Messages

1

General Discussion / Nominate OPNsense and FreeBSD Foundation for Proton's Fundraiser (Big Reward)!!

« on: November 06, 2024, 10:23:55 pm »

Everyone, nominate OPNsense and FreeBSD Foundation as beneficiaries for Proton's 2024 Charity Fundraiser https://proton.me/blog/lifetime-fundraiser-survey-2024! It just takes a minute and you can do so here, just click on the purple "Tell us who to support" button near the upper middle of the page or click here: https://form.typeform.com/to/kRGE7inV. The charities being nominated will receive tens of thousands of USD each. Share the link!

2

General Discussion / Re: Please Make a Donation to OPNsense

« on: November 06, 2024, 10:20:20 pm »

Everyone, nominate OPNsense and FreeBSD Foundation as a beneficiaries for Proton's 2024 Charity Fundraiser https://proton.me/blog/lifetime-fundraiser-survey-2024! You can do so here, just click on the purple "Tell us who to support" button near the upper middle of the page or click here: https://form.typeform.com/to/kRGE7inV. The charities being nominated will bring in tens of thousands of USD to each. Share the link!

3

General Discussion / Best protection setup for encrypted traffic? Best network segmentation?

« on: October 17, 2024, 06:08:24 am »

Hello, I'm new to firewalls and have a few questions.

1. I run a commercial VPN locally on my devices and use encrypted DNS (DoH & DoT). Since my traffic is encrypted, what free and open source tools and settings are recommended to fortify my network's security? From my understanding, IDS/IPS and next gen firewall solutions aren't useful with encrypted traffic and getting them to work with a VPN is complicated and prone to issues. Are there any other tools or settings that are recommended?

2. What method is the recommended method to segment the the LAN and OPT1 interfaces so that LAN can communicate with OPT1 but OPT1 can't contact LAN? I plan on reserving OPT1 as a guest/untrusted network and assume this is the optimal setup. Please correct me if I'm wrong.

Any input is much appreciated!

4

General Discussion / Re: Can't access web GUI after installation - computer doesn't recognize LAN

« on: October 02, 2024, 12:38:57 am »

I've tried setting the IP manually as you recommended yesterday although still didn't work.

However, I just reset my settings to default again and the LAN being swapped with WAN (igb0 & igb1), now by plugging into my WAN port, I am able to access the web GUI. I think my physical LAN port may have some issue -- it was also giving me trouble on pfSense but I thought it was due to a misconfiguration. Thank you everyone for your assistance!

5

General Discussion / Re: Can't access web GUI after installation - computer doesn't recognize LAN

« on: October 01, 2024, 08:50:06 pm »

Apologies for any confusion, I'm new to all of this and didn't know what double NAT-ed even meant. After looking it up, it seems that it has to do with two routers being present? If that's the case, I don't have any routers connected to the FW4B - just the RJ45 to the computer and the power cable. Yesterday I briefly connected the FW4B to the internet (WAN to router) to check for updates. The changeset came up but I am not sure if it actually updated since I didn't see any confirmation. I have rebooted the device multiple times since then and the device has remained disconnected from my router. Don't know if this could make any difference.

When you say to Change the Lan Interface to 192.168.22.1/24, could you please clarify, are you asking to change...
1. Windows' IP from DHCP automatic to manual
2. "Option 1) - Assign interfaces" this seems to only be for changing the assigned RJ45 ports to my understanding.
3. "Option 2) Set interface IP address" in the OPNsense interface

I have once again set the interfaces as is recommended in the Protectli guide: https://kb.protectli.com/kb/how-to-install-opnsense-on-the-vault (WAN = igb0    LAN = igb1   OPT1 = igb2   OPT2 = igb3   N/A   N/A)

I tried "Option 2) Set interface IP address" but am not sure what to enter after the IPV4 upstream gateway addresses prompt as shown in the attached image.

6

General Discussion / Re: Can't access web GUI after installation - computer doesn't recognize LAN

« on: October 01, 2024, 03:56:41 am »

I've been following this guide: WAN = igb0    LAN = igb1   OPT1 = igb2   OPT2 = igb3   N/A   N/A
I just swapped LAN and WAN (WAN = igb1    LAN = igb0   OPT1 = igb2   OPT2 = igb3   N/A   N/A)
but I still can't connect to the web interface.

7

General Discussion / Re: Can't access web GUI after installation - computer doesn't recognize LAN

« on: October 01, 2024, 02:57:04 am »

I just tried both methods but neither worked. Since the Ethernet port on my computer only lights up when connected to any other port but the LAN, I thought that there might be something physically wrong the FW4B LAN port so I tried swapping the LAN and OPT1 assignments via option 1 in the interface but this didn't seem to change anything. Despite this, the LAN port stays lit up on the FW4B but never lights up the one on the computer, much less grant access to the web GUI.

Do you have any more ideas?

8

General Discussion / Re: Can't access web GUI after installation - computer doesn't recognize LAN

« on: October 01, 2024, 12:28:32 am »

This was the result in Windows 11 on all four ports:

Pinging 192.168.1.1 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.

Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


How do I check with the WAN cable and see where I get an IP from the ISP?

9

General Discussion / Can't access web GUI after installation - computer doesn't recognize LAN

« on: October 01, 2024, 12:01:45 am »

I was previously using pfSense and just installed OPNsense on a Protectli FW4B twice but still when I plug any computer to its LAN port, the port stays lit on the FW4B but the RJ45 port doesn’t light up on my computer and it doesn’t detect the wire connection on the OS either. However, when I connect the computer to any of the other ports on the FW4B (OPT2, OPT1, or WAN), then the computer's I/O shield lights up on the RJ45 connection but it still doesn't allow me to connect. When I open up Brave or Mullvad browsers, I can’t reach 192.168.1.1 – Brave says “This site can’t be reached https://192.168.1.1/ is unreachable. RR_ADDRESS_UNREACHABLE.”

I’ve tried to connect on two different computers, on Windows 10, 11, and Fedora Workstation Linux. The first time I installed I followed the instructions as stated on this guide: https://kb.protectli.com/kb/how-to-install-opnsense-on-the-vault. When connected via RJ45, my computers are able to connect to 192.168.1.1 on my ISP router and personal router without a problem.

How can I get the computer to recognize the connection so that I can access the OPNsense web browser GUI? I have attached a picture of the FW4B's interface confirming the IP assigned to LAN. Any help is much appreciated!