1
General Discussion / nginx plugin - High Availability
« on: May 22, 2019, 01:53:33 pm »
I didn't find the option in "System: High Availability: Settings" to do the config sync, am I looking in wrong place or it not yet implemented?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Development and Code Review / Wazuh Agent integration - call for tests
« on: May 21, 2019, 11:32:05 pm »
Hi!
I've created this small script to put wazuh-agent to work together with OPNsense. It's working well in one of our environments, till now ;-)
Script:
https://github.com/cloudfence/opnsense-wazuh/blob/master/opnsense-ban.sh
The main idea is to ban an offensor IP address that is often is catch by the wazuh's active response feature.
If you are using OPNsense with Wazuh, I invite you to make some tests and let me know if it will work well for you too!
Installation instructions here: https://github.com/cloudfence/opnsense-wazuh/blob/master/README.md
I've created this small script to put wazuh-agent to work together with OPNsense. It's working well in one of our environments, till now ;-)
Script:
https://github.com/cloudfence/opnsense-wazuh/blob/master/opnsense-ban.sh
The main idea is to ban an offensor IP address that is often is catch by the wazuh's active response feature.
If you are using OPNsense with Wazuh, I invite you to make some tests and let me know if it will work well for you too!
Installation instructions here: https://github.com/cloudfence/opnsense-wazuh/blob/master/README.md
3
18.7 Legacy Series / IPSEC BiNAT - Migrating from pfS
« on: February 21, 2019, 05:34:49 pm »
Greetings from IPSec outerspace! 
I'm importing a config from an old pfsense with IPSEC Binat enabled, but when I try to create the NAT 1:1 rule, an error is show.
Scenario:
Local Network: 10.20.30.0/24
Translated Address (that is in SPD entry): 192.169.200.16/32
If the subnet mask are the same, the rule is created without problems, but like I've mentioned above, the existing config uses differents masks.
Am I missing something?
Attached the example rule and the error.
I'm importing a config from an old pfsense with IPSEC Binat enabled, but when I try to create the NAT 1:1 rule, an error is show.
Scenario:
Local Network: 10.20.30.0/24
Translated Address (that is in SPD entry): 192.169.200.16/32
If the subnet mask are the same, the rule is created without problems, but like I've mentioned above, the existing config uses differents masks.
Am I missing something?
Attached the example rule and the error.
4
Development and Code Review / Script to convert pfSense config XML to OPNsense
« on: January 16, 2019, 04:19:12 pm »
Hi folks!
We're using a small piece of code to help us to convert from pfSense to OPNsense XML config file. It's still in a beta stage, but we're achieving good results with it.
There are known issues that should be corrected/improved. Contributors are very welcome!
https://github.com/juliocbc/shelland/blob/beta/pf2OPN-config.sh
Tested with XML files from pfSense 2.1.X and 2.2.X versions.
We're using a small piece of code to help us to convert from pfSense to OPNsense XML config file. It's still in a beta stage, but we're achieving good results with it.
There are known issues that should be corrected/improved. Contributors are very welcome!
https://github.com/juliocbc/shelland/blob/beta/pf2OPN-config.sh
Tested with XML files from pfSense 2.1.X and 2.2.X versions.
5
18.7 Legacy Series / APU2 - PPPoE System crash
« on: January 15, 2019, 05:49:57 pm »
Hello!
I am experiencing a very weird behaviour with an APU:
Every time that the PPPoE interface cable is unplugged the system crashes!
I found this thread https://forum.opnsense.org/index.php?topic=5697.0 in the forums, but the solution doesn't fit to the our system (APU2 with OPN 18.7.10).
I've tried to disable ACPI, changed the gw monitor daemon (dpinger/apinger) and disabled suricata.
Any ideas?
dump:
I am experiencing a very weird behaviour with an APU:
Every time that the PPPoE interface cable is unplugged the system crashes!
I found this thread https://forum.opnsense.org/index.php?topic=5697.0 in the forums, but the solution doesn't fit to the our system (APU2 with OPN 18.7.10).
I've tried to disable ACPI, changed the gw monitor daemon (dpinger/apinger) and disabled suricata.
Any ideas?
dump:
Code: [Select]
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x30
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff82652f83
stack pointer = 0x28:0xfffffe01212f9960
frame pointer = 0x28:0xfffffe01212f9990
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (dummynet)
6
Development and Code Review / Captive Portal with external authentication
« on: November 20, 2018, 11:13:13 pm »
Hello!
We have a Captive portal implemented o top of a old pfsense firewall. The thing works with a custom php script (loaded with Captive Portal) that authenticate users in a external portal (API).
We want to change it to a OPNsense's firewall, someone here had implement something like a described above?
We have a Captive portal implemented o top of a old pfsense firewall. The thing works with a custom php script (loaded with Captive Portal) that authenticate users in a external portal (API).
We want to change it to a OPNsense's firewall, someone here had implement something like a described above?
7
Development and Code Review / APU LEDs Plugin
« on: November 08, 2018, 03:16:10 am »
Hello!
I made a simple plugin to get APUs boxes more shiny!
https://github.com/cloudfence/dev-packages (plugin package)
https://github.com/cloudfence/apuled (plugin source code)
I've compiled the LED's module from this source code: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189772
I know that isn't a good idea to put a binary (compiled) in a plugin package, but I don't know exactly how put this module with the plugin yet... maybe build a custom port and put it as plugin dependence... Anyway ideas are very welcome!
This initial version is not very useful yet... but it's a begining!
I made a simple plugin to get APUs boxes more shiny!
https://github.com/cloudfence/dev-packages (plugin package)
https://github.com/cloudfence/apuled (plugin source code)
I've compiled the LED's module from this source code: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189772
I know that isn't a good idea to put a binary (compiled) in a plugin package, but I don't know exactly how put this module with the plugin yet... maybe build a custom port and put it as plugin dependence... Anyway ideas are very welcome!
This initial version is not very useful yet... but it's a begining!
8
Development and Code Review / Custom pacakge - Web UI menus doesn't show [SOLVED]
« on: October 11, 2018, 12:38:08 am »
Hello,
I've have some custom packages that don't show on Menu (Web UI) immediatelly after installation. I've noted if a reboot is done these menus loads OK. I was using those packages on 16.x versions, is there something that needed to be done on 18.7 to load the menus in Web UI?
I've noted that if I remove the cache file: /tmp/opnsense_menu_cache.xml solves the problem, but I want to do it in a "clean way"
I've have some custom packages that don't show on Menu (Web UI) immediatelly after installation. I've noted if a reboot is done these menus loads OK. I was using those packages on 16.x versions, is there something that needed to be done on 18.7 to load the menus in Web UI?
I've noted that if I remove the cache file: /tmp/opnsense_menu_cache.xml solves the problem, but I want to do it in a "clean way"
9
Portuguese - Português / Comunidade - Língua Portuguesa
« on: October 10, 2018, 12:44:31 pm »
Olá pessoal!
Com intuito de nos conhecermos e integrar a comunidade de língua portuguesa do OPNsense, gostaria de saber de onde vocês são e se puderem fazer uma introdução da experiência de vocês com o OPNsense, seria legal!
Com intuito de nos conhecermos e integrar a comunidade de língua portuguesa do OPNsense, gostaria de saber de onde vocês são e se puderem fazer uma introdução da experiência de vocês com o OPNsense, seria legal!
10
Intrusion Detection and Prevention / IPS PPPoE Interface
« on: September 20, 2018, 08:33:17 pm »
Hi,
I've configured the IPS in two of my firewall interfaces, one a physical interface with static IP address and other with PPPoE. The physical interface I can see alerts as usual, but the PPPoE dont show any alerts.
p.s.: I've HIPS installed in the servers behind (NAT) of the PPPoE and a lot of alerts are showing up.
Anyone with the same problem?
Thanks!
I've configured the IPS in two of my firewall interfaces, one a physical interface with static IP address and other with PPPoE. The physical interface I can see alerts as usual, but the PPPoE dont show any alerts.
p.s.: I've HIPS installed in the servers behind (NAT) of the PPPoE and a lot of alerts are showing up.
Anyone with the same problem?
Thanks!
Pages: [1]