Topics

1

24.7 Production Series / Help with creating server certificate for OpenVPN

« on: August 06, 2024, 02:24:34 am »

Hello all,

Wondering if you could help with a little problem I'm having.  Probably end up to be some stupid oversight on my part, but I'm prepared to be humbled.  Recently upgraded to 24.7, imported all my settings, but my OpenVPN connection no longer worked.  The clients on remote PCs just hung and then timed out.  I'm using DDNS to Cloudflare on one of my subdomains.  That seems to be fine.  I can ping the subdomain and my home IP from my ISP remotely.  Not sure what broke, but thought maybe it had something to do with the certificates.  So I decided to try starting from scratch using the new "instance" version of OpenVPN.

I was following the instructions in the documentation here https://docs.opnsense.org/manual/how-tos/sslvpn_instance_roadwarrior.html .  Step 1, create certificate authority.  No problem, created one called OpenVPN_CA.  Step 2, generate a certificate for the CA.  Here's where I'm getting confused.  The second bullet point says "Choose the just created authority in Certificate authority".  However, on the certificate creation window there is no field called "Certificate Authority" from which to select the newly created OpenVPN_CA.  See attached screenshot.  What am I missing here??

Thanks!

2

General Discussion / Trouble with Wifi access points

« on: June 03, 2024, 06:36:49 pm »

Good morning!  Hoping you all can help me with a head-scratcher.

I have a small office of a few computers served by Comcast Business internet.  I finally got Opnsense with Comcast's crap system and crap modem/router box.  However, something weird happened along the way.  For years I'd been using three TP-link wifi routers (two C7 v2's and one C9 v6) in access point mode (plugged into switches via a LAN port, WAN ports unplugged, DHCP disabled, each assigned a static IP outside the router's DHCP range, each with different SSID's, etc).  Once I got the Opnsense box working, suddenly no device (mostly phones) connected via wifi to the TP-link boxes could access the internet.  They are all receiving IPs in the Opnsense DHCP range, they all have the Opnsense IP as the gateway.  I can ping all TP-link boxes from Opnsense and vice versa.  I can ping all phones from Opnsense.  And suddenly one phone (and still only the one) can now access the internet through one of the TP-link boxes.

The two things that are completely baffling me are 1) what would be causing traffic from plain old access points to be blocked, especially when everything can ping everything else?  and 2) the inconsistency of one phone getting through but no other (even an identical phone configured identically).

Anyone have any ideas where to start?

3

24.1 Legacy Series / Cannot get out on the internet with Comcast Business service

« on: May 24, 2024, 04:08:27 pm »

Good morning everyone!

I am trying to set up an Opnsense box at my small office (mainly to overcome various stupidities of Comcast and WSE).  I have an Opnsense box set up at home and had no trouble getting an IP on the WAN interface from my Verizon residential dynamic IP service.  Working wonderfully.  However, at the office we suffer under a Comcast Business plan, and I have thus far been utterly thwarted getting an IP on the WAN interface from the Comcast box.

Specs:  Dell Precision T3610 repurposed as the router, Opnsense 22.7 (yes, I know I'm in the wrong forum, but it seems like no one posts in the 22.7 forum any more, and I'm going to update as soon as I can get a WAN connection), Intel 4-port NIC.  Comcast box:  Technicolor CGA4131COM set in pass-through mode according to Comcast's instructions (true bridge mode not allowed by Comcast if you have a static IP from them, which we have).  Opnsense LAN is 192.168.10.2, Comcast box LAN is 192.168.10.1 (which it's always been).

I have checked all of the usual suspects - bad cables, wrong ports, etc.  I am going to double check that I didn't mess something up in the configurations, but it's pretty vanilla at this point - I haven't been messing with any custom configs or VLANs or anything.  No trouble reaching the UI via the LAN port and IP.

I have followed all of the steps from Comcast about putting their box in pass-through mode, restarted it after changing settings, restarted the Opnsense box, etc.  If I leave the WAN in DHCP, all I get is 0.0.0.0 for the IP.  Following suggestions elsewhere on the interwebs, I tried manually entering the available static IP from Comcast (XX.XX.XXX.165/32), but could not get out on the internet from any internal device even when setting the default gateway on the device to the Opnsense box at 192.168.10.2 (but no trouble reaching the UI on that address).  Next I tried changing the WAN "IPv4 Upstream Gateway" to the static IP assigned to our Comcast box (XX.XX.XXX.166) as per suggestions elsewhere, but kept getting an error message from Opnsense that "The gateway address XX.XX.XXX.166 does not lie within one of the chosen interface's IPv4 subnets".  So I'm stuck there for the moment too.

I'm committed to making this work.  I'm just not sure what to check or where to look or what to try next at this point.  So I decided to post here first before I wipe everything and start over from scratch (which I'm open to if that's likely to help).  I would be immensely grateful for any suggestions.

4

General Discussion / Access home network using VPN while router is connected to PIA

« on: September 23, 2022, 10:45:56 pm »

Hello all,

First time post here.  I'm considering jumping into OPNsense, installing it on an unused computer or old server at my home.  I have a "is this even possible" question I was hoping someone could help me out with.  I tried googling and searching the forums, but couldn't get the wording right to land on a good search result that answers my specific question.

I would like to connect the OPNsense router to Private Internet Access such that any device (permanent or transitory, like visitors' cell phones) on my home network is encrypted when browsing the great interwebs.  As an aside, I would like have certain traffic like Disney+ and Netflix NOT routed through PIA, which I understand is possible.

So far all of that seems straightforward and possible to accomplish.  Here's where my question comes in:  I would also like to connect to my home network from my computer at work using a VPN so I can back up work files to my home NAS SAMBA share.  Is this even possible?  Have one VPN connection from my work computer to the OPNsense box, yet have that same OPNsense box route home network devices through PIA?

Thanks all!