Messages

Hello everyone.
Can someone help me and explain how I can blacklist multiple IP addresses by myself.

In this guide: https://docs-opnsense-org.translate.goog/manual/how-tos/proxywebfilter.html, there is information that you can configure the blacklist yourself. But how?

Please give me a hint.

I have OPNsense installed on a configurable router with 4 ports.

I configured OPNsense as follows:
LAN - igb1 - 192.168.10.1 - desktop computer.
WAN - igb0 10.200.250.25 -> Internet.

I would like to run another LAN interface - igb3 and quietly connect it to the TP-LINK router with WiFi.
How to configure igb3 to access router to configure WiFi.
Should igb3 connect to TP-LINK router's WAN port or LAN port?

The second thing is how to protect yourself so that OPNsense is not hacked via WiFi.

[TrustedComputer]

Guys, I have another problem.

Thanks to the "TrustedComputer" hint, I dealt with the security certificate: https://forum.opnsense.org/index.php?topic=33734.0

Now he has a problem with an iPhone (Android) that connects to the Internet via WiFi to the router and via OPNsense, Transparent Proxy. A similar message was displayed to me (as in the previous post), but in the Chrome browser on android.

I followed the instructions in the guide: https://docs.opnsense.org/manual/how-tos/proxytransparent.html , and in the "Forward Proxy" tab - "SSL no bump sites" - I added the local google domain and
.google.com
.googleapis.com
gstatic.com
.1e100.net

but it didn't help, what else should i do?
Guys any suggestions?

[Now everything works!!!!!]

Gentlemen, I withdraw all questions.  :)
Due to my failure to read the advice contained here: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox, I had an error.
Now everything works!!!!!

[Please consider the previous entry as non-existent, I managed to remove the error.]

Please consider the previous entry as non-existent, I managed to remove the error.

But that's not all, another problem has arisen.

I set up an additional user account on win7, I did the same as "TrustedComputer" told me, and here is a total failure. At the top (next to the address bar) there is a padlock with an exclamation mark and the inscription unsecured.

Firefox shows the message: "'google.com' is probably a secure site, but a secure connection could not be established. This is caused by the program 'opnsense-ssl-ca' running on this computer or network."

Do colleagues have any suggestions?

Hello again,
I followed the suggestions
TrustedComputer, and it works fine.
But ... another problem arose. Before I set up a transparent proxy, this directive placed in the file: sqiud.conf worked (and blocked me from Facebook):

Code Select Expand

acl facebook dstdomain facebook.com
http_access deny facebook.

Now in transparent proxy doesn't work,...why? I also duplicated this in pis in the header.conf file located in the directory: \usr\local\etc\squid\

I answer:
I followed this: https://docs.opnsense.org/manual/how-tos/proxytransparent.html , and this tutorial: https://www.youtube.com/watch?v=o67NaMbjwaE
But there was nothing about changes in Firefox.

Regarding Setting Up Certificate Authorities (CAs) in Firefox
i have to screw it up. From what I've read, I have to make changes in the registry editor.

OK, I'll check out this guide and follow your suggestion.
If there's still a problem, I'll ask again.

[What can I do to fix this problem.]

Hello to all forum users.

I have this problem, I have configured Transparent Proxy in OPNsense 22.7-amd64.
I used the information contained in the YouTube: OPNsense Web Filtering/Proxy Configuration and in the Setup Transparent Proxy guide

And something is wrong.
I created a new certificate authority,
I imported the key into my OS and set it as trusted.

And it still (on some pages) shows me the messages: Software is preventing Firefox from connecting securely to the page.
And on other pages, e.g. with movies, it loads the page but as if the CSS stylesheet is missing.

What can I do to fix this problem.

Hello everyone.
Ladies and gentlemen, I have a question.
Where I live, everyone uses wireless internet. I have pre-talked to the university and am trying to become an ISP to distribute wired internet.

Please let me know what hardware I should buy.
Server, router, software: Ubuntu or Debian with DHCP server.
And one more thing, I don't want to assign IP behind NAT, only from the assigned pool of external IP addresses. For picky recipients, I plan to assign a fixed IP.
Please give me a hint.

I understand, topic closed (unless there are other suggestions).  :)

Hello again.

I don't really care about that.
So I will ask differently, is it possible to change my public IP with OpenVPN?

For example, my IP from the ISP is: 77.88.562.520 (fixed IP).
Is it possible to make my public IP on the network visible as, for example, 88.77.120.120? I'm wondering if you can mask your real IP with Open VPN.

I read from some article on the internet that such (sorcery) can be done with a VPS.

My computer = 77.88.562.520 connects via LAN to OpenVPN.
OpenVPN through the tunnel connects to the VPS in the cloud, its IP is = 99.99.10.20, and the VPS as an intermediary connects to the Internet.
So on the internet I am seen with IP 99.99.10.20.

My question is, is it possible to change the IP (without VPS) using only OpenVPN.

Thank you very much for the (hint).
As for templates, I don't quite understand how to save and use them. Do you need to know Python?
As for the second part of your hint, it makes more sense to me. When I test it, I'll call again.
Regards.

Hello everyone.
Gentlemen, I have this question:
I would like to change the IP address on the network using OPNsense.
I read that you need to buy a VPS server to change your IP on a public network. It is true that in OPNsense there is OpenVPN, which allows you to connect with your family through an encrypted tunnel, but is it possible to browse the web animatedly, with a changed IP.
Is there a way to do this?

The OPNsense proxy does not respond to changes made to the squid.conf file.

For example, I change the port number in the squid.conf file from 3031 to 8809 and the change is noticed!
In the configuration panel, this change (Services: Web Proxy: Administration ) is not updated, but it is noticed by (proxy in Firefox - connecting to the Internet). So changing the port and it worked and everything is OK.

But when I enter "forwarded_for off" in the squid.con file, the proxi in OPNsense does not respond to this change. Why?

I wanted to test this setting:

Code Select Expand

request_header_access From deny all
request_header_access User-Agent deny all
request_header_replace User-Agent SecretBrowser / 5.0 (iPhone; U; Commodore64; en)

And it doesn't work, and the same change to the squi file on Ubuntu works!
Please give me a hint.