Topics

1

Virtual private networks / Upload Images While on VPN

« on: November 20, 2024, 07:48:35 pm »

Hello all,

I am using Wireguard VPN server on my OPNsense firewall. Allowed IPs on the client is set to 0.0.0.0/0, and I have created a firewall rule to let all traffic from my VPN interface outbound to the firewall. The goal is to allow VPN users outbound access to the Internet. This allows us to communicate over Slack when on our VPN. Text works great but upload of images fails. Anyone got a thought on why this is? My outbound rule is set for ANY.

Thanks,
Steve

2

High availability / HA Virtual Firewalls

« on: November 14, 2024, 06:38:56 pm »

Hello all,

I am in the process of prepping my second virtual firewall node, so I can have a HA setup. The one question I cannot seem to find the answer for is whether the pfSync interface needs to be a physical NIC on each side or could it just be a dedicated VLAN on each side. I am running Proxmox, so I could dedicate a physical NIC to pfSync on each side but I would prefer to just make a dedicated VLAN available on each side.

Thanks,
Steve

3

General Discussion / iSCSI VLAN Question

« on: November 01, 2024, 07:44:55 pm »

Hello all,

I have a VLAN dedicated to iSCSI storage traffic. I have setup the interface just like I would with any other interface. I have no rules assigned for this interface. When I try to ping from one device to another, both in the storage vlan, they do not respond. Do I just need an ICMP rule to allow this to happen? I am trying to troubleshoot some issues.

On a separate but related topic I would like to change the MTU on the storage VLAN to 9000. I assume that every path between any two devices must have their MTUs changed to make this happen correct?

Thanks,
Steve

4

Virtual private networks / Wireguard and Outbound Internet Access

« on: October 30, 2024, 03:55:32 pm »

Hello all,

I use Wireguard for client VPN access to my internal servers. I would like to allow the VPN client to be able to access the Internet, while connected to the VPN. I thought having the Allowed IPs of 0.0.0.0/1 and 128.0.0.0/1 would do that but it does not seem to be working. Am I missing something?

Thanks,
Steve

5

General Discussion / Update OPNsense from CLI

« on: October 09, 2024, 07:57:47 pm »

Hello all,

I am trying to update my OPNsense firewall VM from the console CLI. I responded to allow a reboot when done with the update, but it is now showing me the notes of the update. How do I get past this to continue the update?

Thanks,
Steve

6

General Discussion / Oauth 2.0 for Application Set

« on: October 07, 2024, 10:02:49 pm »

Hello all,

My firm is looking to integrate Oauth 2.0 to our application platform. Is there anything that OPNsense can help with or are we looking to outside capabilities?

Thanks,
Steve

7

General Discussion / Migration from Physical Firewalls

« on: September 27, 2024, 03:48:07 pm »

Hello all,

I am moving away from physical to virtual firewalls. This question is about which filesystem I should use for my virtual firewall. Do I use ZFS and add vRAM for ZFS or do I use UFS?

Thanks,
Steve

8

General Discussion / Firewall Deactivation/Activation

« on: September 25, 2024, 05:43:12 am »

Hello all,

I currently have a physical firewall running. I have built a virtual firewall but my question has to do with deactivating the physical firewall and letting the virtual firewall become the active firewall. How do I do this?

Thanks,
Steve

9

Virtual private networks / Wireguard File Update

« on: September 14, 2024, 05:30:55 pm »

Hello all,

I was connected to a remote VPN and accidentally unchecked the Enable Wireguard button. I have cli access to the firewall. Is there a file I can edit to update the checkbox or go I need the GUI to do this?

Thanks,
Steve

10

General Discussion / Primary and DR Firewall Rules

« on: September 05, 2024, 06:26:55 pm »

Hello all,

I have a primary firewall and DR firewall. Can I export the aliases, NATs rules, and firewall rules from the primary firewall and then import them to the DR firewall? This would save me alot of keying.

Thanks,
Steve

11

General Discussion / OPNsense and WAF

« on: September 03, 2024, 08:22:11 pm »

Hello all,

Is there a plugin that provides WAF functionality? If not are there any good cloud WAFs that can work with OPNsense?

Thanks,
Steve

12

General Discussion / Multiple WAN IPs on OPNsense

« on: August 28, 2024, 06:29:00 pm »

Hello all,

I just want to confirm that I have done it properly, with regards to configuring my WAN interface for two public IPs.

Presently my WAN interface is configured as follows:

Interface: WAN
IPv4 Config Type: Static IPv4
IPv4 address: 133.202.185.221/29
IPv4 GW rules: 133.202.185.217

I have added a vritual IP with the following config:

Mode: IP Alias
Interface: WAN
Network/Address: 133.202.185.220/32
Gateway: 133.202.185.217
Deny service binding: unchecked
VHID Group: blank

Have I configured this correctly? Am I missing anything to make this work?

Thanks,
Steve

13

General Discussion / Nginx Plugin and Use

« on: August 17, 2024, 05:51:53 pm »

Hello all,

I have two Plesk servers that I manage, one test and one production. Each server has a Nginx/Apache deployment. I cannot seem to figure out how to allow the websites from each server to peacefully coexist thru one public IP, so my thought was to move the Nginx processing up to the firewall, which would then have access to both servers.

I am not a web guy at all. I am a lower level infrastructure guy, so Nginx/Apache is Greek to me. I have the Nginx configuration from my test server and am trying to see how it lines up to the Nginx plugin on OPNsense. Is there anyone out there who is using the Nginx plugin with vhosts? I would love to have a dicussion on how I can try to implement the plugin.

Thanks,
Steve

14

24.7 Production Series / Speedtest Widget

« on: August 11, 2024, 05:33:02 pm »

Hello all,

Is the Speedtest widget going to make a comeback with the new dashboard?

Thanks,
Steve

15

General Discussion / Zabbix Agent Updates

« on: August 08, 2024, 06:59:50 pm »

Hello all,

I have been very disappointed with the Zabbix agent for FreeBSD, in that there is nothing that will report on the applications/plugins that sit on top of OPNsense. I reached out to their integrations team, about their willingness to use the OPNsense API to build new functionality, since I am not a developer. They came back with what I think is a very reasonable price for the work.

I asked them to price out the following:

From the Core list: DHCP, DHCPv4, DHCPv6, Firewall, Firmware, IDS, OPenVPN, Unbound, Wireguard
From the Plugins list: Acmeclient, Caddy, ClamAV, DynDNS

These are the applications/plugins that I use. Cost to include these is $6000 USD, which I think is very reasonable. My thought was to see what this group uses and maybe we all chip in to pay the cost. Once its done its available for all to use, but this is a fabulous oppty to treat the OPNsense pieces as more of an application set rather than just reporting on the OS only.

Let me know your thoughts.

Steve