OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of meggenberger »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - meggenberger

Pages: [1]
1
23.1 Legacy Series / Group with Rights for VPN: IPsec: Edit Pre-Shared Keys not working anymore
« on: July 11, 2023, 10:40:16 am »
Hi all.

I have a group with the assigned privileges VPN: IPsec: Edit Pre-Shared Keys. I used to have an account that is just in this group and he could create, modify and delete Pre-Shared Keys for IPSec Road Warrior connections.
Since 23.x this doesn't seem to work anymore. Or at least my setup is wrong.

So having this privilege (VPN: IPsec: Edit Pre-Shared Keys) doesn't show the VPN - IPSec - PreShared Keys item on the left side menu.

Any ideas what is causing this?

Kind Regards,
Marc

2
General Discussion / Re: VLAN with Internet access only
« on: March 22, 2022, 04:24:59 pm »
yep. That rule with !1918 worked for web access for the IoT devices.
Restricted it to what I need (port 80 and 443 to some IPs/Hosts)

Now for allowing specific rules from VLAN99 to LAN .. for example ICMP. Would I need to generate 2 rules? One on the IoT interface for outgoing traffic and one on the LAN interface for incoming ICMP from the IoT net as source? (Assuming I don't have/want an allow all out from the IoT network)

3
General Discussion / Re: VLAN with Internet access only
« on: March 21, 2022, 08:22:21 pm »
ok ... will do that then .. thanks for confirming that I need to do that way and not what I first tried.

4
General Discussion / VLAN with Internet access only
« on: March 21, 2022, 07:54:14 pm »
Hi,

I'm running OPNsense 21.7.7-amd64 and up until now I just had a WAN and a LAN interface active which was running great. Now I want to add a VLAN 99 and this VLAN should only have access to the Internet and not the LAN network.

WAN: DHCP from ISP
LAN: 192.168.11.1/24 no VLAN tag
IoT: 192.168.99.1/24 with VLAN tag 99

When I create a rule on the IoT network as source and any as destination it works but this is too permissive. I only want internet access. I then tried:

source: IoT network, direction in, destination WAN net on the IoT interface

then it does not work. I get a deny by the default rule. I tried to add:

source: IoT network, direction out, destination * on the  interface WAN

still no gain. I have seen some articles where they allow everything and then deny access to other VLANs. Is that the way to go? Selective allowing doesn't work?

Any ideas or links on how to do this?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2