1
19.1 Legacy Series / No Client Export Option
« on: June 30, 2019, 04:37:02 am »
Hi, Ever since i updated to 19, i do not see any file download option in client export in OpenVPN. Am i missing something here ?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
19.1 Legacy Series / Firewall Logs
« on: June 20, 2019, 06:25:07 am »
Hi, We can see live firewall logs but is there any way to see old logs. I am sorry if it is already there but i do not see it.
3
19.1 Legacy Series / [SOLVED] AD Authentication with OPNsense
« on: May 22, 2019, 07:35:44 am »
Hi, From my OPNsense, I need to use my UCS server as LDAP authentication.
Thing is i did used it before and it was working. Few weeks back my firewall crashed and i reinstalled it. Now i am not able to configure the server.
Before on my UCS i disabled the firewall and did some modification from some posts. Few weeks back i also migrated my Old UCS to new UCS server. I do not want to use those modifications and disabling the firewall.
I tried using OpenLdap and MS AD, tried using ports 389, 7389, and SSL 7636. No matter what i try i am not able to configure Ad authentication from OPNsense. I need help to setup the ldap. Thanks
Thing is i did used it before and it was working. Few weeks back my firewall crashed and i reinstalled it. Now i am not able to configure the server.
Before on my UCS i disabled the firewall and did some modification from some posts. Few weeks back i also migrated my Old UCS to new UCS server. I do not want to use those modifications and disabling the firewall.
I tried using OpenLdap and MS AD, tried using ports 389, 7389, and SSL 7636. No matter what i try i am not able to configure Ad authentication from OPNsense. I need help to setup the ldap. Thanks
4
19.1 Legacy Series / Monit Issue (/usr/local/etc/monitrc:22: syntax error 'failed')
« on: May 16, 2019, 09:13:19 am »
Hi, I am trying to setup monit. I used to work on version 18 but ever since i updated to 19 i am not able to receive any notification. Now when i tried to disable it and then re enable i am getting this error "/usr/local/etc/monitrc:22: syntax error 'failed'" at top of screen and monit is not starting.
First i thought it could be ssh port issue as my ssh was on different port. but i changed it to default 22 and issue is still there.
Please help. Thanks
First i thought it could be ssh port issue as my ssh was on different port. but i changed it to default 22 and issue is still there.
Please help. Thanks
5
19.1 Legacy Series / flowd_aggregate is stopping after update
« on: April 16, 2019, 07:05:13 am »
Hi, Ever since i updated to 19.1.6, "flowd_aggregate" service is stopping again and again no matter how many times i start it. After start it does work a while and then stop, not immediately. Plz help.
6
19.1 Legacy Series / OpenVPN with ldap authentication
« on: April 12, 2019, 08:24:17 am »
Hi, I am using openvpn with users authenticating with local ldap server. My ldap server is UCS (univention cooperate server).
So everything is configured and VPN is working all well. The issue is that if i using "Authentication containers" as the basic first level name i.e. "CN=Users,DC=DOMAIN_NAME,DC=LOCAL" then it is working fine. For any other next group or container does not work.
I have tried these and are failing to authenticate:
1. CN=VPN_GROUP,CN=groups,DC=DOMAIN_NAME,DC=LOCAL
2. CN=VPN_GROUP,CN=Users,DC=DOMAIN_NAME,DC=LOCAL
I only want tp allow my VPN Group to authenticate so please help.
So everything is configured and VPN is working all well. The issue is that if i using "Authentication containers" as the basic first level name i.e. "CN=Users,DC=DOMAIN_NAME,DC=LOCAL" then it is working fine. For any other next group or container does not work.
I have tried these and are failing to authenticate:
1. CN=VPN_GROUP,CN=groups,DC=DOMAIN_NAME,DC=LOCAL
2. CN=VPN_GROUP,CN=Users,DC=DOMAIN_NAME,DC=LOCAL
I only want tp allow my VPN Group to authenticate so please help.
7
General Discussion / Limit DHCP User's Traffic Usage
« on: February 14, 2019, 12:08:51 pm »
Hi, I have added another pool for some external users only. I want to limit their bandwidth usage. How can i do that ?
8
General Discussion / [SOLVED] Multi WAN - Use Second Gateway
« on: January 09, 2019, 10:50:44 am »
Hi, I use "Multi WAN" with "WAN Failover"
Is there any way to let some specific users to use second wan and route the traffic through second wan connection only even if the first / primary connection is working. I need to add a dhcp group of users to only use our second ISP.
Is there any way to let some specific users to use second wan and route the traffic through second wan connection only even if the first / primary connection is working. I need to add a dhcp group of users to only use our second ISP.
9
Web Proxy Filtering and Caching / NAT Reflection Issue with Proxy
« on: December 11, 2018, 09:56:07 am »
Hey Guys,
To access my internal web server from WAN i use port forward, i also access it internally. Everything works just fine.
To access it from LAN with IP of WAN i use NAT reflection. Enabled all options "Reflection for port forwards", "Reflection for 1:1", "Automatic outbound NAT for Reflection".
Accessing web server with WAN IP from LAN works fine when i do not use proxy / web proxy. But when i use proxy (Either Transparent or Explicit) it do not work, link just times out.
Any suggestions what i am doing wrong or any other settings i need to enable or disable ??
To access my internal web server from WAN i use port forward, i also access it internally. Everything works just fine.
To access it from LAN with IP of WAN i use NAT reflection. Enabled all options "Reflection for port forwards", "Reflection for 1:1", "Automatic outbound NAT for Reflection".
Accessing web server with WAN IP from LAN works fine when i do not use proxy / web proxy. But when i use proxy (Either Transparent or Explicit) it do not work, link just times out.
Any suggestions what i am doing wrong or any other settings i need to enable or disable ??
10
Web Proxy Filtering and Caching / Pure NAT Issue with Transparent HTTP
« on: December 05, 2018, 06:29:04 am »
Hello Guys, Currently i am running Sensei plugin for web filtering which does not have cache feature. Most of my network system are Ubuntu and updating from command line uses HTTP so i use squid Transparent HTTP for that purpose. It works for me all fine.
I am running internally a web server which i access from outside as port forwarding from WAN and it works internally as well. With "Reflection for port forwards", "Reflection for 1:1" & "Automatic outbound NAT for Reflection" enabled, i can access it with WAN IP from internal / LAN network.
Only issue is that when i access web server (Port 80) from inside with WAN IP with Transparent proxy enabled, it will not pass that traffic and after a minutes of trying to access the link it just timed out. If i disable proxy then it start working all fine.
I need transparent http for cache and sensei for web filtering & logs so If anyone has any solution please provide..
I am running internally a web server which i access from outside as port forwarding from WAN and it works internally as well. With "Reflection for port forwards", "Reflection for 1:1" & "Automatic outbound NAT for Reflection" enabled, i can access it with WAN IP from internal / LAN network.
Only issue is that when i access web server (Port 80) from inside with WAN IP with Transparent proxy enabled, it will not pass that traffic and after a minutes of trying to access the link it just timed out. If i disable proxy then it start working all fine.
I need transparent http for cache and sensei for web filtering & logs so If anyone has any solution please provide..
11
Web Proxy Filtering and Caching / Explicit Proxy and Authentication
« on: November 27, 2018, 05:10:20 am »
Hi Guyz, In my another setup i am using web proxy as explicit configuration. I am also using ldap authentication for that.
Everything works just fine. The only issue is that any system application which do not have settings for proxy setup or do not ask for authentication, is not working.
How can i allow those applications to use internet.
Firefox has its own proxy settings so it will work but google chrome uses system proxy settings so i have to enable proxy for entire system.
I know i can only enable HTTP and HTTPS in proxy settings and leave everything empty and it works but i am looking if there is any other solution for allow some applications without authentication with letting all go through the proxy.
Everything works just fine. The only issue is that any system application which do not have settings for proxy setup or do not ask for authentication, is not working.
How can i allow those applications to use internet.
Firefox has its own proxy settings so it will work but google chrome uses system proxy settings so i have to enable proxy for entire system.
I know i can only enable HTTP and HTTPS in proxy settings and leave everything empty and it works but i am looking if there is any other solution for allow some applications without authentication with letting all go through the proxy.
12
Web Proxy Filtering and Caching / Transparent Proxy Issue
« on: November 23, 2018, 11:30:11 am »
Hey Guys, I am running transparent proxy (HTTP and HTTPS)
1. If i enable "ssl inspection" and do not add any site to "ssl no bump site" then it opens every single website except slack, google and its websites.
2. For same as 1 and if i add .google.com and .slack.com in "ssl no bump site" then it allows slack and google and its website but block every other website until i add an certificate to web browser of all the clients.
3. But using https from command line or any other way (Software center of ubuntu) then it gives an error.
Any solution in this situation ?
OR
Any option to add certificate to entire system so that no matter which way i access https (web browser, command line or other applications like ubuntu software center / slack / etc) i will allow it always.. (I run Windows, Linux and Mac systems in network)
1. If i enable "ssl inspection" and do not add any site to "ssl no bump site" then it opens every single website except slack, google and its websites.
2. For same as 1 and if i add .google.com and .slack.com in "ssl no bump site" then it allows slack and google and its website but block every other website until i add an certificate to web browser of all the clients.
3. But using https from command line or any other way (Software center of ubuntu) then it gives an error.
Any solution in this situation ?
OR
Any option to add certificate to entire system so that no matter which way i access https (web browser, command line or other applications like ubuntu software center / slack / etc) i will allow it always.. (I run Windows, Linux and Mac systems in network)
13
Web Proxy Filtering and Caching / Transparent Proxy With No SSL or WPAD
« on: November 05, 2018, 06:50:44 am »
Hey Guys, I have OPNsense configured as gateway in my 50 users network. I want to use Cache server only and only for Linux and Windows update, No web filter (HTTP or HTTPS). Is there any way i can do it without SSL inspection in transparent mode. I do not want to break authenticity of packet due to SSL MITM.
Many users take laptops to home so can not configure proxy explicit. I am not able to setup WPAD so if any one has very stright forward settings guide for WPAD, i will be greatful. I have one Internal network (LAN) and one OpenVPN setup for 10 users.
Also i have opnsense configured on different ports for login of HTTPS and SSH.
Many users take laptops to home so can not configure proxy explicit. I am not able to setup WPAD so if any one has very stright forward settings guide for WPAD, i will be greatful. I have one Internal network (LAN) and one OpenVPN setup for 10 users.
Also i have opnsense configured on different ports for login of HTTPS and SSH.
Pages: [1]