Messages

1

21.7 Legacy Series / Aruba 5xx Access Points VLAN Assignments [Solved]

« on: December 10, 2021, 08:59:37 am »

Hi,

mark Freeradius@OPNsense -> general -> Enable Mikrotik attributes and set Mikrotik VLAN attribute. This works also for Aruba access points from 5xx series. Be aware of "VLAN ID" and "Mikrotik VLAN ID" should match, otherwise you may get IP address from DHCP server behind "VLAN ID" or other strange things may happen.

regards
ip6li

2

21.7 Legacy Series / Freeradius Plugin: How to set users for a specific realm

« on: August 28, 2021, 06:50:47 am »

Hi, some devices need a Radius realm. Is there any way to create in OPNsense Freeradius plugin an realm and defining users for a specific realm? Freeradius itself supports realms.

e.g.: LineageOS need for using enterprise WPA2 a domain. This domain is used as realm.

3

General Discussion / Re: nginx listen ip

« on: December 05, 2020, 11:34:03 am »

There are several usecases for binding Nginx to specific IP adresses, e.g.:

• One IP address may be forwarded by pf to a webservice which cannot be routed through Nginx, e.g because it does not support SNI - that is real life versus theory
• One mor IP address is routed to e.g. honeypot and Nginx should not interfere

I cannot understand what is wrong with a Nginx config like listen 192.168.1.2:443 ssl http2; it is supported by Nginx out of the box.

Binding services to IP addresses which are not needed for this service should be considered as a security flaw.

4

19.1 Legacy Series / Custom options: This option will be removed in the future due to being insecure

« on: June 27, 2019, 10:39:43 am »

Hello,

the announcement "This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting." caused some trouble.
At least this will cause problems if OPNSense is used wird DNSSEC and für internal Windows AD. This field is used to set up an exempt from DNSSEC for internal Windows AD domain.
If this field is dropped, OPNSense will no longer resolve AD DNS.

At least there should be a possibility by CLI to include custom configs for Unbound. I think Unbound config options are too complex to map them all into a Web GUI.

Christian

5

German - Deutsch / Re: DNS Override

« on: June 27, 2019, 10:31:18 am »

Hallo zusammen,

das Problem hatte ich auch, die Lösung war so offensichtlich, so dass sie nicht aufgefallen ist.

OPNsense ist als DNSSEC validierender Resolver konfiguriert, was auch sehr sinnvoll ist. Die AD Domain läuft jedoch nicht mit DNSSEC, so dass der OPNsense Resolver sie nicht aufgelöst hat.

Lösung:
Unter "General" - "Custom options" folgendes eintragen:

server:
   domain-insecure: "meinladen.example.com"

Danach wurde trotz eingeschaltetem DNSSEC die AD Domain aufgelöst.

6

17.7 Legacy Series / Right way to autoload kernel module

« on: August 25, 2017, 01:43:22 pm »

Hello,

what's the right way to auto load a kernel module while boot?

For monitoring reasons I need to load ipmi.ko. In FreeBSD this is done in /boot/loader.conf, but I am not sure if this breaks OPNSense updates.

regards
Christian