Messages

Hi all.

I have a group with the assigned privileges VPN: IPsec: Edit Pre-Shared Keys. I used to have an account that is just in this group and he could create, modify and delete Pre-Shared Keys for IPSec Road Warrior connections.
Since 23.x this doesn't seem to work anymore. Or at least my setup is wrong.

So having this privilege (VPN: IPsec: Edit Pre-Shared Keys) doesn't show the VPN - IPSec - PreShared Keys item on the left side menu.

Any ideas what is causing this?

Kind Regards,
Marc

yep. That rule with !1918 worked for web access for the IoT devices.
Restricted it to what I need (port 80 and 443 to some IPs/Hosts)

Now for allowing specific rules from VLAN99 to LAN .. for example ICMP. Would I need to generate 2 rules? One on the IoT interface for outgoing traffic and one on the LAN interface for incoming ICMP from the IoT net as source? (Assuming I don't have/want an allow all out from the IoT network)

ok ... will do that then .. thanks for confirming that I need to do that way and not what I first tried.

Hi,

I'm running OPNsense 21.7.7-amd64 and up until now I just had a WAN and a LAN interface active which was running great. Now I want to add a VLAN 99 and this VLAN should only have access to the Internet and not the LAN network.

WAN: DHCP from ISP
LAN: 192.168.11.1/24 no VLAN tag
IoT: 192.168.99.1/24 with VLAN tag 99

When I create a rule on the IoT network as source and any as destination it works but this is too permissive. I only want internet access. I then tried:

source: IoT network, direction in, destination WAN net on the IoT interface

then it does not work. I get a deny by the default rule. I tried to add:

source: IoT network, direction out, destination * on the  interface WAN

still no gain. I have seen some articles where they allow everything and then deny access to other VLANs. Is that the way to go? Selective allowing doesn't work?

Any ideas or links on how to do this?