Messages

1

17.1 Legacy Series / Re: IPSec reported tunnels

« on: May 31, 2017, 02:36:16 am »

sir,

Please post a guide on how to configure an IPSEC VPN because this is required in our office

Just site to site configuration as i do not want inter branch communication, only branch to central office.

Im relatively new to Opnsense VPN Implementation so i need all the help i can get .

Ciao.

2

17.1 Legacy Series / Re: How do I reset Intrusion Detection to "factory" defaults?

« on: May 31, 2017, 02:20:36 am »

hi,

at the CLI console choose option 4 (reset to factory defaults)
unforfunately all configurations will be erased.

you must perform configuration backup found in System>Configuration>Backups
prior to reset and choose what features to restore after the reset.

Hope this helps.

OPNSENSE ROCKS!!!!!

3

Tutorials and FAQs / Guide on Disabling Time Sync on a Opnsense Virtualbox Guest

« on: May 30, 2017, 03:24:14 am »

Hello there,

Opnsense has been an integral part of our network security implementation here in the Office of Civil Defense primarily due to the IDS / IPS which uses the State of The Art Suricata ruleset (i mean it from the bottom of my heart hehe).

However, when utilizing Opnsense as a Virtualbox machine for purposes of rapid deployment and scalability, one of the main issues regarding implementation is the problem on synchronizing the guest machine to its host due to the fact that Virtualbox does not have support for FreeBSD guest additions as of the moment.

Opnsense time services are important for accurate projection of RRD graphs and other reporting features, implementation of VPN, and system monitoring. 

Fortunately, there is a workaround on having the Opnsense guest to "copy" the host time capitalizing the kernel updates done in 17.1.4 and later

WORKAROUND FOR TIME SYNCHRONIZATION GUIDE

Prerequisite systems:
- Virtualbox latest version is recommended
- Opnsense build 17.1.4 and later
   
STEP1
- Install latest version of Virtualbox
- Create VM guest using the ISO installer of Opnsense 17.1.4 or later (17.1.6 is recommended)
- After creation of Opnsense VM guest install the following patches using the FreeBSD shell
      -  # opnsense-patch 5f17abb (suricata bug fix)
      -  # opnsense-patch 2f715d2 (gateway switching bug fix)
      -  # opnsense-patch ce8ef99  (gateway switching bug fix 2)
- after the patches have been successfully loaded, go to the Opnsense GUI, go to    System>Settings>General and set the time zone appropriate for your region (in my case its Asia/Taipei)
note: opnsense had installed a critical update within its kernel as of 17.1.4 enabling the time server to appropriately configure time settings directly from the system clock irregardless of state, being from a virtual or physical installation

STEP2
this is important so that the settings being done in the VM guest will be correctly translated by the Virtualbox hypervisor. 
- Go to the Command prompt (windows 7 professional is the host i currently use) as administrator
- type Program files/oracle/virtualbox to go into the Virtualbox directory
- within the virtualbox directory type this command:
  vboxmanage setextradata <vmname> “VBoxInternal/Devices/VMMDev/0/Config/GetHostTimeDisabled” “1” where:
<vmname >is the name of the virtual machine or guest
this will effectively disable time synchronization between VIrtualbox host and guest and in effect, the guest will directly get time from the host via configurations made in step 1.

When all configurations are done right, the time from the Opnsense guest will be the same as the host and will not experience adjustment problems thereafter.

Feel free to comment on this if there are some matters on this post.

Thank you and Opnsense ROCKS!! 
   

 

4

17.1 Legacy Series / IPS/IDS rules update failure after 17.1.7

« on: May 30, 2017, 02:13:01 am »

observed IPS/IDS rules do not update after performing system update from 17.1.6 to 17.1.7. furthermore, status of http://abuse.ch/dyre.ssl , http://abuse.ch/feodo , http://abuse.ch/ssl  fingerprint blacklist, http://abuse.ch/ssl  ip blacklist, and non free/PT Research ruleset suddenly went from installed to not installed after update even though the IPS/IDS is running.

Reverted to 17.1.6, IPS/IDS rules updated as expected.