Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - olest

#1
Have anyone tried the "new" OpenVPN Windows client with combined password and OTP prompt?

Saw this in OpenVPN client setting: "Prompt for OTP and combine with password"
#2
When using OpenVPN instance with DCO I get this in log:

dco_update_peer_stat: invalid peer ID 1 returned by kernel

Looks like at bug if I search internet.
#3
Would it be possible to use aliases to define local and remote subnets in IPSEC connections setup?
#4
How do I configure IPSEC in the new connections with remote endpoint as hostname and Identities as IP addresses?

In the old config I just put hostname in Remote Endpoint and setup PSK and setup Identities to My IP and Remote IP.

How do I configure that in the new IPSEC PSK setup?
#5
Hi,

After updating to 23.7.7 I can no longer choose aes128gcm16-aesxcbc-modp2048 in new IPSEC Connections Proposals.
#6
When using the new IPSEC "connections" Automatically generated rules for IPSEC is no longer created.
#7
23.7 Legacy Series / IPSEC IDs setup 2 times in 23.7
August 24, 2023, 12:26:16 PM
Why do I have to setup the IPSEC local and remote IDs 2 times in 23.7?

In both "Pre-shared Keys" menu and in Authentication section of Connection setup.
#8
23.7 Legacy Series / Enable IPSEC in 23.7
August 17, 2023, 12:48:34 PM
In 23.7 the enable IPSEC is still in Tunnel Settings [legacy]. If disabled in legacy the new "Connections" does not start.
#9
22.7 Legacy Series / debug.pfftpproxy unsupported
September 27, 2022, 01:48:58 PM
After some of the 22.7 updates I get:

debug.pfftpproxy   Disable the pf ftp proxy handler.   unsupported   unknown   

warning: ignoring missing default tunable request: debug.pfftpproxy

Should I just delete debug.pfftpproxy or is it a bug in os-ftp-proxy plugin?
#10
ipsec: remove hashes and algorithms no longer supported by FreeBSD 13

Does this mean that 3des, sha1 and md5 is no longer supported in IPSEC tunnels?
#11
When I use Captive Portal and hit "sign in" the page does not reload at Android.
At Ipad I get blank page with the text Success instead of a page with "logout"
Can this be fixed?

How do I define redirurl from the GUI (like Pfsense have)

From default template:

                       // redirect on successful login
                        if (data['clientState'] == 'AUTHORIZED') {
                            if (getURLparams()['redirurl'] != undefined) {
                                window.location = 'http://'+getURLparams()['redirurl']+'?refresh';
                            } else {
                                window.location.reload();
#12
Hi,

can I use configuration export from a OPNsense NANO install and import it on a new full install OPNsense without having nano specific configurations at the new install?
#13
I need to create a firewall rules that gives access to IP's which ends at e.g. .64

Using another firewall provider we could do this by using wildcard netmasks as this 0.0.0.64/0.0.0.252

Can this be done some how with OPNsense?


We need to do the same as this other Cisco example:
Match all 192.168.x.1 addresses:
permit 192.168.0.1 0.0.255.0
#14
Virtual private networks / Wireguard interface
April 23, 2021, 01:12:41 PM
Just installed Wireguard.

I have Firewall -> Rules -> Wireguard (had to edit another rule and hit save for Wireguard to show up)

Some guides say that I have to assign wg0 to a new interface - In which use cases would I need to assign the wg0 interface?
#15
Hardware and Performance / Innovision appliance
April 23, 2021, 09:37:17 AM
Have anyone tried opnsense at Innovision hardware?

So far I have used Qotom hardware for years without problems but they do not provide rack mount systems.

Found this one and would like to know if anyone have trid it:
https://a.aliexpress.com/_mPGe1Ll
#16
21.1 Legacy Series / MSS and IPSEC
March 30, 2021, 09:47:50 AM
Hi,

I have had a few new sites where I need to set MSS=1400 om LAN interface to get traffic through IPSEC tunnels.
Is that a "normal" problem?
#17
If i look in the FreeRadius log "Services: FreeRADIUS: Log File" all usernames/passwords I have tested using System/Access/Tester is listed in clear text.
#18
Is there any GUI changes related to NAT over IPSEC or should I still use Manual SPD setting i phase 2?
#19
General Discussion / WAN packet loss
September 18, 2020, 01:20:18 PM
Hi,

When I go to System -> Gateways -> Single I see a packet loss of 0.0% but when I go to Reporting -> Health -> Quality I see a loss of 100-200m.

How should I read those data?
#20
General Discussion / Postfix problem
June 07, 2020, 05:09:19 PM
Have setup Postfix with rspamd, redis and clamav.

When receiving emails from ebay (only so far) I get the email but ebay resend it again many times.

In the log I get this:
postfix/smtpd[82980]: disconnect from mxphxpool2041.ebay.com[66.211.185.204] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 commands=5/6

Is it a timeout problem in some of the components or how do I fix it?