Messages

Hi,

I decided to set up a guest WiFi network that allows guests to log in without needing credentials. Currently, I have 6 APs to cover every corner of my house, so the network extends widely over my property.

For the guest network, I use a separate VLAN, and traffic to the internet goes through a VPN tunnel. The idea is that if someone engages in malicious activities, they go through the VPN provider instead of my ISP.

I don't mind if guests use my network to go online or check emails. My concern is a bad actor (like a neighbor or visitor) accessing illegal websites, which could trigger criminal investigations (e.g., child pornography).

What is the best setup to prevent this? I have AdblockHome for DNS filtering, a VPN gateway that hopefully doesn't log activity, and I plan to use Zenarmor as an additional security layer to filter such websites. To be clear, my threat model is not a skilled hacker but a typical user.

Hi,

I need a little help with my issue. First, I have two WAN Connections. One is called TCV_PPPOE and the other is called MSatCable.

My goal is, that a OpenVPN  Client instance on OpnSense is using the TCV_PPPOE Gateway to connect to  156.146.55.26 (NordVPN). So I set up a floating firewall rule, that outgoing traffic to this IP should go through the TCV_PPPOE Gateway.

But when I look into the Firewall Log, I see, that the Connection is established via MSatCable. Or at least the OpenVPN is trying to establish a connection, but it doesn't work.

So what's wrong? I also have no clue, how I can debug it. That's what I tried:

If I set the Gateway to TCV_PPPOE, I get in the Log (screenshot) that it's still using MSatCalbe. But I get no connection.

It I set the Gateway to MSatCable, everything works fine.

If I set the Rule to Block, I see, that the traffic gets blocked. So the FW-Rule is working.

If I pull the Ethernet-Cable from the MSatCable Interface and have the Gateway set to TCV_PPPOE, I see in the log, that the Traffic is going through TCV_PPPOE and everything is fine.

Do you have any ideas, what might be wrong?

Hey Guys,

how can I configure my Captive Portal to disable user/pwd Authentification and just have something like a splash screen. Like "I accept the terms" and that's it.

Hi,

in my Setup I currently have 4 WAN Connections. Well, when a connections goes down, I can see it in the Interface. But honestly: Who has the Interface open 24/7? That's why I would like to ask for a solution, how I can get notified, when an interface goes down.

What are you using? A SIEM? If yes, then which one? Or do you have another solution?

Hi,

I have a little problem with my configuration / routing / firewall.

First I have my OPNsense Server. This machine has a public IP and some hosts on the LAN side.

On the OPNsense Server I run two Site2Site OpenVPN Server. To these two OpenVPN Servers I connect my apartment LAN and my Office LAN. In OPNsense I added both OpenVPN Interfaces as a Gateway.

Current state is:
Every client from my Apartment can reach any clients on the LAN and vice versa
Every client from my Office can reach any clients on the LAN and vice versa

But Clients from my Apartment can't reach my office and clients from the office can't reach my apartment.

I don't know hot to find out, what's wrong. If some route is missing or if a firewall rule is blocking something. In my opinion I have everywhere quite open firewall rules. And when I do a trace route from my office to the IP in my apartment, that's the result:

Code Select Expand

[dr@storage:~]$ tracepath 10.11.12.101
1?: [LOCALHOST]                      pmtu 1500
1:  unifi.localdomain                                     0.115ms
1:  unifi.localdomain                                     0.114ms
2:  172.16.20.1                                          69.456ms
3:  keine Antwort
4:  keine Antwort

I hope some one can help me.

EDIT:
Ok, I solved it. It was a misconfiguration on one of the OpenVPN Clients