Messages

Just did a security scan on my install and got the following, are there any concerns at the moment or anything in the works to resolve?

Code Select Expand

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.7.7 (amd64/OpenSSL) at Mon Jan 24 21:53:55 CST 2022
vulnxml file up-to-date
clamav-0.104.1,1 is vulnerable:
  clamav -- invalid pointer read that may cause a crash
  CVE: CVE-2022-20698
  WWW: https://vuxml.FreeBSD.org/freebsd/2a6106c6-73e5-11ec-8fa2-0800270512f4.html

1 problem(s) in 1 installed package(s) found.
***DONE***

If you have not changed anything the default login should be  root : opnsense

Thanks for the reminder @Franco ...  I did not even pay attention to this one setting "Disable Gateway Monitoring" which makes no sense to be enabled by default, why would someone want to always mark their WAN as up? I may be wrong here but....


If anyone else has this issue, this is how you handle it:

System -> Gateways -> Single

Click the pencil icon to edit the gateway

Ensure the Disable Gateway Monitoring option is unchecked.

* See attached screenshot for what to look for.

Thanks for the feedback folks. Not sure how to mark this as resolved.

Monitoring is enabled and it's set to use 1.1.1.1 as the endpoint.  I will doublecheck again tho and will reply once I get home.

Understood.

I was looking for a way to be able to dock my laptop with a lan connection and not having to turn off the WiFi every single time while.

For my desktop, I was hoping to be able to use both NICS in a one for incoming one for outgoing traffic.

Was also looking to enable the Deny unknown clients options.

Back to the drawing board.

I'm not an expert and this may be wrong but I had a bad config that borked my setup when I initially started to play with OPNsense. I had to connect my monitor and keyboard to the firewall and do a reset to get things back to "factory" settings then re-configured.

Not sure how much work you've put into this so far and if this would be a viable option for you depending on the amount of work done so far.

I've been trying to figure out how to do this on OPNsense but can't seem to find instructions on how to do so without using DHCP. I'm trying to limit my connected devices to only the things that I have made static DHCP leases for and this is stopping me from being able to lock things down.

I have a laptop and a desktop that have two network ports. The laptop, of course, has a WiFi nic and a LAN port which I use to connect to LAN when I'm at home and the desktop has two nics that I want to use.

In PFsense, I could create two lease entries with the same IP for both connections and it works, on OPNsense I just get this error:

This Hostname, IP, MAC address or Client identifier already exists.

Not sure if I am doing something that nobody else does or would ever do but any help to figure this out would be really appreciated.

Not sure why this is happening but I have set the gateway Monitor IP option to use 1.1.1.1 but it's been days and nothing shows up for the stats on the lobby dashboard.

If you still need help with this, see the instructions by blackdwarf here:

https://forum.opnsense.org/index.php?topic=8812.0

Short Version:

• Give your XB1 (or PS4, same process required) a static IP
• Install/Enable UPNP
• Set "User Specified Permissions" to "allow 88-65535 10.1.1.x/32 88-65535", where 10.1.1.x is the static ip of the XB1/PS4
• Firewall>NAT>Outbound - Set to Hybrid/Manual rule generation
• Create a rule with the following set: "Source Address - Single Host or network - 10.1.1.x" & "Static Port - Checked"

Thank you so much. Please disregard my previous message, I had to reboot my entire OPNsense box for the changes to take but I am good now.

• Do a hard-reboot of your XB1/PS4 (shutting it down and pulling the power for 2 mins will do"

You should now have a NAT Type of Moderate (XB1), or Type 2 (PS4).

Tried these instructions and nothing... I also tried the following:

I have the same issue.


I've created a Alias and added my xbox's IPs as the content.
created a WAN Rule to allow any port connection to the Alias
created a WAN Rule to allow any port connection to the xbox IPs
created a Outbound NAT for the Alias
created a Outbound NAT for the xbox IPs

So far nothing I do seems to work for me. I pull up my xbox and see

NAT Type: Strict
UPnP not successful

Anyone able to help out with this? I have the same issue.

I have installed Universal Plug and Play and am trying to figure out what settings I need to configure so that I can play my games.

For Firewall:

• I've created a Alias and added my xbox's IPs as the content.
• created a WAN Rule to allow any port connection to the Alias
• created a WAN Rule to allow any port connection to the xbox IPs
• created a Outbound NAT  for the Alias
• created a Outbound NAT  for the xbox IPs

So far nothing I do seems to work for me. I pull up my xbox and see

NAT Type: Strict
UPnP not successful

Animosity022,

Thanks for the reply.

Sorry, out of town for a conference but will post screenshots as soon as I get back.

Not sure how to close,  just realized I put his in the Documentation area. Please close this out.