Topics

1

24.7 Production Series / System: Trust: Certificates issue?

« on: September 11, 2024, 04:10:11 pm »

I noticed that in 24.7.3_1 there is an inconsistency in System: Trust: Certificates.
Valid user certificates are indicated with "x" and revoked certificates are indicated with check mark.
Exactly the opposite of what happens for Web GUI SSL certificate and CA certificate.
Please take a look at the attached screenshot.
Greetings.
Dario
P.S. sorry for my broken English.

2

Virtual private networks / Opnsense HA - Client OpenVPN doesn't restart connection

« on: August 31, 2024, 04:24:22 pm »

Hello,
my environment:

2 OPNsense 24.7.3_1 in High Availability (CARP and pfsync work fine)
1 Public ip shared byy the firewalls
OpenVPN server 2.6.12
OpenVPN client 2.5.9

OpenVPN server configured on each firewalls
With OpenVPN client I get connection to both firewalls

Issue:
When the master firewall goes down OpenVPN client doesn't reconnect automatically (I must force reconnection from the client)

I would like to have a client automatic reconnection.
I tried with "persist-tun persist-key keepalive 2 10" but doesn't work

Can please anyone help me to solve this issue?

Greetings
Dario

3

Virtual private networks / OpenVPN static IP using Viscosity client [closed]

« on: August 10, 2024, 12:18:35 pm »

environment:
OPNsense 24.7.1-amd64
FreeBSD 14.1-RELEASE-p3
OpenSSL 3.0.14
Vicosity client 1.11.2 (1820)
PC Windows 11

target:
always assign the same IP to the VPN client

Hello folks,
until today for VPN road warrior I used the OpenVPN client and to always assign the same IP address to the clients I configured the file /var/etc/openvpn-csc/1/username with the directive
ifconfig-push <client IP> <netmask>.

Following https://docs.opnsense.org/manual/how-tos/sslvpn_client.html I tried using the Viscosity client and the solution (/var/etc/openvpn-csc/1/username) doesn't work so I ask for help to solve the issue.

Thanks so much for the kind help.
Greetings.
Dario

4

24.7 Production Series / 24.7_9 VPN config [closed]

« on: July 30, 2024, 03:14:18 pm »

Hello,
is there a doc explaning how to configure VPN (better OpenVPN) road warrior on release 24.7_9?

Kind regards
Dario

5

24.1 Legacy Series / dual wan doesn't work

« on: April 08, 2024, 01:13:42 pm »

Hello,
Opnsense rel 24.1-amd64

I configured two wan interfaces and one client interface:

WAN (active gateway)
192.168.1.2/24
gw: 192.168.1.1

WAN2
10.150.48.1/24
gw: 10.150.48.254

my goal is to have the automatic switch between the two wans when the active one falls

I followed this: https://docs.opnsense.org/manual/how-tos/multiwan.html
but when I disconnect the DSL connector from the router of the active connection (WAN) the second connection is not established.

If I manually change the priority of the gateways the connections correctly switch.

Can someone please help me?

Greetings
Dario

6

24.1 Legacy Series / web proxy

« on: March 23, 2024, 12:43:41 pm »

Hello folks,
Opnsense rel 24.1.3_1
Where is "web proxy" in rel. 24.1?
Thank you
Greetings
Dario

7

Virtual private networks / revoked cert still works

« on: November 02, 2023, 01:34:48 pm »

Hello folks,
I'm stuck on certificate revocation.

I always used username and cert to create VPN clients:
1) create user / password
2) create user-cert
3) bind user and user-cert
4) OpenVPN client export

I revoked a cert:
1) create CA Revocation List
2) revoke the cert

but the user still connetcs using VPN

This is embarazing.
Can someone please help me to solve this issue?

Greetings
Dario

8

General Discussion / split communications towards two differents public interfaces

« on: October 19, 2023, 11:40:15 am »

Hello to all,
my environment:
- a LAN interface that hosts approximately 10 PCs
- two public interfaces connected to two different Internet accesses (A and B)
from all the PCs connected to the LAN I want to be able to direct a specific traffic (https) towards network B while all Internet browsing must go out through network A.
I guess this is fixable by configuring static routing in the firewall.
The problem is that to access the web app on network B Imust use a proxy made available by the manager of network B and I ask if there is the possibility to configure communication through the proxy on the firewall so I don't have to change the browser configuration every time that change Internet access.
Thank so much for your gracefull help.
Greetings
Dario

9

Virtual private networks / OpenVPN client remotely download

« on: March 18, 2022, 09:29:52 am »

Hello folks,
Opnsense 21.7.8
Is there a way to remotely download the VPN client configuration?
Currently I have to connect to the firewall as root, go to VPN - OpenVPN - Client Export and choose the certificate to download in Archive format then pass the file to the user to insert it in the OpenVPN client.
I wish customers could download the certificate by connecting remotely to the firewall (Palo Alto Global Protect style).
Thanks for your help
Best regards
Dario

10

Virtual private networks / OpnVPN client static IP [SOLVED]

« on: December 01, 2021, 02:21:48 pm »

Hello folks,
in OPNsense 21.7.5 I'm not able to force a static IP address to a VPN client.
The Tunnel Network configured in the vpn server is 10.10.10.0/28
I tried configuring  VPN / OpenVPN / Client Specific Overrides as follow:
- Servers: name of the OpenVPN servers (or blank)
- Common name: the name of the user as created in System / Access / Users (in this case the name is sandro.d)
- Advanced: ifconfig-push 10.10.10.10 255.255.255.240
When I connect the vpn client I expect to receive the address 10.10.10.10 but I always receive 10.10.10.2 or 10.10.10.3
Any suggestion?
Best regards
Dario

11

Hardware and Performance / OpnSense on WatchGuard

« on: October 21, 2021, 07:58:20 am »

Hello folks,
I just got a couple of firewall WatchGuard XTM 810 and my target is to install OpnSense on it.
Tooking a look on google i found a treat regarding Pfsense so I decided to ask you for a help:
Is there a way to install OpnSense on WathGuard?
Can someone explain me (better if step by step) how can I do?
Thanks so much for your precious help.
Kinds regards.
Dario

12

20.7 Legacy Series / how bypass "get anything out of the firewall host itself"

« on: March 01, 2021, 10:46:54 am »

Hello,
OpnSense 20.7
I'm trying to block all communication for server 12.168.1.98 but in the logs I always get "get anything out of the firewall host itself".
Is there a way to block all inbound / outbound traffic for a specific IP?
Thank you
Dario

13

20.1 Legacy Series / OPNsense 20.1 Captive Portal config

« on: October 19, 2020, 10:49:48 am »

Hello to all,
I'm looking for a howto regarding the configuration of the captive portal expecially the traffic shaping.
I found an old release doc (https://docs.opnsense.org/manual/how-tos/guestnet.html   Step 6 - Limit Guests Bandwidth) unapplicable to the 20.1 release.
Can someone help me?
Thank so much
Best regards
Dario

14

Hardware and Performance / OPNsense on WatchGuard xtm530

« on: June 20, 2020, 03:13:36 pm »

Hello,
just a question: is possible to install OPNsense into a WatchGuard xtm530 ?
Thank so much
Best regards
Dario

15

19.7 Legacy Series / Opnsense local dns

« on: March 30, 2020, 05:15:03 pm »

Hello to all,
OpnSense 19.7
interface 1 clients
interface 2 servers
interface 3 WAN
I would like to use OpnSense as DNS to resolve the local IP for clients and servers, and use Google DNS (8.8.8.8 8.8.4.4) to resolve public IPs
I don't found solutions on google, can someone help me?
Thanks a lot
Best regards
Dario