Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - fvnet

#1
Hi, I read all documentation and that confused me. It says "As a best practice, it is recommended to protect LAN interfaces".
So i simply select the LAN interface, add the "lan" tag, right?

But i still get this get this " Please add WAN security zones" warning?
#2
Hello dear friends. I have successfully setup IPSEC VPN (legacy) tunnel between OPNSense and a Draytek router. However I noticed that tunnel doesn't start on its own after a reboot? Is that normal. Do I always have to manually click the connect button?
I have searched the forum and found solution by using Monit, but isn't it so strange that such a bug still exists?

Unless i am doing something wrong in the configuration

Thank you
#3
Hello,

I have a simple OPNSense installation and testing it. It has two NICs, so the one is the WAN and the other the LAN. No vlans.
Isn't proper the set security zone tag "wan" to the wan interface and "lan" to the lan interface?
Why do I get this " Please add WAN security zones" warning?

Or shall i set to both the security zone "wan"?

Thank you so much
#4
Hello, I found what is causing the error. When setting trust and certificates, all fields must be entered (organization, department etc).

Then community edition works flawlessly (both 2.5.x and 2.6.x).

BR
#5
Hello, sorry for reviving this old post. In my 25.1 opnsense test machine, OpenVPNConnect 3.6 works just fine. The community edition refuses to connect
VERIFY ERROR: could not extract CN from X509 subject string ('C=GR, ST=Attiki, L=Athens, O=OPN Sense') -- note that the username length is limited to 64 characters
OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.5.201:4494
UDP link local (bound): [AF_INET][undef]:0
UDP link remote: [AF_INET]192.168.5.201:4494


I tried also exporting as archive, also tried exporting with providers legacy default and used 2.6.x community version but nothing worked.
Any ideas dear friends?
#6
OK, probably found it myself.
Here is the setting

#7
Hello again dear friends, sorry if this has been answered before but all the guides to set static IP for an openvpn client don't work in 25.1 series.
Adding ifconfig-push 172.16.245.29 255.255.255.0 doesn't work (doesn't connect at all)
Setting persist-remote-ip also doesn't seem to work?
Has anyone found a solution? I need one specific client to get static ip no matter what.

Thank you in advance
#8
Thank you so much. I was making the mistake and added it to the remote networks.
Could you comment on the NAT rule? All traffic from the VPN interface that are going to that ERP network is allowed (I can only add alias there)
#9
Hello, I am in need for this specific scenario.
Our office has Public static IP and one of our overseas customer (who also has static IP)  has whitelisted ours so that we can connect to his server for the accounting ERP. Let's assume that our overseas customer IP is the: 88.777.666.55

When in office, employees can connect to his ERP just fine.
When our employees are teleworking, they use OpenVPN to connect to our office and its network. Where in OPNsense and the client can I configure that if the teleworking user needs to connect to 88.777.666.55 it should go thru the OpenVPN tunnel via our office?

Thank you so much in advance

#10
Hello dear friends,
I am managing the IT for a 70user company with a 400/400 fiber leased connection.
I have decided to move from Untangle (ridiculous pricing) to OPNsense and get the DEC3852 hardware.
The setup is not that complex, one (wired) /24 subnet for servers and clients and a separate /24 for the wifi APs for staff and visitors (the two networks won't reach each other).Will also add Zenarmor

Most of the employees do a lot of teleworking. So I will create 70 users with their certificates. It is absolute necessity to use OpenVPN without password, simply with the certificate. I want them to simply right click the openvpn client and connect.
Can I do that with OPSsense?
Thank you so much in advance