Topics

1

20.1 Legacy Series / [SOLVED] Squid / No error messages since upgrade to OPNsense 20.1 production

« on: February 17, 2020, 06:29:39 pm »

Hi all,

my Squid proxy does not show any error messages since I upgraded OPNsense to 20.1 production series.

In the Squid logs I can see that Squid blocks certain requests as expected...

Code: [Select]

2020-02-17T18:14:58.530000 1 192.168.xx.xxx TCP_DENIED/403 3968 CONNECT www.hidemyass.com:443 - HIER_NONE/- text/html
.. however, Squid does not present any error message to the user.

This was working perfectly fine in OPNsense 19.7.

Any ideas?

2

Web Proxy Filtering and Caching / Squid / Bypass Proxy for Private Address Destination

« on: April 25, 2019, 07:25:41 pm »

Hi all

I'm running OPNsense 19.1.6-amd64 with Squid 3.5.28_1 with two different subnets (LAN and OPT1).

I've put in rules on my OPNsense firewall to block traffic between the different subnets.

The problem I'm running into is that Squid as a proxy (non-transparent) is allowing traffic between the subnets skipping the firewall rules. Hence, clients in OPT1 subnet are able to access the LAN subnet and vice versa.

I miss a similar option as in pfsense's Squid to not forward traffic to Private Address Space (RFC 1918) destinations. If enabled, destinations in Private Address Space (RFC 1918) would be passed directly through the firewall, not through the proxy server.

Is there a way to configure Squid in OPNsense in a similar way? In case I manually have to include custom options in Squid, can anyone provide an example, please?

Nevertheless, how about implementing the option "Do not forward traffic to Private Address Space (RFC 1918) destinations" in OPNsense?

3

General Discussion / Incorrect rule labels assigned in firewall live view

« on: April 16, 2019, 10:04:38 pm »

Hi all!

I am currently running OPNsense 19.1.6-amd64 and today I've experienced some hiccups within the firewall module.

The system assigned incorrect rule labels to the logged packets in the firewall live view. E. g.: Logged packets have been flagged with labels anti-lockout rule or allow access to DHCP server on the pppoe interface while no such rules have been set up on the pppoe interface in the firewall module.

After restart of the packet filter the issue was gone.

As far as I can tell firewall rules nonetheless have been applied correctly. I hope this is just a buggy firewall live view.

Please let me know which internal log files to keep track of if the same problem reoccurs.

4

18.1 Legacy Series / IDS working, IPS not working

« on: May 29, 2018, 10:06:22 pm »

Hi all,

I am experiencing some issues with IDS/IPS on OPNsense 18.1.8.

As I am new to IDS/IPS I am currently just using OPNsense/test rules as a very basic setup. In a first step I just have enabled the IDS functionality. The test rules work pretty fine.  E.g. access to the EICAR testfile will generate an alert and will be logged by OPNSense.

As soon as I enable IPS the problems are arising. Once again, I will access the EICAR test file. But now NEITHER an alert is being generated NOR the access to the file is being blocked.

Once I have disabled IPS again, logging works again like expected.

Am I missing something? Or is there a bug in the IPS module?

Is someone having the same issue?

5

18.1 Legacy Series / Option 'Clone phase 2' missing while cloning IPSec VPN Tunnel Settings

« on: April 14, 2018, 06:50:54 pm »

Hello,

I have some issues with cloning my IPSec VPN Tunnel Settings.

Currently, I am using two different phase 1 entries. Cloning of the 2nd phase 1 entry works pretty fine. While during the cloning process of the 2nd phase 1 entry OPNSense offers the option to clone related phase 2 entries as well, this option is completely missing when I want to clone the 1st phase 1 entry.

A short review of the website's html source code shows that eight lines of html code are missing (relating to cloning of phase 2 entries) when I want to clone my 1st phase 1 entry.

Any ideas what is causing this behaviour? Can anyone point me in the right direction, please?

I am currently running OPNsense 18.1.6-amd64, FreeBSD 11.1-RELEASE-p9. But I already have this issue since I have started my OPNSense setup with version 18.1.