Topics

[EDIT after some more trying:]

When I used pfSense I had a setup with two VPN (provider, no connection to a company or something like that) connections in a group so clients would load balance (via a gateway group) between those connections.

Somehow I can't get this to work on OPNsense. The settings are the same as on pfSense but no internet. I think the traffic doesn't go in and out the same interface. Do I miss something?

EDIT after some more trying:
When I keep 'redirect-gateway autolocal;' in both configs and let one connect with TCP and one with UDP so they don't get the same 10.7.7.x it works for a few minutes only.

I'm migrating from a 32b OPNsense system to a 64b system and importing seems to work with some hiccups.

Is this even possible if the versions match but the bitset doesn't?

i386 will eventualy have to go and I wonder if there are any plans to stop supporting i386 in the (near future)?

I have a transparant web proxy with my own cert installed on the devices and Suricata monitoring it but it only blocks http-traffic, not SSL somehow.

Is this even possible? A MITM attack: Suricata sniffing the web proxy?

I'm sorry, yet another question from me.

OpenVPN is reconnecting exactly every hour while I used reneg 0 in the config and reneg-sec 0; in de advanced config.

How can this be?

I'd like to block TCP/UDP access from one client (192.168.2.10) tot a other client (192.168.2.30) wich has a webserver.

A simple block firewall rule from - to doesn't seem to work.

How can I achieve this?

I have multiple servers in my OpenVPN client config with 'random server' turned on. I'd like to reset the connections automatically (via cron?) so it switches between these servers. Can and if so, how can I do that?

Thanks for helping

[UPDATE]

I followed this guide: https://forum.opnsense.org/index.php?topic=4979.0
And the guide from my VPN provider: https://nordvpn.com/nl/tutorials/pfsense/pfsense-openvpn/

The VPN gateway doesn't get a IP address, so there's no routing. If I use ' redirect-gateway autolocal; ' in the advanced config of the client it'll only work for 10-30 minutes untill I reset the connection.

It does work with pfSense without ' redirect-gateway autolocal; ', the gateway just receives the virtual IP. So what am I doing wrong here?

UPDATE
It does stay stable with just one client. However, I'd like to have 2 or more clients that I want to use in a round robin by making a gateway group. So the problem remains; how do i get the gateway to get the virtual IP the vpn provider gives without using dirty config?

I'm having problems with my OpenVPN clients connection to NordVPN. De default config doesn't work untill I add "redirect-gateway autolocal;" in the advanced config of the clients. But that's a little unstable.

What is the correct way to do this?

UPDATE: the firewall rules are not the main problem. The gateways don't pick up the DHCP address given bij the VPN provider. This workes in pfSense but somehow not in OPNsense. What could this be?

I'm migrating from pfSense to OPNsense.

I have te following setup:
4x OpenVPN connections to my VPN provider together in a gateway group called 'VPN balancing'
LAN rule TCP/UDP with gateway 'VPNbalancing'

And on NAT a rule for 500 static and any for each interface with the LAN ip address.

This works in pfSense but somehow in OPNsense, whatever i try i get a 'default deny rule'. I can't figure out what's wrong.