Messages

1

24.7 Production Series / System: Trust: Certificates issue?

« on: September 11, 2024, 04:10:11 pm »

I noticed that in 24.7.3_1 there is an inconsistency in System: Trust: Certificates.
Valid user certificates are indicated with "x" and revoked certificates are indicated with check mark.
Exactly the opposite of what happens for Web GUI SSL certificate and CA certificate.
Please take a look at the attached screenshot.
Greetings.
Dario
P.S. sorry for my broken English.

2

Virtual private networks / Opnsense HA - Client OpenVPN doesn't restart connection

« on: August 31, 2024, 04:24:22 pm »

Hello,
my environment:

2 OPNsense 24.7.3_1 in High Availability (CARP and pfsync work fine)
1 Public ip shared byy the firewalls
OpenVPN server 2.6.12
OpenVPN client 2.5.9

OpenVPN server configured on each firewalls
With OpenVPN client I get connection to both firewalls

Issue:
When the master firewall goes down OpenVPN client doesn't reconnect automatically (I must force reconnection from the client)

I would like to have a client automatic reconnection.
I tried with "persist-tun persist-key keepalive 2 10" but doesn't work

Can please anyone help me to solve this issue?

Greetings
Dario

3

Virtual private networks / Re: OpenVPN static IP using Viscosity client [solved]

« on: August 10, 2024, 01:30:05 pm »

configuring vpn server with Device mode = tap it works fine

4

Virtual private networks / OpenVPN static IP using Viscosity client [closed]

« on: August 10, 2024, 12:18:35 pm »

environment:
OPNsense 24.7.1-amd64
FreeBSD 14.1-RELEASE-p3
OpenSSL 3.0.14
Vicosity client 1.11.2 (1820)
PC Windows 11

target:
always assign the same IP to the VPN client

Hello folks,
until today for VPN road warrior I used the OpenVPN client and to always assign the same IP address to the clients I configured the file /var/etc/openvpn-csc/1/username with the directive
ifconfig-push <client IP> <netmask>.

Following https://docs.opnsense.org/manual/how-tos/sslvpn_client.html I tried using the Viscosity client and the solution (/var/etc/openvpn-csc/1/username) doesn't work so I ask for help to solve the issue.

Thanks so much for the kind help.
Greetings.
Dario

5

24.7 Production Series / Re: 24.7_9 VPN config

« on: August 10, 2024, 11:42:34 am »

I solved using Viscosity client
Kind regards
Dario

6

24.7 Production Series / Re: 24.7_9 VPN config

« on: August 05, 2024, 02:42:29 pm »

Hello Meyergru,
Thanks so much for your reply.
I'm still expertize problems with the new users certificate generation method but I'm working around.
Thanj you a lot
Dario

7

24.7 Production Series / 24.7_9 VPN config [closed]

« on: July 30, 2024, 03:14:18 pm »

Hello,
is there a doc explaning how to configure VPN (better OpenVPN) road warrior on release 24.7_9?

Kind regards
Dario

8

24.1 Legacy Series / dual wan doesn't work

« on: April 08, 2024, 01:13:42 pm »

Hello,
Opnsense rel 24.1-amd64

I configured two wan interfaces and one client interface:

WAN (active gateway)
192.168.1.2/24
gw: 192.168.1.1

WAN2
10.150.48.1/24
gw: 10.150.48.254

my goal is to have the automatic switch between the two wans when the active one falls

I followed this: https://docs.opnsense.org/manual/how-tos/multiwan.html
but when I disconnect the DSL connector from the router of the active connection (WAN) the second connection is not established.

If I manually change the priority of the gateways the connections correctly switch.

Can someone please help me?

Greetings
Dario

9

24.1 Legacy Series / Re: web proxy

« on: March 23, 2024, 02:01:12 pm »

I found it as "os-squid"
Dario

10

24.1 Legacy Series / web proxy

« on: March 23, 2024, 12:43:41 pm »

Hello folks,
Opnsense rel 24.1.3_1
Where is "web proxy" in rel. 24.1?
Thank you
Greetings
Dario

11

Virtual private networks / Re: revoked cert still works

« on: November 02, 2023, 04:57:46 pm »

Great job Patrick, now it works fine
have you a nice day
thanks a lot
Dario

12

Virtual private networks / Re: revoked cert still works

« on: November 02, 2023, 02:19:01 pm »

Hi Patrick,
I only create the CRL under:
System / Trust / Revocation
(and I revoked the cert, the cert associated to the user is marked as "Revoke")

I toke a look under OpenVPN Server but I don't found the way to configure the CRL

Can you please show me the way / give me instructions?

Thanks a lot
Dario

13

Virtual private networks / revoked cert still works

« on: November 02, 2023, 01:34:48 pm »

Hello folks,
I'm stuck on certificate revocation.

I always used username and cert to create VPN clients:
1) create user / password
2) create user-cert
3) bind user and user-cert
4) OpenVPN client export

I revoked a cert:
1) create CA Revocation List
2) revoke the cert

but the user still connetcs using VPN

This is embarazing.
Can someone please help me to solve this issue?

Greetings
Dario

14

General Discussion / Re: split communications towards two differents public interfaces

« on: October 19, 2023, 12:24:58 pm »

Hello Monviech,
thank you for your quick response.
what you suggest seems to be the solution.
I'll test it soonest.
Greetings
Dario

15

General Discussion / split communications towards two differents public interfaces

« on: October 19, 2023, 11:40:15 am »

Hello to all,
my environment:
- a LAN interface that hosts approximately 10 PCs
- two public interfaces connected to two different Internet accesses (A and B)
from all the PCs connected to the LAN I want to be able to direct a specific traffic (https) towards network B while all Internet browsing must go out through network A.
I guess this is fixable by configuring static routing in the firewall.
The problem is that to access the web app on network B Imust use a proxy made available by the manager of network B and I ask if there is the possibility to configure communication through the proxy on the firewall so I don't have to change the browser configuration every time that change Internet access.
Thank so much for your gracefull help.
Greetings
Dario