Messages

Hi I have configured IPsec acording to this documentation:
https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html

There is no trouble when I add user according to step 4
Go to VPN ‣ IPsec ‣ Pre-Shared Keys and press Add.
user:user
password:password
type:EAP

If a user exist in local database there is a error message

Code Select Expand

The following input errors were detected:
A user with this name already exists. Add the key to the user instead.
The trouble is that user cannot login when I add preshared key in System ‣ Access‣ 
The preshared key is listed then in VPN ‣ IPsec ‣ Pre-Shared Keys as PSK and cannot be changed to EAP.

Hi, it is possible to achieve this scenario with opnsense, nginx and acme plugins.

I have a router with opensense installed WAN port has a public IPv4. LAN is 192.168.1.1/24 subnet.
I have a dns record subdomain.mydomain.tld pointing to WAN addres.
I have configure acme plugin to generate certificates. Certificates are generating correctly.

Now I am messed up with nginx configuration. I have a microsoft iis web server in local lan with ip 192.168.1.100 There are some websites/services runing .

http://192.168.1.100:80/service1 
http://192.168.1.100:80/service2
http://192.168.1.100:80/service3

Now I want to connect from internet to this server using nginx reverse proxy in this way:

1. Redirect http/https trafic with domain name to service1 with use of acme certificate
http://subdomain.mydomain.tld/ or https://subdomain.mydomain.tld/ -> http://192.168.1.100:80/service1

2. Redirect http trafic to public WAN ip without domain name to service2 and service3
http://publicIPv4/service2 -> http://192.168.1.100:80/service2
http://publicIPv4/service3 -> http://192.168.1.100:80/service3
http://publicIPv4/whatever -> http://192.168.1.100:80/whatever

I was only able to partially configure it in nginx plugin:
1. configured upstream and upstream server to point 192.168.1.100

2. configured locations
Description: subdomain.mydomain.tld
Url Pattern: /service1
Match type: Case Insensitive Match ("~*")
Force HTTPs: 1
Upstream server: 192.168.1.100

Description: publicIPv4
Url Pattern: /
Match type: none
Force HTTPs: 0
Upstream server: 192.168.1.100


3. configured 2 http servers
Name: subdomain.mydomain.tld
Certificete: subdomain.mydomain.tld
Location: subdomain.mydomain.tld

Name: publicIPv4
Certificate: none
Location: publicIPv4

With this configuration http://publicIPv4/whatever working like I want.
https://subdomain.mydomain.tld/service1 working.
But how can I https://subdomain.mydomain.tld/ redirect to http://192.168.1.100:80/service1

Thanks for the advice on the correct configuration.

Can anybody help me solve troubles with routes. I have a fresh instalation of OPNsense 20.7.2-amd64 on PC Engines APU4D4

My configuration is quite simple. I just followed web interface configuration wizard. For WAN i have configured PPPOE username and password adsl. LAN part is configured for 172.19.0.254/16

Everything goes right until here. PPPOE dial a connection and receieve IP, gateway and dns. DHCP on LAN site leases adresses to computers. Traffic to internet from computers is ok.

And now the troubles. We have an MS SQL server on opposite building. MSSQL server IP 172.18.0.3/16 is Behind a router in this building 172.19.0.1/16 Buildings are connected through WIFI.

So I have added two gateways on OPNsense router 172.19.0.245 and 172.19.0.1

Then I add a route 172.18.0.0/16 through 172.19.0.1 in system/route/configuration

In OPNsense firewall advanced configuration I have checked static route filtering (bypass firewall rules for traffic on the same interface)

Now I can ping to 172.18.0.3 from 172.19.0.0/16 subnet.

The problem is when I run application from 172.19.0.0/16 that something goes wrong. Application have an ODBC connection to the mssql database 172.18.0.3 I can run the application username and passwods are verified against the mssql but next operations throw an exception: Microsoft SQL Server: 10054 General network failure.

MSSQL
172.18.0.3/16


      Gateway (mikrotik)
<->   WAN: ISP, LAN1: 172.18.0.1/16
      LAN2: 172.19.0.1/16


      Gateway OPN sense
<->   WAN PPPOE ISP, LAN: 172.19.0.254/16
      Route to: 172.18.0.0/.16 via 172.19.0.1



      Computers
<->   172.19.0.10-99
      GW: 172.19.0.254


I try it with different routers (not APU4d4 with opnsense) tp-link, mikrotik same configuration and everything works well.

I dont know what Im missing. Firewall rule or something else. Any help will be appretiated.

Thank you.

Hi,
can someone give me a hint what is the best way to disable internet access and enable microsoft updates for some computers.
Thank you for replies.

I tried to connect with ldapadministrator.com with user dn and base dn I mentioned above and connection is without troubles. Still cannot connect from opnsense.

I tried it once again and I still can not connect. I have verified that users are CN. So

type: ldap
hostname: ad.mydomain.cz
port: 389
transport: tcp
protocol: 3
User DN: CN=Administrator,CN=Users,DC=mydomain,DC=cz
password: secret
base dn: CN=mydomain,CN=cz
initial template: microsoft ad
authentication containers: click select and get error message

Could not connect to the LDAP server. Please check your LDAP configuration.

What else can cause troubles?

Thank you for answer. So user dn must be:
CN=Administrator,CN=Users,DC=mydomain,DC=cz

I think I've already tried according to docs https://wiki.opnsense.org/manual/how-tos/user-ldap.html but I'll try again.

Hi. Need help connecting to ldap.

I am trying to add new ldap server in system>access>servers.
type: ldap
hostname: ad.mydomain.cz
port: 389
transport: tcp
protocol: 3
user dn : mydomain\administrator
password: password
base dn: CN=mydomain,CN=cz
initial template: microsoft ad
authentication containers:  click select and get error message

Could not connect to the LDAP server. Please check your LDAP configuration.

When I try connect localy on ad controller ad.mydomain.cz with ldp.exe conection and browsing ldap works.

On opnsense interfaces>diagnostics>port probe:
Connection to ad.mydomain.cz 389 port [tcp/ldap] succeeded!

Connection to ldap from another computer in same network eg. linux ldap administrator works.

opnsense version. OPNsense 18.1.2_2-amd64
windows ad: windows 2008 r2 build 7601 sp1