Messages

I was looking at the docs and I couldn't find anything regarding certificate (trust) when it comes to API. Is this not available in latest version and if it's not, is there any plans for the certificate management via API for the near future?

Well, I guess I'm about to find out. LOL

 That makes sense. LOL Can I use CARP IP for One-to-One NAT?

We have 3 different locations running Deciso DEC4640 in HA configuration. Everything seems to be working fine except vIP's wont sync to slave firewall. It looks like CARP vIP's are syncing just fine but not the IP Alias'. Anyone have any idea why and how I can get it to sync up?
Thanks in advance.

Just give it put 1 at the end of your hostname for your WiFi MAC.

First, you need to use your DC's as your DNS servers  and specify your local domain in DHCP server settings ( if DHCP is used), then you need to make sure that the firewall rules are setup correctly on both local and remote site to allow communication between networks. You can just setup any to any rules if remote network is completely trusted, I personally like to limit by only required ports even if the network is trusted.
Note: once you change your DHCP server settings, you need to renew your IP on your clients. you can do this by ipconfig /release and ipconfig /renew on Windows and for Linux you must restart the network or NetworManager services (systemctl restart network will work on most recent Linux distros).


Hope this helps a bit.

Perfect, thanks, that's something to work with. I'll ponder a bit about how I can wrap this up as an easy to install test package.

Small improvement: if you need /etc/inc make it a soft-link to /usr/local/etc/inc where the include files reside now.

# ln -s /usr/local/etc/inc /etc/inc

Thanks, franco, I don't know why I didn't think about symlink to begin with, I guess I gust want it to work quickly LOL. Anyway, I'm not sure if this is a latest version or not.

OK, here is what I did, login in to the OPNSense via ssh (You can use PuTTy) and run this commands.

Code Select Expand

cd /usr/local/pkg/

Code Select Expand

fetch https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.inc

Code Select Expand

fetch https://files.pfsense.org/packages/openvpn-client-export/openvpn-client-export-2.3.6.tgz

Code Select Expand

chmod 077 openvpn*

Code Select Expand

cd /usr/local/www/

Code Select Expand

fetch https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export.php

Code Select Expand

fetch https://packages.pfsense.org/packages/config/openvpn-client-export/vpn_openvpn_export_shared.php

Code Select Expand

chmod 077 vpn_openvpn*

Code Select Expand

mkdir /etc/inc

Code Select Expand

mkdir /etc/inc/priv

Code Select Expand

cd /etc/inc/priv

Code Select Expand

fetch https://packages.pfsense.org/packages/config/openvpn-client-export/openvpnexport.inc

Code Select Expand

chmod 077 openvpnexport.inc

After this is done, you can access it by adding /vpn_openvpn_export.php in to the OS URL( for exemle https://192.168.1.1/vpn_openvpn_export.php)


I hope this will help someone else until developers implement it in to the OPNsense core or as an addon.

Source: http://www.pfsense.com/packages/config/openvpn-client-export/openvpn-client-export.xml

I have successfully installed it on my firewall, the only thing is that the style is little bit off but I don't care, it saves me a lot of time. I don't remember exactly how I did it, but I will look it up tomorrow at work and post back.

I'm inclined to say try a stable 15.1 if you can, but 15.7 is certainly a good idea for production systems. Cheers. :)

I got it to run (15.7) on my Watchguard x750e on 60GB IDE HDD. Currently getting it ready for production (recreating all of the firewall rules an other configurations). The only thing is that the LCD just displaying "Booting OS" and NICs LEDs are not functioning correctly (blinking only when there is activity on that port) but thats has to do with FreeBSD and Wachguard hardware. I will fix that and report back for other people.

I have created an alias with multiple ports and when I tried to create new firewall rule, the (other) field for ports would not hint the alias or if I try to edit existing rule, (other) field is grayed out. Am I missing something or there is a bog?

Thanks franco, I guess I'll just wait for 15.7 release. BTW. I have upgraded the hardware to Intel Pentium M processor 1.73GHz, 2GB of ram and 4GB CF card. One of the Watchguard UTMs have a IDE port, so I'm guessing I can trow an SSD in to that one.  I'm so happy to see OpnSense, defiantly spreading the word.

Just a quick quastion, would there be any support for watchguard hardware? I'm curently running two WG X750e with pfSense. It is installed on CF card and all of the LEDs and screen is working.

Thank you.