OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Mario_Rossi »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Mario_Rossi

Pages: [1]
1
Intrusion Detection and Prevention / Updated beginner's guide to implementing IPS with HTTPS inspection
« on: January 06, 2024, 02:50:14 pm »
Hi everyone.
For a few years I have had a well-functioning OPNsense system with i7-7500U CPU, 8GB RAM and Intel i211 network cards
The line is gigabit symmetric PPPoE IPv4 and there are less than 5 clients.

I have successfully configured Wireguard and ADGuard as well as some simple firewall rules.

I would like to implement IPS with HTTPS inspection.
I would also like to configure a redirect to a page that warns the browser when access to the site has been blocked by the firewall with the reason.

Is there a valid updated guide for OPNsense 23.7.10_1 to help me activate the required features?

Thank you.

2
Virtual private networks / Re: Wireguard+Adguard
« on: December 23, 2023, 08:56:28 pm »
Thanks for the info.
Now I have my android cell constantly connected with wireguard to the home opn and clean navigation without using particular apps and also bypassing YouTube/Chrome advertisements.

3
23.1 Legacy Series / Re: No internet access since 23.1.6 - caused by adguard
« on: April 21, 2023, 07:58:50 pm »
Ciao, anche io ho ADGuard in ascolto sulla 53 che gira su unbound:5353.
Le regole FW e NAT obbligano tutti i client a passare per forza su ADGuard:53 per qualsiasi tipo di richiesta DNS.
Ieri sera ho aggiornato OPNsense ed oggi mi sono trovato con i pc offline. In realtà telegram funziona ed anche i ping verso indirizzi esterni che conosco.

Grazie al post di pmhausen sono andato in Service->DHCPv4->LAN e popolato il campo DNS Server (era vuoto) con l'ip di OPNsense e subito ha iniziato a funzionare tutto correttamente.


Hi, I also have ADGuard listening on 53 which rotates on unbound:5353.
FW and NAT rules force all clients to go to ADGuard:53 for any type of DNS request.
Last night I updated OPNsense and today my clients are offline. Telegram really works and also pings to external ip addresses that I know.

Thanks to pmhausen's post I went to Service->DHCPv4->LAN and populated the DNS Server field (it was empty) with the OPNsense ip and immediately everything started working correctly.

4
Documentation and Translation / Re: AdGuard Home setup guide
« on: August 14, 2022, 01:50:18 pm »
Hi, I have read some guides and discussions. Generally it is simply said do so and so without explaining why it is necessary that way.

From what I understand the best scheme:
Client -> OPNsense -> AD Guard -> Unbound -> Internet

Client: DHCP
OPNsense: System: Settings: General -> DNS servers -> blank (so everything is set to 127.0.0.1)
AD Guard:
Upstream DNS servers: [/local.lan//2009OPNsense_IP:5353
Bootstrap DNS servers: OPNsense_IP
Private reverse DNS servers: 127.0.0.1:5353 + OPNsense_IP: 5353
Unbound: DNS TLS of our choice

Rule in the firewall to intercept all DNS requests from the LAN and redirect them to AD Guard to prevent "crafty" programs from bypassing the system.

In this way the clients are forced to go from AG Guard which filters according to the rules, the DNS requests go through Unbound which takes care of contacting the servers for wan addresses and resolving the internal hosts.

Do you confirm that this is the best configuration?

Sorry my bad english, i use google translate.

5
Italian - Italiano / Re: opnsense hardware e tim fttc
« on: November 04, 2021, 06:30:10 pm »
probabilmente hai già risolto, comunque è probabile che se resetti il router alle impostazioni di fabbrica mantenendo scollegato il cavo telefonico, quando entri nel menu del router, riuscirai ad accedere ai parametri di connessione, togliere tutte quelle preconfigurate e crearne una bridge

username e password le recuperi dall'app "Tim Modem"

6
Italian - Italiano / Re: Aggiunta AP per COnnettere WIFI Alla LAN
« on: November 04, 2021, 06:18:55 pm »
dovresti configurare le regole fw per far passare il traffico tra la porta onboard e la terza... però sinceramente troverei più semplice collegare l'ap allo switch dove c'è poi collegata la porta onboard... ti risparmieresti un sacco di lavoro per niente

7
Italian - Italiano / Re: notifica via mail connessione e disconnessione utenti openvpn
« on: November 04, 2021, 06:14:45 pm »
Mi aggiungo alla richiesta
In pfSense avevo trovato due file (ovpn-connect.sh  e ovpn-disconnect.sh) da aggiungere alle Custom options della configurazione di OpenVPN.
Quando un utente si collegava in vpn mi arrivava una mail che informava della connessione e quando si scollegava me ne arrivava un'altra con data/ora della disconnessione e quanto aveva trasferito oltre ad ovviamente l'ip ed il nome utente usato per la connessione

8
Development and Code Review / Re: APC UPS new plugin
« on: November 04, 2021, 04:03:34 pm »
Hi, sorry for the ignorance, I can't figure out how to have my ups detected and managed.
I have migrated from pfsense to opnsense and am not yet practical.

I have an APC SMT1500i with AP9630 network card.
In pfSense I had both Nut (snmp) and APCUPSD (pcnet).

I don't understand what I have to download and where I have to put it.


EDIT: Problem solved.
It would be nice to have a widget on the dashboard with ups status and battery charge as there was a pfsense

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2