OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of mdirickx »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - mdirickx

Pages: [1]
1
General Discussion / noob: gui HTTPS gives me err_cert_invalid
« on: August 23, 2019, 07:15:05 pm »
Hello everone,

I'm apparently a complete noob on this. How do I switch to HTTPS for the GUI?

When I try it in settings, I get a browser error that the certificate is gibberish. I understand the cert is not valid as it's self-signed, but usually you can just accept that and proceed...

The Error is:
Quote
x.x.x.x normally uses encryption to protect your information. When Google Chrome tried to connect to x.x.x.x this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be x.x.x.x, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit x.x.x.x right now because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

Further settings:
SSL Cert: Web GUI SSL certificate
SSL Ciphers: system defaults
HTTP strict: unchecked
HTTP redirect: unchecked
DNS Rebind: unchecked
listen Interfaces: All
HTTP_REFERER: checked



2
General Discussion / Port forward of OpenVPN to different VM
« on: July 29, 2019, 05:35:23 pm »
Hi,

I have an old OpenVPN server created in pfSense. I'm trying to set up a port forward to this box in OPNsense, but somewhere something is going wrong. I can't seem to figure out what it is though.

What I've got:
I got the old config from my old (really old) firewall, basically this is a NAT rule and a routing rule

I already went over some of the posts here and I did the following:
Code: [Select]
Firewall > Settings > Advanced:
Reflection for port forwards             Checked
Reflection for 1:1                       unhecked
Automatic outbound NAT for Reflection    Checked

firewall > NAT > port forward > add
Interface:                               WAN
TCP/IP Version:                          IPv4
Protocol:                                UDP
Destination:                             WAN address
Destination port range:               from:Other 20096     to:other 20096
Redirect target IP:                      Alias:172.16.20.89
Redirect target port:                    Other 20096
Filter rule association                  add associated filter rule

System > gateways > single > add
pfSense_VPN LAN 172.16.20.89

System > routes > configuration > add
192.168.200.0/24 pfSense_VPN - 172.16.20.89
With this route set up, the forward rule and the associated firewall rule, I applied the settings and gave it a go. Unfortunately, OpenVPN tells me that 'TLS key nogotiation failed to occur within 60 seconds'.

I tried to do some packet capturing on both the OPNsens box as the pfSense box. On the OPNsense firewall I took UDP traffic to 172.16.20.89, and on the pfSense box I used WAN. On both interfaces I got the packets that I expected, and now I have no idea on what to do. I've attached the packet capture images to this post.

When I connect my laptop to the internal WiFi, I can get a connection to the VPN. Same thing when I repatch the WAN and LAN cables to the old firewall. Therefore, I think something is wrong with my port forward, but I have no idea what that is.

Thanks!

3
18.7 Legacy Series / port forward to openVPN
« on: December 30, 2018, 05:37:16 pm »
Happy Holidays everyone!!

I have a OPNsense firewall that needs to pass openVPN to a vpn server VM, and for the hell of it I can't figure it out. I included a screenshot of the old firewalls config. There are 2 vpn servers active on that VM, I'm starting with one of them: the one on UDP port 20096.

I thought this was as straight forward as possible: firewall>NAT>port forward
Interface:    WAN
tcp/ip:       IPv4
protocol:     UDP
Destination:  Any
Dest port:    20096-20096
Redirect IP:  172.16.20.89
redir port:   20096
Filter rule:  add rule

This doesn't seem to work. I get the typical "no ssl handshake within 60 seconds" error from openVPN. Am I missing something?

(I also attached 2 screens of the opnsense nat and rules gui. I disabled the combined rule for the two vpn-servers and create one rule for each server. The rule for the port forward for the 20096 artist VPN is missing, as I tried setting it to "filter rule association: pass")

Kind regards

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2