Topics

Dear friens,

I need to migrate OPNsense from an APU1c (two-core) with realtek nics to the APU2E4 (4-core) with Intel NICs.

Can I simply change the mSATA card from one board to another?
If not, what is needed for migration?

Kind regards,
FrenchFries

Dear all,

Does OPNSense wireguard support IPv6? The default documentation does tell about IPv6 in Wireguard, only IPv4.

I am planning to use a Roadwarrior scenario. If the client has a public IPv6 assigned by ISP, IPv6 routing may take precedence over IPv4 routing if Wireguard only offers IPv4. Therefore, Wireguard needs to support IPv6.

Do I miss something or IPv6 is needed in Wireguard?

How to configure IPv6 in Wireguard? Can I choose any /64 within my delegated /48 subnet?

Kind regards,

Dear friends,

My OPNsense firewall is stuck because I enabled HSTS (HTTP Strict Transport Security) from the GUI without a valid certificate. This is a nice security feature, and I tried to modify Chromium and Firefox settings to bypass HSTS, without success. Therefore I no longer have access to the administration GUI of OPNsense.

I still have SSH access to the firewall. How can disable HSTS from the command line? Is there a way to reload the firewall on port 80? Any solution would suit me. Is there a way to use configd to reset this setting?

Kind regards,
French Fries

Hello,

I am currently using OpenBSD as a firewall, as the attack surface is really small. I am considering moving to OPNsense ...

After configuring OPNsense, I would like to disable the web interface and config daemons from SSH console (preferably using the text prompt). When I need to modify the configuration, I only need to logon the serial/ssh console and enable web GUI and configd again. How can I do that ?

On modern switches with a UI, you only use the UI during configuration, then you disable it.

Does it sound like a reasonable feature to add on the To-do list?

Kind regards,
French Fries