Messages

I use OpenVPN to access my home network from outside, VPN has successfully connected to OPNSense, but why can't I access the data server at home?

IP openVPN 10.10.100.0/24
Local server IP that will be accessed 192.168.4.0/24

I have created a rule in OpenVPN according to the tutorial on
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

well, the bad news is that: long story short, you can't block youtube through firewall aliases (unless you got much time, patience and technical knowledge to enter every single IP youtube uses).
see this link for reference: https://forum.opnsense.org/index.php?topic=5279.0.

The good news is that there's a couple of solutions Depending :

1- Use DNS to block access to youtube which is simple enough to do, but users can use VPN to access blocked websites.

2-Use IPS (Intrusion prevention system) deep packet inspection to block certain websites and VPN but it's hard and not fail-proof.

3- Ideally use a transparent proxy server to filter traffic and block VPN for good (again this isn't for the faint of the heart).

You should study your case and choose the appropriate solution.

thank you

I use an alias to block YouTube, but after I try it on the firewall, why can't I block it?
please the instructions, how can I block youtube for certain IP. Thanks

Without netmasks hard to say.

But if networks all are connected via opnsense, nothing has to be done. Then all are direct connected routes. Your clients just need the opnsense as default gateway.

Thanks for reply,

i Mean like this,

192.168.0.0/24 --> wifi Guest (gateway 192.168.0.1)
192.168.4.0/24 --> wifi meeting (gateway 192.168.4.1)

192.168.6.0/24 --> LAN (gateway 192.168.6.1)

how to set up the routes? so that the ip class can be connected to the LAN

I have several different classes of IP, how to set up routes so that the following IPs can be connected to each other,

192.168.0.0
192.168.4.0
192.168.6.0

Thanks

https://docs.opnsense.org/manual/how-tos/shaper.html
https://docs.opnsense.org/manual/shaping.html

thank you, that method worked for me

how do I limit the max bandwidth of 1MB to multiple IPs? using the Firewall: Shaper: Settings

If you do it with Firewall Rules create an Alias

thank you

[Plugin]

Like the title of the videos say 'Web Filter Plugin', you need to install this plugin. I never saw this menu entry in Core installation. Maybe you should watch part 1/2 of web filter plugin and see where to get and how to install it.

Edit:

I just googled 'web filter plugin opnsense' and hard to believe, but the first hit was https://github.com/cloudfence/opnsense-webfilter-community-plugin. And I don't think it is a co-accident that the videos was from cloudfence and the plugin either  ;D

thank you

What do you mean with web filter? This: https://docs.opnsense.org/manual/how-tos/proxywebfilter.html

Just open the tab 'Remote Access Control Lists' like described.

I mean not that,
but the web filter rules menu is in the tab services - web proxy

like this video https://www.youtube.com/watch?v=nJhSppH-xpw

I'm just going to use Optnsense 20.1,

there are several tutorials on youtube using web filters, but in my place, the web filter menu doesn't exist.

where can i find the web filter menu in opnsense OPNsense 20.1?

how to make a web filter based on multiple IPs?
for example the following ip can not access youtube,
192.168.100.10
192.168.100.11
192.168.100.15
192.168.100.20
etc.

the ip can access the internet, but for youtube access is blocked