Topics

1

19.1 Legacy Series / OPNVPN Client Export In-line missing

« on: February 08, 2019, 06:26:39 pm »

There is no longer an option listed for inline for the client export for openvpn after I upgrade to 19.1. It has been a while since i have attempted to download it so it may have been missing for some time or there is now a different method used for iOS that i am not aware of. I referenced the documentation here https://docs.opnsense.org/manual/how-tos/sslvpn_client.html that says to download the inline configuration. I only show Archive, File Only, Viscosity, and TheGreenBow under Export type.

2

General Discussion / Wan DHCP not renewing

« on: February 14, 2018, 03:02:23 pm »

Im not sure if i have something misconfigured but it appears when my lease expires for my ip on my wan opnsense is not requesting for a new ip address. If i manually request a new ip under the interfaces tab all is good. Any ideas?

Thanks

3

Intrusion Detection and Prevention / What determines which rules are enabled

« on: January 25, 2018, 06:30:32 pm »

I added snort rules into the IDS and have enabled any of the ET or snort VRT groups that contain malware, virus, trojan, or anything else that sounds like it is something i wouldn't want running on my network. When i went to the rules and do a search on malware i find that of the groups i enabled only some rules are enabled and not all of them.

What dictates which rules are enabled?

Is the best approach to just enable the group and not the individual rules that are shown disabled?

I am currently not blocking and just running as an IDS. Once I have removed the false alarm rules I will probably convert to an IPS. Right now all the alarms show as alerts. Do these all get changed to drop once I change to IPS or do i need to go and change the rule behavior for each rule?

Lastly, when an ip gets blocked does that get added to a group in the firewall or is it just located under the alerts section of the IDS. Does the clear log button on the alert tab clear the block for the ip and if so how do you clear a block for one particular ip instead of the entire log file?

4

General Discussion / Track historical usage per user

« on: January 21, 2018, 12:17:05 am »

Is there a way within OPNsense to track individual users historical usage. I would like to be able to view a list of clients and show when they were connected and bandwidth used. Its nice to know data trends on devices on my network. Something like the graphs shown under the interface tab in insight but per client. Would be cool to have a quick visual of user traffic usage. Maybe be able to toggle between ip and hostname like what is on the traffic graphs. Actually, the client usage in the traffic graphs would work great if this was always being captured and data stored to view anytime.

5

General Discussion / OPNsense initial thoughts

« on: January 19, 2018, 09:40:34 pm »

I just wanted to comment on OPNsense from the perspective of a recent PFsense user. In my initial search looking for a firewall I tested various firewalls; untangled, sophos/astro, and clearOS to name a few. I found PFsense to be the best by far that reached all of my needs. I use PFsense in a home environment that basically was used for monitoring and limiting internet usage, vpn service, traffic shaping (when my internet pipe was smaller) and providing reliable network access and security for my family. I recently started trying to fine tune my IDS within PFsense and was deciding between suricata and snort when I ran across some references for OPNsense forking from PFsense. It has been a while sense I messed around with another firewall distribution and sense this was based off the firewall I was already used to I thought it was worth investigating.

From 2 weeks of use with OPNsense I have to say this firewall looks great. It still has a lot of the PFsense feel to it but the GUI/Layout is improved greatly. OPNsense appears to take the approach to provide all the core functions that PFsense did but decide which is the best package to facilitate that need, make it the standard and direct its focus to maintaining those dedicated packages. This removes some choices/options for the firewall admin but I think it provides a more reliable/stable firewall. I currently run OPNsense on not the most ideal hardware but I have noticed the it appears to be using less ram than what PFsense used. I still have yet to configure surricata so i know that will be a good size hit on ram. I also really like that netflow visibility is built in to the gui but ntopng did provide more visibility.

I am still in the early stages of OPNsense so there may be some things I have missed but below are the items I think would be great to get included in OPNsense.
* Historical monitoring for individual client use - such as bandwidthd.
    * would be really cool if insight could map an ip to dhcp reservation and list traffic usage per user along with source/destination
* Squid reports, such as sarg or light squid
    * I haven’t messed with the proxy much and this may be available and I just need to configure it but for the purposes of web filtering it would be nice to be able to do a splice all on squid so you can block a destination without having to intercept SSL traffic
* Its early and I dont know if i prefer the way historical bandwidth usage is displayed under health versus the graphs in PFsense

I mainly just wanted to post to tell the developers and community I think you guys are doing a great job.