Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - pvols1979

Pages: [1] 2

Zenarmor (Sensei) / Re: Country Blocks

« on: October 14, 2021, 07:51:27 pm »

I realize that I can do blocks in the pf, and I am currently doing that now. The problem I am having is when I have an application that I want to allow across all countries. So, I want the allow in Sensei to take precedence over my lower level pf rules for country blocks or have the ability to do the country blocks in Sensei and be able to configure the precedence.

Zenarmor (Sensei) / Country Blocks

« on: October 06, 2021, 12:37:37 am »

Is there a way to do GeoIP country blocks? I am doing that in the packet filter currently, but I would like to do it through Sensei and have applications and web filters take precedence, then country blocks.

Zenarmor (Sensei) / Re: Bandwidth test issues with Sensei

« on: October 06, 2021, 12:34:57 am »

I figured out my problem. I cannot explain why, but I enabled all interfaces except for WAN and my speed is now what it should be in the speed tests.

Zenarmor (Sensei) / Re: Bandwidth test issues with Sensei

« on: October 06, 2021, 12:24:34 am »

OPNsense 21.7.3_3-amd64
FreeBSD 12.1-RELEASE-p20-HBSD
OpenSSL 1.1.1l 24 Aug 2021

Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz (4 cores)

8GB memory

Intel NIC 1GB

Zenarmor (Sensei) / Bandwidth test issues with Sensei

« on: October 05, 2021, 04:29:58 pm »

I recently installed the sensei plugin for opnsense. I love what I am seeing so far, but I seem to be having an issue with the netmap config. When I choose native netmap, I get half of my 1G fiber speeds. I usually hit around 940/940 with Sensei enabled on my LAN interface. When I choose the generic netmap driver, I get great download speeds, but my upload is less than 1Mbps. I think this is telling me that the generic driver works best for my download, but I can't imagine why my upload is doing so bad.

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: October 05, 2021, 04:29:06 pm »

20.7 Legacy Series / Traffic flow order of precedence IPS/firewall

« on: October 14, 2020, 06:32:08 pm »

When traffic flows through Opnsense with IPS enabled, does it hit the firewall or the IPS first? If I create IP Aliases that are allowed at the firewall filter level, does that bypass the traffic running through IPS? If not, is there a way I can create an allowance that allows certain traffic to bypass the IPS?

20.1 Legacy Series / Re: netgraph change: will https://github.com/aus/pfatt need adjustment?

« on: February 01, 2020, 09:39:59 pm »

I will also contact the GitHub user who wrote the original pfatt code and let them know of the change.

20.1 Legacy Series / Re: netgraph change: will https://github.com/aus/pfatt need adjustment?

« on: February 01, 2020, 09:38:08 pm »

I was able to make the modification mentioned in this thread. I simply created a /boot/loader.conf.local file and put the required modules in it. I have a guide on my site to setting up the bypass using the pfatt method and I posted an update to my article regarding the changes and what is required to make it work. Everything is working fine on my system and the local loader file should protect me against the next update.
https://geekzweb.com/2019/06/10/bypassing-arris-bgw210-700-pfsense-netgraph/

19.7 Legacy Series / Re: OpenVPN client profiles (IOS)

« on: July 20, 2019, 11:21:48 pm »

I figured this out. The profiles have evidently changed in the latest version(s). There is no longer an option for Android or IOS. I downloaded the file option which basically outputs a single file with the keys included. This was perfect for OpenVPN Connect on the iPhone and the app I am using on my Mac.

19.7 Legacy Series / Re: How to configure OpenVPN to listen on VIP

« on: July 20, 2019, 11:19:55 pm »

Gotcha. I had moved the VIP for the VPN from an IP alias to "other". I forgot that Alias (or one of the other options) is needed to run services on the VIP. Thank you for your response. It is working perfectly now.

19.7 Legacy Series / How to configure OpenVPN to listen on VIP

« on: July 19, 2019, 11:57:12 pm »

I have configured an OpenVPN server, but the only interface options are LAN, WAN, Any. I do not want it to listen on Any, but I do want it to listen on a VIP. How can this be done?

19.7 Legacy Series / OpenVPN client profiles (IOS)

« on: July 19, 2019, 09:25:18 pm »

The documentation for OPNsense OpenVPN config mentions going to client export under VPN->OpenVPN and choosing the OpenVPN Connect profile for IOS devices. I do not have that option. Is that missing in 19.7? How can I create a config for IOS with the certificates included in the config file like was done in the past?

General Discussion / Re: Default / Hidden rules

« on: July 19, 2019, 12:35:36 am »

Quote from: AdSchellevis on July 10, 2016, 02:30:40 pm

Hi,

Yes, there are default rules which are not visible in the UI, the source of the defaults is filter.inc (https://github.com/opnsense/core/blob/master/src/etc/inc/filter.inc).
Eventually we are going to restructure the auto-generated rules to make these defaults visible and simply our filter generation (https://github.com/opnsense/core/issues/993), which will very likely mature in our 17.1 release.

The easiest way to inspect which rules are actually generated for your setup (some rules are optional) is to read the /tmp/rules.debug file.

Best regards,

Ad

Is this still something that is being considered? I would love to see the default rules. I have some that are taking actions on traffic and I am having a hard time understanding the intent.

19.7 Legacy Series / Re: cant up date to 19.7

« on: July 19, 2019, 12:29:16 am »

I had this same problem yesterday. It is there if you read it, but somehow I kept missing. I think it was because my natural instinct was to press y

Pages: [1] 2