OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Josh »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Josh

Pages: [1]
1
22.7 Legacy Series / How to configure 802.1X device certificate based EAP-TLS authentication on LAN?
« on: December 10, 2022, 06:11:52 pm »
We have been running a pfSense based network for several years, but have started considering to switch over to OPNsense. I have been reading and searching the forum, but I’m still unsure if our configuration can be achieved using OPNsense.

Our current network configuration is as follows:

- pfSense edge router:
   - WAN + LAN1 physical network interfaces
   - Certificate manager to create and manage the PKI for device certificates
   - Freeradius server configured to use EAP-TLS with 802.1X device certificates on wired and wireless LAN1
- Managed switches (ZyXEL GS1900 series)
   - Authentication method: Radius; 802.1X enabled
   - Individual switch port assignments to either LAN1 or VLAN 20 / 30 / 110 / 120 / 130
   - Global Guest VLAN 30 for fallback to devices trying to connect to LAN1 ports without a proper device certificate
- WLAN APs (Ubiquiti UniFi UAC series)
   - Separate wireless networks for LAN1, VLAN 20 / 30 / 110 / 120 / 130
   - Radius profile for wireless LAN1
   - WPA-Enterprise enabled for wireless LAN1 connections to authenticate via device certificates
   - WPA-Personal and individual VLAN enabled for all other wireless networks[/li][/list]

If a workstation is trying to connect to LAN1 either wireless or wired but without device certificate, it will automatically fall back to Guest VLAN 30. Wired connection to all VLANs is possible from dedicated switch ports without authentication. Wireless connection to all VLANs is possible with standard WPA-Personal password.

I wonder if this setup is possible with the current OPNsense release.

I’m specifically concerned about how to configure Freeradius to use 802.1X and device certificates, since I cannot seem to find the user interface to configure it. On pfSense this configuration was quite straightforward, and I was also able to find examples in the user forums on how to do it.

All guidance and advice is greatly appreciated!

I‘m seriously considering to switch over to OPNsense if I can do it with low or moderate effort. On the other hand, I do not currently have resources to start making very large-scale experiments if this something that has not been done with OPNsense before.

2
19.7 Legacy Series / How to configure a home router behind OPNsense without NAT?
« on: November 03, 2019, 04:52:09 pm »
I have an ASUS BRT-AC828 as my home router, and I and have segmented my LAN to a few VLANs (e.g. IOT devices / Guests / Home network).

I'm currently trying to add an OPNsense firewall between my ASUS router and the internet, and I'd like to get visibility to my LAN nodes from the OPNsense. For example, I have an alarm clock that has WiFi capability, but I'd like to allow only NTP protocol for that device to pass to internet and block everything else.

It seems to me that I'm lacking some basic knowledge on how to configure the OPNsense correctly. Obviously I will want to disable NAT in my ASUS router, but what are the correct steps to configure OPNsense so that I can reach the internet from behind the ASUS router?

The network configuration is as follows:

Internet <--> OPNSense <---> ASUS BRT-AC828 <--> VLAN1: 10.11.1.1 <--> PC 10.11.1.2
                             10.1.1.1     10.1.1.2                        VLAN2: 10.12.1.1 <--> alarm clock 10.12.1.2

Any help would be greatly appreciated!

3
18.7 Legacy Series / First time install problem: Booting from USB stick hangs
« on: September 15, 2018, 06:15:08 pm »
I have been using Sophos UTM in my home network for a few years but decided to give OPNSense a try.

So, I downloaded the 18.7 VGA AMD64 image file and burned it into a USB3 stick with Rufus. Booting from the USB stick started normally (at least to my eyes), but it hang almost immediately.

All I got into the console screen was:

=============================================

>> FreeBSD EFI boot block
Loader path: /boot/loader.efi

Initializing modules: ZFS UFS
Probing 14 block devices........*........ done
  ZFS found no pools
  UFS found 1 partition
Consoles: EFI console
_

=============================================

Then, after a few minutes a reboot occurs, with exactly the same results, and again and again...

I was not able to find a solution neither in the wiki nor by searching the forum. My apologies if I'm missing something obvious here.

The HW is a Dell Optiplex 7010 SFF with one 160GB HDD.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2