Messages

Since Sam mentioned it we've made the GUI consistent https://github.com/opnsense/plugins/commit/14a130188

But more tools are certainly nice :)


Thanks,
Franco

It was a good learning experience at least 😀

This is nice to have, but it's not really needed since you can Import/Export all Static DHCP Mappings by using the .csv files Import/Export option in the OPNsense webGUI ;)

Not for IPv6, IPv4 only

Hi all,

I've put together a short video walkthrough explaining what Q-Feeds is, how to install and configure the, what the feeds actually represent, and how to apply the automatically managed Q-Feeds aliases directly in firewall rules for threat blocking.

The video covers:

• What is Q-Feeds?
• Installing the plugin
• Basic configuration options
• Different feeds, update frequency, and pricing
• How the plugin maintains aliases automatically
• Using those aliases in firewall rules for blocking malicious traffic

Blog post walkthrough and video:
OPNsense Firewall Security with Q-Feeds Threat Intelligence

I recently a small CLI tool I wrote for a client migration to help move ISC DHCP static mappings to Kea reservations using the OPNsense config.xml, as there's currently no way to export IPv6 static mappings via web interface.

I've open sourced it on github (should have releases for Linux, Windows, Mac).

It supports both IPv4 and IPv6 static mappings (including DUID, hostname, domain search, description). I originally wrote it mainly to handle DHCPv6 static reservations, since there isn't currently a GUI export/import path for those.

It's safe by default (reads the input config and writes to a new output file so you can review before importing) and only migrates static reservations, not pools or options.

This is very much a v1 community tool, so please test (pref in a lab) first and take a backup/snapshot before importing. If anyone wants to try it and provide feedback or edge cases, I'd really appreciate it.

See the Github README for command line usage.

• Leave kea disabled for now
• Create the relevant IPv4 and IPv6 subnets in kea
• Download the config (from system settings in GUI)
• Use scan option first to see what will change
• Use the convert option to create a new xml config
• Restore the new config from OPNsense gui
• Check the kea settings everything imported
• Disable isc and enable kea

Tested with 25.7.11:
ISC-DHCP to Kea Migration Tool

I just open-sourced a small tool I wrote for a client to migrate ISC DHCP static mappings to Kea reservations using the OPNsense `config.xml`

It supports IPv4 and IPv6 static mappings and is read-only on the input (writes to a new file so you can review before importing). It only migrates static reservations, not pools or options.

I wrote this for a real migration but saw people asking, so I figured I'd share it.
 
Please test first and take a backup/snapshot before importing. Happy to get feedback if anyone tries it.

https://github.com/sheridans/isc2kea

For anyone needing to migrate static mappings (especially DHCPv6), I put together a small offline converter that takes an exported config.xml and copies ISC static mappings into the Kea sections (v4 + v6).

Important notes:
Kea subnets still need to be created first in the GUI so the tool can map reservations to the correct subnet UUIDs.

Kea does not need to be enabled yet, you can import the converted config, review reservations in the UI, and only switch services when you're happy.

As always: take a backup / snapshot first.

The tool works on exported XML only and never touches the live system.

I originally wrote it for a client migration, but if others want to test it, I'm happy to share it.

Feedback welcome, especially for IPv6 and multi-VLAN setups.

https://github.com/sheridans/isc2kea

OPNsense works fine under proxmox, I use it that way a lot, including for OPNsense code development.

I've done a video on how to install OPNsense on Proxmox, if it helps:

https://youtu.be/-eqenlbBDLQ

If the status page (or dashboard widget) is showing needsLogin, it's not authenticated and you'll need to reauth.

I've tested the upgrade on a 2 machines that have been using tailscale plugin without any issues.

I've put a video together to explain how to use.

https://youtu.be/Z1OX0CKU__U

I'm sure you've all seen that video, my take:

https://www.youtube.com/watch?v=QT_dZNrlCTg&t=1845s

I haven't any info related to TCP spoofing vulnerability in FreeBSD PF (CVE-2023-6534) with regards to OPNsense and if it's going to/has been patched?

Part 1 - installation - https://youtu.be/bJ_-KzH94gk
Part 2 - Setting up MFA - https://youtu.be/ZXiip_-6a9o

I'd like to announce (permission given) the launch of a new YouTube series, "OPNsense from Zero to Hero"! This series is designed for anyone who wishes to delve deeper into the powerful capabilities of OPNsense, whether you're a beginner or looking to refine your skills.

Playlist: https://youtube.com/playlist?list=PLSJyoFloAkDo52MujFRHx1J1nZonLZtZE&feature=shared

In thus series, I'll be taking a hands-on approach, guiding you through everything from the basic setup to advanced features. The goal is to make OPNsense accessible and understandable for everyone. Each episode will focus on a different aspect, ensuring a comprehensive understanding of OPNsense's functionality.

What [hopefully] sets this series apart is the emphasis on real-world applications and scenarios. I believe in learning by doing, and therefore, the tutorials will be packed with practical tips and strategies that you can implement immediately.

Whether you're setting up OPNsense for the first time or aiming to master its more intricate features, this series will have something for you. I'm confident that "OPNsense from Zero to Hero" will enhance your knowledge and skills, making your experience with OPNsense even more rewarding.

Id love to hear your feedback and suggestions for future episodes. Don't forget to subscribe to our channel and stay updated with the latest episodes. Something you're struggling with? Let me know and I'll try to cover it.