Messages

1

17.1 Legacy Series / Re: Unable to browse HTTPS sites via Wifi

« on: December 15, 2017, 08:08:11 am »

Ditto for me, at least 2-3 times on PFSense and once on OPNsense.  I was helping a friend with Sophos XG and immediately after the install, they were getting "the webpage is not secure" type messages in chrome and IE.  They could not hit most of their sites.  Turns out that XG is decrypting SSL and inserting their own cert in there. The only way around this was to disable their micro-app discovery scanning.

I never did figure out why this happened to me in OPNSense but hopefully, it doesn't happen again.

2

17.1 Legacy Series / Re: Unable to browse HTTPS sites via Wifi

« on: December 14, 2017, 09:31:53 pm »

I don't want to necro this but I never did get back here and update so in case anyone runs into this.

Turns out that the Adtran controller software had been auto-updated and this changed one of its options.  It started looking into HTTPS (SSL) traffic and in doing so triggered the certs to be invalid.  I no longer use the adtran wifi system but I did recently run into something similar with another firewall and it's self-signed certs and HSTS.

3

17.7 Legacy Series / Re: Large HTTP Downloads Fail

« on: November 30, 2017, 07:15:59 pm »

I actually had this issue happen to me twice while I was on pfSense.  Never was able to diagnose the issue and fresh re-installs fixed the problems both times.

4

17.7 Legacy Series / Transparent Firewall setup?

« on: November 28, 2017, 11:46:58 pm »

I have a new deployment that I need to install an inline firewall/url blocker with no NAT, traffic shaping or routing of any type (Transparent Firewall/bridge/???).  I would like to use OPNSense and after doing some research believe I need to follow this guide:

https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

I don't want to make any changes to the clients if I can, I need to use the current device as the gateway/router/dhcp/etc...  and only want to add an additional layer of protection.  Thank you all in advance and any help will be greatly appreciated.

5

17.7 Legacy Series / Re: Unbound DNS problems

« on: November 22, 2017, 12:43:16 am »

I was just playing at getting my pi-hole VM up and running again (last time I ran into problems but was too busy to really take a look at this).  I basically wanted OPNSense DHCP to give clients the IP of my Pihole VM (to handle ad blocking) and pointed my pi-hole VM to the OPNSense IP.  Fine, but it was recommended (a number of online guides) that I use unbound.  But once I did that all hell broke loose again (every browser error under the sun) but basically some sites open others would not.

Searching around it seems that some ISP's have the tendency of hijacking DNS/NXDomain responses for commercial purposes.  I'm not sure why this would affect the unbound resolver (with and without forwarding checked) and not the dnsmasq forwarder but that's what I found.

6

17.7 Legacy Series / Re: Unbound - DNS via TLS?

« on: November 15, 2017, 08:59:19 pm »

this would be really nice to have.

7

Hardware and Performance / Re: qotom i5-5250U

« on: August 31, 2017, 12:15:19 am »

I started buying these and they are great, even better now that Amazon has them.

8

16.7 Legacy Series / Re: Firewall Alias for adblocking

« on: August 30, 2017, 11:54:54 pm »

No worries I just saw your reply!  I'm on 17.7 so I'll see if i can get this to work there too.

9

17.1 Legacy Series / firewall alerts

« on: July 25, 2017, 10:10:15 pm »

Hello all, a little while back I had to reinstall OPNSense after a power strike where my backed up settings would restore.  I had pretty good notes on the changes I made so I think I'm back to where I was before the power strike except one thing.  I'm getting constant connection attempts to my PLEX box and a few other things.  2-3K a week.  I notice these b/c I have a Cujo and Rattrap security appliances as a "sanity check" and an additional layer of protection (typically I just run Rattrap inline from the OPNSense LAN port that goes to my HP Switch).   

Prior to reinstalling I was getting zero notifications of these types b/c they were being blocked by OPNSense.  I have gone over everything ten times and I can't figure out what I'm missing (didn't enable or setup) to have OPNSense automatically block these connection attempts.  I have IPS/IDS turned on, UPnP turned off, etc...

Anyway, if anyone has some suggestions I would greatly appreciate it.  Thank you in advance!

10

17.1 Legacy Series / Re: power outage set OPNSense back to defaults booting in LIVECD Mode

« on: June 22, 2017, 01:09:27 am »

Yes, it was rebooted after the restore of the backup file and again it just goes into live cd mode. 

As I stated in my OP I would prefer to not lose all my configurations and I'm not confident that re-installing and then re-applying the backup will actually work.

11

17.1 Legacy Series / power outage set OPNSense back to defaults booting in LIVECD Mode

« on: June 21, 2017, 06:13:33 am »

hello, just had a long power outage while I was out of the house, of course, the UPS decided to die in the middle of it bringing down my OPNSense box. When I rebooted it was booting up in LIVE CD mode and even after I restored the last backup it would just boot in LIVE CD Mode.  I know I can just run the installer but I would prefer to not have to loose all my settings.  Any help will be greatly appreciated.

12

17.1 Legacy Series / Re: OPNSense Xenserver 6.5

« on: June 14, 2017, 06:04:52 pm »

I really recommend that you get two NICs (or a dual port NIC) that are supported.  You can't go wrong with Intel (or most HP's which are rebranded Intel's).

13

17.1 Legacy Series / Re: OPNSense Xenserver 6.5

« on: June 13, 2017, 06:07:43 pm »

Hope you don't mind but just to make sure we're clear here.  You have a host server running XenServer 6.5.  You created a VM and you are installing OPNSense on that?  Does your host server have two (real) network cards/ports?  I'm not very familiar with XS but if the answers to my question are true then you would create a VM with TWO vNICS and assign one to your WAN NIC and one to your LAN NIC.  The WAN should be connected to your gateway device (Telco/ISP router, etc...) and it should pick up a WAN IP from that device.  Your vNIC connected to the LAN should be connected to your LAN network and you should assign an IP to that.

If you are not absolutely sure which interface is the WAN/LAN try swapping out the cables.

14

17.1 Legacy Series / Re: Unable to browse HTTPS sites via Wifi

« on: May 17, 2017, 11:47:55 pm »

Has no one experienced this?  I'll try playing around with my network this weekend.

15

17.1 Legacy Series / Unable to browse HTTPS sites via Wifi

« on: May 16, 2017, 07:25:45 pm »

I'm not exactly sure when this started but sometime recently I have been unable to access HTTPS websites if I browse using Wifi on my home network.  They work fine if I'm on a wired PC and I know for sure that about a month ago this was working fine.  Other then updating the FW I haven't made any changes (and I typically log those changes in my log book so I can revert them if needed).

Just thought I would post here to see if anyone had any advice.  Thank you