Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - TheChickenMan

Pages1
#1
Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider
March 06, 2021, 11:07:53 PM
Quote from: Greelan on March 03, 2021, 04:31:36 AM
Quote from: TheChickenMan on March 01, 2021, 09:17:15 PM
This should really be cleaned up and added as one of the official VPN walkthroughs in the manual.
Not sure what "clean ups" you had in mind, but a PR has now been submitted for this tutorial to be added as a how-to in the OPNsense documentation: https://github.com/opnsense/docs/pull/317


Oh sorry I just meant added to the official documentation page and not that there was anything wrong with the content. I appreciated the info very much and helped to get my Wireguard working.
#2
General Discussion / Re: DNS Redirect
March 02, 2021, 10:47:48 PM
Quote from: Peter847 on March 02, 2021, 08:13:07 PM
So it would appear that if the port forward is listening on the LAN, it cannot redirect to and an address on the WAN.  I should add that I have recently switched to  Opnsense from Pfsense.  I had the same issue on Pfsense but did not have to resolve it until now.


I believe this should be a custom outbound NAT rule instead?
#3
General Discussion / Re: DNS Redirect
March 02, 2021, 10:44:59 PM
Quote from: koushun on March 02, 2021, 12:50:56 PM
This is how I would have redirected any DNS requests not going to my Firewall, but instead redirect those requests to Cloudflare's DNS (1.1.1.1).


Oh that's a really good idea for something like DNS on a "guest" network. I'd been blocking outbound DNS but this would force all devices to use local DNS without breaking ones which may not be correctly configured.
#4
Tutorials and FAQs / Re: TUTORIAL: Set up WireGuard for limited local hosts to use external VPN provider
March 01, 2021, 09:17:15 PM
I'm not sure how much of what I was having trouble with was due to actual "wireguard issues" vs the manual gateway configuration process but either way this was finally the tutorial that I needed to really understand what was going on.


This should really be cleaned up and added as one of the official VPN walkthroughs in the manual.
#5
Virtual private networks / Re: please add tls-crypt option in openvpn
March 01, 2021, 03:16:26 AM
Quote from: Gauss23 on February 22, 2021, 09:30:01 AM
You can use the advanced settings box for the moment:
Code Select
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
Your static key here
-----END OpenVPN Static key V1-----
</tls-crypt>

Works for me.


I've been using this method as well but the big warning about "this feature being removed in the future" is kind of scary. Would be nice if there was just a supported field for this information in the UI.
#6
General Discussion / Re: Interfaces in Multiple Groups
March 01, 2021, 12:32:23 AM
Well, I managed to figure it out after making some test interface groups and rules. It apparently uses alphabetical order by group name.


In my previous example therefore the packets would be blocked as "Group_LAB" comes before "Group_LAN" in alphabetical ordering. I think though that I probably should avoid this where possible since it just doesn't feel like it's really a best practice.
#7
General Discussion / Interfaces in Multiple Groups
February 28, 2021, 06:38:00 PM
I'm familiar with the general rules processing order as discussed in the manual: Auto Generated -> Floating -> Groups -> Interfaces. I'm just not sure how this holds if an interface is added to more than one group.

Code Select
Group_LAN (containing interface: LAN, LAB)
Allow ALL

Group_LAB (containing interface: LAN, LAB)
Block ALL

What exactly would happen here? Does it execute in alphabetical order by group name or something? Is it just bad policy to put an interface into more than one group?
Pages1