Messages

1

Italian - Italiano / Re: Gestione remota OPNSense

« on: January 03, 2023, 02:37:29 pm »

La mia opinione: accesso alla GUI da remoto solo tramite VPN. Se proprio non fosse tecnicamente possibile, accesso con 2FA e magari solo da indirizzi IP pubblici "trusted".

2

Hardware and Performance / Re: Cheap Hardware for VPN Client?

« on: April 30, 2021, 11:44:27 am »

Or something like this: https://store.gl-inet.com/collections/all-wifi-devices/products/gl-ar300m-mini-smart-router if you only need a VPN client running up to 20..50 Mbps (depending on VPN type). Unfortunately OPNsense doesn't run on it.

3

21.1 Legacy Series / Re: Native-kernel wireguard support for 21.1 feasible? FreeBSD 13 may have it

« on: March 21, 2021, 11:00:45 am »

let us know when it's time and let's test the experimental Wireguard kernel module.
Then we will see if everything will be good.

2nd to this. Thanks Franco.
--
Stay safe.

4

Italian - Italiano / Re: Mio sito sulla rete interna

« on: January 13, 2021, 05:21:46 pm »

Ciao,
altra verifica... se c'è un solo IP fisso in WAN le porte utilizzate dal firewall per la sua amministrazione sono diverse dalla 80 e 443?

P.S.: Le 2 regole di "NAT:Port Forward" hanno Source/Interface WAN, Destination/Address "WAN address" e NAT/IP l'IP del server wordpress.

5

Hardware and Performance / Re: Moving OPNsense to DMZ

« on: January 04, 2021, 03:56:51 pm »

I managed a couple of APU2s with a data line greater than 100/100 Mbps. In my cases moving the firewalls to DMZ improved significantly the situation.

6

Hardware and Performance / Re: Smaller form factor hardware recommendations?

« on: July 30, 2020, 04:08:31 pm »

Another option is this: https://fit-iot.com/web/products/fitlet2/
Quite reliable, not so cheap.

7

Hardware and Performance / Re: newbie wants to build 1st opnsense firewall

« on: October 31, 2019, 03:13:20 pm »

I'd vote for Supermicro, having 3 in production. Like 2x10Gb ports and IPMI.

8

19.7 Legacy Series / Re: IP subnet on WAN interface and NAT

« on: October 03, 2019, 11:11:23 am »

Hello,

you should add an "IP Alias" with the same netmask of your WAN subnet.
Then you can use it as you need.

9

Italian - Italiano / Re: Regole per la connessione temporizzata ad internet per macaddress

« on: August 12, 2019, 02:25:27 pm »

Una possibilità è quella di riservare un IP nel servizio DHCP e poi applicare la regola a tempo per quell'IP di origine.

10

General Discussion / Re: Multi WAN question

« on: May 17, 2019, 12:12:15 pm »

Hello,

it is possible.
You simply need to configure the proper WAN Gateway (WAN1 or WAN2) to a rule belonging to your LAN interface.

11

General Discussion / Re: Routing to another gateway

« on: April 24, 2019, 08:34:59 am »

Asymmetric routing (https://en.wikipedia.org/wiki/Talk%3ARouting#Symmetric_and_Asymmetric_Routing).
Ping (ICMP) can handle it, all other protocols not.

12

General Discussion / Re: Basic question about WAN rules

« on: April 19, 2019, 08:31:52 pm »

Hi Gary,
if you stay with drop all (default) rule you don't actually need any other inbound rules.
As a net admin, however, I need to remote admin all my firewalls and if there is no VPN at least one rule allowing the firewall remote admin is needed. In this case access can be "shielded" using DNSBLs and IPBLs.

13

19.1 Legacy Series / Re: Unable to boot ESX VM using OPNsense-19.1.4-OpenSSL-vga-amd64.img

« on: April 17, 2019, 08:44:16 am »

You need an .iso image to install OPNsense as VM: OPNsense-19.1.4-OpenSSL-dvd-amd64.iso.bz2

14

19.1 Legacy Series / Re: VMWare Tools for Hardened BSD

« on: February 07, 2019, 09:33:31 am »

Same here. Production environment on ESXi v6.7, VMware tools are properly working despite the warning.

15

Italian - Italiano / Re: Acquisto firewall OPNsense

« on: January 19, 2019, 08:53:32 pm »

Ciao,

in realtà se la banda WAN è importante (sopra i 100 Mbps) e la banda richiesta dalla VPN è quella della WAN allora la velocità di connessione influenza non poco la scelta dell' hardware. Stesso discorso se sono richiesti servizi IDS/IPS.
Infine: budget?