Topics

1

17.7 Legacy Series / OPNsense vpn -> FreeRadius -> authenticate to AD

« on: November 10, 2017, 07:05:17 pm »

We have a single FreeRadius server we want to use to consolidate user authentication with VPN, wireless, etc.
I have the wireless authenticating against AD through FreeRadius, but I cannot get it to work with the vpn.
The information I'm struggling to find is does it work differently when using VPN, for example do I have to configure the ldap module in FreeRadius?
I have OPNsense vpn pointed at FreeRadius, but each attempt to login produces the Error:
(0) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available

(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject

I've tested this using the PAP module and it works, but I'm not sure how to make it authenticate to AD instead.

The OPNsense version is 17.7 and the FreeRadius version is 3.0.


Kind regards,
penley

2

16.7 Legacy Series / Routing vpn users coming in one gateway out a different gateway

« on: October 11, 2017, 07:15:15 pm »

If you have an opnsense setup with two gateways (with two different ISP's) is there a way to route traffic coming in one gateway through the other gateway?
For example if vpn came in on gateway one is it possible to route any traffic coming back to that vpn user through gateway two?


Kind regards,
penley

3

General Discussion / OPNsense NAT

« on: March 09, 2017, 04:03:17 pm »

I have question when setting up NAT.
Setup- OPNsense single WAN port and single Internal port. A few outside IP addresses available.
Goal - NAT only port 443 to internal web server.

I've setup the virtual IP address we will use for the web server. Where I'm confused is do I need to setup a 1:1 NAT (but then how do I only allow port 443?) or is it sufficient to only setup port forwarding to the internal address. Within the port forward configuration set Destination to the external IP intended for the web server?

In the 1:1 NAT I'm unsure how to only allow port 443 and cannot find sufficient examples to show the benefits of 1:1 NAT vs  NAT Port Forward.


Kind regards,
penley

4

General Discussion / DDOS protection

« on: October 07, 2016, 03:57:47 pm »

Does OPNsense by default have dos and ddos prevention or is this something that needs to be configured?
We're not experiencing any issues at the moment, I'm just asking for clarification.

Kind regards,
penley

5

General Discussion / [SOLVED] Upgrading OPNsense from one major release to another

« on: July 28, 2016, 10:16:40 pm »

Hello,

I need some guidance with upgrading OPNsense.
My question is does OPNsense need to be upgraded sequentially? Will it do it on its own or can we jump major versions? For instance I have an OPNsense firewall currently at version 15.7.18_1. It's not been upgraded in a while because it's in production and just now we have some down time to upgrade it. We want to upgrade to the latest version 16.7.

I'll continue to search the forums and post anything I find here.

Kind regards,
penley