Messages

1

General Discussion / Re: What is wrong with my settings? (Dual VPN client)

« on: November 30, 2019, 11:37:50 am »

More firewall rules and nat

2

General Discussion / Re: What is wrong with my settings? (Dual VPN client)

« on: November 30, 2019, 11:37:26 am »

Firewall rules

3

General Discussion / What is wrong with my settings? (Dual VPN client)

« on: November 30, 2019, 11:36:57 am »

I have been over some times, trying to setup a dual openvpn client where certain computers goes thru the vpn that has a fixed public ip with all ports open, and everything else goes thru the other one (that gets a new ip each time it reconnects).

But no matter what/any changes i make, everything still seems to go thru the vpn that has fixed ip and open ports.


OpenVPN client settings (Attached)

4

General Discussion / Re: blocking websites without squid

« on: January 10, 2018, 08:19:10 am »

Hi. OpenDNS might be quite alright to use, but it does Hi-jack your DNS queries to display adpages on domains not resolvable, so i have stopped recommend OpenDNS just because of this.

Hi Gargamel, when is the last time you've experienced the ads please? OpenDNS claims not to have done so for quite some years: https://umbrella.cisco.com/blog/2014/05/29/no-more-ads/ Just wondering if they have started doing this again.

Thanks,

Bart...

'

Personally i havent used OpenDNS since they hijack dns querys, glad they stopped their ad-infestations.

My mom had OpenDNS in her router, many problems was solved by going back to ISP dns server a few weeks ago.

5

General Discussion / Re: blocking websites without squid

« on: January 09, 2018, 09:41:16 am »

You can use OpenDNS for DNS with an account for your network to block the social media category

Bart...

Hi. OpenDNS might be quite alright to use, but it does Hi-jack your DNS queries to display adpages on domains not resolvable, so i have stopped recommend OpenDNS just because of this.

6

Hardware and Performance / Re: Mini PC 6 * Intel Gigabit Lan RJ45 Core i3 7100U 2.4 6 Lan

« on: December 29, 2017, 06:11:38 pm »

I am using a similar item, i7-5550U altho.
works fine.
Using openvpn on all network, delivers all my 250/250 mbit connection encryptet and hovers around 60 degrees and almsot no cpu usage.

7

17.7 Legacy Series / Re: Using Dynamic DNS for OpenVPN server

« on: December 17, 2017, 04:05:32 pm »

Thats how i do it.
Setup a DynDNS in services, and then pointed my openvpn client config to that dyndns.

8

General Discussion / Re: Suggestions for multiple servers running port 443 behind OPNsense

« on: December 16, 2017, 07:56:03 am »

Hi.

I think you are looking for HAProxy https://wiki.opnsense.org/manual/how-tos/haproxy.html

9

17.7 Legacy Series / Re: Forced to restart OpenVPN to get access to some sites!

« on: December 10, 2017, 07:43:24 pm »

This has been going on for some while, and with no response from OVPN that is my provider for this I'll hope some ppl on the forum can sort this out...

It all ends up with err_connection_refused in Chrome for some sites, and even thou I have wiped the cache it still throws a err_connection_refused UNTIL i restart the OpenVPN service in OPNsense! 

I think i used to have the same problem (using ovpn + public ip).
My issue was dns related, but then i got the related error tho.

Compare your config with mine, because current config i have had no problem since i installed it.

Code: [Select]

Server mode: peer to peer SSL/TLS
Protocol: UDP
Device Mode: tun
Interface: wan
remote server: vpn04.prd.kista.ovpn.com
retry dns resolution: checked infinitely resolve remote server
TLS auth: OpenVPN static key V1 from ovpn
Peer certificate authority: the ovpn provided cert
Client certificate: none (username password required)
encryption algorith: AES-256-GSM (256 bit key, 128 bit lock, TLS client/server)
auth digest algorithm: SHA1 (160-bit)
Hardware crypto: no hardware crypto acceleration
compression: enabled with adaptive compression
disable IPv6: checked

Advanced: persist-key
          persist-tun
          remote-cert-tls server
          key-direction 1
          reneg-sec 432000


10

17.7 Legacy Series / Re: Can opnsense do this?

« on: December 07, 2017, 08:20:30 am »

Greetings everyone,

I am using the following functionality with my current firewall but i am looking for something new and i was wondering, can opnsense do this too?

Asn ip blocking (alias from whois)
Dns black holes (using common host files)
Geo-ip blocking (alias from geo-ip)
All logging can be disabled

Also, is opnsense using a rolling release model? Or will it be rolling once all big feature changes are complete? How long are old versions supported if its not rolling?

Thank you so much
J

For GeoIP blocking see this post:
https://forum.opnsense.org/index.php?topic=5851.msg24639#msg24639

11

17.7 Legacy Series / Re: Broader censoring domains to ip (Ubound overrides)

« on: December 04, 2017, 05:06:45 pm »

Entry on the screenshot.

You can choose a nameserver for the domain which does not need to exist

Okay, i used this option before but did not get the results i was expecting, when i had PFSense, i entered something in advanced config and got all *.domain.etc to resolve to an IP, this way, lan users cant resolve the dns server for the whole domain, which is ok i guess.

12

General Discussion / Can someone explain this Firewal log?

« on: December 04, 2017, 12:59:19 pm »

I saw these 2 (and some more) entries in the firewall logs on the "front page".
As i read the log they originate/come over the LAN, but should come from the interface "OVPNPUBLICIPV4" since only from this interface the port it gets redirect to, are open (port forwarded).

13

General Discussion / Re: How pathetic!!

« on: December 04, 2017, 12:33:32 pm »

Good thing i decided to go with OPNSense over pfSense, but mainly because of elitist answers and noses stuck up in the air, not being of any help in the forum when askin for help.

14

17.7 Legacy Series / Re: Broader censoring domains to ip (Ubound overrides)

« on: December 02, 2017, 07:42:52 pm »

you can override the full domain too.

How?

15

17.7 Legacy Series / Broader censoring domains to ip (Ubound overrides)

« on: December 02, 2017, 07:31:56 pm »

Hi.

In ubound i have setup

Code: [Select]

Host Overrides
Host Domain Type Value Description
aftonbladet.se A 0.0.0.0 aftonbladet.se  
expressen.se A 0.0.0.0 expressen.se  
www aftonbladet.se A 0.0.0.0  
www expressen.se A 0.0.0.0 expressen.se

but how can i setup to catch *.<domainsabove> like if they change to www2, or somethingelse.<domainabove> etc?