Messages

1

General Discussion / How to create an alias for "the internet"?

« on: November 04, 2021, 11:35:08 pm »

Greetings,

I need to create an alias for the Internet. Like 0.0.0.0 but exkl. 10.0.0.0/8, 192.168.0.0/16 and so on. How can I accomplish that?

Thanks very much in advance
Guybrush

2

21.7 Legacy Series / How to properly configure a rule for RPC?

« on: November 04, 2021, 10:41:08 pm »

Greetings,

I am currently testing out how to enable RPC through Opnsense (current). The standard ports are no big deal, but how do I handle the dynamic high range ports? I do not want to (means - cannot) restrict RPC ports on the destination Windows machines for several reasons. I usually work with Barracuda Firewalls, they have a RPC helper, which works fine. I wonder if there is something similar available with Opnsense? If so, can anybody point me to a how-to/docs/something to accomplish that?

Huge thanks in advance
Guybrush

3

20.7 Legacy Series / Enable and disable rule through external script

« on: November 01, 2020, 06:10:16 pm »

Greetings,

I am currently running a Nextcloud Instance with LetsEncrypt certificated. Nextcloud is only availabe to a group of static IP addresses. The only problem here is that I need to open 80 and 443 to the world to renew my certificates.

I could do it manually, but idealy want to run a script on the Nextcloud server, that enabled that particular rule, executes the certificate renewal, and disables the rule again.

Is that something I can accomplish? This scenario would come handy also in many other cases I assume.

Thanks
Guybrush

4

General Discussion / Re: Automatically restart IPSec on gateway status change

« on: May 05, 2020, 09:09:24 pm »

Thank you nwilder, this is a really great way to keep the connections up and running.

just to clarify:
172.y.y.y is an address in the headquarter, that is pinged through the tunnel
10.x.x.254 is the lan ip from the branch office opnsense, that is restarting the ipsec
is this correct?

do you know a way to show the target address in the monit status page? and is there a way of changing the monit sender address for the email notifications?

thanks a lot in advance
Guybrush

5

General Discussion / Re: Install PiHole on Opnsense

« on: January 15, 2019, 09:37:15 am »

What I love about PiHile is the huge amount of insight in a neat webinterface. In general I would like to give my clients the ability to block domains based on categories (gambling, nuditiy, ...) and to block malicious sites at all, but without the hassle of a dedicated proxy. I "freed" a network with over 100 clients from a predominant proxy, that caused all sorts of errors and problems. Additionally, I do not want to touch every piece of software that does not understand WPAD.

But maybe I am just not up2date with Opnsense (honestly, coming from pfsense and havent used the very newest version yet)?

Thanks
Guybrush

6

General Discussion / Install PiHole on Opnsense

« on: January 14, 2019, 11:27:05 am »

Greetings,

I would love to have an option to install PiHole on my Opnsense box. I have many small shops running Opnsense on an APU2 board, and I would like to avoid installing an additional Raspberry only for PiHole. I did some research, but most articles I found talked about configuring Opnsense to use PiHole.

Is there anybody working on that, or is there already a way to accomplish that and I didn´t find it yet? For technical reasons I cannot use proxies (only if it would be transparent).

Thanks
Guybrush