"
Thanks so much for your quick answer.
regards,
Ignacio
regards,
Ignacio
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: What happens when a opnsense feature becomes a plugin
March 07, 2025, 09:54:38 AM #2
General Discussion / What happens when a opnsense feature becomes a plugin
March 07, 2025, 09:19:43 AM
Hello all
I'm a fairly new opnsense user, so forgive me if this question has been answered before. I'm still using the opnvpn legacy feature. I just read that in the 25.7 release it will be offered as a plugin. For existing installations, and once we upgrade to that release, will it dissappear from our installation, or will be automatically installed or preserved with its current settings?
TIA,
Ignacio
I'm a fairly new opnsense user, so forgive me if this question has been answered before. I'm still using the opnvpn legacy feature. I just read that in the 25.7 release it will be offered as a plugin. For existing installations, and once we upgrade to that release, will it dissappear from our installation, or will be automatically installed or preserved with its current settings?
TIA,
Ignacio
#3
General Discussion / Re: Redirect all DNS queries but those that go to our own servers
February 07, 2025, 02:22:12 PMQuote from: viragomann on February 07, 2025, 02:03:50 PMThanks so much for your help. Yes. I've already got a list of DoH servers.Quote from: ignasi on February 07, 2025, 01:25:56 PMIn short, what I need is a rule in my LAN that for all queries that don't go to either 192.168.40.254 or 192.168.40.11, go to 192.168.40.254
So create an alias, say "myDNSservers", and add both DNS server to it.
Then edit the port forwarding rule, at destination check "invert" and enter the alias below.
Now this rule is only applied to any other destination.
However, I'm in doubt that this will lead your mobile devices to use your local DNS server. I suspect, they use DNS over HTTPS (DoH). You can only prohibit this by blocking access to DoH servers. There are feeds in the internet with server IPs, which you can use in block rules.
Regards,
Ignacio
#4
General Discussion / Redirect all DNS queries but those that go to our own servers
February 07, 2025, 01:25:56 PM
hello, and TIA for your help. I'm quite new in OPNsense and I still have trouble understanding rules.
We have 2 DNS servers in our LAN as follows:
1.- 192.168.40.254, our OPNsense firewall, resolving the LAN domain and the Internet querying 1.1.1.1 and 1.0.0.1 (opnsense system DNS)
2.- 192.168.40.11, in our main DC server, resolving AD and LAN domains, and the Internet as well through queries to 192.168.40.254
We have a firewall rule blocking all queries from LAN to any internet DNS server. However, for those devices (mostly mobile phones and tablets) that do not like follow our DHCP rules and connect to whatever DNS server their maker wants to, I'd like to create a Redirect rule that take them to 192.168.40.254. However, all howto I've seen would not respect queries done to 192.168.40.11, redirecting by default all queries no matter where they are sent, to 192.168.40.254.
In short, what I need is a rule in my LAN that for all queries that don't go to either 192.168.40.254 or 192.168.40.11, go to 192.168.40.254
Could anyone please help me with this?
TIA
Ignacio
We have 2 DNS servers in our LAN as follows:
1.- 192.168.40.254, our OPNsense firewall, resolving the LAN domain and the Internet querying 1.1.1.1 and 1.0.0.1 (opnsense system DNS)
2.- 192.168.40.11, in our main DC server, resolving AD and LAN domains, and the Internet as well through queries to 192.168.40.254
We have a firewall rule blocking all queries from LAN to any internet DNS server. However, for those devices (mostly mobile phones and tablets) that do not like follow our DHCP rules and connect to whatever DNS server their maker wants to, I'd like to create a Redirect rule that take them to 192.168.40.254. However, all howto I've seen would not respect queries done to 192.168.40.11, redirecting by default all queries no matter where they are sent, to 192.168.40.254.
In short, what I need is a rule in my LAN that for all queries that don't go to either 192.168.40.254 or 192.168.40.11, go to 192.168.40.254
Could anyone please help me with this?
TIA
Ignacio
#5
Web Proxy Filtering and Caching / Squid, blacklist access to all public IPs?
January 31, 2025, 05:31:05 PM
Hi there
Our offices have opnsense with squid in transparent mode for web access. We would like to completely block access to any URL that contains a public IP instead of a domain name. Does anybody know if that is possible?
Thanks
Ignacio
Our offices have opnsense with squid in transparent mode for web access. We would like to completely block access to any URL that contains a public IP instead of a domain name. Does anybody know if that is possible?
Thanks
Ignacio
#6
Virtual private networks / VPN Server in a LAN machine: not seeing other devices
March 08, 2024, 11:46:24 AM
Hello and thanks in advance for your help.
We just switched to OPNsense from shorewall. Up until now we've had 2 VPN servers running: OpenVPN and ocserv. OpenVPN is used for connection between our offices and has been already integrated into OPNsense and everything's running without problems (site-to-site works and LANs can see each other). OTOH, ocserv is heavily customized for a particular set of devices (pi units acting as gateways) that we install in our customers offices, so integrating it in OPNsense is going to be a difficult task. In the meantime, I want to keep our current ocserv instance until I figure out how to do it through OPNsense. Connections can be established from the outside, but access to LAN machines do not work, and from LAN to devices behind the client do not work either (settings routes in shorewall worked perfectly, but I don't have that much experience with OPNsense). This is a schematic of that we have:
Each Customer's Offices (openconnect) Our Main Office
------------------------------------- ---------------
Computers-| |- (1) ocserv
|- OC Gateway-------- INTERNET -- OPNsense -------LAN-| 192.168.40.2
Printers--| LAN: 10.0.[0-254].0/24 192.168.40.254 | VPN tun:
| IP VPN tunnel: dyn ocserv PortF to (1) | 192.168.43.0/24
| |
Other ----| 192.168.43.x WAN: 10.0.0.1/24 |- (n) Devices LAN
| 192.168.40.0/24
Branch Offices
--------------
OpenVPN tunnels are in 192.168.42.0/24. LANs for the Office branches
are 192.168.60.0/24 and 192.168.80.0/24
I need openconnect clients access all devices in LAN and OpenVPN and viceversa. Can anybody assist me with the set of rules I have to add?
Thanks so much for your help
Ignacio
We just switched to OPNsense from shorewall. Up until now we've had 2 VPN servers running: OpenVPN and ocserv. OpenVPN is used for connection between our offices and has been already integrated into OPNsense and everything's running without problems (site-to-site works and LANs can see each other). OTOH, ocserv is heavily customized for a particular set of devices (pi units acting as gateways) that we install in our customers offices, so integrating it in OPNsense is going to be a difficult task. In the meantime, I want to keep our current ocserv instance until I figure out how to do it through OPNsense. Connections can be established from the outside, but access to LAN machines do not work, and from LAN to devices behind the client do not work either (settings routes in shorewall worked perfectly, but I don't have that much experience with OPNsense). This is a schematic of that we have:
Each Customer's Offices (openconnect) Our Main Office
------------------------------------- ---------------
Computers-| |- (1) ocserv
|- OC Gateway-------- INTERNET -- OPNsense -------LAN-| 192.168.40.2
Printers--| LAN: 10.0.[0-254].0/24 192.168.40.254 | VPN tun:
| IP VPN tunnel: dyn ocserv PortF to (1) | 192.168.43.0/24
| |
Other ----| 192.168.43.x WAN: 10.0.0.1/24 |- (n) Devices LAN
| 192.168.40.0/24
Branch Offices
--------------
OpenVPN tunnels are in 192.168.42.0/24. LANs for the Office branches
are 192.168.60.0/24 and 192.168.80.0/24
I need openconnect clients access all devices in LAN and OpenVPN and viceversa. Can anybody assist me with the set of rules I have to add?
Thanks so much for your help
Ignacio
Pages1
