OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of tobia »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - tobia

Pages: [1]
1
17.7 Legacy Series / Re: Can I configure split networking for IPsec clients?
« on: January 17, 2018, 10:56:44 am »
Right, I will try OpenVPN in the future.

Does anybody know if it can be done in IPsec, and how?

2
17.7 Legacy Series / Re: How to enable Unbound DNS for IPsec clients?
« on: January 17, 2018, 10:55:35 am »
Mobile clients don't "enter" the LAN (192.168.10.* in my case) they have their own separate network (192.168.40.*) which can access LAN and DMZ through firewall rules.

Quote from: mircsicz on January 11, 2018, 06:31:41 pm
I've added access list entry's for each of the subnet's

How did you do that?

If I try Custom Options in the GUI it gives an error; if I manually edit access_lists.conf I lose the changes at every restart.

3
17.7 Legacy Series / Can I configure split networking for IPsec clients?
« on: January 10, 2018, 12:19:12 pm »
Is there a way to give IPsec clients a list of subnets that should be routed through the tunnel?

For instance, can I have IPsec clients route the LAN subnet, DMZ subnet, and a few other custom subnets through the tunnel, while everything else would exit through their regular Internet connection?

How would I do that?

Is this generally considered bad practice?

4
17.7 Legacy Series / How to enable Unbound DNS for IPsec clients?
« on: January 10, 2018, 11:51:41 am »
Hi

I'd like my IPsec clients to use the builtin Unbound DNS server, same as the LAN clients do, to get access to the same name resolution settings and overrides.

But the Unbound config page (services_unbound.php) does not list the IPsec interface under Network Interfaces, only regular interfaces: All, DMZ, LAN, WAN, Localhost. Even if I choose All, the file /var/unbound/access_lists.conf is created with specific access-control rules that exclude the IPsec address range. I tried adding an additional rule under Custom options:

Code: [Select]
access-control: 192.168.40.0/24 allow
but it results in a syntax error. Maybe Unbound wants the access-control rules to be all together? If I manually add the rule to /var/unbound/access_lists.conf, then it works and my IPsec clients can use the DNS server, but of course that file gets rewritten at every Apply.

I tried messing around with NAT rules, but could not get anything to work.

What is the correct way to let IPsec clients use the builtin Unbound DNS?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2