Messages

1

General Discussion / Re: Stunnel and SSH tunneling VPN

« on: August 16, 2017, 11:13:10 am »

Mostly SSL VPN (OpenVPN) through 443. Or is that already specifically blocked?

You can also tunnel quite a bit through SSH, which is preinstalled.

Cheers,
Franco

I will try to change it to 443 tonight,

And could you help point out how to use SSH tunneling in OPNsense and the client, please?
may be like just follow this link?: https://www.howtogeek.com/168145/how-to-use-ssh-tunneling

2

General Discussion / Stunnel and SSH tunneling VPN

« on: August 16, 2017, 10:38:52 am »

Is there anyway to get around ISP VPN blocking?

I read here: https://www.bestvpn.com/privacy-news/how-to-bypass-vpn-blocks

I'm suspecting my ISP is using Deep Packet Inspection (DPI) technology to control VPN traffic,

Perhaps actually OPNsense is built-in with stunnel or SSH tunneling?

Thank you,

3

General Discussion / Re: Use VPN, OPNsense with local IP

« on: August 15, 2017, 04:37:28 pm »

Got it working,

it turns out I forgot to use Google Authenticator,
and I use TCP 1194 it works,

but If I change OpenVPN server to UDP, and change config file to UDP also, reconnect, its not working, I dont know why,

4

General Discussion / Re: Use VPN, OPNsense with local IP

« on: August 15, 2017, 03:53:37 pm »

in Client Export, I download Archive instead, and put in my OpenVPN/config,

now it looks like this:

Tue Aug 15 20:50:35 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Tue Aug 15 20:50:35 2017 Windows version 6.1 (Windows 7) 64bit
Tue Aug 15 20:50:35 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Tue Aug 15 20:50:38 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.100.10:1194
Tue Aug 15 20:50:38 2017 UDP link local (bound): [AF_INET][undef]:0
Tue Aug 15 20:50:38 2017 UDP link remote: [AF_INET]192.168.100.10:1194
Tue Aug 15 20:50:38 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 15 20:51:38 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Aug 15 20:51:38 2017 TLS Error: TLS handshake failed
Tue Aug 15 20:51:38 2017 SIGUSR1[soft,tls-error] received, process restarting

I have firewall rule on WAN, LAN, and OpenVPN: ALLOW ANY ANY
Block private networks: disabled
Block bogon networks: disabled

5

General Discussion / Re: Use VPN, OPNsense with local IP

« on: August 15, 2017, 02:13:18 pm »

If I dont have any kind of IP public (whether static or dynamic) its not possible to use OpenVPN right?

After intuitively add the client cert and key, in my OpenVPN config folder, change its filename to match with config file,
I also change the config file to OPNsense WAN private IP interface,
also change to remote-cert-tls server,
reconnect
input username and password
and now OpenVPN says: Connecting to OPNsense-udp-1194-config has failed.

Please help, I need this VPN feature badly,




OpenVPN Log:
Tue Aug 15 19:06:42 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Tue Aug 15 19:06:42 2017 Windows version 6.1 (Windows 7) 64bit
Tue Aug 15 19:06:42 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Tue Aug 15 19:06:48 2017 Key file ('OPNsense-udp-1194-tls.key') can be a maximum of 2048 bytes

6

General Discussion / Re: Use VPN, OPNsense with local IP

« on: August 15, 2017, 01:37:19 pm »

I have OPNsense as local RFC 1918 (192.168.100.100),
connected to a broadband router, the router wan interface has IP public dynamic,

Where is the VPN server? OPNsense is the server?
Where is the client? from internet

7

General Discussion / Use VPN, OPNsense with local IP

« on: August 15, 2017, 12:59:00 pm »

Is it possible if I use VPN when the OPNsense WAN interface is local IP address,

I have my OPNsense as VM in a ESXi 5.5 host, in front of the host I have a broadband LAN router with dynamic IP public,

8

General Discussion / Re: WAN gateway unknown and pending, DHCP problem

« on: August 14, 2017, 04:54:38 pm »

After changing Interface/WAN, Ip address subnet from 32 to approriate subnet (in my network 24),
now LAN is able to connect internet,

Who put that 32 anyway?

now it is confirm i have to override the promised default value of dns and gateway in Service/DHCP/Settings
or it wont advertise those values to vNIC,

The WANGW still pending and unknown

I use HP ML350 G6 with E1000 vNIC,

9

General Discussion / WAN gateway unknown and pending, DHCP problem

« on: August 14, 2017, 04:27:35 pm »

For the WAN:
If I use static IP4, it become UNKNOWN (the WANGW),
If I use DHCP IP4, it is online when I see it dashboard,

In Gateway Status, the WANGW says Pending

For the LAN:
DHCP wont start from GUI, but if I use console "Set interface ip address" it will start,
DHCP client dont have gateway value, DNS value is not the same as promised (default) instead only get OPNsense LAN port IP4, unable to connect internet,

When I override DNS and gateway and then when I refresh VM IP, I have to disable and enable my vNIC, to get the newest DHCP server config, now DNS and gateway is showing up in VM vNIC,
and able to ping WAN side of OPNsense, but still no luck of pinging beyond that,

10

Tutorials and FAQs / Re: HOWTO: Install ICAPrb::Server on OPNsense

« on: August 14, 2017, 02:14:27 pm »

just to chime in... I also stumbled upon this.

While the HowTo is nice I guess 99% of people except it to not only cover how to install ICAPrb but also an AntiVirus solution. And I know that those are two different things... now.

I liked that OPNsense could do virus scanning till I found out that the requirement is an external solution. On the other side with more and more sites going https and not running an internal smtp server I wonder if the effort is worth it if I have local anti virus installed.

Just realized this also, i thought OPNsense already included with it,

Please anyone, if you can provide best alternative solutions (open source and commercial),

Thank you very much,

11

General Discussion / Re: How to save/persist changed configuration when rebooting?

« on: August 14, 2017, 08:22:43 am »

Yes, I just realized it few seconds ago, after reading over and over again the link:
 
https://opnsense.org/users/get-started/
and
https://docs.opnsense.org/manual/install.html

12

General Discussion / [SOLVED] How to save/persist changed configuration when rebooting?

« on: August 14, 2017, 08:17:28 am »

I already look around, but

• Im not able to boot from HDD
• I cant save my config changes after reboot

I must be missing something important?

13

General Discussion / Re: OPNsense placement in VMware ESXi

« on: August 12, 2017, 06:27:25 pm »

You seem reffering management to vcenter as one of it?

Thanks for the answer btw..

14

General Discussion / OPNsense placement in VMware ESXi

« on: August 12, 2017, 01:20:47 pm »

If I put OPNsense in a VM,

what is the best practice for OPNsense placement in VMware ESXi related to other VMs being protected?

I have seen:
https://doc.pfsense.org/index.php/PfSense_on_VMware_vSphere_/_ESXi

Assuming the above link is analogous to OPNsense,

Can I make
dSwitch A (port group: WAN) with uplink
dSwitch B (port group: LAN) NO uplink

Make the OPNsense VM has 2 vNICs (LAN and WAN)
and let other VMs in dSwitch B (LAN),

Question:

• Is above topology doable and correct?
• If someone can answer: is there any VMware features affecting VM in dSwitch B? like vMotion perhaps
• If I have standard switch, with VMkernel Adapter inside, can I move that to dSwitch B (separate port group says: MgmtPG)?

Thank you very much,

15

General Discussion / Re: OPNsense OS System Requirements

« on: August 12, 2017, 10:54:22 am »

Thank you very much,
it may be good idea to explicitly state OPNsense is a pre-built FreeBSD firewall appliance, or other appropriate label,