Messages

1

Zenarmor (Sensei) / Firewall Rules for Sensei

« on: February 24, 2021, 04:06:36 pm »

I'm working on only allowing what's needed out of my firewall and in the process I have seemingly prevented Sensei from working (dashboard won't load). I've created a Allow Any Any rule and that does indeed get Sensei back up and running.

So, what Ports/IP/Hosts do I need to allow to keep Sensei functioning so I can remove the Allow Any Any Rule?

2

Zenarmor (Sensei) / Sensei Repository Can't Be Found

« on: February 22, 2021, 08:09:51 pm »

Edit: Reinstalling the Sunnyvale Repo fixed this issue.

Hello,

After updating to OPNsense 21.1.1 I am unable to install Sensei. Keeps saying the repository can't be found.

OPNsense 21.1.1-amd64
FreeBSD 12.1-RELEASE-p13-HBSD
OpenSSL 1.1.1i 8 Dec 2020


***GOT REQUEST TO INSTALL: os-sensei***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'os-sensei' have been found in the repositories
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

3

21.1 Legacy Series / Confused by Firewall Rules

« on: February 19, 2021, 02:39:00 pm »

Nevermind, I figure out my  error.

4

General Discussion / Re: Move GUI Access to IT Management VLAN?

« on: December 09, 2020, 08:17:13 pm »

Did you see "Listen interfaces" is there two times. For WebGui and for SSH. Just to be sure you looked for the right one.

Yup. I can access the Web GUI when I disable pfblocker. I can confirm that my Firewall rules are Allow Any Any and that they are the only rules. I even added an Allow Any This Firewall Rule just incase.

For kicks and giggles I spinned up a pfSense and ran the same configuration and I can access the Web GUI just fine on this VLAN, not sure what I'm doing wrong on OPNsense.

5

General Discussion / Re: Move GUI Access to IT Management VLAN?

« on: December 09, 2020, 08:05:36 pm »

Did you set it to "All"? Sometimes a reload of the GUI services is needed. Or do a reboot if it doesn't hurt your clients.

It was set to "All" by default. Let me try a reboot.

Edit: reboot didn't help.

6

General Discussion / Re: Move GUI Access to IT Management VLAN?

« on: December 09, 2020, 07:59:30 pm »

System: Settings: Administration
Listen interfaces

It's currently set to "All".

Edit: Tried setting to LAN & IT Management VLAN and still can't access it from the VLAN.

7

General Discussion / Move GUI Access to IT Management VLAN?

« on: December 09, 2020, 07:24:53 pm »

Hi all,

I'm trying to move my Web GUI Access from the default LAN over to my IT Management VLAN where my equipment resides. Even when using a "Any Any" firewall rule for my VLAN (to rule out any Anti-lockout issues) I still cannot get access to the Web GUI unless I put my machine back onto the LAN Network.

Is their something I missing?

8

20.7 Legacy Series / Great Job on 20.7, fixed my Netgate SG-5100 Installation Issue!

« on: December 03, 2020, 10:47:13 pm »

Just wanted to say thank you to the OPNsense team. I could never get OPNsense to install correctly on my Netgate SG-5100 but the 27.7 version installed flawlessly, fantastic job!

9

20.1 Legacy Series / IPSec Slow - Fixed It and Then Slow Again After Reboot

« on: May 22, 2020, 05:15:10 pm »

I have a common issue where IPSec is just slow, getting around 1 - 2 MB/s between (2) OPNsense VMs as a VPS.
.
I messed around with various MTU/MSS settings and that didn't help, I eventually turned of Interface Scrubbing on both OPNsense VMs and BOOM 15MB/s.

I then rebooted them to make sure it wasn't going to stick and....nope...back to 1 - 2 MB/s.

10

20.1 Legacy Series / ZeroTier Networking between LANS

« on: May 15, 2020, 03:40:58 pm »

What's the trick to get ZeroTier to route traffic between LANs?

I've got (2) OPNsense firewalls setup each with their own LAN network and I'm trying to use ZeroTier to route between connect the two.

Every guide I've found says to setup static routes on ZT Central for the LANs - unfortunately those routes auto-update to OPNsense, which breaks the LAN interface since it now has a route for it's own LAN that points elsewhere.

So instead I've tried setting up Static Routes  with Upstream Gateways for the LANs  on OPNsense, and this works (both LANs can route to each other) but for some reason the Gateways go offline after while. I'm not sure what's causing this - perhaps the pathing ZT is taking is changing and the gateway probe isn't recovering?

Furthermore what's strange about this is after the gateway goes down SOMETIMES i can get a ping to go through from one OPNsense to the other and it brings the Gateways back up.

11

Intrusion Detection and Prevention / Re: GeoIP Missing from IDS "User Defined" Rules

« on: May 12, 2020, 04:11:48 pm »

That's sort of what I figured since it didn't make sense to me to create a firewall rule and then apply to the IDS - I'll see what I can do with the Firewall. I was following these instructions on setting up GeoIP Blocking via IDS -

https://docs.huihoo.com/m0n0wall/opnsense/manual/how-tos/ips-geoip.html

12

General Discussion / Google Chrome 81.0.4044.138 Issue with Website Checkout

« on: May 12, 2020, 02:39:31 pm »

I just wanted to give the OPNsense team a heads up. I tried to sign up for ET Telemetry using Google Chrome 81.0.4044.138, and I could not get the "I have read and accept the EULA as listed" check box to become active after scrolling to the bottom of the EULA, it worked perfectly fine in Firefox however.

13

Intrusion Detection and Prevention / GeoIP Missing from IDS "User Defined" Rules

« on: May 12, 2020, 04:03:41 am »

Hi All,

I setup a Maxmind account, added the key to the MaxMind URL and then added it to the Firewall Alias GeoIP settings. As per OPNsense instructions, I should go to IDS "User Defined" rules and setup GeoIP blocking rule, however I am missing the GeoIP options completely from the "User Defined" rule settings.

Did I miss something?

14

20.1 Legacy Series / Firewall rule not working after be turned off and back on

« on: May 11, 2020, 09:56:08 pm »

I'm coming from pfSense to test out OPNsense and I'm running into a weird firewall rule issue that I'm not sure is a bug or if this is how OPNsense operates.

So here's what's going on:

I'm testing firewall rules on a ZeroTier Interface by simply pinging the interface from my laptop whom is on the same ZeroTier network.

Here's a breakdown:

• Set a continuous ping to ZeroTier interface on OPNsense and replies are working fine
• Setup a Firewall rule on ZeroTier Interface to block all incoming ICMP requests
• Continuous Pings are Timing out as they should
• Turned the ICMP Firewall rule off to see if the pings start replying - and they do.
• Problem: Turned the ICMP Firewall rule back on - but pings continue to reply.

Edit: Removed Edits, realized the second WAN issue was. Ping where funneling through ZeroTier to the WAN Interface. Still need help on the issue above.