Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - fabian

Pages 1 ... 132 133 134 135 136 ... 185
#1996
17.7 Legacy Series / Re: [CALL FOR TESTING] Tor
September 21, 2017, 11:13:49 PM
for which field?
#1997
General Discussion / Re: Firewall logs
September 20, 2017, 06:54:40 PM
in the logging settings you can set if the default block rules should log etc. You may have not configured or misconfigured it. The log looks like a lot of data joined by a comma (",").

to read it, you may use a library - for example, I wrote this one for logstash: https://rubygems.org/gems/logstash-filter-opnsensefilter
You can find the source code for this library here: https://github.com/fabianfrz/logstash-filter-opnsensefilter/blob/master/lib/logstash/filters/opnsensefilter.rb

Here is the OPNsense internal function:
https://github.com/opnsense/core/blob/master/src/etc/inc/filter_log.inc#L148
#1998
German - Deutsch / Re: Anfängerfrage zur Konfiguration der Interfaces/WLAN
September 20, 2017, 05:10:50 PM
Quote from: OPNPeta on September 20, 2017, 03:40:35 PM
Also, das Thema ist bridge mode. Ich möchte den AP eigentlich nur gerne wie bei jedem Schnullepulle 08/15 Router benutzen. Ist es dann egal, ob WLAN und LAN den gleichen IP Adressraum oder einen sich im vorletzten IP Segment unterscheidenden Adressbereich benutzen? Denn die bridge verbindet ja dann beide Bereiche auf den entsprechenden Layer.

In dem Fall gibt es nur mehr die Bridge und die beiden Schnittstellen brauchst du nicht weiter beachten. Du musst dir nur einen DHCP range auf die Bridge konfigurieren und dann tut es genau das, was ein handelsüblicher Router für den Heimgebrauch macht. Unter Umständen musst du hier die Firewall kurz abschalten, damit du dich nicht selbst raus wirfst (habe ich noch nie gemacht - kann es daher selbst nicht sagen).
#1999
German - Deutsch / Re: Anfängerfrage zur Konfiguration der Interfaces/WLAN
September 20, 2017, 12:58:22 PM
Wenn du das gleiche IP-Netz verwenden willst, musst du dein Lan und dein WLAN auf eine gemeinsame Bridge legen, sonst geht das nicht (die Firewall glaubt sonst, dass es sich um das gleiche Netz handelt und nimmit die bessere Route (in der Regel das verkabelte Netz). Als Alternative kannst du natürlich auch einfach ein anderes Netz verwenden (vorletztes Byte des IP-Bereichs um 1 erhöhen).
In dem Fall kanst du 192.168.1.1 als LAN IP verwenden und 192.168.2.1 als WLAN IP. Der DHCP-Bereich muss dann auch entsprechend angepasst werden. Der Vorteil hierbei ist, dass du das WLAN als weniger vertrauenswürdig einstufen kannst und damit viel restriktivere Firewallregeln verwenden kannst.
#2000
17.7 Legacy Series / Re: Using Opnsense only for VPN? Is it possible?
September 20, 2017, 08:33:20 AM
And the "main firewall" needs to know the VPN networks for the route back.
I would say that the OPNsense VM knows all required routes as it has only two: The VPN network and the default gateway.
#2001
General Discussion / Re: CPU ussage problem
September 19, 2017, 04:38:31 PM
Most stuff is written in PHP (its the main scripting language) and booting any system is something where it should be busy.
#2002
General Discussion / Re: OPNsense install
September 19, 2017, 04:32:10 PM
configuration should not happen too often but it should be possible to configure the system to avoid logging to disk. In this case you can send all your logs to an external logging server using syslog. If this is a logstash server, your log messages can be indexed for search, stored on a storage server and sent to a SIEM engine.

Enterprise SSDs are usually SLC instead of MLC which makes them last longer and be faster but it will increase the price a lot. If you want to to be prepared for disk failure it would be cheaper to mirror the data using RAID and do regular backups of important data.
#2003
17.7 Legacy Series / [CALL FOR TESTING] Tor
September 19, 2017, 02:25:25 PM
Just if anyone likes to test:

Log in via SSH, and run this in the shell:

Code Select
pkg install os-tor-devel

Docs may be available soon (URL will probably be https://docs.opnsense.org/manual/how-tos/tor.html)
#2004
17.7 Legacy Series / Re: certificate for Firefox Certificate Internal
September 19, 2017, 12:15:45 PM
The CA has the advantage that you can use it in the proxy too ;)
#2005
General Discussion / Re: OPNsense install
September 19, 2017, 12:11:19 PM
An 8GB CF card is enough for the operating system and the plugins but you cannot run a developer environment on it and you cannot use features like caching (for example the file system storage of the proxy).
#2006
Tutorials and FAQs / Re: Squid without Certificate is it Possible
September 19, 2017, 12:08:47 PM
If those 100 PCs are windows computers and belong to an AD domain, you can use a group policy. On most other operating systems, it should be possible to roll out the certificate using SSH.
#2007
17.7 Legacy Series / Re: Multi WAN Problem !!!
September 18, 2017, 11:48:25 AM
from the rule I would say that there is something wrong with the gateway set as an empty set is given in the rule.
#2008
17.7 Legacy Series / Re: Ha Proxy Frontend IPv6?
September 17, 2017, 06:56:58 PM
Should be allowed:
https://github.com/opnsense/plugins/blob/master/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml#L257
#2009
17.7 Legacy Series / Re: Hostname of clinets PC
September 17, 2017, 04:33:42 PM
the DHCP server may know it as it is a field that is sent with the DHCP request.
#2010
17.7 Legacy Series / Re: ClamAV Crashing
September 17, 2017, 12:26:47 PM
does your device fit the requirements?
https://docs.opnsense.org/manual/how-tos/clamav.html
Pages 1 ... 132 133 134 135 136 ... 185