Messages

yeah, unfortunatly we are unable to help :(

in my case, i now switched to a hardware appliance, that solved everything. so maybe somehow proxmox doesnt like it.

okay so.. after an update the "after" modifications i made are gone!

Its now completely default. AND.. i get DNS :|

Someone please just shoot me through the head..

Yeah well.. i somehow need to make it "stick" as i am afraid it wont work when the config files are overwritten

networkmap: <INTERNET>===<dmz/opnsense>===</vpn/opnsense>===<internal network>
Quite simple :)

We use Windows 10 20H2, not sure if that changes anything, but heh!

i got this working with support from Deciso, the company behind OPNSense ;-)
Included are, what i believe, the relvant parts of the config, please feel free to tell if you miss anything!

And thank you for helping :) greatly apreciated!

so, i got me one of those to try, but it ends up with a kernel panic :(

Anyone any experience with one of those?
https://dutch.alibaba.com/product-detail/intel-celeron-j3160-quad-core-nuc-mini-pc-with-4-intel-gbe-lan-for-pfsense-firewall-and-network-server-60778936461.html?spm=a2700.md_nl_NL.deiletai6.1.595418c8dOmxan

Its supposed to work with pfsense, so i thought OPNSense shouldnt be a problem either, maybe my usb disk is broken.. or so i hope ;-)

also:
https://www.cl.cam.ac.uk/~mas90/resources/strongswan/
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2

Speak about a "rightdns" entry in the conn esttings, which i dont see in my /usr/local/etc/ipsec.conf

see the "before" and "after" image :)

i managed to get it working with help from deciso support, i believe there are some steps missing in the manual.. but ofcourse i cant remember what they did.. let me get back to you later on!

One thing had to do with the NAT settings, i remember that clearly :)

But that shouldnt drop the whole internet connection, right?

hello pcambell,

Yes, we are suplying the dns servers in the config.
When i open /usr/local/etc/strongswan.conf there a section called plugins:

plugins {
        attr {
                dns = 10.0.0.32, 10.0.0.34
                }
          .....
            }

These are the same adresses i have set in the web config. This does not work however.
When i manually add the same adresses to the charon { } part (as per: https://wiki.strongswan.org/projects/strongswan/wiki/Win7UserMultipleConfig subheading "ASSIGNMENT OF INTERNAL DNS AND WINS SERVERS") then it works..

So, what goes wrong where? :)

never mind, wrong post here!

To be honest, most our "escalation notifications" are non-existant.. But i believe Grafana/Prometheus do alerting, its still something im looking into :)

I have successfully added IKEv2 VPN (https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-mschapv2.html).

I can also connect to the company network. I can access the internet, and i can access any internal service by IP. However, the only way to get DNS working is by manually setting it on the interface through the control panel.

I have added our company's DNS settings in the VPN options of OPNSense, but to no avail :(

Is anyone else having this issue? We are working with Windows 10, 2004 and 20H2

at work we use Zabbix, but i am switching away to Prometheus/Grafana.
OPNSense comes with node_exporter, so that shouldnt be too much of an issue :)

So, i have setup OPNSense to authenticate our IT staff against Active Directory. It works in so far that it does import the correct users. i set the "User naming attribute" to email, but when i log in it doesnt work.

When i use the tester and i input jhjacobs81@emailadress.com it validates.
When i login to the administration website it does not. i have to input jhjacobs81

i would want everyone to use their full emailadres, because we use that everywhere when we use SSO ;-) does anyone know how to fix this?