Messages

1

German - Deutsch / Re: Hardware Vergleich - Was ist für Euch zu Hause sinnvoll? Was nutzt ihr?

« on: October 17, 2017, 08:25:15 am »

@monstermania

Das mit dem ClamAV wuerde ich mir auch ueberlegen, da die Software anscheinend nicht besonders oft geupdated wird [1].





[1] http://tmowizard.square7.ch/wordpress/2017/10/15/sicherheit-am-pc-vi-ubuntu-clamav-verantwortungslos/

2

17.7 Legacy Series / Re: Raspberry Pi OPNsense

« on: October 16, 2017, 09:20:30 am »

@Gargamel:

If you want to a small linux image for the PI you can use the DietPI image.

3

17.7 Legacy Series / Re: Raspberry Pi OPNsense

« on: October 13, 2017, 08:33:00 am »

@Franco: Before you smash more SD Cards, you can use emulation

4

German - Deutsch / Re: USB 3.0 Netzwerkkarte(n) funktionieren nicht mit OPNSense 17.7

« on: October 13, 2017, 08:29:59 am »

Du kannst ein remount auf rw (read/write) machen, dann solltest du es installieren koennen von der CLI.

sudo mount -o remount,rw /partition/identifier /mount/point

5

General Discussion / Re: Dumb question about opnvpn

« on: October 11, 2017, 02:39:28 pm »

If I understand you correctly then vlans are much faster from the usage. Because the vlan-id is within the network package and stripped from you kernel. If you use virtual networking with virtual cpus you will have more overhead. You need to manage at least 2 different network stack with almost the same content (arp, ips, etc.).

6

General Discussion / Re: Dumb question about opnvpn

« on: October 11, 2017, 02:22:06 pm »

Why are you not using VLAN and openvpn without virtualization --> so create your VLAN-Interface etc.

7

General Discussion / Re: Dumb question about opnvpn

« on: October 11, 2017, 02:12:30 pm »

I doubt that it is better to generate more overhead (virtualization) and hope that the throughput is better at the end. Furthermore which kind of virtualization do you have in mind?
E.g. you can use kvm or docker with virt networking. 

8

17.7 Legacy Series / Re: Raspberry Pi OPNsense

« on: October 11, 2017, 12:07:17 pm »

I don't think that raspi is so much better in overclocked state. The network interface (even the internal one) is connected via USB-Stack which limits the performance. If you stack more usb-nics into the raspi then you won't get a high performance boost anyway.

9

German - Deutsch / Re: USB 3.0 Netzwerkkarte(n) funktionieren nicht mit OPNSense 17.7

« on: October 11, 2017, 08:47:48 am »

Ich hatte auch meine Probleme mit USB-LAN-Adaptern. Als erstes gibt es ein Plugin fuer OPNSense was den Start verzoegert, da es USB-LAN-Adapter gibt, die erst nach einer bestimmten Zeit sich beim System melden. Andere probleme hatte ich, wenn der Switch ein Link-Down durchfuehrt um Strom zu sparen, da einige USB-LAN-Adapter ebenfalls auf ein Link-Signal warten, bis sie sich beim System anmelden. So zu sagen, wenn beide dann auf ein initiales SIgnal warten, wird das etwas laenger dauern .

10

17.7 Legacy Series / Re: GRE over IPSec state issues

« on: October 11, 2017, 08:44:12 am »

I tried this a little while ago but the problem was the strong swan implementation. I tried the openbsd ipsec and there I got this working though.

11

16.7 Legacy Series / Re: Configuring OPNsense as an OpenVPN client to a VPN server

« on: March 30, 2017, 03:38:44 pm »

Is this topic still a thing? I finally got this working but I have noch komplete documentation. I would prefere to do a step by step appoarch with some one who needs this setup and use the descriptions to provide a how-to.

12

16.7 Legacy Series / Re: Netflow to external server via IPsec

« on: September 22, 2016, 11:36:25 am »

Hi Franco,

thanks for your reply. I tried to change this setting, but as mentioned within the tools usage page, the '-S' flag is not going to work with an IP-address.
I tried the following on my own. I recognized, that the target address for the netflows was not pingable so I added a route to this IP through the gateway interface of the opnsense, then I was able to ping the target. But the flows were missing anyways. Is there a source of information about the routing behavior were I can read about how BSD routes traffic from the interfaces?

Thanks Loden_Richard

13

16.7 Legacy Series / Netflow to external server via IPsec

« on: September 21, 2016, 03:09:47 pm »

Hi folks,

I have a problem with my current setup. I have a netflow collector installed within my network and want to send my netflow octets to this collector. Unfortunately my collector is only reachable via IPsec, so if I set the netflow configuration up to send the packets to this collector I don't see the packages on the other side of the tunnel. My opnsense host is also the connections endpoint of the IPsec tunnel.
Does someone know how to solve this issue?

Thanks Loden_Richard

14

General Discussion / Re: Adding openvas to opnsense

« on: July 18, 2016, 02:27:15 pm »

The plan is within a small network environment is the best place to search actively for vulnerabilities from the edge firewall. All zones connected to the connected network (e.g. internet) are reachable from that point. Alternatively a jail could be hosted with a running vuln. scanner.
I am sure for big networks within companies it would not apply if opnsense is used as edge firewall. I have seen installations for separating internal networks from each other and for that reason it could be a nice feature to be able scan the network which should be separated.
e.g. a scada network (which is not my installation but is an argument for a specific installation of openvas):


The firewalls could also do an additional active security scanning service for ensuring patch levels and so on.

15

General Discussion / Re: Adding openvas to opnsense

« on: June 15, 2016, 12:30:09 pm »

Bump!

If the question is not specific enough then please provide some information how to integrate openvas ;-)