Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Douglas Fischer

Pages1
#1
17.1 Legacy Series / Re: Access Servers - Groups Scope Remote
July 24, 2017, 09:08:34 PM
I completely understand the concern about cluttering!
My environment has more than 20K users and 7K groups...

I don't know the right place to do a suggestion, but here goes:

If the Auth-Feature would do queries of groups on any request of resources of OPNSense, it could create a cluttering no AD servers.
But if it does a second query for each specific resource, only if applicable(depending on resource), It wouldn't overload the resources.
#2
17.1 Legacy Series / Re: Web Proxy Bind squid to Wan Interface
July 21, 2017, 10:33:45 PM
Tetes with static IP Address and it Worked. Thanks!

A cooment:
On a point of view of physical servers, or firewall as itself...
It's an "understandable" behavior!

But on a several Virtualized Servers environment, it is a restriction that makes the things harder.
#3
17.1 Legacy Series / Re: Access Servers - Groups Scope Remote
July 21, 2017, 10:28:44 PM
TestAuthentication_OPNSense-noGroup
https://imagebin.ca/v/3UAhOMFK9pJP


TestAuthentication_PFSense-WithGroup
https://imagebin.ca/v/3UAhsKZHAdPD
#4
17.1 Legacy Series / Access Servers - Groups Scope Remote
July 21, 2017, 10:17:53 PM
I have a LDAP(Active directory) and Radius(NPS) configured on my OPNsense 17.1.10-amd64.

On System -> Access -> Tester i receive an "authenticated sucessfully".
But I don't receive any groups on any test, Radius and LDAP.

- I have a group on AD and I'm on it
- I have a group configured on OPNSense configured with the exactly same name of ActiveDirectory Group.
- On Radius(NPS) I added the "Class" attribute to be delivered on the police matching with my group, and the string is exactly the same of the group name on OPNSense.
- I Tried tests using "administrator" of my domain on DN of LDAP server configuration...

Looks like OPN System is ignoring the groups that Radius and LDAP are telling him.
The behavior is the same 

For the records:
I'm doing some efforts to migrate from PFSense to OPNSense on several sites.
So I have two VMs to do the comparison "PF vs OPN", and any thing that is needed is equivalent to both servers.

And the Groups are working as expected on PFsense.

Any Suggestions?
#5
17.1 Legacy Series / Web Proxy Bind squid to Wan Interface
July 19, 2017, 02:49:29 AM
I'm Trying to use OPNsense 17.1.10-amd64 as a simple WebProxy.
And I´m not being able to activate Web Proxy(Squid) on the Wan Interface.

This box is not the Firewall of the network, and it must not have two interfaces.
My intent is to replace a Squid server.

I thought to enable a dummy interface on it, enable Web Proxy on it, an do a Port foward to it.
But i'm not able to create some Loopback or some like that...

Any suggestions?

P.S.: I'm recently coming from pfsense, so I'm still skating on thin ice...

--
Douglas Fischer
Pages1