Topics

1

18.1 Legacy Series / P9ing routing differently

« on: January 14, 2019, 10:43:17 am »

Hi
I have an Opnsense FW in the cloud with 3 VPNs to remote sites.
2 of the VPNs are fine but one shows odd behaviour even thougnthe settings are the same as the other 2.
The VPN drops out on a regular basis is one issue but a more strange issue for me is that I try to test whether the VPN is up by pinging a piece of equipment at the other end (a PBX). The PBX will respond to a ping.
If I try to acces the PBX config which uses a range of ports, it works fine!
Last week the VPN was up and working and pinging OK
This morning it was down so restated it and it's not poinging.
A tracert from a PC alsdo in the cloud tries to route the ping out over the WAN on the opnsense.
That same PC is able to access the PBX management.

Any ideas as I'm stumped!

Cheers

2

18.1 Legacy Series / IPSec with Dynamic IP

« on: June 28, 2018, 11:41:57 am »

Hi

Is it possible to set up a site to site VPN to and Opnense FW where the remote site does not have a fixed IP?

Scenario - our sales team would like to have a demo kit of comms equipment that will require a VPN to a cloud based opnsense FW. Obviously as they move from customer to customer the public IP trying to make the connection will be different.

I have tried using a dynamic DNS service but cannot get the tunnel to establish.

This will be from a Draytek router (although I can try a different one) set up with a WAN connection that will get an internal IP address on the customer's LAN via DHCP and then onto the internet via the customer gateway.

Hope I've explained that OK!

Cheers

Dave

3

18.1 Legacy Series / Dropping IPSec VPN Connection

« on: May 25, 2018, 02:12:56 pm »

Hi
We have a VPN connection (Opnsense in the cloud to Cisco on Premises) That seem to have random drops.
The Cisco is the clients own device, so we only have access to the Opnsense machine.

The logs do not give much away - is there a good way to diagnose this problem from the Opnsense machine?

Thanks!

4

18.1 Legacy Series / OpenVPN and Yealink Phones

« on: May 16, 2018, 04:53:16 pm »

Hi

I would like to setup OpenVPN to work with a Yealink handset and I believe it's possible to do this.

I am new to OpenVPN especially the setup in Opnsense. Generally I ise IPSec for everything but the SIP phones I have only support OpenVPN

At present I cannot even get a client export file that the Yealink is happy with as it will only accept a .tar file.

I saw someone had posted a link to a tutorial specific to this on the pfsense forum, but it no longer exists.

Does anyone have a guide or pointers for this please?

Many thanks!

5

18.1 Legacy Series / Blocked VPN Traffic?

« on: May 15, 2018, 03:05:02 pm »

Hi

I have an IPSec VPN between an Opnsense virtual machine and a Cisco RV320
The VPN establishes and seems fine.
A PC at the remote (Cisco) end can ping devices at the Opnsense end but not vice versa.
It looks like the Opnsense is trying to send VPN traffic out to the internet instead of down the tunnel.

All the routes etc. look to have been created properly - do I need to manually set up something to route outbound VPN traffic??

Cheers

dave

6

18.1 Legacy Series / Losing default route

« on: May 08, 2018, 10:06:11 am »

Hi

I have a virtual deployment of Opnsense 18.1 in a data centre and all works wee apart from the face that the default route keeps vanishing.
The WAN interface is set statically via the console, but this drops off seemingly randomly

Any ideas??

I have another similar deployment which is fine

Cheers

7

18.1 Legacy Series / Multiple local subnets over IPSec VPN

« on: March 15, 2018, 12:46:31 pm »

Hi
Struggling with this one, not sure if it's possible!

I have a local site with a Draytek router. This router makes an IPSec VPN to virtual Opnsense firewall in the cloud.
The Draytek has 2 local subnets, for example 192.168.1.0/24 and 192.168.2.0/24
The subnet in the cloud is 192.168.3.0/24.

I can set up the VPN no problem with the LAN subnet 192.168.1.0 however traffic from the 192.168.2.0 subnet, which does go up the tunnel, is not being returned, probably as there is no policy for the 192.168.2.0 subnet.

The Draytek cannot create multiple Phase 2 policies for a single connection as far as I can tell.

Is there a way for Opnsense to recognise the addition local LAN subnet?

many thanks!

8

18.1 Legacy Series / CLI Configuration

« on: February 21, 2018, 11:22:49 am »

Hi!

New to OpnSense.

I am looking to deploy OpnSense firewalls to virtual appliances in a cloud set up. (Similar to AWS)
I can deploy an OpnSense virtual machine easy enough but of course until it's configured I will have to VPN access to the virtual appliance to manage via the web gui and the only way to use a web GUI without that would be to deploy another VM in the Virtual appliance to make use of a machine with a browser!

Is there a way to configure OpnSense via the Shell?

All config seems to be in a XML file and would obviously prefer not to edit that directly!

many thanks!

9

17.1 Legacy Series / PPTP Traffic not hitting server

« on: January 03, 2018, 05:32:11 pm »

Hi

I am trying to set up PPTP for quick and easy access to a server behind the firewall.
I know PPTP is not the best but it's (usually) quick and easy to configure for testing :/

I have installed the PPTP plug in and it's listening on port 1723, but that's al it does.
In the log it just sits there saying waiting for connection on 192.168.1.1 1723

When a client tries to connect it fails due to no response.

I have set up rules to forward GRE and TCP 1723 to the LAN address of the Opnsense
(I have PPTP listening on the LAN address of Opnsense, is that correct?

Any help appreciated!

Cheers

10

17.7 Legacy Series / IPSec VPN to/from Draytek

« on: December 17, 2017, 01:19:35 pm »

Hi

I am new to Opnsense!

Has anyone managed to sucessfully set up a VPN between a Draytek router and Opnsense?
I am not an IPSec expert, but have tried everycombination of settings i can find to no avail.

I cannot even get a PPTP VPN running although it seems Opnsense is more geared to a road warrior PPTP tunnel than a LAN-LAN.

Any help appreciated.

Cheers