1
24.1 Legacy Series / Re: WiFi Calling
« on: July 18, 2024, 03:07:19 am »
Wifi calling works fine with OPNsense, use it daily. It would help if your provide details of your setup and ISP.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
24.1 Legacy Series / Re: Problem using Kea DHCP
« on: July 17, 2024, 05:09:10 pm »
Do you have static reservations for dhcp, if you do make sure you exclude them from the subnet range. Learned that one the hard way myself.
So if you are using 192.168.2.120, make sure 192.168.2.120 is excluded from the dhcp pool.
Example in my network I have 192.168.2.2 thru 10 setup as reserved IP's, so my subnet dhcp pool is 192.168.2.11-192.168.2.199.
So if you are using 192.168.2.120, make sure 192.168.2.120 is excluded from the dhcp pool.
Example in my network I have 192.168.2.2 thru 10 setup as reserved IP's, so my subnet dhcp pool is 192.168.2.11-192.168.2.199.
3
24.1 Legacy Series / Re: Track MAC Addresses
« on: June 27, 2024, 04:36:38 am »
This is a HIPAA compliance thing, they want to see a report that shows a new address within 15 minutes of it being added. I was thinking a cron script, but wasn't sure if anything was out there currently.
4
24.1 Legacy Series / Track MAC Addresses
« on: June 26, 2024, 08:01:46 am »
I have a few office's that need the ability to track the mac-addresses attached to their network for audit purposes. The way the some of offices do that today is by a program on the server using LAN sweeper. Is there a plugin for OPNsense to offer similar functionaility?
5
24.1 Legacy Series / Reset Tunables
« on: May 06, 2024, 06:39:51 pm »
Is there any way to just reset the system tunables?
6
22.1 Legacy Series / libevent missing openssl
« on: January 31, 2022, 04:23:20 pm »
Since upgrading to 22.1, I have been seeing this message on the update screen.
pkg: libevent has a missing dependency: openssl
Below is a complete capture of the update check.
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.1 (amd64/LibreSSL) at Mon Jan 31 07:20:39 PST 2022
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
OPNsense repository update completed. 779 packages processed.
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: ....... done
Processing entries: .......... done
mimugmail repository update completed. 168 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (2 candidates): .. done
Processing candidates (2 candidates): .
pkg: libevent has a missing dependency: openssl
Processing candidates (2 candidates)... done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
pkg: libevent has a missing dependency: openssl
Below is a complete capture of the update check.
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.1 (amd64/LibreSSL) at Mon Jan 31 07:20:39 PST 2022
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
OPNsense repository update completed. 779 packages processed.
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: ....... done
Processing entries: .......... done
mimugmail repository update completed. 168 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (2 candidates): .. done
Processing candidates (2 candidates): .
pkg: libevent has a missing dependency: openssl
Processing candidates (2 candidates)... done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
7
21.7 Legacy Series / Re: Reporting>Traffic halves my Gigabit bandwidth
« on: September 30, 2021, 01:19:43 am »
On dedicated hardware, Dell Precision T1700 with 4 port Intel network adapter, getting full gig internet up and down, when I was on VM, no way. I was only getting 700/700 up and down.
On proxmox the only way I got it work properly, is a dedicated nic, that wasn't realtek.
On proxmox the only way I got it work properly, is a dedicated nic, that wasn't realtek.
8
Hardware and Performance / Re: Hardware Recommendations for 1Gbps
« on: May 25, 2021, 03:37:15 am »
The big factors are CPU, memory, and network adapter. I looked at going with the smaller form factor installs, but ended up repurposing an old dell T1700SFF PC. I have it running an Xeon CPU E3-1225 v3, 32GB Memory, with a Dell Intel 350 4 Port NIC Card.
I actually get my 1GB/1GB internet with it, that's without IDS/IPS of course. When I add that it goes down to 700/700.
I actually get my 1GB/1GB internet with it, that's without IDS/IPS of course. When I add that it goes down to 700/700.
9
21.1 Legacy Series / Re: CVE-2020-15078
« on: April 29, 2021, 10:44:20 pm »
Thanks for the update.
10
21.1 Legacy Series / CVE-2020-15078
« on: April 28, 2021, 10:05:53 pm »
I was running a security audit and came across this, will this be addressed?
CVE-2020-15078
Overview
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Detailed description
This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup.
In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account.
CVE-2020-15078
Overview
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Detailed description
This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup.
In combination with "--auth-gen-token" or a user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account.
Pages: [1]