnxml file up-to-date
isc-dhcp43-client-4.3.6 is vulnerable:
isc-dhcp -- Multiple vulnerabilities
CVE: CVE-2018-5733
CVE: CVE-2018-5732
WWW: https://vuxml.FreeBSD.org/freebsd/2040c7f5-1e3a-11e8-8ae9-0050569f0b83.html

1 problem(s) in the installed packages found.
***DONE***

Is it a bug?
#4
General Discussion / No internet with OpenVPN clients
March 02, 2018, 07:31:13 PM
Hello,

My OpenVPN is running and my client can connect to it.

However, the clients cannot connect to the Internet through the vpn.

My purpose is that the clients can connect to the vpn server to surf the Internet from it only (no connection to local network).

How to configure Opnsense for this purpose?


Here is my configuration with OPNsense 18.1.2_2-amd64

VPN: OpenVPN: Servers
Code Select
Server Mode:            Remote Access (SSL/TLS + User Auth)
Protocol:               UDP
Device Mode:            tun
Interface:              WAN
Local port:             1194
TLS Authentication:     checked
Certificate Depth:      One (Client+Server)
IPv4 Tunnel Network:    10.0.8.0/24
Redirect Gateway:       checked
Compression:            Enabled with Adaptive Compression
Disable IPv6:           checked
Dynamic IP:             checked
Address Pool:           checked
Topology:               checked
Force DNS cache update: checked

Firewall: Rules: WAN
Code Select
pass, IPv4 UDP, *, *, WAN address 1194, *, OpenVPN wizard

Firewall: Rules: OpenVPN
nothing

Firewall: NAT: Outbound
Automatic outbound NAT rule generation

Should I assign an interface for OpenVPN?

Thanks
#5
General Discussion / DtDNS Support
February 10, 2018, 04:28:12 PM
Hello,

Does Opnsense support DtDNS for the Dynamic DNS service?

Thanks
#6
General Discussion / [SOLVED] OpenVPN not connecting from WAN
January 18, 2018, 07:07:05 PM
Hello Everyone,

I am using Opnsense 17.7.11, and would like to setup a VPN.

Based on these 2 tutorials:
https://www.kirkg.us/posts/building-an-openvpn-server-with-opnsense/
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

I have configured openvpn resulting in the following setup:

Server:
Server Mode:                Remote Access (SSL/TLS + User Auth)
Backend for authentication: Local Database
Protocol:                   UDP
Device Mode:                tun
Interface:                  WAN
Local port:                 1194
TLS Authentication:         enable
DH Parameters Length:       2048
Encryption algorithm:       AES-256-CDC (256 bit key, 128 bit block)
Auth Digest Algorith:       SHA512 (512-bit)
Hardware Crypto:            No Hardware Crypto Accelearation
Certificate Depth:          One (Client+Server)
IPv4 Tunnel Network:        10.0.8.0/24
Redirect Gateway:           selected
Concurrent connections:     10
Compression:                Enabled with Adaptative Compression
Disable IPv6:               selected
dynamic IP:                 selected
Address Pool:               selected
Topology:                   selected
I do not need to access the LAN with the VPN so I did not set the IPv4 Remote Network setting.

Client export:
Host Name Resolution:       Interface IP Address
Verify Server CN:           Automatic - Use verify-x509-name
Use Random Local Port:      selected

And the firewall rules created by the wizard:
Interface     Proto    Source Port Destination Port           Gateway
WAN:     pass IPv4 UDP *      *    WAN address 1194 (OpenVPN) *
OPENVPN: pass IPv4     *      *    *           *              *
No other rules are set on these interfaces.

With this setup, my client can connect to the OpenVPN server without any problem from the LAN side.

However from the WAN side (set on a private ip) the connection is not possible using the same client/user.

The client message stucks there:
Thu Jan 18 18:30:40 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.185:1194
Thu Jan 18 18:30:40 2018 UDP link local (bound): [AF_INET][undef]:0
Thu Jan 18 18:30:40 2018 UDP link remote: [AF_INET]192.168.0.185:1194

and the following messages appears on my opnsense log:
TLS Error: TLS handshake failed
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)


The port 1194 on the WAN side is correctly opened, which is confirmed using nmap:
PORT     STATE         SERVICE
1194/udp open|filtered openvpn

Spying the connection with wireshark, indicates that the packets are [Malformed Packet]. No idea if it is a/the problem or not.

Is there anyone having a clue to solve this problem?

Thanks!
Pages1