Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - romuloadmr

#1
15.7 Legacy Series / Isolating Subnets in OpnSense
November 12, 2015, 02:06:20 AM
Hello guys, i might need a bit of help here...

I want to accomplish the following:

Allow LAN1/LAN2/ access to the wider internet.
Isolate the LAN1/LAN2 subnets from each other, so that by default no traffic will flow between them.
Have the ability to poke holes between the subnets for specific purposes.

I am sorry if this has been answered here already. So far i am having problems when i create a rule to permit LAN1 traffic to WAN, since it also allows the LAN1 traffic to reach LAN2.

What is the mosf effective way to design my rules in this case?

Thanks in advance!
#2
15.7 Legacy Series / Re: Ldap START_TLS Authentication
November 06, 2015, 01:20:59 AM
Thanks for the info Franco!

Funny thing is...i can authenticate just fine using the diag tool against our ldap server..the test passes.

The problem arises when i import the users from Ldap to the User Manager and try to authenticate them against the Captive Portal...for me it seems like the passwords are messed up like  you pointed out.

Our team would like to use Ldap directly, right now Radius is not an option =(.

Anyway i think we will end up discussing the possibility of using Radius xD.

Thanks again!

#3
15.7 Legacy Series / Re: Ldap START_TLS Authentication
November 05, 2015, 11:49:22 AM
Thanks for the reply! xD

I did and i was'nt able to find any clue =(. However i started a new ldapserver for testing purposes and i was able to authenticate using Ldap over SSL (port 636), instead of standard tcp + Start_TLS.

However, for some reason Ldap users imported into the system are unable to authenticate against our Captive Portal. Authentication works fine for any local user.

I will keep digging into this...any help would be much appreciated.
#4
15.7 Legacy Series / Ldap START_TLS Authentication
November 04, 2015, 12:15:27 AM
Hello everyone,

I would like use a Ldap database to authenticate users that will be acessing the internet through our Captive Portal in OPNSense

My Ldap Server only allows connections via START_TLS mechanism.

I have imported the CA Certificate into the OPNSense however the bind operation fails. I have checked the server logs and it seems like the Start_Tls operation fails for some reason.

Am i missing something here? Is it possible to use START_TLS or i should be using ldaps?

Thanks in advance!