Topics

1

General Discussion / IPSEC backup remote gateway

« on: May 19, 2020, 09:42:49 am »

Is it possible to setup at backup remote gateway in phase1 of an IPSEC tunnel?

2

General Discussion / Dual WAN failover

« on: May 18, 2020, 11:34:07 am »

What will I gain from using a Gateway Group instead of just setting Priority on the single Gateways?
I just need failover.

3

Intrusion Detection and Prevention / Problem with access between LAN and LAN_VLAN with IPS

« on: June 24, 2019, 12:07:13 pm »

When I enable IPS on LAN interface and use "Promiscuous mode" I cannot access my Synology NAS at LAN_VLAN1200 from a PC at LAN.

4

Intrusion Detection and Prevention / [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -2

« on: June 18, 2019, 02:36:26 pm »

Why do I get this error?

Jun 18 14:35:14   suricata: [100388] <Error> -- [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - error code -2
Jun 18 14:35:13   suricata: [100121] <Notice> -- Signal Received. Stopping engine.

5

19.1 Legacy Series / Cron job not running

« on: May 28, 2019, 11:32:12 am »

Hi,

I have tried to create a cron job that do "Dynamic DNS update" every 5 minutes.

When I look in the log I see no sign of the job executed.

6

General Discussion / How to setup FreeRadius to bind to Windows AD with LDAP

« on: May 27, 2019, 10:47:39 am »

Hi,

How do I configure FreeRadius plugin to authenticate against Windows Active Directory LDAP server.

I have setup LDAP:

Protocol type: LDAP
Server: IP of the LDAP server
Bind user: empty
Bind password: empty
Base DN: dc=company,DC=local
User Filter: (samaccountname=%{%{Stripped-User-Name}:-%{User-Name}})
Group Filter: (objectClass=posixGroup)

I'm not sure what to put in User Filter and Group Filter.

Can anyone help?

7

19.1 Legacy Series / NAT before IPSEC - Bug??

« on: May 24, 2019, 11:18:54 am »

Hi,

I have tried to setup NAT before IPSEC.

Followed this how to doc:
https://docs.opnsense.org/manual/how-tos/ipsec-s2s-binat.html

Is it not working with 19.1?

I havn't tried with 18.7.

(tested with a pfSense instead of my opnsense box and then it is working)

8

19.1 Legacy Series / BUG: log files views not shown correct after 19.1.8 update

« on: May 21, 2019, 11:41:54 am »

After 19.1.8 update the log files views show the same text in both Date and Message fields.

Modify: It is all the logs, not only IPSEC log.

9

19.1 Legacy Series / IPSEC BINAT problem

« on: May 06, 2019, 05:11:50 pm »

Hi,

I'm trying to replace a pfSense with OPNsense, but I cannot get IPSEC BINAT to work.

At pfSense I have this:
https://www.dropbox.com/s/ppdunpmmqpsgdyy/2019-05-06_1705.png?dl=0

At OPNsense I have setup this:
https://www.dropbox.com/s/soatzy8z50vuzpb/2019-05-06_1708.png?dl=0
https://www.dropbox.com/s/4ab1i9rnz1k2y9k/2019-05-06_1709.png?dl=0
https://www.dropbox.com/s/3ux1wcranpjc0gt/2019-05-06_1710.png?dl=0

When I try to ping 192.168.11.245 from 192.168.17.101 I get no responce with OPNsense.

The OPNsense do not seems to create the manual SPD I have typed.

Anyone that can help?

10

18.7 Legacy Series / OpenVPN tunnel network static range

« on: December 05, 2018, 12:23:37 pm »

With OpenVPN access server there is both a tunnel network for dynamic clients and one for static clients.
How do I add a tunnel network for static clients to a OpenVPN server at OPNsense?

If I add a tunnel network outside server tunnel network with client specific overrides, the trafic is not routed correct.

11

18.7 Legacy Series / Multiple OpenVPN instances

« on: December 04, 2018, 04:07:11 pm »

Hi,

Can I use the same server certificate for multiple OpenVPN instances?

12

18.1 Legacy Series / IPSEC debug logging

« on: June 29, 2018, 02:56:50 pm »

under VPN->IPSEC->Advanced Settings there is a IPSEC Debug part.

Is there any help page explaning the meaning of: Silent, Basic, Audit, Control, Raw, Highst?
(In PfSense there was a Diag after control but no Basic.)