Messages

Hello Ad,

Thank you again for your help. It looks awesome now. I had to close all browser windows it looks like as something must have been cached. I've been logged on for several hours now without being booted. Thanks again! Best regards,

Hrv

[TZ]

Hello rubantin,

I searched for SonicWALL TX 200, but I couldn't find any hits. Any ways that this could be SonicWALL TZ 200 (http://www.sonicguard.com/TZ200.asp)?

Anyhow, I don't think you'll have much luck putting anything other than SonicOS on this box as a few searches on different search engines came up with nothing. If nobody responds to you here in a while, I'd move on.

I'm guessing that this question is related to your other post (https://forum.opnsense.org/index.php?topic=1612.0) and that you're looking for embedded solution to replace some existing hardware at a client. JOs and I gave you some options to consider. Nobody will make a purchasing decision for you as nobody will want to be on the hook if you have problems implementing it. I'd suggest installing OPNsense in a VM (VirtualBox is free) and testing it out with multiple interfaces to see if it suits your needs. You can also pick up some very cheap computers at surplus stores and add additional NIC.

Hope this helps. Best regards,

Hrv

Hello Brian,

While I don't own one of these yet, I did some research on the when they came out a while back and noticed bunch of people had similar boot problems, albeit on different but similar OS.

Did you by chance try doing any of these:
http://www.yawarra.com.au/tutorials/how-to-install-pfsense-on-an-apu
https://forum.pfsense.org/index.php?topic=59555.msg406438#msg406438

Both seem to indicate that there are specific kernel parameters that need to be passed as well as serial baud rate that needs to be changed during boot time.

Hope this helps. Best regards,

Hrv

Hello rubantin,

I am a newb here too (less than 10 days) and also am impressed at what I see. I have been using pfSense as my home firewall since 2008 (1.2.1) and am currently testing OPNsense in VMs as a permanent replacement. I'm here because my requirements include multi-wan functionality and OpenVPN implementation on edge.

For possibly cheapest embedded solution you should look here: http://pcengines.ch/apu1d4.htm

Even though I'd like to, I do not own any of their products. I don't think you'll find anything cheaper than that. If you want cheaper, you should look for used old Linksys routers, or even any generic computer store off-the-shelf routers will do, as OPNsense may be an overkill for your simple implementation.

Hope this helps. Best regards,

Hrv

Hello rubantin,

Here are at least three posts discussing hardware suitable for OPNsense:

https://forum.opnsense.org/index.php?topic=1502.msg4566#msg4566
https://forum.opnsense.org/index.php?topic=260.msg955#msg955
https://forum.opnsense.org/index.php?topic=673.msg2033#msg2033

If you use the search function, you may find a lot more. I personally have a Biostar Viotech 3100+ (http://www.newegg.com/Product/Product.aspx?Item=N82E16813138187) that I picked up a long time ago for USD$90. My choice in this was because of Via Padlock which gave OpenVPN access to hardware AES encryption to reduce CPU usage. Along with the case it was under $150.

You'll find a lot of basic options for under $200 if you just dig a little. Hope this helps. Best regards,

Hrv

Hello jmvelez,

You should have a rule in your LAN section on top of the list (right after any deny rules if you have any) for LAN interface, IPv4 and destination port range to be SMTP for both from/to and have WAN1 selected as the gateway. This will ensure all outbound traffic from LAN where destination is port 25 will go through WAN1 regardless if its down or not. This means WAN2 should never be used.

I started taking a few screenshots of my multi-wan setup, but then it seems I encountered a possible bug where I can't set destination port by itself. :(

I have a video for multi-wan setup and this bug (https://vimeo.com/144761806). At 0:42 I create a new rule. At 0:52 I select destination port. At 1:06 I save, but results are not what was expected. I try and edit it (at 1:20) and save it again with different port, but still no-go.

Hrv

Very strange. It must be on my side then. I use Firefox 41.0.2 (always updates) in private mode always. It gets rid of all cookies when I close it. This morning should have been new cookies with this setting then. I'll try rebooting and using a different browser. Thanks again,

Hrv

Hello Ad,

What's the setting on "Seconds before an unused session timeout"? I've been previewing the reply every 10 mins or so. Doing that should have kept my session active.

Anyways, I'll keep an eye on it regardless and compose my replies in another program from now on to be safe... :)

Thanks for looking into it!

Hrv

Hello Ad,

I've logged this morning shortly after 9am (local time). I've started a reply on a post and have been actively previewing my reply (as I'm adding images and updating formatting). I was almost done at about 10.00am-10.15am and during a preview it logged me out.  :(

Could you please verify the session mechanism for forums again? When logging on I did select keep me logged in (which greyed out the minutes field).

Thank you again,

Hrv

You guys rock! Thanks a bunch!

Hrv

Hello heynow,

Thank you for this pointer. I missed this and assumed that adding it to admin group should have done it. I've added "User - System - Shell account access" to "admins" group which effectively did the trick. Thank you again for your help. I greatly appreciate your assistance.

Hrv

Hello,

It seems that OPNsense forum has a ridiculously low session timeout. I had timeouts during composing on both of my previous posts. It sometimes takes time for people to post messages (put images in, link, etc). Seems that timeout for forum is in minutes and not hours. I would like to make a suggestion to increase this timeout. I know we are all security conscious, but low timeout like this is more annoying than secure.

Thank you for your consideration. Best regards,

Hrv

Hello,

I checked /etc/passwd and my non-root user has a "/sbin/nologin" shell. I would assume that user added via GUI with all privileges and SSH server enabled that my non-root user would have a proper shell set and be allowed a login.

Also, it seems that even though root is disabled it still has a shell of "/usr/local/etc/rc.initial". I would expect this to be disabled.

Can someone please confirm what is expected behaviour of user accounts set in GUI with respect to SSH access? Thank you in advance. Best regards,

Hrv

Hello,

I've created a non-root account with same privileges as root account then disabled the root account. When I enabled Secure Shell Server with Permit password login option I'm still not able to log into OPNsense via SSH.

Image of my secure shell setting:


Image of users:


Image for SSH attempt:


I'm not sure if this is a bug or not. Thank you in advance for your help. Best regards,

Hrv

Hello Ad,

Thank you for the quick response. I knew setfirst wasn't standard, but I didn't realize what difference it makes in OPNsense vs pfSense since both have it but behave differently. I looked at the source for pfSense and wasn't able to see 'setfirst' being utilized anywhere. When you refer to custom patch, is that something that pfSense changes during their image build process to include this function?

Thank you again for your help. I greatly appreciate it. Best regards,

Hrvoje