Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ltb76

Pages1
#1
General Discussion / Re: IPsec Site 2 Site VPN (no traffic comming trough)
March 28, 2019, 08:24:28 PM
So I got it working. Not sure what the issue was.

In phase2 I changed Local Network from Type Network to "LAN Subnet". It then started working for that the LAN Subnet. I then switched it back to Network, and included all subnets (like before) and then it worked for all subnets.

I just went back and checked the config history - and there does not seem to be a difference between the 2 configs.

Well must have been a "smurf".  :o
#2
General Discussion / IPsec Site 2 Site VPN (no traffic comming trough)
March 28, 2019, 10:53:22 AM
Hi,

I am trying to setup a site 2 site vpn between 2 opnsense installations.
I have followed the WiKi (https://wiki.opnsense.org/manual/how-tos/ipsec-s2s.html) with one change (Connection method "Start immidiate").
I think that I have double checked the settings :)

The tunnel comes up. (Attached Tunnel_UP)

But I cannot ping between site A and B

I have created a rule on the IPsec interfaces (Attached Rule_IPsec_Site..)

If I do a packet capture on the IPsec interface no packages are captured.

Any help much appreciated.
#3
Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering
March 17, 2019, 04:41:31 PM
Hi,

I'm new to OPNsense and Sensei, testing it to replace my soon expering PaloAlto home firewall.

Just did a default install and it seems to be working well (I see several blocked add sites under "Blocked Sites Explorer").
I might be missing something though. I tried adding "Bing" under "App Controls" - however I can still access bing.com. (I then tried adding Facebook - and that blocks Facebook). might the "bing" app be broken or am I missing something?

Another question, I looked in the manual but did not find the answer. Initially I added all my interfaces (WAN, LAN, LAN2 and DMZ) under "Protected Interfaces". dooing that seems to block DNS.
With the WAN interface protected, DNS trafic seems to be blocked with "Network Management category is administratively restricted" - even if does not appear to be blocked under "App Controls". Should I only add "LAN" interfaces to "protected"?

Is there a way to "not protect" an IP on a protected interface? Lets asume I have a device / client on the LAN interface that I for some reasone want to bypass all checks - is that posible?

I'm running
Sensei: 0.8.0.beta4
OPNsense: 19.1.4
Running ontop of VMware, 4 vCPU (D1540), 12GB RAM, vmxnet3 NICs
Pages1