Topics

1

24.1 Legacy Series / Created a migration tool for DHCP Static Reservations to Kea DHCP Server

« on: March 09, 2024, 06:58:22 am »

I created a tool that migrates your DHCP static reservations from the ISC DHCP server to the new Kea DHCP server. If you have a lot of static assignments, this tool can save you a lot of time.

It can be found here https://github.com/EasyG0ing1/Migration and it is fully documented.

2

Intrusion Detection and Prevention / DMZ Question(s)

« on: January 16, 2024, 09:28:09 pm »

Hello,

Given a setup where OPNSense is running in a virtual machine on an ESXi box, I want to create a VM for off-lan use that I would want to be segregated into its own DMZ.

I've read discussions about this; some have recommended using two firewalls while others think one is fine, etc. And given the flexibility of having OPNSense in a VM, where adding NICs is not an issue or even installing another OPNSense VM, what would be the best implementation for a DMZ setup?

My thinking on it is that if I use an additional virtual NIC on a new subnet, then punch the port through to the device on that network, while establishing rules that would prevent that device from accessing any ports on the firewall that could be used to compromise it, then make sure that the only destination it can reach is the Internet ... it should be safe enough.

I'm looking for thoughts about that or any experience anyone has had with DMZs and OPNSense.

I realize it would be safer to set up a VPN endpoint in the firewall, but for this use case, that isn't a desired option, so I'm exploring the DMZ scenario.

Thank you,

Mike

3

General Discussion / Private subnets can no longer see each other after NordVPN Setup

« on: January 18, 2023, 08:44:09 pm »

Hello, thanks for reading this post.

I have OPNSense setup with four NICs but two are in a bridge.

0 - WAN
1 - LAN - 10.10.11.0/24
3 - BRIDGE - 10.10.10.0/24

I had the Bridge and the LAN talking just fine then I set up a Nord VPN interface by following the instructions on their site. And the VPN tunnel is working fine. I even added a rule to the firewall so that my laptop goes out the WAN DHCP gateway and not the tunnel (this is how I want it configured).

But now when I try to ping between the LAN and the BRIDGE, packets won't cross over.

Here are screenshots of the firewall rule summary for each of the interfaces. At this point I'm at a loss ... I'm fairly new to OPNSense and don't quite have the feel of it yet.




Thank you,

Mike

4

General Discussion / Cannot get Bridging to work at all

« on: January 04, 2023, 08:53:00 am »

I'm having a difficult time getting bridging to work at all with OPNSense 22.7

Using a VM, I have an install that I can play with, so here is the description of my current config and how I got there:

The ESXi server has 4 NICs.
1 - WAN
2 - LAN
3 - OPT1
4 - OPT2

After initial setup I verified that I can reach the Internet from the LAN interface (10.10.10.0/24) without any issues. My goal at this point was just to get bridging to work at all before including the NIC that is in the LAN interface so I'm only using the unused two NICS for the bridge (OPT1 and OPT2).

Here is what I did next:

• Interfaces / OPT1 & OPT2 and Enabled them and did nothing else.
• Interfaces / Other Types / Bridge, hit the PLUS button and selected both OPT1 and OPT2 for the interfaces, and set the description to BRIDGE
• Interfaces / Assignments and added a new interface using BRIDGE as the port and called it BRIDGE
• Interfaces / BRIDGE / Enabled and set a static IP address of 10.10.11.1/24
• System / Settings / Tunables and set net.link.bridge.pfil_member = 0 and net.link.bridge.pfil_bridge = 1
• Firewall / Rules / BRIDGE - added a new rule that allows all IP4 traffic unrestricted.
• Power / Reboot - rebooted the entire firewall (cold reboot of the VM)

Configured a NIC on my workstation with IP address 10.10.11.2/24 gateway 10.10.11.1 and plugged that nic into one of the ports that make up the bridge. No other NICs are active on my workstation, only that NIC.

I cannot ping 10.10.11.1

What am I doing wrong?

5

Hardware and Performance / How to emulate home style router switch ports with OPNSense

« on: December 16, 2022, 05:41:09 am »

Hello,

I just installed OPNSense in ESXi on a Techvision TVI7309X which is one of those inexpensive fanless "software router"s from China ... its running quite nicely, but I am curious about Ethernet port configuration options.

The router has 4 2.5G Ethernet ports.

With a typical home router, you generally have one WAN port and a few LAN ports that are all in the same collision domain with minimal layer 2 switching ability.

How can I set up OPNSense so that I can have three of these four ports configured as a mini switch?

Thank you,

Mike