OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of cookie_lu »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - cookie_lu

Pages: [1]
1
General Discussion / Re: How to restrict device to connect only to a specific vlan
« on: August 30, 2024, 11:14:36 am »
My apology, got mixed up the Vlan and Wlan (Ssid) above.

Each of the ssid were associated with certain Vlan, which in turn each Vlan is configure differently, eg. how they route/dns...etc.

Assuming I can't change the wifi passwords (for now), but rather is there a way i can easily restrict each devices to  to a particular Vlan regardless which wlan connected to.

Do I have to create alias to each devices and register all the MACs (Wifi2, Wifi5, Wifi6) associated to the device and use the firewall to prevent it entering certain Vlans? Don't think Arp table will help in this case.

2
General Discussion / How to restrict device to connect only to a specific vlan
« on: August 30, 2024, 01:50:42 am »
What is the best way to only allow specific device to connect certain Vlan? Assume people using the devices knew all the Vlans passwords.

I have, say 5 Vlans: A, B, C, D and E. Each has it's own configuration/purpose. Using Opnsense 24.7.

Bare in mind, on same the device, Wifi2 and Wifi5 may have separate MAC addresses. Now with Wifi6, the same device may have 3 separate MACs.

How to make sure device 1 can only connect to Vlan A, and device 2 can only connect to Vlan B and C, and device 3 can connect to C,D and E only.

Do I restrict by MAC using Firewall rules and Aliases? In that case they will be alot rules and aliases to do -- possibly affecting the performance?



3
24.7 Production Series / OpenVPN - disconnect after a min when using Local+TOTP
« on: August 29, 2024, 09:45:34 am »
I am having problem with OpenVPN when login using local+TOTP from remote Android OpenVPN client (3.4.2). Opnsense version 24.7.2.

For a start, I was able to connect successfully (cert and login were OK). I was able to browse external websites and internal server. But after about a minute, i got disconnected with the following error from client:


Quote
[Aug 29, 2024, 12:41:51] Sending PUSH_REQUEST to server...

[Aug 29, 2024, 12:41:51] AUTH_FAILED

[Aug 29, 2024, 12:41:51] EVENT: AUTH_FAILED

[Aug 29, 2024, 12:41:51] EVENT: DISCONNECTED

When i changed the authentication to just Local Database, i was able to maintain the connection as long as i want. But when I reverted back to Local+TOTP, i got disconnected again after about a min.
I did set the Renegotiate Time to 0.

I think it something to do with the re-authenticate/renegotiate not able to do TOTP bit since it expires.
I tried adding TLS static key and/or setting Auth Token Lifetime to 0, it won't even connect at all.

Your help is much appreciated.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2