Topics

1

20.7 Legacy Series / Multi Site VPN and routing to each site without CSO

« on: September 24, 2020, 09:41:27 am »

Dear All
Im struggling to make the proper Multisite VPN to interconnect between all sites.
I recall doing it few years back but cant replicate this in the new opnsense edition. not sure if this is version restriction or something related.
I have:

Site A (Openvpn Server) Ip 192.168.11.0/24 / OVPN Tunnel IP 10.10.11.0/30 (note Ive selected /30 not /24)

Site B (Openvpn Client) Ip 192.168.22.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site C (Openvpn Client) Ip 192.168.33.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site B and C can ping and connect to Site A and vice versa.

but I cant get site B and C to communicate (even through Site A and yes Im fine with single point of failure on site A) I just want it to work.
I recall doing this in the past editions by adding the subnet in the "IPv4 Remote Network" of each client. but this didnt work I tried adding even on the server remote network. can someone clarify how this can be done?

2

20.7 Legacy Series / Multiple VIP and static routes

« on: August 26, 2020, 02:01:56 am »

Hi
Im having a problem on my current opnsense, I have several VIPs like xxx.xx.xx.190 (default gw)
xxx.xx.xx.191 (opnsense wan ip) xxx.xx.xx.192 (vip and doing port forward to exchange server in my lan) xxx.xx.xx.193 (vip and doing port forward to ftp server) ...etc
my main target is to get the exchange get back to internet via ip xxx.xx.xx.192 and not via the xxx.xx.xx.191 which is opnsense.
is this possible and how?

3

20.7 Legacy Series / Transparent proxy with SSL

« on: August 21, 2020, 11:18:41 pm »

Dear All
I know this has been asked before but no one actually compared the transparent SSL mode that PFSense has where there is no need to add the CA in every client and can do transparent SSL with no extra install on each client.
How can we achieve this transparent SSL proxy without touching CA?

4

20.7 Legacy Series / Connecting to Active Directory (AD) via IPSEC

« on: August 18, 2020, 01:37:18 pm »

Dear sirs;
Im trauggling to find a proper way to connect my opnsense to active directory via ipsec vpn tunnel.
Im sure it will not be the case for ovpn. but the main problem the DC that has AD in is actually using those terrible licensed firewalls that has only ipsec and kerio vpn. so I have configured the ipsec and opnsense is conecting via ipsec to DC and I can ping the AD server.
the crazy part is that I cant get the opnsense to join the AD. Ive done a packet capture and what Im seeing it that AD isnt giving a clear replies. and the funny part is that IPSEC is actually throwing the WAN ip as source. which is bit funny, but can someone share his experience on this??
can this work?
Firewall on AD windows 2012 is off btw.

5

19.7 Legacy Series / multiwan pppoe loadbalancing does not work

« on: November 21, 2019, 11:59:51 pm »

I have some crisis with multi wan pppoe. I did put the modems on bridge mode and opnsense can connect and obtain ips over the wan links (3 wans) and they are working fine but when I try to make grouping and do multiwan
the system does not work properly and I see loss on the connection and it turns unstable
can someone pls help?
just wondering if pppoe multiwan can actually work? did someone try this and had any success?
can the ISP lock the multiwan bonding?

6

16.7 Legacy Series / PPOE and PPTP changes can someone clearly explain how to refix this

« on: November 27, 2016, 01:44:13 pm »

According to the warning given:
•Legacy VPN Servers for L2TP, PPPoE, and PPTP moved to plugins and need to be installed in order to still make use of them. Your configurations will persist, but may have to be adapted to adhere to the requirements of the MPD5 server daemon. The most important change is that your listening address needs to be a known address, preferably using a Virtual IP from the firewall settings.

yet we cant find a clear help or instructions to make things work again, both pptp and pppoe server will not work.
lets assume the following:
Lan: 192.168.1.1/24
wan: 88.xx.xx.2/31

my pptp vpn was working on the wan interface and ip 192.168.50.100 . with firewall rule allowing all.
how do I setup virtualip here???
do I need to add ip alias 192.168.50.100 as virtual ip??
if I try to add 192.168.50.100 as alias I get The following input errors were detected:
This IP address is being used by another interface or VIP.
I still dont seem to get the idea here. can someone help

7

16.7 Legacy Series / ANyone knows clear instruction on how to setup PPPOE Server

« on: November 27, 2016, 10:24:40 am »

Could you pls help with this issue, I have created pppoe server instance on opt2 interface having ip (192.168.200.1/24)

and created pppoe server instance and gave it ip 192.168.200.250

and also went and created virtual ip (alias type) of  ip (192.168.200.251/32) yet I cant get any replies on my client requesting pppoe auth ive used builtin win7 pppoe client and ive used tplink modem here is tplink logs

193   1st day 18:35:24   PPP   INFO:   In pppd the httpd-id is 609, set link phase is 0x0
192   1st day 18:35:24   PPP   INFO   :send_phase 2091 pppd_phase = 0x0, ipv6 = 0, ipv4 = 0^M
191   1st day 18:35:24   PPP   ERROR:   Timeout waiting for PADO packets
190   1st day 18:35:24   PPP   INFO:   In pppd the httpd-id is 609, set link phase is 0x66
189   1st day 18:35:24   PPP   INFO:   send_phase 2091 pppd_phase = 0x66, ipv6 = 0, ipv4 = 0^M
188   1st day 18:35:04   PPP   INFO   :sent [PADI Host-Uniq(0x00000965)]
187   1st day 18:34:54   PPP   INFO   :sent [PADI Host-Uniq(0x00000965)]
186   1st day 18:34:49   PPP   INFO   :sent [PADI Host-Uniq(0x00000965)]
185   1st day 18:34:49   PPP   INFO   :In pppd the httpd-id is 609, set link phase is 0x2
184   1st day 18:34:49   PPP   INFO   :send_phase 2091 pppd_phase = 0x2, ipv6 = 0, ipv4 = 0^M


am i missing anything?

8

16.1 Legacy Series / ovpn force push over multiwan

« on: July 02, 2016, 05:43:33 pm »

Ive been trying to get a multiwan upand running then push all ovpn traffic via the grouped gw, strange enough the traffic gets pushed normally via a single wan with no problem, but with a grouped wultiwan, I couldn't make it happen, is this possible after all?

9

16.1 Legacy Series / Opnsense box as a client to OpenVPN Access Server (OpenVPN AS) question

« on: June 22, 2016, 04:27:39 pm »

I would like to raise this question, Im using opnsense box to connect to OpenVPN AS server, our need is to have a foreign ip inorder to access region restricted website.
the tunnel is up and its working well, I need to know if its possible for opnsense to force everything through the tunnel and if the tunnel is dropped then internet is blocked, we only want the internet to work if the tunnel is up.
is this possible?
I have created an interface called ovpn and tried many firewall rules on lan but it fails.
any advice pls?

10

General Discussion / SoftEther VPN daemon for Opnsense

« on: January 19, 2016, 08:24:13 pm »

I would like raise the question of bringing softether to OpnSense to me SoftEther seems to have some powerful VPN options and I cant see other distros including it, I think it will be great for OpnSense project to make this available, I want to ask what does it take for this to be included as I can see a FreeBSD downloadable pack exist on http://www.softether-download.com/en.aspx?product=softether
If there is a guide on making FreeBSD packs included in the OpnSense Pls share here so that We can consider helping
Thanks

11

15.7 Legacy Series / OVPN Guide Needed

« on: November 26, 2015, 10:22:31 pm »

Im looking for a detailed guide on making OVPN work in GW to GW mode using OpnSense
Can anyone help