Messages

1

General Discussion / block streaming services (radio, video, etc)

« on: January 03, 2024, 04:04:33 pm »

I'd like to block streaming radio and video connections. I have limigted bandwidth, and users that just won't stop streaming.

What is the best way to do that?

I am still running 22.7, since my last attempt (in January 2023) to upgrade failed.

2

23.1 Legacy Series / powerfail - now getting Configuring firewall... failed

« on: May 03, 2023, 06:58:20 pm »

My OPNSense had a power failure, and now I'm getting Configuring firewall... failed.

Is there a way I can find out what specifically failed?

Gerald

edit to add: there are no firewall rules beyond the auto generated once. There's a couple of VPNs, and they both work fine.

3

22.7 Legacy Series / Block AnyDesk and TeamViewer

« on: April 19, 2023, 07:59:03 pm »

Is there any way at all to block incoming AnyDesk and TeamViewer connections? Outgoing connections should be allowed.

I'll get to Google Remote Desktop and VNC later.

Gerald

4

Virtual private networks / Re: How to make OpenVPN + OTP + LDAP work?

« on: August 17, 2022, 05:03:40 pm »

Did you find a solution to this?

5

General Discussion / Re: LDAP, 2FA (Google Authenticator) and OPENVPN

« on: February 15, 2022, 05:39:51 pm »

I found this. Haven't tested yet, but looks good. https://nick.bouwhuis.io/2020/01/26/opnsense-activedirectory-openvpn-totp/#:~:text=Descriptive%20name%3A%20Uberkek%20AD%20Type%3A%20LDAP%20%2B%20Timebased,mode%3A%2010%3E%20Reverse%20token%20order%3A%20Checked%2C%20or%20unchecked

6

General Discussion / LDAP, 2FA (Google Authenticator) and OPENVPN

« on: February 14, 2022, 10:46:35 pm »

Hi,

Still running 20.7.5. I can/will upgrade if necessary.

I've been mandated to add 2FA to our VPN logins. It looks like OPNSense can do it, but it's not straight forward with LDAP (AD).

1. Do I still need to import my LDAP users? I can't figure out how... obviously missing something here.
2. Does anyone else do LDAP <--> 2FA <--> OPENVPN? How does it work for you?
3. Is it possible to stage this in (per user) so I don't have a massive support issue when things roll out?

Thanks,
Gerald

7

General Discussion / Packet Loss when running Zoom Meetings

« on: November 03, 2020, 06:31:04 pm »

Hi,

I'm seeing packet loss when running Zoom meetings. The load also shoots above 1.2.

Has anyone else seen this, and is there a solution?

Gerald

8

Virtual private networks / Re: Site to site vpn with wireguard, or...

« on: November 03, 2020, 03:44:02 pm »

Never mind, it was easy. I forgot the localnetwork in AllowedIPs on the server.

We have an office in another city with it's own network and servers. I need to talk to their servers from our network.

Currently, they run a Wiregaurd server (not OPNSense). Their internal network is 172.30.0.0/16.

I run OPNSense as my firewall, and would like to create a link to their servers so anyone in our office can access the servers in their office. My internal network is 192.168.200.0/22

What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Are there any HOWTO's to set this up?

Gerald

9

Virtual private networks / Re: Site to site vpn with wireguard, or...

« on: November 03, 2020, 03:41:24 pm »

So, this is kind of working.

From the OPNSense firewall I can ping any machine on the other side of the VPN. From a machine behind the OPNSense firewall, I can't.


remote network 172.31.0.0/16 <---> Ubuntu Wireguard Server <----> OPNSense Wireguard client <---> local network 192.168.100.0/22

The local network can't ping the Ubuntu Wireguard server or the remote network, only OPNSense can.

I'm missing something easy, I think.

10

Virtual private networks / Re: Site to site vpn with wireguard, or...

« on: October 30, 2020, 12:38:58 am »

I found tons of tutorials on making OPNSense the server, but what about making it the client? The other side already has a Wireguard server running.

11

Virtual private networks / Site to site vpn with wireguard, or...

« on: October 29, 2020, 09:01:40 pm »

We have an office in another city with it's own network and servers. I need to talk to their servers from our network.

Currently, they run a Wiregaurd server (not OPNSense). Their internal network is 172.30.0.0/16.

I run OPNSense as my firewall, and would like to create a link to their servers so anyone in our office can access the servers in their office. My internal network is 192.168.200.0/22

What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Are there any HOWTO's to set this up?

Gerald

12

19.7 Legacy Series / Re: OpenVPN Dashboard Widget doesn't update

« on: February 03, 2020, 09:07:22 pm »

I'm moving from pfsense, where it auto updated.

Does 20.1 correct this?

Gerald

13

19.7 Legacy Series / Re: OpenVPN Dashboard Widget doesn't update

« on: February 03, 2020, 06:36:37 pm »

What exact version are you using`?

Not exactly sure how to find out, but 19.7 (perhaps 19.7.1)

14

19.7 Legacy Series / OpenVPN Dashboard Widget doesn't update

« on: February 03, 2020, 06:30:56 pm »

Hi,

The OpenVPN Dashboard Widget doesn't update as users connect and disconnect from the VPN. Is this a known issue? I couldn't find it anywhere.

Thanks,
Gerald

15

19.7 Legacy Series / Re: 3 WAN interfaces, 3 IPs, same gateway

« on: February 01, 2020, 06:18:40 pm »

So, I reboot to see if there was an issue there. On startup, the gateway reported as down, and a ping from the command line lost packets until I disabled the other network cards.

Gerald