Topics

1

General Discussion / Routing trafic through VPN in VirtualBox - virtualized OPNsense

« on: September 15, 2019, 10:01:03 pm »

Host OS: Windows 10
Guest OS: OPNsense
Virtualization: VirtualBox

What would like accomplished: Route certain traffic through VPN to access WebUIs of application on remote location or SSH to device in remote location.

I have already configured OPNsense in VirtualBox and established network communication between host and guest OS (VirtualBox local network IP 192.168.56.X). For example I can access OPNsense WebUI via https://192.168.56.251/.

OpenVPN connection between OPNsense and remote location is established and I can ping devices on remote location.
What I want is to be able to open web browser in host OS and got to let say https://192.168.56.251:some-port/ and access WebUI of application on remote location.
I am missing routing configuration in OPNsense - to listen on configured ports and then route that traffic through VPN to remote location.

2

18.1 Legacy Series / OpenVPN (client mode) not working when IPsec is down

« on: January 21, 2019, 12:29:32 pm »

I am using IPsec for site-to-site connection with other location and OpenVPN (client mode) for ProtonVPN service. I am also running OpenVPN server on OPNsense.
Everything is working fine, except when IPsec goes down traffic from ProtonVPN redirect alias group is not redirected to ProtonVPN tunnel (it is stopped completely).
OpenVPN to ProtonVPN server is up. From OPNsense I can ping any IP via ProtonVPN tunnel. Nslookup from redirect group is working.

Code: [Select]

nslookup whoami.akamai.netgives me ProtonVPN server's IP; it resolves any domain that I do nslookup.

Code: [Select]

ping opnsense.org
wget --spider opnsense.org (or any other domain or IP address)... is not working. traceroute stops at first hop (OPNsense's IP).

My configuration is like in this in Matya's Blog > https://matya.blog/2017/05/08/using-protonvpn-on-pfsense/ with "We decide ourself what to send via VPN" chapter.
I redirect only specific clients via VPN.

I am still on 18.1.3 version.

3

18.7 Legacy Series / OpenVPN keepalive in server.conf

« on: September 15, 2018, 12:07:08 pm »

I have question about OpenVPN Advanced settings. If I add "keepalive 1800 3600" in Advanced field, save config and then check server1.conf via ssh, I see that there are 2 keepalive settings in .conf file: "keepalive 10 60" (default value) and "keepalive 1800 3600".
Which keepalive setting will be passed to client?
I can't find a way to check keepalive setting on client side.

4

General Discussion / 2 ETH ports (WAN/LAN), multiple interfaces

« on: February 26, 2018, 06:54:07 pm »

Can multiple interfaces be configured on system, that has only 2 ETH ports? One port is for WAN and other for LAN.
I know simple setup can be done on single ETH port (WAN/LAN on same port) using VLANs.

I would like know if it is possible to have 2 ETH ports - first for 2 WAN interfaces and second for 4-5 LAN interfaces.
WAN connections would be:
1.: static IPv4 (PPPoE) + static IPv6 (DHCP)
2.: dynamic IPv4 (PPPoE)

LAN: 4-5 interfaces separated by VLANs with separated DHCP server for each LAN.

Is this possible? If so, what configuration is recommended? What would I have to look out for (any special configuration)?

5

17.7 Legacy Series / Redirect traffic: LAN client > OPNsense > HAProxy > server

« on: December 13, 2017, 11:42:43 am »

I am not sure if what I have imagined is possible or not, so I am here to ask for your help 

I have unRAD server with 2 separate dockers - Nextcloud and Collabora - and I would like to achieve, that connection from Nextcloud to Collabora would go through HAProxy (using Let's Encrypt cert) - HAProxy is installed on OPNsense.
Is it possible to assign local IP (10.0.0.X) to HAProxy (second local IP for OPNsense, that is forwarded to HAProxy?) so I can point Nextcloud to local IP of HAProxy which is using Let's Encrypt cert for https. HAProxy would then connect to Collabora.

Thank in advance.

6

17.7 Legacy Series / HAProxy: OpenVPN & Webpage on port 443

« on: November 19, 2017, 07:26:04 pm »

OPNsense: 17.7.7_1-amd64
HAProxy: 1.17

Hi. I need some help configuring HAProxy for routing OpenVPN and Webpage (https) traffic, that are listening on same port - 443.
I use OpenVPN within OPNsense. https traffic (NextCloud) is redirected to server in LAN network.
OpenVPN is up an running on port 443 (at this moment, HAProxy is not running yet), NextCloud is (for now) reachable only within LAN (or via VPN) on 443.

I found this How-to: https://docs.opnsense.org/manual/how-tos/haproxy.html/, but I am missing information about redirecting traffic for OpenVPN. Do I redirect OpenVPN traffic to 127.0.0.1:443?
Is there How-to or any other tutorial for configuring HAProxy for my example?

Any kind of information is welcome.

Br, Vaseer

7

17.7 Legacy Series / OPNsense 17.7-no internet access & no ping via domain name; can ping IP address

« on: August 15, 2017, 10:33:47 pm »

Hello

I am facing strange problem that I did not manage to resolve yet, so I am asking for your help.
I have fresh install of OPNsense 17.7. (never before have I used OPNsense, only pfSense). WAN connection type is PPPoE and it is established (ONPsense get public IP), but from PC I can not ping domain name or access any web page. I can ping IP (8.8.8.8, 8.8.4.4,...) without any problem.
Both pings (domain name and IP) works from OPNsense GUI.

OPNsense is connected to ISP's modem and if I setup PPPoE on modem and change WAN connection type on OPNsense to DHCP (OPNsense gets local IP from modem) internet access and pings works fine.

Any idea what am I doing wrong with PPPoE connection on OPNsense?

8

Hardware and Performance / Intel Pentium N4200 vs Intel Atom C2558 or something else

« on: April 23, 2017, 12:25:18 am »

I am going to build new OPNsense firewall and currently I am choosing hardware.

Internet speed: I have fiber 300 Mb/s download and 100 Mb/s upload speed but in near future I am expecting to get 1G/1G connection.

I will be using Suricata, VPN, proxy and probably some other applications as well. For VPN I need to get reach 50-100 Mb/s upload and 50 Mb/s download speed with IPSec and ~20 Mb/s upload/download with OpenVPN (not simultaneously).

I am choosing between Intel Pentium N4200 and Intel Atom C2558, but I am open for suggestions.

Are Intel Pentium N4200 and/or Intel Atom C2558 powerfull enough for current (300M/100M) and possible future (1G/1G) internet speed? Can they provide desired VPN speeds?