Messages

HI,
I have setup openvpn server to allow remote users to connect to internal network. I would like to setup intrusion detection to detect malicious traffic from compromised vpn clients to corporate lan. I am only interested on vpn client address as real addresses are dynamic (3G/4G mobile network) and opnsense is behind another firewall, so all clients seem to be coming from dmz gateway.
Which surricata rules should i activate, mainly to detect attacks against windows servers and databases ?
TIA.

Hi, I have followed the document at https://docs.opnsense.org/manual/multiwan.html and setup a weighted monitored loadbalanced multiwan group between 2 adsl connections.
on the interfaces configuration page relative to the WAN interface (both adsl connections are on the same subnet but to two different isp), the gateway group doesn't appear. If i leave the Gateway vakue to its default, packets are not forwarded from the lan clients to the internet. If i choose any of the wan gateways traffic is forwarded from  lan clients to the internet but then i don't have load balancing.
Can someone help me please ?
TIA
Fathi B.N.

I have a lot of warnings and critical messages from the underlying hypervisor about memory, swap usage, disk backlog, fifo errors, disk utilization, inbound packets dropped ratio, ...  and that is why i am asking about sizing.

Hi,
It seems that OPNsense is sending Calling-Station-Id and Called-Station-Id only in the authentication packets and not in the accounting packets.
How can I fix this, so it sends these two radius attributes even in the accounting packets ?
TIA.

Hi,
We have setup an OPNsense (now 19.1) as VM with captive portal and radius authentication against an independent radius server.
This firewall is connected to the internet via a mobile broadband router.
When it reaches ~40 simultaneous users, the servers nearly hangs and stops responding for a while.
I will have to buy a new server and would like to know, hardware people are running OPNsense on and simultaneous users they can allow to the internet.
I am not running any proxy, nor ssl inspection, nor suricata, ... just routing authenticated users to the internet.
TIA.

Thanks franco.

Hi,
Shouldn't be only the certificate field required.
I need to trust the certificate of a samba AD domain controller to be able to use it as an authentication server for Opnsense.

Since Samba enforces authentication over TLS, otherwise we get an ldap bind error Strong(er) authentication required.
I could solve this by allowing authentication over unsecure ldap connexion in smb.conf but this is not an advisable solution since it will expose all user credentials over the net.
TIA

Hi,

RFC 7710 allows to send the url of a captive portal in dhcp responses. I use a separate dns/dhcp server and couldn't setup CP to work. Which url should i send in my dhcp responses to let devices discover OPNsense captive portal ?
TIA

Hi,
I am settin up blacklist on squid and noticed 2 starnage behavior:
1) lines styarting with ^http(s)? gets repeated several times even if I inserted them only once, so to restrict access to 10.0.0.0/8, 192.168.0.0/16 and 172.12.0.0/12 i used ^https?:\/\/192.168\.([0-9]+)\.([0-9]+),^https?:\/\/172\.[16-31]\.([0-9]+)\.([0-9]+),^https?:\/\/10\.([0-9]+)\.([0-9]+)\.([0-9]+)
After several modifications to the opnsense config, when I go back to add other domains to block, I find these lines repeated once or twice

2) It is not possible to insert in the blacklist field the domain googlevideo.com even if I export the config, insert this domain manually and then import it, the import fails.

Does someone noticed similar behavior ?

Hi,
My setup:
WAN interface connected to a 4G router via an ethernet switch
LAN interface connected to another switch with several wifi access points
All user traffic coming to OPNSense LAN interface through wifi-ap --> switch -->  LAN
DHCP assignments and DNS resolution served by another server on the LAN net segment with OPNSense LAN served as default gateway for dhcp clients
So dhcp and dns resolution works even if OPNSense VM is down but no internet connection is possible as the other server doesn't route any traffic to the internet even if it is connected to the internet independently of the OPNSense server.
Squid is set transparent mode with related port forwarding rule active and works well.

When I setup captive portal on LAN interface, all traffic to the internet is blocked but no captive portal page is show. Tried to acces ONSense on ports 8000-8002 while CP is active but it doesn't show any page.
without cp, an ipfw list shows one single rule, that all traffic is allowed. When activating cp, ipwfw list shows a lot of new rules.

Can someone help me please.
TIA

Hi,
I have a particular setup where opnsense would be put on trains to filter and shape internet traffic.
What I am trying to setup is a captive portal with self registration by SMS: user is promted to enter his phone number, upon receiving his password he can connect with his phone number as username and the randomly generated and sent by sms password.
Also, this authentication system should be centralized, meaning when a user registers onboard of train A, leaves it and rides train B, he hasn't to reregister and should be able to login with credentials created on train A.

I am thinking of a centralised auth system, like a central radius server but would also like to minimize traffic between each embedded opnsense and the central auth server (no accounting for now).

Does anyone have a similar setup ? How did you solve thess issues ?

TIA
Fathi Ben Nasr