OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of samnet »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - samnet

Pages: [1] 2 3
1
20.7 Legacy Series / Re: Multi Site VPN and routing to each site without CSO
« on: September 28, 2020, 01:37:15 pm »
Quote from: teknoadmin on September 25, 2020, 01:13:51 pm
Hi Samnet,

you need to assign an interface to ovpn client B and C, and then set static routes accordingly.
Also, you need to correct your tunnels configuration.
You have configured a S2S as a multi client network.

I.E.

Site B 192.168.33.0/24 GW 10.10.22.2 (Ovpn GW Site A)
Site C 192.168.22.0/24 GW 10.10.23.2 (Ovpn GW Site A)

And check the rules on OVPN tab

Regards
Did really get you on this
Do I need to do static route?
8 have managed to get it working by inserting remote network on each site
Would this be ok?
Also what gateway do mean?

2
20.7 Legacy Series / Multi Site VPN and routing to each site without CSO
« on: September 24, 2020, 09:41:27 am »
Dear All
Im struggling to make the proper Multisite VPN to interconnect between all sites.
I recall doing it few years back but cant replicate this in the new opnsense edition. not sure if this is version restriction or something related.
I have:

Site A (Openvpn Server) Ip 192.168.11.0/24 / OVPN Tunnel IP 10.10.11.0/30 (note Ive selected /30 not /24)

Site B (Openvpn Client) Ip 192.168.22.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site C (Openvpn Client) Ip 192.168.33.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site B and C can ping and connect to Site A and vice versa.

but I cant get site B and C to communicate (even through Site A and yes Im fine with single point of failure on site A) I just want it to work.
I recall doing this in the past editions by adding the subnet in the "IPv4 Remote Network" of each client. but this didnt work I tried adding even on the server remote network. can someone clarify how this can be done?

3
20.7 Legacy Series / Re: Transparent proxy with SSL
« on: September 16, 2020, 08:17:03 am »
thanks for clarification.
can you pls suggest any way for controlling URL access in a network with 100 desktops / laptops / mobiles many of them logging via Active Directory win2012


4
20.7 Legacy Series / Re: Transparent proxy with SSL
« on: September 15, 2020, 10:54:49 pm »
Quote from: Fright on August 25, 2020, 08:15:33 am
Quote from: samnet on August 24, 2020, 10:59:53 pm
forget this method, I just want to control url access even via https
and no. you can  not view requested url (if you mean exactly full url) without mitm. only tcp info, tls hello and sni info (if any).
Im still not getting this right, do you mean its impossible to see full URLs without MITM?
is this a no go area at all?
I recall splice option in pfsense which used to slightly control https to some extend, is there a splice option in opnsense?

5
20.7 Legacy Series / Re: Multiple VIP and static routes
« on: September 15, 2020, 10:46:07 pm »
Thanks for sharing the info. can you pls lay out the steps needed for this to work,
I will need to do this for
1. email server
2. voip
3. ftp ...etc
all having separate public IPs

6
20.7 Legacy Series / Multiple VIP and static routes
« on: August 26, 2020, 02:01:56 am »
Hi
Im having a problem on my current opnsense, I have several VIPs like xxx.xx.xx.190 (default gw)
xxx.xx.xx.191 (opnsense wan ip) xxx.xx.xx.192 (vip and doing port forward to exchange server in my lan) xxx.xx.xx.193 (vip and doing port forward to ftp server) ...etc
my main target is to get the exchange get back to internet via ip xxx.xx.xx.192 and not via the xxx.xx.xx.191 which is opnsense.
is this possible and how?

7
20.7 Legacy Series / Re: Transparent proxy with SSL
« on: August 24, 2020, 10:59:53 pm »
Quote from: siga75 on August 22, 2020, 12:12:26 pm
hmmmm how can you do transparent SSL proxy without using a CA for which you have the private key?
forget this method, I just want to control url access even via https

8
20.7 Legacy Series / Re: Transparent proxy with SSL
« on: August 24, 2020, 10:59:00 pm »
Quote from: Fright on August 22, 2020, 07:38:06 am
Hi!
Can you please give more info about "transparent SSL mode that PFSense has where there is no need to add the CA in every client"?

of course there is splice option which I cant find it in opnsense.

9
20.7 Legacy Series / Transparent proxy with SSL
« on: August 21, 2020, 11:18:41 pm »
Dear All
I know this has been asked before but no one actually compared the transparent SSL mode that PFSense has where there is no need to add the CA in every client and can do transparent SSL with no extra install on each client.
How can we achieve this transparent SSL proxy without touching CA?

10
20.7 Legacy Series / Re: Connecting to Active Directory (AD) via IPSEC
« on: August 19, 2020, 04:41:24 pm »
this is done already from what I recall, the way packets are shown is
Wanip 72.xx.xx.96:45556 to AD server ip 10.xx.x.2:389
ive done a packet capture and I can see 5 requests coming out but no AD handshake

11
20.7 Legacy Series / Re: Connecting to Active Directory (AD) via IPSEC
« on: August 18, 2020, 10:58:45 pm »
thx for this, can you pls explain more on how to do this?

12
20.7 Legacy Series / Connecting to Active Directory (AD) via IPSEC
« on: August 18, 2020, 01:37:18 pm »
Dear sirs;
Im trauggling to find a proper way to connect my opnsense to active directory via ipsec vpn tunnel.
Im sure it will not be the case for ovpn. but the main problem the DC that has AD in is actually using those terrible licensed firewalls that has only ipsec and kerio vpn. so I have configured the ipsec and opnsense is conecting via ipsec to DC and I can ping the AD server.
the crazy part is that I cant get the opnsense to join the AD. Ive done a packet capture and what Im seeing it that AD isnt giving a clear replies. and the funny part is that IPSEC is actually throwing the WAN ip as source. which is bit funny, but can someone share his experience on this??
can this work?
Firewall on AD windows 2012 is off btw.

13
Web Proxy Filtering and Caching / Re: Create ACL like the classic way using opnsense gui
« on: August 11, 2020, 09:12:16 pm »
any ideas pls?

14
Web Proxy Filtering and Caching / Re: Create ACL like the classic way using opnsense gui
« on: August 09, 2020, 04:41:42 pm »
dear all
this is very important feature, just wondering if this is actually supported or not
we have AD groups defined, can we apply ACL based on each group??
for example: secretaries group defined in AD cannot access Social Net webs
IT Dept group defined in AD can see all
Admins dept group defined in AD cannot see porns
Accounts dept group defined in AD cannot see games and porns
things of this nature I recall existed in pfsense so I think its doable in Opnsense.

15
19.7 Legacy Series / Re: multiwan pppoe loadbalancing does not work
« on: December 19, 2019, 02:22:47 pm »
anyone there to help?? I still cant get the whole idea of MLPPP config in opnsense and how to make it successfully??

Pages: [1] 2 3
OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2