Messages

thank you

I keep getting the below error when trying to delete static keys for VPN instances that no longer exists

/usr/local/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/InstancesController.php:99: Call to undefined method OPNsense\OpenVPN\Api\InstancesController::delStaticKeyBase(

I rebooted my firewall and tried again but the issue remains. I've remained all OpenVPN instances and i'm still unable to delete the keys.

I did a Hyper-V update when I first installed the server, to keep up to date. Wondering if that has something to do with it... I'm using the standalone Hyper-V Server from Microsoft.

Review your Hyper-V logs to see if the problem you are experiencing is logged. Based on the model of your server it may be a hardware limitation.

Did you disable secure boot ? I just ran through a Hyper V install (Gen2) in my lab and it loads just fine.

Enable "prefer to use ip4 even if ipv6 is AVAILABLE" from
SYSTEM - - >SETTING - - >GENERAL

I don't recall being able to tag SSID to VLANS on AsusWRT. Since its a dumb switch all VLANS should be available on all ports.

In any event to test the VLAN from your PC do the following

To open Device Manager:

Press Windows key + R
   Type devmgmt.msc
   Click OK.
       In Device Manager, open Network adapters.
       Right-click on the NIC and choose Properties.
       Click the Advanced tab.
       Scroll down to VLAN ID.
       Set the ID that to ISO VLAN.



If your VLAN is configured correctly your firewall should assign an IP

I want to separate my network devices into two networks: one for my regular devices (LAN) and one for devices that really have no business on the LAN (ISO). I'd also like any guests connecting to the network to be DHCP'd onto the ISO network. I have wired and wireless connections for both device categories. For example:

Desktop: wired (LAN)
Phone: wireless (LAN)
TV: wired (ISO)
Alexa: wireless (ISO)
Guests: wireless (ISO)

LAN: 192.168.1.0/24
ISO: 192.168.2.0/24

I'm having trouble wrapping my head around how to set up VLANs and bridging to make this possible. So far, I've tried:

1. Connect AP and wired devices to switch
2. Connect switch to firewall port 1
3. Create VLAN off port 1
4. Static-assign all IPs as necessary between the networks
5. Turn DHCP off of LAN and on for ISO

The issue that I run into is that anything that comes onto the network later ends up getting an address on the LAN network (192.168.1.x) instead of the ISO network as intended. Additionally, even though devices are statically assigned IP address on the ISO network, the devices--themselves--show that their IP address is on the LAN network (for some devices, this causes connection issues).

I'm not sure what's causing this. Am I going about this the wrong way?

What access point and switch do you have ?

I added an attachment to my previous post. I have a managed Netgear switch at home. Port 1 is connected to my firewall and port 2 is connected to my access point. As such i tagged port 1 to allow ALL VLANs on port (mainly because i do a lot of testing) and port 2 to do the same. So all VLANS defined on the firewall will be passed to my access point. My VLAN network for WIFI is on VLAN 2.

Since i use an UNIFI AP, i have to go into the Wireless settings for the SSID i want to assign to the VLAN and update the network setting to connect to VLAN 2 for that particular SSID ( see attached screenshot).

Thanks, I will definitely go through the official documentation that you've pointed me to. 

The problem I'm running into, though, is not the setup of the Guest Network per-say.  But rather, the VLAN.  It seems after I create the VLAN and assign it to a physical interface then create a DHCP pool on it, for some strange reason, the inbound DHCP Request (i.e., 0.0.0.0:68) is getting blocked by the "Default Deny All" policy.  I've done everything I know to do but can't seem to get past this - I must be missing something.

Are you using a managed switch ? If so, the uplink and downlink interfaces will need to be tagged. If port 1 is connected to your OpenSENSE router from switch, add VLAN tag to interface. If port 2 is connected to your AP from switch, add VLAN tag to interface.

See link below. Info is in docs. https://docs.opnsense.org/manual/how-tos/guestnet.html

Just install the snort vrt plugin again and you'll be more happy.


Cheers,
Franco

Well im stupid for some reason i thought it was on by default. No idea why. Thank uou

Anyone?

I'm sure GRE 47 also needs to open for PPTP connections. Unfortunately i haven't setup PPTP connections in years and not on OPENSENSE. I can fire up a VM to see how it works but i have a question, is there a specific reason you are using PPTP vs say OPENVPN  or another modern alternative ?

Seems i no longer have the option to integrate snort into suricata. This after doing a clean install and upgrading to 18.7.10_3 on my new i3 box




My J1900 box that's been up and running for months still has the option and is also on the current release

Hello,

Could someone explain to me the difference between the type "URL (IPs)" and "URL Table (IPs)" when creating a new alias for the firewall ?

thanks a lot !
Have a good day.

I believe and i may be wrong:

URL IPS - a list of IP's from external source. Only IP's no CIDR range.
URL TABLE IP - a list of IP's from external source which can be defined as a CIDR range (192.168.0.1/24)

If you are using unbond DNS remember to set custom options

what would the need be for the custom options to be set?

DNS rebind protection may prevent secure connections to the Plex server as such its recommended to add the custom option.