Topics

1

General Discussion / Wishlist: Collection of features & strategy proposals for OPNsense

« on: March 25, 2016, 07:59:17 pm »

Hi everyone,

This thread is intended to function as a centralized collection of community ideas on what features to implement in OPNsense and proposals concerning the overall strategy and future of the project.

Please add your suggestions to this thread so we can discuss and elaborate and shape the future of OPNsense together!

Cheers
temporaryuser

2

General Discussion / Naming of international forums not unified

« on: March 25, 2016, 04:58:40 pm »

Hi admins,

I just noticed that the naming of the international forums is not unified. Some forums are called in their native language, e.g. "Deutsch" and "Nederlands", etc. but others are translated to English, e.g. "Chinese", "Russian".

I propose to
a) unify those namings so that all are in their native language
b) make a combination of "English + Native language" so that everyone understands

Example:
"Chinese - 中文"
"Dutch - Nederlands"
"French - Français"
"German - Deutsch"
"Japanese - 日本語"
"Portuguese - Português"
"Russian - Русский"
"Spanish - Español"
"Turkish - Türkçe"

Cheers

P.S.: A quick link to check how all languages are written in their native language is to open a popular wikipedia article and check the languages sidebar at the left, e.g. here: https://en.wikipedia.org/wiki/Wikipedia
If you hover with the mouse above a language link, the English translation is shown...

3

General Discussion / OPNsense's Strategy/Vision: Lean firewall vs feature rich Unified Threat Mngmt.?

« on: March 23, 2016, 10:54:22 am »

Hi AdSchellevis!

https://github.com/opnsense/core/issues/460

I read the discussion in the link that you provided (thank you!) and have a general question about OPNsense.

Prior changing to pfSense, I was using Endian UTM (http://www.endian.com/). The "UTM" stands for "Unified Threat Management" and it means that Endian tries to include all sorts of threat fighting tools. They say of themselves: "The Endian UTM appliance provides total network security including web and email filtering, VPN, intrusion prevention, bandwidth management and much more."

Then, I changed to pfSense (for the reasons that I did not agree with Endian's understanding of "community" & "open source" (they turned it to "open core") and because I needed more than 4 network zones, which Endian does not support) and I had to learn, that pfSense did not support many of those features, since their opinion was, that most of those "threat management" tools have no place on a firewall but should be handled by dedicated servers AFTER the firewall, e.g. scanning email. So with other words: pfSense lacked some features that I got to love on Endian due to another strategic approach that pfSense had.

So, now I read the thread of the link that you provided and realized that you plan to a) integrate HTTPS proxy and b) are not planning yet - but seem not to be opposed at all - to integrate other features such as virus scanning of webtraffic, email, FTP, etc.

So my question is: What is the strategic stance of OPNsense? Is your vision to turn OPNsense to such a "Unified Threat Management" box, as Endian does, or will you rather stick to the "lean" approach of pfSense and keep everything out of OPNsense that is not 100% firewall/gateway related?

Speaking for me, I would love seeing those advanced firewall/gateway related security features integrated into OPNsense, as Endian does, but I would not like to see any features to be integrated that go beyond this gateway-security scope and that turn the firewall into a general network server with all sorts of network services on it as e.g. Samba file server, FTP server, BitTorrent, etc., as some other projects do, e.g. Clear OS, etc.

Thank you for your time!

Cheers
temporaryuser

4

General Discussion / Traffic shaper: Great differences to pfSense?

« on: March 22, 2016, 08:54:24 pm »

Hi all,

comparing pfSense and OPNsense side-by-side I noticed a major difference in the Firewall>Traffic Shaper menu
There seem to be great differences in the general approach and in the available options.

Since I have not used Traffic shaping with pfSense or OPNsense, but will have to use it from now on, I am wondering what reasons for and the consequences of those differences are.

Is there anybody here who has knowledge about this topic?

Cheers

5

General Discussion / What does an HTTPS proxy and a man-in-the-middle attacks have in common?

« on: March 22, 2016, 05:35:59 pm »

Hi everyone,

I just stumbled upon this tweet: https://twitter.com/MacLemon/status/712278845425115136

Can somebody explain to me what it is that MacLemon is complaining about?

Cheers

6

General Discussion / Release cycles: What a GREAT project!

« on: March 16, 2016, 04:20:19 pm »

Hello all,

thank you for your update today to 16.1.7.

I came from pfSense and am still very new to this project. Currently I am still in the state of exploring everything and testing OPNsense, comparing it to pfSense, etc. but I can say already that I am impressed of how your project "looks and feels".

Among others, I find the positive and very polite vibes in the forum and on github noteworthy, as well as your ambitious and well organized fixed release cycles. I understand, that your fork is not long ago and that many things still might not be as mature as at pfSense, but I expect that if you continue with your fast pace and positive flow, soon you will have taken the lead in Free and Open Source Firewalls. Your openness is key to that, too.

Thank you a lot!

Cheers
temporaryuser

P.S. I saw that the last minor releases where all occurring on a weekly base, every Wednesday. Is that coincidence or did you arrange a fixed release plan for the minor releases, too?

7

General Discussion / Package Manager

« on: March 16, 2016, 02:34:19 pm »

Hi,

I can not find a Package Manager (and packages) in OPNsense, as pfSense has them. Does OPNsense not support such add-on packages or did I just overlook them?

Thank you
temporaryuser

8

General Discussion / [SOLVED] Where to report bugs to?

« on: March 15, 2016, 05:48:51 pm »

Hi,

where do you want us to report bugs and/ or feature requests to? Into this forum, or do you maintain a bug tracker somewhere?

Cheers
temporaryuser

9

General Discussion / Run OPNsense virtualized and handle all traffic for the host and it's VMs?

« on: March 08, 2016, 11:31:48 am »

Hi everyone,

I want to install a virtualization OS (host) on a bare metal server, which is going to run a couple of virtual machines (VMs) which are going to function as server services (e.g. webservers, fileservers, etc.).

Now, since I would like to protect those VMs and be able to regulate the traffic from and to them, reach them via VPN, etc. I would like to have a firewall set between them and the internet, i.e. OPNsense.
But: Since I have only this one bare metal server at my disposal, I was thinking about installing OPNsense as a VM, too, instead of placing a second bare metal server with OPNsense between the host server and the internet.

Yes, I know, a virtualized firewall based on virtual NICs and VLANs is not as secure as a bare metal one, no doubt about that. But since I do not have the option for a bare metal server in this particular case, I am trying to at least improve security, instead of just having the host and it's VMs being totally exposed to the internet.

My questions: Is it possible and practically manageable to install OPNsense as a VM of the host and:
a) have the OPNsense handle/route all the traffic to and from the other VMs?
b) receive and manage all traffic from the internet coming to the host solely with the OPNsense VM, without touching the host first?

I would be happy about any feedback, thoughts and ideas about this! Has anybody done something similar?

Bye,
temporaryuser

10

Documentation and Translation / Wiki & Documentation with Sphinx/Read the Docs: Download as PDF, EPUB, etc.

« on: March 07, 2016, 04:01:38 pm »

Hi there!

Thank you very much for providing such a beautiful documentation using Sphinx with the "Read the Docs" theme.

One of the great features of Sphinx is: "Output formats: HTML (including Windows HTML Help), LaTeX (for printable PDF versions), ePub, Texinfo, manual pages, plain text".

Unfortunately I have not found the option for that in your documentation. Did you disable that feature in purpose, or is there any possibility for you implementing it / turning it on? It is very convenient for reading the documentation as EPUB on a tablet or to print it out as PDF.

Thank you & all the best for your young project!

Yours,
temporaryuser