Messages

1

General Discussion / Re: Share DNS servers on LAN net with GUEST net

« on: January 28, 2021, 05:09:25 pm »

Which DNS Server do you server to the GuestNet DHCP Clients?

xx.xx.200.1

I tried changing it to xx.xx.1.2 and xx.xx.1.3 but it still didn't work.

2

General Discussion / Share DNS servers on LAN net with GUEST net

« on: January 28, 2021, 04:36:49 pm »

Hello, I'm really struggling to understand how firewall rules work, and how to create them with the correct destinations/sources.

• I have 2 RaspberryPi running AdGuard Home for my network DNS and they are connected to LAN interface
   
• I have wireless access point for guests on GUEST interface.

I want clients connected to the guest wireless accesspoint to use AdGuard devices for their DNS, and to get this with their DHCP request. I dont want any other port/IP connection between LAN and GUEST if possible?

If any one is able to help me, I'd greatly appreciate it.

3

General Discussion / Re: TOTP access

« on: January 27, 2021, 03:43:59 pm »

Thanks for reply Franco, that does make sense.

Is there no way to code the web GUI so that it combines the two input fields into one before querying the user permissions database? I appreciate this may not be possible due to security with passwords, and that there's likely much more important areas to focus development.

4

General Discussion / TOTP access

« on: January 26, 2021, 09:25:08 pm »

I have to say, I really don't understand the implementation of TOTP in OPNsense? Why does the token use the same field as the password? It would be much more user friendly/intuitive for there to be two separate fields, one for each code and appropriately labelled.

I have never seen an implementation like this and I thought I was locked out of my system. I even flashed a USB drive to reinstall! In hindsight, I re-read the docs and it *does* say that you use the system like this, and that's OK. I'm just asking if there's a technical reason or some big challenge to do it with separate pass/OTP fields?

My coding ability is rudimentary, but it seems like something an experienced coder would be able to do simply?

This is meant as constructive criticism -- I am very impressed with OPNsense and grateful for the hard work of all involved.

Thanks again for the great product 

(Sorry if this has been posted before, I tried to search)

5

General Discussion / Re: Captive Portal - Social Login

« on: January 26, 2021, 03:01:36 pm »

This would be highly useful IMO.

I would like to offer a heavily shaped/limited open access service that is free to everyone, but requires a social login (for traceability on network abuse). Having a user log in via social profile would be extremely useful to me because it promotes responsible use of the network and provides accountability. Sure, someone can make a fake social account, but most people are too lazy.