Messages

1

General Discussion / Cannot update

« on: April 14, 2020, 04:08:57 pm »

One of our OpnSense appliances cannot be updated. We get the error: "Timeout while connecting to the selected mirror". When performing Health Check, I get a lot of "version mismatch, expected ..."

Followed these steps: https://forum.opnsense.org/index.php?topic=16685.msg75942#msg75942

But I didn't resolve the issue. Any tips, suggestions?

Kind regards.

2

Intrusion Detection and Prevention / Re: Send IPS alerts by e-mail

« on: October 21, 2019, 12:04:00 pm »

Ok Thanks, I had the same question a week ago.

https://forum.opnsense.org/index.php?topic=14648.0

3

Intrusion Detection and Prevention / E-mail when alert or drop

« on: October 12, 2019, 02:18:26 pm »

I am using Surricata as IDS/IPS on several OPNSense firewalls, which is running great. Now I am cheking once a month the firewalls for alerts/drops. Is it possible to configure OPNsense to email when an Surricata alert occured?

I have been reading to setup monit, but this seems only for Firewall system alerts.

4

General Discussion / Captive Portal - no username

« on: September 23, 2019, 09:47:08 am »

Dear

We have been setting op a guest wireless network with the captive portal in OPNsense. The vouchers which are created in OPNsense are username - password.
Is there a way to set up a captive portal with only a password? It would be more userfriendly for guests.

Kind regards

5

Tutorials and FAQs / Re: Problem with Captive Portal

« on: September 12, 2019, 11:11:53 am »

Hi, I have the same problem: When setting op a captive portal with voucher, users only can login to the portal when you manually go to <guest_netip>:8000. I am not using DNSmasq.

6

General Discussion / IP helper adress

« on: August 25, 2019, 09:02:35 am »

What is the correct way to configure an IP helper adress in OPNsense?

We are using WDS+MDT for imaging our computers. The WDS server is on VLAN 1, computer clients are on other VLAN's. Microsoft advices to use IP helper adress instead of DHCP options to make imaging possible across VLANs
Our setup DHCP: each VLAN has its DHCP server running in OPNsense.

Kind regards

7

General Discussion / Opnsense 20.1 roadmap

« on: August 20, 2019, 12:08:45 pm »

I am following the OPNsense project close by and running several OPNsense firewalls. Is there news on the development of OPNsense 20.1 is there already a roadmap? Is there also a correct place to make suggestions?

Kind regards

8

General Discussion / Re: FTP over TLS

« on: March 28, 2019, 03:18:44 pm »

Fabian, thanks for your response.
So, what is then the most convenient way to let SFTP trough the firewall?

9

General Discussion / Re: FTP over TLS

« on: March 27, 2019, 02:02:33 pm »

Bartjsmit how do you start a pacture capture on the firewall? I am using "Firewall"->"Log files" -> "Live View", but I don't get any blocked packages.

10

General Discussion / FTP over TLS

« on: March 27, 2019, 10:29:00 am »

We use Filezilla to manage our website hosting. The webhosting uses FTP over TLS.  (see attachement)
I can't get FTP over TLS working on our internal network. I have the following allow rule in our network ( see attachement.

Does it mean I have to setup FTP proxy, as described here: https://forum.opnsense.org/index.php?topic=3868.0

11

General Discussion / Re: Firewall rule: webtraffic

« on: March 22, 2019, 02:47:28 pm »

Hbc, Really thanks for all the info. Are their other firewall rule best practices like this any-external and unpriviledge source ports you can advice?

12

General Discussion / Re: Firewall rule: webtraffic

« on: March 20, 2019, 02:12:53 pm »

Thanks hbc, i changed my webtraffic rules on every vlan with source ports unpriviledged ports and destinations not internal and it works. Thanks!

hbc, so u are using a source port in every firewall rule? Either the source port is configured as  unpriviledged ports or a specific port (DNS, NTP,...).
Is there a list of protocols which use specific ports instead of unpriviledged ports as source port?

Thanks for the help and advice.

13

General Discussion / Re: Firewall rule: webtraffic

« on: March 20, 2019, 11:27:48 am »

Thanks for the info and tip.

Hbc, another question: Do you use this firewall rule for internet traffic? Doest it mean that all source port connections from 1024-65535 are allowed to the external network (WAN)?
I am used to only allow traffic with destiniation port connections from 80 and 443 (HTTPS/HTTP) so the users on the guest network only can webbrowse and not uploading FTP,... What is your advice?

Proto          Source          Port       Destination    Port             
IPv4 TCP/UDP       Wifi_Gast_net       1024:65535    !net_internal    ports_HTTP_HTTPS

14

General Discussion / Firewall rule: webtraffic

« on: March 19, 2019, 01:53:11 pm »

I have been using Watchguard firewalls for the past few years. Scince a couple of months I am using an OPNsense appliance. In Watchguard you have the option to use "any-external".
So a rule for webtraffic firewall rule in Watchguard would be:
source: vlan-guest    destination: any-external  ports:80/443 TCP/UDP 

In OPNsense you don't have the any-external option, so this means you allow webtraffic to all other VLANs aswell. (see the picture in enclosure).

How can i define my webtraffic rule more securely? (I don't whish to use proxy's).

15

19.1 Legacy Series / Re: Cannot update

« on: March 12, 2019, 12:29:40 pm »

Franco

Thanks for the fast reply!

Solution: System>Settings>General, there were no DNS servers configured. Filled back in our DNS server and problem was solved.