Messages

Why do I have to setup the IPSEC local and remote IDs 2 times in 23.7?

In both "Pre-shared Keys" menu and in Authentication section of Connection setup.

sorry - now I seen it...

In 23.7 the enable IPSEC is still in Tunnel Settings [legacy]. If disabled in legacy the new "Connections" does not start.

ok.

Thank you.

After some of the 22.7 updates I get:

debug.pfftpproxy   Disable the pf ftp proxy handler.   unsupported   unknown   

warning: ignoring missing default tunable request: debug.pfftpproxy

Should I just delete debug.pfftpproxy or is it a bug in os-ftp-proxy plugin?

Also when I setup with Hash alg. AES-XCBC in phase 1 and nothing in phase 2 the "VPN: IPsec: Security Association Database" list Auth alg. as replay=0 or replay=4.

Is this expected?

perfect.

Just ran into a little problem.

I was able to configure Phase 1 using IKEv1 with:
IKE:AES_GCM_16_128/PRF_AES128_XCBC/MODP_2048

But this is not supported with IKEv1.

Ok.

Just needed to know what I might brake with the update, so I can check setup at customers before update.

ipsec: remove hashes and algorithms no longer supported by FreeBSD 13

Does this mean that 3des, sha1 and md5 is no longer supported in IPSEC tunnels?

When I use Captive Portal and hit "sign in" the page does not reload at Android.
At Ipad I get blank page with the text Success instead of a page with "logout"
Can this be fixed?

How do I define redirurl from the GUI (like Pfsense have)

From default template:

Code Select Expand


                       // redirect on successful login
                        if (data['clientState'] == 'AUTHORIZED') {
                            if (getURLparams()['redirurl'] != undefined) {
                                window.location = 'http://'+getURLparams()['redirurl']+'?refresh';
                            } else {
                                window.location.reload();


Hi,

can I use configuration export from a OPNsense NANO install and import it on a new full install OPNsense without having nano specific configurations at the new install?

https://github.com/opnsense/core/issues/4952

Ok. Thank you

Here is a few link with use cases:

https://campus.barracuda.com/product/cloudgenfirewall/doc/79462985/how-to-create-wildcard-network-objects/

https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/wildcard_ip_addresses_about.html

I need to create a firewall rules that gives access to IP's which ends at e.g. .64

Using another firewall provider we could do this by using wildcard netmasks as this 0.0.0.64/0.0.0.252

Can this be done some how with OPNsense?


We need to do the same as this other Cisco example:
Match all 192.168.x.1 addresses:
permit 192.168.0.1 0.0.255.0