Topics

1

18.7 Legacy Series / Load-balancing VPN connections

« on: January 27, 2019, 02:58:19 pm »

When I used pfSense I had a setup with two VPN (provider, no connection to a company or something like that) connections in a group so clients would load balance (via a gateway group) between those connections.

Somehow I can't get this to work on OPNsense. The settings are the same as on pfSense but no internet. I think the traffic doesn't go in and out the same interface. Do I miss something?

EDIT after some more trying:
When I keep 'redirect-gateway autolocal;' in both configs and let one connect with TCP and one with UDP so they don't get the same 10.7.7.x it works for a few minutes only.

2

18.7 Legacy Series / Can you import 32b config on 64b system?

« on: January 26, 2019, 04:30:20 pm »

I'm migrating from a 32b OPNsense system to a 64b system and importing seems to work with some hiccups.

Is this even possible if the versions match but the bitset doesn't?

3

General Discussion / How long will i386 be supported?

« on: October 25, 2018, 01:46:32 pm »

i386 will eventualy have to go and I wonder if there are any plans to stop supporting i386 in the (near future)?

4

18.7 Legacy Series / Intrustion Detection and Transparant proxy doesn't work

« on: October 13, 2018, 05:44:19 pm »

I have a transparant web proxy with my own cert installed on the devices and Suricata monitoring it but it only blocks http-traffic, not SSL somehow.

Is this even possible? A MITM attack: Suricata sniffing the web proxy?

5

18.1 Legacy Series / [SOLVED] OpenVPN keeps reconnecting every hour

« on: July 18, 2018, 06:45:09 pm »

I'm sorry, yet another question from me.

OpenVPN is reconnecting exactly every hour while I used reneg 0 in the config and reneg-sec 0; in de advanced config.

How can this be?

6

18.1 Legacy Series / How to block one client from accessing another

« on: July 15, 2018, 11:47:16 pm »

I'd like to block TCP/UDP access from one client (192.168.2.10) tot a other client (192.168.2.30) wich has a webserver.

A simple block firewall rule from - to doesn't seem to work.

How can I achieve this?

7

18.1 Legacy Series / Cron to reset OpenVPN client

« on: July 02, 2018, 08:10:30 pm »

I have multiple servers in my OpenVPN client config with 'random server' turned on. I'd like to reset the connections automatically (via cron?) so it switches between these servers. Can and if so, how can I do that?

Thanks for helping

8

18.1 Legacy Series / Weird problem private VPN

« on: June 26, 2018, 06:30:17 pm »

I followed this guide: https://forum.opnsense.org/index.php?topic=4979.0
And the guide from my VPN provider: https://nordvpn.com/nl/tutorials/pfsense/pfsense-openvpn/

The VPN gateway doesn't get a IP address, so there's no routing. If I use ' redirect-gateway autolocal; ' in the advanced config of the client it'll only work for 10-30 minutes untill I reset the connection.

It does work with pfSense without ' redirect-gateway autolocal; ', the gateway just receives the virtual IP. So what am I doing wrong here?

UPDATE
It does stay stable with just one client. However, I'd like to have 2 or more clients that I want to use in a round robin by making a gateway group. So the problem remains; how do i get the gateway to get the virtual IP the vpn provider gives without using dirty config?

9

18.1 Legacy Series / Correct config OpenVPN with VPN provider

« on: May 18, 2018, 03:47:09 pm »

I'm having problems with my OpenVPN clients connection to NordVPN. De default config doesn't work untill I add "redirect-gateway autolocal;" in the advanced config of the clients. But that's a little unstable.

What is the correct way to do this?

10

18.1 Legacy Series / Whatever I do: default deny rule

« on: May 16, 2018, 08:36:27 pm »

UPDATE: the firewall rules are not the main problem. The gateways don't pick up the DHCP address given bij the VPN provider. This workes in pfSense but somehow not in OPNsense. What could this be?

I'm migrating from pfSense to OPNsense.

I have te following setup:
4x OpenVPN connections to my VPN provider together in a gateway group called 'VPN balancing'
LAN rule TCP/UDP with gateway 'VPNbalancing'

And on NAT a rule for 500 static and any for each interface with the LAN ip address.

This works in pfSense but somehow in OPNsense, whatever i try i get a 'default deny rule'. I can't figure out what's wrong.