OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ltb76 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ltb76

Pages: [1]
1
General Discussion / Re: IPsec Site 2 Site VPN (no traffic comming trough)
« on: March 28, 2019, 08:24:28 pm »
So I got it working. Not sure what the issue was.

In phase2 I changed Local Network from Type Network to "LAN Subnet". It then started working for that the LAN Subnet. I then switched it back to Network, and included all subnets (like before) and then it worked for all subnets.

I just went back and checked the config history - and there does not seem to be a difference between the 2 configs.

Well must have been a "smurf".  :o

2
General Discussion / IPsec Site 2 Site VPN (no traffic comming trough)
« on: March 28, 2019, 10:53:22 am »
Hi,

I am trying to setup a site 2 site vpn between 2 opnsense installations.
I have followed the WiKi (https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html) with one change (Connection method "Start immidiate").
I think that I have double checked the settings :)

The tunnel comes up. (Attached Tunnel_UP)

But I cannot ping between site A and B

I have created a rule on the IPsec interfaces (Attached Rule_IPsec_Site..)

If I do a packet capture on the IPsec interface no packages are captured.

Any help much appreciated.

3
Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering
« on: March 17, 2019, 04:41:31 pm »
Hi,

I'm new to OPNsense and Sensei, testing it to replace my soon expering PaloAlto home firewall.

Just did a default install and it seems to be working well (I see several blocked add sites under "Blocked Sites Explorer").
I might be missing something though. I tried adding "Bing" under "App Controls" - however I can still access bing.com. (I then tried adding Facebook - and that blocks Facebook). might the "bing" app be broken or am I missing something?

Another question, I looked in the manual but did not find the answer. Initially I added all my interfaces (WAN, LAN, LAN2 and DMZ) under "Protected Interfaces". dooing that seems to block DNS.
With the WAN interface protected, DNS trafic seems to be blocked with "Network Management category is administratively restricted" - even if does not appear to be blocked under "App Controls". Should I only add "LAN" interfaces to "protected"?

Is there a way to "not protect" an IP on a protected interface? Lets asume I have a device / client on the LAN interface that I for some reasone want to bypass all checks - is that posible?

I'm running
Sensei: 0.8.0.beta4
OPNsense: 19.1.4
Running ontop of VMware, 4 vCPU (D1540), 12GB RAM, vmxnet3 NICs

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2