Topics

1

Virtual private networks / Resolving names over wireguard subnet

« on: April 24, 2024, 09:27:55 pm »

I apologize if this is an already answered question --

I have connected my two sites using wireguard VPN site to site setup. How do you resolve names across the VPN? I am able to ping the far-end machines by their IP addresses, from either site, but not by name.

Both sites run similarly configured opnsense firewalls; both sites use unbound. I tried adding the DNS server name of the far end site to the DNS server list but that didn't work. I even tried running WINS (gasp!) at both sites on a raspberry pi that is running pi-hole, again, no luck. I seem to be missing something fundamental here, for which I seek help.

2

24.1 Legacy Series / OpenVPN Instance setup documentation

« on: February 19, 2024, 02:32:09 am »

I am trying to follow the documentation to setup an OpenVPN instance. There may be an error in the HOWTO at https://docs.opnsense.org/manual/how-tos/sslvpn_instance_s2s.html

Should the certificate type for Site A be a "Client" and not "Server" as it stands in the how-to? (Image attached)

Also, there is a typo in the firewall port number -- Should be 1194/UDP, not 1494/UDP -- Table that follows is correct, however.

3

Tutorials and FAQs / Restore some sections to default - possible?

« on: August 14, 2023, 07:57:12 pm »

I am wondering if it is possible to reset all firewall rules to default as if it were a new installation? Alternately, is the default rules list available somewhere to download?

Thanks.

4

General Discussion / OPNsense - virtualized or not?

« on: January 10, 2023, 04:07:55 pm »

Hopefully an easy question --

I have OPNsense running on a dedicated dual-ethernet machine for our SOHO. This deployment is not virtualized.

Should this instance of OPNSense instead be running on the same hardware virtualized? Why or why not?

5

General Discussion / Verizon FIOS now has IPV6 - How to setup?

« on: August 29, 2022, 10:34:00 pm »

Just noticed that Verizon FIOS has given me a 2600:... /56 IPV6 address for the WAN interface.

What do I do with this information? How should I set up my LAN correctly?

6

Virtual private networks / WG Site-to-site - only RDP and VNC work

« on: June 12, 2022, 07:07:22 am »

I have setup a site-to-site WG VPN that somewhat works --

Names resolve correctly on on both LANs across the VPN. RDP and VNC work flawlessly on machines on either LAN to access remote hosts by name.

However, ping times out and I am unable to browse shares on the computers across the VPN either by name or IP address.

I only have a PASS rule to allow IPv4 UDP between the firewalls; I suspect that I need another PASS rule on both sides to allow other IPv4 traffic into the LAN across the VPN.

Any pointers on what this rule(s) are would be helpful. Should this rule be between the two LANs or the firewalls? Which protocols? Which interface? Do I need to manually setup an outbound-NAT rule? I am somewhat new to this and I don't want to accidentally open up the two networks to the world! Thanks.

7

22.1 Legacy Series / DHCPv4 behavior

« on: June 07, 2022, 09:51:37 pm »

I am running 22.1.8_1 presently and noticed the following:

LAN IP: 192.168.1.0/24

Old DHCP lease pool: 192.168.1.10 to 192.168.1.30
There were about 15 machines with a valid lease on this network as shown by the Services->DHCPv4->Leases menu

I moved the pool from the above to 192.168.1.60 to 192.168.1.80

Now the Services->DHCPv4->Leases list is empty, although all the issued leases are still valid and functional. I restarted the DHCP service, but the machines have not yet got their new IP assignments and do not show up.

Is this the expected behavior? Shouldn't the existing (valid) leases still be displayed even though they are no longer in the pool?

8

Tutorials and FAQs / New setup - what cron jobs should one run?

« on: September 30, 2020, 05:42:08 am »

I am wondering if there is a setup guide somewhere that instructs new users what cron jobs they should be running once the firewall is up and running... I am thinking services such as GeoIP blocking, checking for firmware updates, etc.

Any suggestions on "must have" cron jobs for a fairly vanilla installation? Thanks.

9

General Discussion / Can two Raspberry-pi boards make a firewall?

« on: June 24, 2019, 03:39:18 pm »

Given the impressive specs that the Raspberry Pi 4 boasts -- https://www.raspberrypi.org/products/raspberry-pi-4-model-b/ -- Broadcom BCM2711, Quad core @ 1.5GHz; up to 4GB SDRAM; 802.11ac wireless, Bluetooth 5.0,
Gigabit Ethernet --

Would it be possible to have two of these boards working together, with one ETH port serving the WAN side and the other, the LAN side?

10

General Discussion / Captive Portal on a wireless router connected to Opnsense device

« on: September 24, 2018, 05:53:20 am »

I have finally got Opnsense configured just right for our needs -- It is a two-port repurposed PC with an Intel core I5, which works very well. I also got the Guest WiFi working by installing an internal atheros wireless card in the Opnsense PC and following the Captive Portal how-to. But this does not give me the bridged private WLAN that I need.

Now, I am trying to use a separate wireless router (ASUS RT-AC68U running Tomato Shibby) as an access point as well as guest wifi. Following the excellent tutorial, I have the bridged WiFi working for reliable private WLAN functionality.

However, I cannot get the Guest access point working -- I think it is because of the double NAT that is happening, once on the Opnsense box and again in the wireless router.

Can someone point out how to use an external router as a private LAN as well as a captive portal without running into double-NAT?  Thanks.