Topics

1

General Discussion / FreeRADIUS for MAC Filter

« on: October 08, 2018, 03:19:49 pm »

Hi, we use Unifi for our WiFi network and we want to implement a MAC Whitelist Filter. The problem is Unifi only allow a maximum of 512 addresses, and we have around 800, so we have to use an external solution through RADIUS.

Is possible to use OPNSense with FreeRADIUS for the MAC Whitelist Filter? I just installed it but I don't see the option. Sorry if is a stupid question, it's my first time with radius...

2

17.1 Legacy Series / [SOLVED] Help Install Lightsquid

« on: May 08, 2017, 03:16:38 pm »

Hi, I need to install Lightsquid but all tutorials I find are for Apache and non-FreeBSD.

Anyone are using it? How can I do?

3

17.1 Legacy Series / Webproxy log

« on: March 31, 2017, 01:38:55 pm »

Is there any add-on like Lightsquid to store and view the Webproxy logs?

4

17.1 Legacy Series / Performance problem

« on: February 14, 2017, 10:04:19 am »

Hi,

I work in a school, and we have ~700 iPad and ~300 computers in the network. The Firewall specs are:

Intel Xeon E5-2620 v2
16 GB RAM
Dual Nic Intel Gigabit IT-350-T2
Samsung SSD 750 EVO 250GB

The Internet line is a 300/300MB FTTH and the net schema is:

ISP router ------ OPNSense Firewall ------- LAN Network

Since a while, I've having a lot of performance troubles in specific moments of the day. 95% of time everything works great but sometimes is like the network is overloaded and the web navigation become really slow. For example, everday at 9:15 (when the classes start and everybody begin to work) it happens. Sometimes for a few minutes, sometimes for an entire hour, and is impossible to work in that condition.

As I said, I've been months with this troubles and I tested some things I thought were the cause of the problem. I finally discard this (maybe I'm wrong):

1) Is not a proxy performance problem. I have it in transparanent mode with NO SSL. If I disable it, the problem continues.
2) Is not a DNS problem. I tried with DNS Resolver, DNS Forwarder, with default config, the problem continues.
3) Is not an ISP problem. When the network is "overloaded", if I conect my computer directly to the ISP router, the navigation speed is great while in the LAN network is really crappy.
4) Is not coming from a particular area of the school. I try to unplug every single cable in the main switch and anything change. (If I unplug all of them at the same time, the navigation in my computer is great).
5) Is not a ISP throughput problem. The FTTH line is 300/300. When the network is "overloaded", the traffic graph usually shows no more 50-100MB. In other moments, when the network works fine, I can reach 300MB without any issues.

Last thing I did is replace in the firewall the HDD by an SSD, and install the last version of OPNSense from scratch, and nothing change.

I'm very lost and I don't know how to debug the problem. I don't know what to look and how to do it to find the cause of the problem. How can I discard that is a Firewall related problem?

Thanks in advance.

P.S: Sorry for my english, I need the help of Google Translator many times.

5

16.7 Legacy Series / [SOLVED]Web proxy unespected block

« on: January 26, 2017, 10:24:41 am »

Hi, I'm using the web proxy to content filter in my school and it works fine, but now I have a problem.

We use Joomla for the centre website. When the proxy is on, I can access to the website normally and to the administrator backpanel BUT I can't upload images or modify/add any articles. When I press the send button, the page start to wait and ends with a timeout. If I turn off the proxy, everythings works ok. I don't see nothing in the OPNSense proxy menu, tried to add the domain to the whitelist section but nothing change. Also, I don't see any related block in access.log.

Thanks in advance.

6

16.7 Legacy Series / Help me to block traffic from iPad apps

« on: January 18, 2017, 03:25:55 pm »

Hi,

How can I block the traffic for apps that can't be blocked by destination IP (because are unknown and too many) or port (they use standard ports)? For example, my clients are using the Betternet VPN app wich make the bypass of the OPNSense proxy extremly easily.

Thanks

7

16.7 Legacy Series / Slow proxy performance

« on: November 07, 2016, 02:11:38 pm »

Hi,

I have a big network in a school with ~1000 devices (iPads and computers). The gateway is a Xeon E5-2620v2 with 16gb RAM and Intel PRO/1000 PT Dual Nic. I think the hardware is ok for that network.

The OS is OPNSense 16.7.6 and we use it as a Firewall, DHCP for VLANs and DNS Resolver (to force Google Safesearch only). With that configuration, everything works fine.

The problem comes when I activate the proxy module (I tried with and without transparent mode, only need content filter function): the navigation speed turns very slow in some moments of the day (depending of the load of the network) and I have to turn it off because its impossible to work. Months ago I had the same problem with pfSense, so I think is a Squid related problem. There is any advanced tunning for a big network with lots connections in Squid to solve this performance problems?

Thanks in advance.