Messages

1

Virtual private networks / Re: Wireguard Split tunnel

« on: September 04, 2024, 03:51:36 pm »

On the client side put only the remote network in "Allowed IPs". Done.

thanks a lot for the reply, its working now, but i have one server cannot access it i dont know why this happen, only this server can access and ping any idea why this happen..?

2

Virtual private networks / Wireguard Split tunnel

« on: September 04, 2024, 03:21:09 pm »

hi guys newbie here,

already search regarding this issue but still have no clue about this, my question is, how to we split connection only client to access local network, now its working fine, but my goal is client still use his own internet access, but i don't know how to do it, my client already connect to to local network and work perfect, but cannot use his own internet access, how to do it guys need help

3

Intrusion Detection and Prevention / Re: suricata not blocking nmap scan

« on: October 31, 2022, 04:51:27 am »

interface must be in wan because wan interface using public ip address

4

Intrusion Detection and Prevention / Re: suricata not blocking nmap scan

« on: September 25, 2022, 09:27:29 am »

Emerging-scan.rules is one that has spotted ssh and nmap scans for me (I think).
So you need to verify the rules you have enabled and the type of scan you are performing.
A bit of backgound: https://forum.suricata.io/t/suricata-ids-and-nmap/506

 i only use nmap -sV target just like that, and emerging-scan has already rule for that but still not detection event alert not showing up, i don't know what i miss maybe some one has clue for it.

or maybe any other solution for port scanning or something similar.
thanks.

5

Intrusion Detection and Prevention / Re: suricata not blocking nmap scan

« on: September 24, 2022, 11:38:02 am »

If suricata is monitoring the wan interface, it doesn't see the scan when you do it from your lan. Different interface.

no i do it from internet not from lan side, my opnsense using public ip so itry to scan using another pc this pc not attached to opnsense network, so i run nmap then no alert found when scan finish.

6

Intrusion Detection and Prevention / suricata not blocking nmap scan

« on: September 23, 2022, 04:54:07 pm »

hi guys,

using suricata and enable it on wan interface because my opnsense face to public directly using ip public.
now try to scan my ip opnsense using nmap from my pc its scan, no alert from suricata it self, tuning the rules still the same any idea why this happen, i have to protect my opnsense from threat.

still not found solution here any idea how its work or it only work for lan interface...?

opnsense 22.7.4 run on vmware esxi 7

7

General Discussion / Re: firewall rules not block

« on: September 23, 2022, 04:49:56 pm »

If a connection is already established due to the ruleset, a new block rule will not apply until the connection is closed. Then the new block rule applies and a new connection cant be established.
Reset states forces all connections to close.

Reset states for pass rules is not necessary, because a connection cannot be estabslished before, so there is no state "overriding" the new rule.

See also https://docs.opnsense.org/manual/firewall.html

Note

When changing rules, sometimes its necessary to reset states to assure the new policies are used for existing traffic. You can do this in Firewall ‣ Diagnostics ‣ States.

@tiermutter

thanks for the help anyway now i understand.

8

General Discussion / Re: firewall rules not block

« on: September 23, 2022, 12:39:38 pm »

If a connection is already established due to the ruleset, a new block rule will not apply until the connection is closed. Then the new block rule applies and a new connection cant be established.
Reset states forces all connections to close.

Reset states for pass rules is not necessary, because a connection cannot be estabslished before, so there is no state "overriding" the new rule.

See also https://docs.opnsense.org/manual/firewall.html

Note

When changing rules, sometimes its necessary to reset states to assure the new policies are used for existing traffic. You can do this in Firewall ‣ Diagnostics ‣ States.

so if the target already in established connection then we should clear state so wen can block the target again aim i right..?

9

General Discussion / Re: firewall rules not block

« on: September 23, 2022, 12:22:40 pm »

any idea why i should reset states to work ...?

10

General Discussion / Re: firewall rules not block

« on: September 22, 2022, 08:44:39 am »

If so, enable logging for default pass rules to see which rule applies before your block rule.
e.g. ICMP v6 is enabled by default in floating section.

its work if clear states first from diagnostic why this happen..?

11

General Discussion / Re: firewall rules not block

« on: September 22, 2022, 08:42:12 am »

Your rule only stops pings to the firewall itself. Is that what you are testing?

yes because our firewall directly to public, its work now but we need to clear states, why this happen can we just create rules without clear states from diagnostic..?

if we create pass rule its applied directly just fine, when we create block rule this rule will work if we clear states from diagnostic can you help whats going on

12

General Discussion / firewall rules not block

« on: September 22, 2022, 05:46:45 am »

hi guys,

any advice why my rule cannot block icmp try everything result still the same, i am using
 opnsense veriosn 22.7.4 on vmware esxi 7 after rebooting or shutdown then power on the opnsense again rule working perfectly its like rule not applied properly any idea how to fix this.

i found the solutions clear states fix this problem, but why states not clear automatically do we need clear states every create rules please advice confused me.

Thanks

13

General Discussion / CpuTemp not found

« on: June 11, 2022, 04:56:21 am »

hi guys i found my opnsense no data temperature and also thermal sensor not working any idea how to fix this issue using latest opnsense version on proxmox version 6.4.



and also this one



please need advice how enable this, already configure in miscellaneous still not working
thanks for your help