Messages

I have done a quick search on here and looked at the documentation but I cant seem to find anything like this.

I am trying to setup a Windows Always On machine certificate VPN endpoint using OPNSense - this should be possible. I would like to have multiple VPNs with each derived from different CA issued certificates. Can anyone provide any kind of guidence on this. I will be using ECC certs as this is a requirement. I would like to have mutiple internal CAs issues difference clients say project 1 and project 2 - they hit the end point and depending on which CA provided the cert - drop them into a different IP range.

Any help at all would be very much appreciated.

M

Might be - sorry

To the LDAP question above might be that LDAP is using UDP and not tcp

My config is working great thanks to this post ! I do have a quick question that you may be able to expand on - requiring client certificates from a specific sub domain. I have tried out a few things, but all that seems to happen is that all the sub domains request client certs. I have tried to create a new public https frontend and have that look up from a different mapping file - but all that seems to happen is that the original https front end just now requires client certs. I would post my config - but it is currently working and to the letter what you have posted with just some more sub domains added. Any help or pointing in the right direction would be fantastic.

M

I have several internally routed networks to opnsense from another internal router. I would like to add those ip networks so they are seen as local to ntopng. Is this possible? I can see the command line option on ntopng's website - how can I set this option on opnsense?

Any help would be nice.

Kind regards,

Martin

I did a quick search and could not see the answer - is it possible to set a 2 second delay to DHCP server to allow another DHCP to respond first - we have a Windows domain with a failover DHCP which we would like to respond first and if this is not available then have opnsense offer a dhcp IP

The gateways were in pending mode in the gateway group - I had to open each OpenVPN gateway and save it. now they are all reporting green.

I have upgraded to 19.7 and I know that OpenVPN connections cannot be in a gateway group anymore - how does one achieve the same effect now? And do you still have control over sticky connections?

Many thanks

Solved - created a bunch of vlans and assigned them - it gave them opt3,4,5 and I then deleted them again

as listed in the title - I have 3 opt interfaces that are no longer assigned but are still listed in the left hand window.

how do I remove them?

Sorry if this has been posted before, and I know I have done something stupid. I have had a multi wan OpenVPN setup running under pfsense and opnsense for ages - I have come to reinstall all of my routers - some vm's and two physicals. I have come to setup the primary router for my house. I am having dredful issues getting the OpenVPN client working using policy based routing. All the traffic seems to be being directed back to the firewall. If I go to 216.58.208.131 (google.co.uk) from one of the LAN clients that have policy based routing enabled, I am redirected back to the firewall.

I have:
1 x WAN 192.168.0.33 (internet)
1 x LAN  10.0.0.1

I have don't pull routes enabled
I have outbound nat for VPN Interface from source 10.0.0.0/24
I have firewall rule on LAN for 10.0.0.16 to use VPN gateway - before the allow all rule

Can anyone tell me what I have done wrong - I have been bashing my head against this for a while

As I have said I have set this up many times before and I can not tell what I have done wrong

Martin