Messages

1

Virtual private networks / Upload Images While on VPN

« on: November 20, 2024, 07:48:35 pm »

Hello all,

I am using Wireguard VPN server on my OPNsense firewall. Allowed IPs on the client is set to 0.0.0.0/0, and I have created a firewall rule to let all traffic from my VPN interface outbound to the firewall. The goal is to allow VPN users outbound access to the Internet. This allows us to communicate over Slack when on our VPN. Text works great but upload of images fails. Anyone got a thought on why this is? My outbound rule is set for ANY.

Thanks,
Steve

2

High availability / Re: opnsenseBE (OPNsense 24.10_7) still sending Multicast while all VIPs are Unicast

« on: November 14, 2024, 07:59:20 pm »

OMG this is fantastic!! I am going to begin testing in my client's cloud environment.

3

High availability / Re: HA Virtual Firewalls

« on: November 14, 2024, 07:43:38 pm »

Thanks Patrick. The doc sorta reads like I needed a physical interface.

4

High availability / HA Virtual Firewalls

« on: November 14, 2024, 06:38:56 pm »

Hello all,

I am in the process of prepping my second virtual firewall node, so I can have a HA setup. The one question I cannot seem to find the answer for is whether the pfSync interface needs to be a physical NIC on each side or could it just be a dedicated VLAN on each side. I am running Proxmox, so I could dedicate a physical NIC to pfSync on each side but I would prefer to just make a dedicated VLAN available on each side.

Thanks,
Steve

5

High availability / Re: opnsenseBE (OPNsense 24.10_7) still sending Multicast while all VIPs are Unicast

« on: November 14, 2024, 06:36:40 pm »

Whoa...wait a sec....are you saying the HA is now supporting unicast packets? I thought this was not coming until 2025 with a new version of FreeBSD? Did I get that wrong?

I wanted to deploy HA virtual firewalls for a client, but my cloud provider does not support multicast in their multi-tenant cloud and I was told that unicast support is a 2025 item on the roadmap. Please tell me I got this all wrong.

6

General Discussion / Re: iSCSI VLAN Question

« on: November 02, 2024, 12:04:43 am »

I was using OPNsense for DHCP, but you are correct. This is dedicated for storage traffic between my NAS and my client machines. I can just statically assign the IPs and call it a day.

7

General Discussion / iSCSI VLAN Question

« on: November 01, 2024, 07:44:55 pm »

Hello all,

I have a VLAN dedicated to iSCSI storage traffic. I have setup the interface just like I would with any other interface. I have no rules assigned for this interface. When I try to ping from one device to another, both in the storage vlan, they do not respond. Do I just need an ICMP rule to allow this to happen? I am trying to troubleshoot some issues.

On a separate but related topic I would like to change the MTU on the storage VLAN to 9000. I assume that every path between any two devices must have their MTUs changed to make this happen correct?

Thanks,
Steve

8

Virtual private networks / Re: Wireguard and Outbound Internet Access

« on: October 30, 2024, 07:31:29 pm »

So the Allowed IPs should be 0.0.0.0/0 and 0.0.0.0/1?

9

Virtual private networks / Re: Wireguard and Outbound Internet Access

« on: October 30, 2024, 05:03:53 pm »

So I would like to do this one of two ways:

1) Connect to VPN for protected resources while allowing access to local Internet resources and apps, sort of like split tunneling.
2) Connect to VPN for protected resources and then allow access to Internet resources through the Internet connection the protected resources use, sort of like routing out the Internet connection.

I am using both Windows and Android devices for VPN access. I hope that clarifies what I am trying to do. My OPNsense firewall is the Wireguard VPN server. I have setup an interface for WG and a firewall rule to allow WG access to my internal networks.

10

Virtual private networks / Re: Wireguard and Outbound Internet Access

« on: October 30, 2024, 04:39:22 pm »

That does not seem to work.

11

Virtual private networks / Wireguard and Outbound Internet Access

« on: October 30, 2024, 03:55:32 pm »

Hello all,

I use Wireguard for client VPN access to my internal servers. I would like to allow the VPN client to be able to access the Internet, while connected to the VPN. I thought having the Allowed IPs of 0.0.0.0/1 and 128.0.0.0/1 would do that but it does not seem to be working. Am I missing something?

Thanks,
Steve

12

General Discussion / Re: Zabbix Proxy on OPNsense

« on: October 11, 2024, 01:33:27 am »

Yes...all my proxies are setup as Active and the flow works. Are you having issues? What part breaks in your environment?

13

General Discussion / Re: Update OPNsense from CLI

« on: October 09, 2024, 08:09:48 pm »

Thank you sir!

14

General Discussion / Update OPNsense from CLI

« on: October 09, 2024, 07:57:47 pm »

Hello all,

I am trying to update my OPNsense firewall VM from the console CLI. I responded to allow a reboot when done with the update, but it is now showing me the notes of the update. How do I get past this to continue the update?

Thanks,
Steve

15

General Discussion / Oauth 2.0 for Application Set

« on: October 07, 2024, 10:02:49 pm »

Hello all,

My firm is looking to integrate Oauth 2.0 to our application platform. Is there anything that OPNsense can help with or are we looking to outside capabilities?

Thanks,
Steve