Messages

I'd like to block streaming radio and video connections. I have limigted bandwidth, and users that just won't stop streaming.

What is the best way to do that?

I am still running 22.7, since my last attempt (in January 2023) to upgrade failed.

My OPNSense had a power failure, and now I'm getting Configuring firewall... failed.

Is there a way I can find out what specifically failed?

Gerald

edit to add: there are no firewall rules beyond the auto generated once. There's a couple of VPNs, and they both work fine.

Is there any way at all to block incoming AnyDesk and TeamViewer connections? Outgoing connections should be allowed.

I'll get to Google Remote Desktop and VNC later.

Gerald

Did you find a solution to this?

I found this. Haven't tested yet, but looks good. https://nick.bouwhuis.io/2020/01/26/opnsense-activedirectory-openvpn-totp/#:~:text=Descriptive%20name%3A%20Uberkek%20AD%20Type%3A%20LDAP%20%2B%20Timebased,mode%3A%2010%3E%20Reverse%20token%20order%3A%20Checked%2C%20or%20unchecked

Hi,

Still running 20.7.5. I can/will upgrade if necessary.

I've been mandated to add 2FA to our VPN logins. It looks like OPNSense can do it, but it's not straight forward with LDAP (AD).

1. Do I still need to import my LDAP users? I can't figure out how... obviously missing something here.
2. Does anyone else do LDAP <--> 2FA <--> OPENVPN? How does it work for you?
3. Is it possible to stage this in (per user) so I don't have a massive support issue when things roll out?

Thanks,
Gerald

Hi,

I'm seeing packet loss when running Zoom meetings. The load also shoots above 1.2.

Has anyone else seen this, and is there a solution?

Gerald

Never mind, it was easy. I forgot the localnetwork in AllowedIPs on the server.

We have an office in another city with it's own network and servers. I need to talk to their servers from our network.

Currently, they run a Wiregaurd server (not OPNSense). Their internal network is 172.30.0.0/16.

I run OPNSense as my firewall, and would like to create a link to their servers so anyone in our office can access the servers in their office. My internal network is 192.168.200.0/22

What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Are there any HOWTO's to set this up?

Gerald

So, this is kind of working.

From the OPNSense firewall I can ping any machine on the other side of the VPN. From a machine behind the OPNSense firewall, I can't.


remote network 172.31.0.0/16 <---> Ubuntu Wireguard Server <----> OPNSense Wireguard client <---> local network 192.168.100.0/22

The local network can't ping the Ubuntu Wireguard server or the remote network, only OPNSense can.

I'm missing something easy, I think.

I found tons of tutorials on making OPNSense the server, but what about making it the client? The other side already has a Wireguard server running.

We have an office in another city with it's own network and servers. I need to talk to their servers from our network.

Currently, they run a Wiregaurd server (not OPNSense). Their internal network is 172.30.0.0/16.

I run OPNSense as my firewall, and would like to create a link to their servers so anyone in our office can access the servers in their office. My internal network is 192.168.200.0/22

What's the best way to set this up? Will OPNSense and wireguard do it for me or should I create a separate machine behind my firewall to create the link and route through that?

Are there any HOWTO's to set this up?

Gerald

I'm moving from pfsense, where it auto updated.

Does 20.1 correct this?

Gerald

What exact version are you using`?

Not exactly sure how to find out, but 19.7 (perhaps 19.7.1)

Hi,

The OpenVPN Dashboard Widget doesn't update as users connect and disconnect from the VPN. Is this a known issue? I couldn't find it anywhere.

Thanks,
Gerald

So, I reboot to see if there was an issue there. On startup, the gateway reported as down, and a ping from the command line lost packets until I disabled the other network cards.

Gerald