"
Thank you @Seimus, will investigate this.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
French - Français / Re: opnsense sur proxmox , je galere pour me connecter a internet en IP Fixe
February 02, 2025, 05:55:53 PM
Est-ce que ton fournisseur requiert une authentification du client du genre PPPOE ou juste que tu sois en VLAN 300 avec une adresse mac précise ?
Tu peux forcer l'adresse mac côté proxmox dès le début de création de ta vm opnsense. Pour le bridge, je pense qu'il te faille juste cocher "vlan aware".
Je pense que le plus simple serait de déclarer ton interface wan au niveau du routeur de ton fsi comme serveur dmz par ip ou par adresse mac si possible, et ton firewall opnsense apparaîtrait comme s'il était directement connecté à internet.
Tu peux forcer l'adresse mac côté proxmox dès le début de création de ta vm opnsense. Pour le bridge, je pense qu'il te faille juste cocher "vlan aware".
Je pense que le plus simple serait de déclarer ton interface wan au niveau du routeur de ton fsi comme serveur dmz par ip ou par adresse mac si possible, et ton firewall opnsense apparaîtrait comme s'il était directement connecté à internet.
#3
24.7, 24.10 Legacy Series / Static route by ASN
January 21, 2025, 04:57:38 PM
Hi,
I have twwo internet connections to two different ISPs and would like to direct outgoing traffic to some ASN (mainly facebook, instagram, ...) to go through a given one of them.
I added an alias to the desired destination facebook_Meta_asn_32934_n_63293 and would like to add a static route to that ASN, so non production traffic goes through a given ISP.
Couldn't find how to do it.
Could someone help me please ?
TIA.
Fathi B.N.
I have twwo internet connections to two different ISPs and would like to direct outgoing traffic to some ASN (mainly facebook, instagram, ...) to go through a given one of them.
I added an alias to the desired destination facebook_Meta_asn_32934_n_63293 and would like to add a static route to that ASN, so non production traffic goes through a given ISP.
Couldn't find how to do it.
Could someone help me please ?
TIA.
Fathi B.N.
#4
General Discussion / Re: Firewall configuration and gotify android application
August 30, 2024, 02:00:21 AM
Hi,
Did you setup your firewall to pass http and https traffic of the ip and ports your Gotify server is listening on ?
If that didn't work try to add an nginx reverse proxy addon to opnsense and configure nginx to forward requests to gotify. If that didn't work either, try to enable websocket on the nginx reverse proxy (the gotify documentation doesn't indicate it is using websocket but i have seen some chatting programs using websocket and doesn't work if the reverse proxy didn't support it).
Don't forget to put the ip address of your firewall or reverse proxy on the variable trustedproxies of your /etc/gotify/config.yml or which ever is your gotify's config location.
Did you setup your firewall to pass http and https traffic of the ip and ports your Gotify server is listening on ?
If that didn't work try to add an nginx reverse proxy addon to opnsense and configure nginx to forward requests to gotify. If that didn't work either, try to enable websocket on the nginx reverse proxy (the gotify documentation doesn't indicate it is using websocket but i have seen some chatting programs using websocket and doesn't work if the reverse proxy didn't support it).
Don't forget to put the ip address of your firewall or reverse proxy on the variable trustedproxies of your /etc/gotify/config.yml or which ever is your gotify's config location.
#6
General Discussion / Firewall reporting
August 19, 2024, 10:24:34 AM
Hi,
One of our firewalls is a Fortigate that i have been asked to replace with another one less expensive and I hope it could be Opnsense.
Of course some people, inside my company argue that few products can compete with that brand. My arguments are that opensense can repond to our needs without trying to compare both products feature by feature.
The following is just a suggestion.
One of the features of the above brand is a daily security report, which looks like this:
Security Analysis
Report Date: August 16, 2024 14:00
Data Range: 2024-08-15 00:00 2024-08-15 23:59 GMT+1 (FAZ local)
Table of Contents
Bandwidth and Applications 3
Traffic Bandwidth 3
Number of Sessions 3
Top Applications by Bandwidth 3
Top Applications by Sessions 4
Top Users by Bandwidth 4
Top Users by Sessions 4
Top Destination by Bandwidth 4
Top Destination by Sessions 5
DHCP Summary 5
Top Wifi Client by Bandwidth 5
Traffic History by Number of Active Users 5
Web Usage 6
Top 20 Most Active Users 6
Top 20 Most Visited Categories 6
Top 50 Most Visited Sites 6
Top 10 Online Users 6
Top 10 Categories 6
Top 50 Sites By Browsing Time 6
Top 20 Bandwidth Users 7
Top 20 Categories By Bandwidth 7
Top 50 Sites (and Category) by Bandwidth 7
Top 20 Most Blocked Users 9
Top 20 Most Blocked Categories 9
Top 50 Most Blocked Sites 9
Emails 10
Top Senders by Number of Emails 10
Top Recipients by Number of Emails 10
Top Senders by Combined Email Size 10
Top Recipients by Combined Email Size 11
Threats 12
Malware Detected 12
Malware Victims 12
Malware Source 12
Botnet Detected 12
Botnet Victims 12
Botnet C&C 12
Botnet C&C Detected by DNS Filtering 12
Intrusions Detected 13
Intrusion Victims 14
Intrusion Sources 14
VPN Usage 15
VPN Traffic Usage Trend 15
VPN User Logins 15
Authenticated Logins 15
Failed Login Attempts 15
Top Dial-up VPN Users 16
Top Sources of SSL VPN Tunnels by Bandwidth 16
Top SSL VPN Tunnel Users by Bandwidth 16
Top SSL VPN Web Mode Users by Duration 16
Top SSL VPN Users by Duration 16
Top Users of IPsec VPN Dial-up Tunnel by Bandwidth 16
Top Site-to-Site IPsec Tunnels by Bandwidth 16
Top Dial-up IPsec Tunnels by Bandwidth 16
Top Dial-up IPsec Users by Bandwidth 16
Top Dial-up IPsec Users by Duration 17
Admin Login and System Events 18
Login Summary 18
Login Summary By Date 18
List of Failed Logins 18
Events by Severity 18
Events by Date 18
Critical Severity Events 18
High Severity Events 19
Medium Severity Events 19
Appendix A 20
Devices 20
And my question is : is there inside the opnsense installation a central repository to collect all this data so it could be possible later to extract it and generate a corresponding report. I know, the sensei plugin generates and sends such reports but they are not so exhaustive as the fortigate ones.
TIA
Fathi B.N.
One of our firewalls is a Fortigate that i have been asked to replace with another one less expensive and I hope it could be Opnsense.
Of course some people, inside my company argue that few products can compete with that brand. My arguments are that opensense can repond to our needs without trying to compare both products feature by feature.
The following is just a suggestion.
One of the features of the above brand is a daily security report, which looks like this:
Security Analysis
Report Date: August 16, 2024 14:00
Data Range: 2024-08-15 00:00 2024-08-15 23:59 GMT+1 (FAZ local)
Table of Contents
Bandwidth and Applications 3
Traffic Bandwidth 3
Number of Sessions 3
Top Applications by Bandwidth 3
Top Applications by Sessions 4
Top Users by Bandwidth 4
Top Users by Sessions 4
Top Destination by Bandwidth 4
Top Destination by Sessions 5
DHCP Summary 5
Top Wifi Client by Bandwidth 5
Traffic History by Number of Active Users 5
Web Usage 6
Top 20 Most Active Users 6
Top 20 Most Visited Categories 6
Top 50 Most Visited Sites 6
Top 10 Online Users 6
Top 10 Categories 6
Top 50 Sites By Browsing Time 6
Top 20 Bandwidth Users 7
Top 20 Categories By Bandwidth 7
Top 50 Sites (and Category) by Bandwidth 7
Top 20 Most Blocked Users 9
Top 20 Most Blocked Categories 9
Top 50 Most Blocked Sites 9
Emails 10
Top Senders by Number of Emails 10
Top Recipients by Number of Emails 10
Top Senders by Combined Email Size 10
Top Recipients by Combined Email Size 11
Threats 12
Malware Detected 12
Malware Victims 12
Malware Source 12
Botnet Detected 12
Botnet Victims 12
Botnet C&C 12
Botnet C&C Detected by DNS Filtering 12
Intrusions Detected 13
Intrusion Victims 14
Intrusion Sources 14
VPN Usage 15
VPN Traffic Usage Trend 15
VPN User Logins 15
Authenticated Logins 15
Failed Login Attempts 15
Top Dial-up VPN Users 16
Top Sources of SSL VPN Tunnels by Bandwidth 16
Top SSL VPN Tunnel Users by Bandwidth 16
Top SSL VPN Web Mode Users by Duration 16
Top SSL VPN Users by Duration 16
Top Users of IPsec VPN Dial-up Tunnel by Bandwidth 16
Top Site-to-Site IPsec Tunnels by Bandwidth 16
Top Dial-up IPsec Tunnels by Bandwidth 16
Top Dial-up IPsec Users by Bandwidth 16
Top Dial-up IPsec Users by Duration 17
Admin Login and System Events 18
Login Summary 18
Login Summary By Date 18
List of Failed Logins 18
Events by Severity 18
Events by Date 18
Critical Severity Events 18
High Severity Events 19
Medium Severity Events 19
Appendix A 20
Devices 20
And my question is : is there inside the opnsense installation a central repository to collect all this data so it could be possible later to extract it and generate a corresponding report. I know, the sensei plugin generates and sends such reports but they are not so exhaustive as the fortigate ones.
TIA
Fathi B.N.
#7
23.7 Legacy Series / Re: openvpn profile: Certificate Depth reset to Do Not Check after saving
August 09, 2023, 03:37:49 PM
Solved, thanks.
#8
23.7 Legacy Series / Re: New OpenVPN profile server: TLS static key neither automatically generated nor f
August 05, 2023, 12:45:13 PM
Sorry, I didn't see the new tab.
Thanks.
Best Regards,
Fathi.
Thanks.
Best Regards,
Fathi.
#9
23.7 Legacy Series / Re: Peer Certificate Revocation List present but no Peer Certificate Authority
August 05, 2023, 12:41:09 PM
Thanks.
Best Regards,
Fathi.
Best Regards,
Fathi.
#10
23.7 Legacy Series / Re: openvpn profile: Certificate Depth reset to Do Not Check after saving
August 05, 2023, 12:40:02 PM
Will wait for the fix.
Thanks.
Best Regards.
Thanks.
Best Regards.
#11
23.7 Legacy Series / Re: small suggestions for new openvpn profile
August 05, 2023, 12:39:28 PM
My second suggestion was just to be able to compare generated files (result of configuration) with the old and new way to configure openv and be sure all old configs have been set.
Best Regards,
Fathi.
Best Regards,
Fathi.
#12
23.7 Legacy Series / [Solved] openvpn profile: Certificate Depth reset to Do Not Check after saving
August 05, 2023, 11:55:43 AM
Hi,
When creating a new openvpn profile, the "Certificate Depth" value is always reset to "Do Net Check" after saving whatever value is chosen before saving.
May be this is related to the issue described in the topic 35225.0 https://forum.opnsense.org/index.php?topic=35225.0 (no way to select the peer CA to check client certificates against).
TIA
When creating a new openvpn profile, the "Certificate Depth" value is always reset to "Do Net Check" after saving whatever value is chosen before saving.
May be this is related to the issue described in the topic 35225.0 https://forum.opnsense.org/index.php?topic=35225.0 (no way to select the peer CA to check client certificates against).
TIA
#13
23.7 Legacy Series / [Solved] Peer Certificate Revocation List present but no Peer CA
August 05, 2023, 11:36:37 AM
Hi,
In the openvpn profile form the "Peer Certificate Revocation List" option is present but not the "Peer Certificate Authority" one allowing to select which Certificate Authority will be used to verify client certificates.
May be the form doesn't show because i have created only one Certificate Authority when creating an openvpn server before the 23.7 version change, and so it is implicitly chosen. In this case please ignore this post.
TIA.
In the openvpn profile form the "Peer Certificate Revocation List" option is present but not the "Peer Certificate Authority" one allowing to select which Certificate Authority will be used to verify client certificates.
May be the form doesn't show because i have created only one Certificate Authority when creating an openvpn server before the 23.7 version change, and so it is implicitly chosen. In this case please ignore this post.
TIA.
#14
23.7 Legacy Series / [Solved] small suggestions for new openvpn profile
August 05, 2023, 11:31:04 AM
Hi,
As several parameter names, descriptions and locations (order in the form) have changed between the old openvpn server generation wizard and the new openvpn profile form, would it be possible, as a suggestion, to print the old parameter names in italic, between parenthesis, under the new parameter names, so people could rapidly and with minimum possible mistakes manually migrate their old config to the new profile form.
Or at least have one preview button, similar to the one down this page, that allows previewing what will be the server config file.
TIA.
As several parameter names, descriptions and locations (order in the form) have changed between the old openvpn server generation wizard and the new openvpn profile form, would it be possible, as a suggestion, to print the old parameter names in italic, between parenthesis, under the new parameter names, so people could rapidly and with minimum possible mistakes manually migrate their old config to the new profile form.
Or at least have one preview button, similar to the one down this page, that allows previewing what will be the server config file.
TIA.
#15
23.7 Legacy Series / [Solved] New OpenVPN profile server: TLS static key neither automatically genera
August 05, 2023, 11:18:15 AM
Hi,
When creating a new openvpn profile for a server, there is no textarea to fill a static key nor is there the old option to "Automatically generate a shared TLS authentication key".
When creating a new openvpn profile for a server, there is no textarea to fill a static key nor is there the old option to "Automatically generate a shared TLS authentication key".
