1
General Discussion / Use aliases in IPsec connections setup
« on: December 14, 2023, 09:51:02 am »
Would it be possible to use aliases to define local and remote subnets in IPSEC connections setup?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
23.7 Legacy Series / New IPSEC setup with hostname in Remote endpoint and PSK
« on: October 27, 2023, 10:56:30 am »
How do I configure IPSEC in the new connections with remote endpoint as hostname and Identities as IP addresses?
In the old config I just put hostname in Remote Endpoint and setup PSK and setup Identities to My IP and Remote IP.
How do I configure that in the new IPSEC PSK setup?
In the old config I just put hostname in Remote Endpoint and setup PSK and setup Identities to My IP and Remote IP.
How do I configure that in the new IPSEC PSK setup?
3
23.7 Legacy Series / aes128gcm16-aesxcbc-modp2048 missing after 23.7.7 update
« on: October 26, 2023, 12:15:48 pm »
Hi,
After updating to 23.7.7 I can no longer choose aes128gcm16-aesxcbc-modp2048 in new IPSEC Connections Proposals.
After updating to 23.7.7 I can no longer choose aes128gcm16-aesxcbc-modp2048 in new IPSEC Connections Proposals.
4
23.7 Legacy Series / IPSEC Automatically generated rules
« on: October 12, 2023, 11:03:54 am »
When using the new IPSEC "connections" Automatically generated rules for IPSEC is no longer created.
5
23.7 Legacy Series / IPSEC IDs setup 2 times in 23.7
« on: August 24, 2023, 12:26:16 pm »
Why do I have to setup the IPSEC local and remote IDs 2 times in 23.7?
In both "Pre-shared Keys" menu and in Authentication section of Connection setup.
In both "Pre-shared Keys" menu and in Authentication section of Connection setup.
6
23.7 Legacy Series / Enable IPSEC in 23.7
« on: August 17, 2023, 12:48:34 pm »
In 23.7 the enable IPSEC is still in Tunnel Settings [legacy]. If disabled in legacy the new "Connections" does not start.
7
22.7 Legacy Series / debug.pfftpproxy unsupported
« on: September 27, 2022, 01:48:58 pm »
After some of the 22.7 updates I get:
debug.pfftpproxy Disable the pf ftp proxy handler. unsupported unknown
warning: ignoring missing default tunable request: debug.pfftpproxy
Should I just delete debug.pfftpproxy or is it a bug in os-ftp-proxy plugin?
debug.pfftpproxy Disable the pf ftp proxy handler. unsupported unknown
warning: ignoring missing default tunable request: debug.pfftpproxy
Should I just delete debug.pfftpproxy or is it a bug in os-ftp-proxy plugin?
8
22.1 Legacy Series / ipsec: remove hashes and algorithms no longer supported by FreeBSD 13
« on: January 25, 2022, 03:35:10 pm »
ipsec: remove hashes and algorithms no longer supported by FreeBSD 13
Does this mean that 3des, sha1 and md5 is no longer supported in IPSEC tunnels?
Does this mean that 3des, sha1 and md5 is no longer supported in IPSEC tunnels?
9
General Discussion / Captive Portal reload or redirect after sign in
« on: June 22, 2021, 11:26:19 am »
When I use Captive Portal and hit "sign in" the page does not reload at Android.
At Ipad I get blank page with the text Success instead of a page with "logout"
Can this be fixed?
How do I define redirurl from the GUI (like Pfsense have)
From default template:
At Ipad I get blank page with the text Success instead of a page with "logout"
Can this be fixed?
How do I define redirurl from the GUI (like Pfsense have)
From default template:
Code: [Select]
// redirect on successful login
if (data['clientState'] == 'AUTHORIZED') {
if (getURLparams()['redirurl'] != undefined) {
window.location = 'http://'+getURLparams()['redirurl']+'?refresh';
} else {
window.location.reload();
10
General Discussion / Can I use configuration backup from NANO install
« on: May 12, 2021, 10:04:38 am »
Hi,
can I use configuration export from a OPNsense NANO install and import it on a new full install OPNsense without having nano specific configurations at the new install?
can I use configuration export from a OPNsense NANO install and import it on a new full install OPNsense without having nano specific configurations at the new install?
11
General Discussion / Wildcard netmask in alias or firewall rules
« on: April 23, 2021, 01:39:06 pm »
I need to create a firewall rules that gives access to IP's which ends at e.g. .64
Using another firewall provider we could do this by using wildcard netmasks as this 0.0.0.64/0.0.0.252
Can this be done some how with OPNsense?
We need to do the same as this other Cisco example:
Match all 192.168.x.1 addresses:
permit 192.168.0.1 0.0.255.0
Using another firewall provider we could do this by using wildcard netmasks as this 0.0.0.64/0.0.0.252
Can this be done some how with OPNsense?
We need to do the same as this other Cisco example:
Match all 192.168.x.1 addresses:
permit 192.168.0.1 0.0.255.0
12
Virtual private networks / Wireguard interface
« on: April 23, 2021, 01:12:41 pm »
Just installed Wireguard.
I have Firewall -> Rules -> Wireguard (had to edit another rule and hit save for Wireguard to show up)
Some guides say that I have to assign wg0 to a new interface - In which use cases would I need to assign the wg0 interface?
I have Firewall -> Rules -> Wireguard (had to edit another rule and hit save for Wireguard to show up)
Some guides say that I have to assign wg0 to a new interface - In which use cases would I need to assign the wg0 interface?
13
Hardware and Performance / Innovision appliance
« on: April 23, 2021, 09:37:17 am »
Have anyone tried opnsense at Innovision hardware?
So far I have used Qotom hardware for years without problems but they do not provide rack mount systems.
Found this one and would like to know if anyone have trid it:
https://a.aliexpress.com/_mPGe1Ll
So far I have used Qotom hardware for years without problems but they do not provide rack mount systems.
Found this one and would like to know if anyone have trid it:
https://a.aliexpress.com/_mPGe1Ll
14
21.1 Legacy Series / MSS and IPSEC
« on: March 30, 2021, 09:47:50 am »
Hi,
I have had a few new sites where I need to set MSS=1400 om LAN interface to get traffic through IPSEC tunnels.
Is that a "normal" problem?
I have had a few new sites where I need to set MSS=1400 om LAN interface to get traffic through IPSEC tunnels.
Is that a "normal" problem?
15
21.1 Legacy Series / Freeradius - passwords exposed i logs
« on: March 19, 2021, 12:21:57 pm »
If i look in the FreeRadius log "Services: FreeRADIUS: Log File" all usernames/passwords I have tested using System/Access/Tester is listed in clear text.