Topics

1

Virtual private networks / TOR Plugin questions

« on: Today at 05:11:42 am »

Hello

So, I see quite a few links on google and here about configuring etc, but what really is it used for? Is it beneficial beyond me already having NordVPN+OpenVPN config or my Wireguard [really just for home use]? Is it something I should use?
Just casually curious of peoples usages and thoughts on it.

2

24.7 Production Series / Can not get NGINX to allow connections..

« on: November 30, 2024, 06:47:40 pm »

Hello

I have NPM running on an internal VM/Docker and it works fine but wanted to set it up to be on the opnsense appliance instead and seem to be having some serious issues.
My WAN is static IP and I have a duckdns.org attached to it and verified it is directed as such.
My OPNSense LAN Interface is 172.16.2.1 which is of course the GUI access address..
My OPNSense Port 80 and 443 have been changed so that those 2 ports are free and available for NGINX.
I followed this guide to the T obviously putting in the correct code relevant to mys setup.
I am not sure what I am missing.. And either I am not educated enough in log monitoring to see what I am missing or what, but I see no obvious issues... During the setup everything was set and applied without errors.. The certificates were processed and approved etc.

https://forum.opnsense.org/index.php?topic=24778.msg118832#msg118832

3

Intrusion Detection and Prevention / Trying to determine best course of ADBlocking.. PiHole/Adguard+Unbound

« on: November 28, 2024, 04:10:06 pm »

Hi, just curious what some recommendations were, I currently have PiHole [only] as an ad blocker and [very important to me] local dns resolver.
Is PiHole good enough alone or is adguard+unbound better or equal?

4

24.7 Production Series / Opening 993 and 25 for Email Ports

« on: November 25, 2024, 01:41:11 am »

Hello, I had a successful configuration thanks to the help of some of you people. I had the 1:1 NAT explained to me and some of the Port Forwarding.

I was curious what was the best way to allow only those 2 Ports to be open to my LAN 192.168.1.0. I ask because I tried Port Forward but to no avail. I can send pics of what I currently have. The 192.168.1.0 has Internet access on its correct WAN so it’s definitely available.

5

24.7 Production Series / Can not get on the Internet LAN Side, but OPNSense itself can Ping 8.8.8.8

« on: November 08, 2024, 03:59:27 am »

Hi there

I’ve used OPNS a while back and had 0 issues with it but my layout was quite simple. At that same time I was using Cisco ISR + FTD (NGFW) for my more complicated setup but wanted to move it all over to just OPN.
I won’t get to crazy details of my setup but will mention the most basic needs;

I have 5 usable static ips, each static wan ip has its own network. I.E. 207.108.x177 is 192.168.1.0, 207.108.x 178 is 192.160.2.0 and so on. Obviously I need NAT for WAN to LAN (ip) direction  for specific ip’s and port services etc but also want a NAT for the WAN to NETWORK as a whole.
Just curious if this is possible.
So, I’d need NAT x.x.x.177 is 192.168.1.0 but then NAT x.x.x.177 Port 443 to let’s say 192.168.1.443 for NGINX.

6

General Discussion / VLAN Implementation, unsure.

« on: November 15, 2023, 05:48:19 pm »

Morning.

Currently my OPNSense has a STATIC WAN IP via PPPoE and then 1 DHCP Server, 192.168.5.0.

I was wanting to split my network into 3 vlans, using a L3 Switch, as such;
vlan1 - 192.168.1.0 Home Wifi [will connect to wifi router]
vlan2 - 192.168.2.0 Home Ethernet [any devices physically plugged in]
vlan2 - 192.168.3.0 Home Servers [OMV, Email Servers etc]

Currently said Switch [connecting to LAN of OPNSense] is in L2, all connecting to 192.168.5.0, but I want to restructure my network.
Would I create the 3 vlans as mentioned on the L3 and then create a 4th network [from opnsense to L3] or could vlan1 be an extension of Opnsense DHCP?
I would assume having the network from opnsense to l3 would be it's own network outside of the 3 vlans. Bring that the vlans would be L3, I assume the automatic "communication" of the inter-vlan wouldbe automatic (so like 192.168.2.88 could ping 192.168.3.55 without static routes cause the L3 would already know?).

This will obviously get deeper as I do have a block of static IP's that need to be directed to specific LAN Ip's, but for now I wanna establish the ground rules.

7

General Discussion / Chaning existing NIC 1 and 2 to accomidate imported backup

« on: November 01, 2023, 05:30:49 pm »

So, currently this new PC I am trying to convert to Opnsense Firewall has re0 and re1 as NIC's... All is good. I go into GUI and I load my existing backup from a different system and the NIC's have changed to nothing that is even on this new system... Can I simply change the NIC's names on new system from its vnet1 to re0 and so on or does it not work that way, cause it is a new system new hardware.

8

Virtual private networks / OpenVPN (NordVPN) and selecting IP Range [only] to use it

« on: October 31, 2023, 04:48:27 am »

Hi there, I get my NordVPN up and running and all is well but I really am just wanting 192.168.5.176 - 192.168.5.181 to use it and the rest of the Network, 192.168.5.1 - 192.168.5.175, to use my default WAN/ISP IP.

What I did in testing was create an Alias of 192.168.5.176 - 192.168.5.181 and then under the LAN [Out] I chose the Alias as the Source... And nothing works.
Anyone else have success with this?

9

23.7 Legacy Series / HP will not allow install of [dvd or vga] boot disks

« on: October 29, 2023, 11:42:11 pm »

It keeps saying something about Securer boot, but when I go into bios and disable it, save it and reboot, it says same thing.. I then download debian 12 as a test and it installed, so the usb stick and port are working... Just not sure WTH to do about this!

10

23.7 Legacy Series / Unsure about Proxy scenario

« on: October 25, 2023, 07:09:27 pm »

Hi so on my Opnsense I do have WG setup and works fine but the problem I have is, from work, I can not access anything that is not already on the laptop, I do not have admin rights... I was wondering, is there a way to set up a Proxy on Opnsense that connects to my LAN , and at work, on existing Firefox connect to that Proxy and then go to "lan" ips via firefox [web based stuff].

11

General Discussion / Can not access [https://192.168.1.1] GUI on fresh install on Proxmox

« on: September 14, 2023, 03:05:41 am »

Hey, so I am having an issue I simply can not figure out.
I have a working [8.0.2] Proxmox w/ 4 Physical NIC's. 1- proxmox itself, 2 - opnsense lan [enabled in prox], 3 - opnsense wan [enabled] and 4 is disabled.

I installed using VM and create the VM and then add 2 and 2 (lan and wan). I do installer/opnsense and go through the motions. It reboots and has default 192.168.1.1 lan/dhcp. For the life of me, I can not get my PC (dhcp) to obtain an ip or ping or anything 192.168.1.1. I even plugged PC directly into LAN of opnsense.
I even set ip to manual... I also verified correct nic's being associated to lan/wan.

12

Virtual private networks / WireGuard only allowing LAN access, no more WAN since new install

« on: August 17, 2023, 06:22:06 pm »

Hi!

Before I got all crazy and deleted this and that, I figured I would ask first. My wireguard was working fine.. From my iphone I could connect to the vpn, access the LAN and then also have my [home internet] WAN IP and surf the web, was glorious.
I backed up the opnsense. I formatted and reinstalled my proxmox server etc and reinstalled opnsense, and restored my backup. Everything works fine, even wireguard works, but now no internet! Only LAN access.
Any ideas or suggestions?

I will say this; the only change I did do was go from opnsense unbound to using pihole [as a vm] for my dns. But my DHCP/LAN points to [192.168.5.118] my pihole, and it works.... Maybe wireguard is having a problem with that? Would wireguard use the opnsense system/wan DNS or use the lan pihole one?

13

General Discussion / [Latest] OPNSense (DVD Install) running at 120-200% CPU

« on: August 01, 2023, 06:20:29 pm »

First of all I have no idea if it is the KVM on my Open Media Vault which is running OPNSense in a VM or the Opnsense OS itself but on OMV I see that qemu has Opnsense at 120%+ CPU usage. When I "top" within Opnsense it has highest at like 1-8% CPU but OMV (Debian) shows it as 120+. When I top in OMV, everything else is 1-8% as well, but the qemu.
I reinstalled OPN several times bu same thing. The OMV machine is 384GIG RAM, and 2 CPU @ 64 Cores. I assigned OPN 4 CPU and 48GIG RAM. If it is OMV that is fine, but am wondering if anything of this makes sense or any suggestions?

Do I need to install qemu-guest-agent in Opnsense?

14

General Discussion / Does BACKUP not “BACKUP” my pppoe info and plugins etc?

« on: July 30, 2023, 05:56:04 am »

Was wondering if it does not, or if I missed a checkbox that doesn’t seem visible.

15

General Discussion / When should Upstream (WAN Interfaces) be manually selected?

« on: July 18, 2023, 03:19:34 am »

So after reading some information on Upstream gateways, I still have no idea if and when to utilize the option.
In tearing down the system I have, when it was simply LAN/WAN I never needed to manually set the WAN Interface as an upstream.
Now I am running 2 OpenVPN Clients (with their designated LAN IP Ranges, their appreciate LAN Rules and their Outbound NAT rules) and am curious if with this all set do I need any of them, or all (vpn 1 vpn 2 or wan), to be set as Upstream?
I do have LAN rules for the ip ranges to “out” on the correct VPN Interfaces. I just wanna have the correct settings even though if let’s say either way would work. I want the more secure and legitimate setting.