"
Hello guys,
I am new for opnsense and this is my first topic.
I was using CP firewall for a long time(maybe 8 years), when I played VM and installed the opnsense, I found it's amazing and powerful...
Now I am planning to replace the CP, the opnsense now is all-in-one 8) FW,VPN,DNS,AD-BLOCK,AV,PROXY... and one more important thing is that I can easily customize all the settings :D
And I do need some advice on two difficult problem. The first is about certificate, I set a windowd AD CA to the Authorities and issued some certificates from the AD CA, configured the openvpn to use windows AD users auth + certificate, it works perfectly. But the CRL makes me crazy :( the windows CA CRL published every 7 days, so I need to update the CRL data in opnsense every week. I'd like to ask if there is any way to set up the opnsense auto download the CRL?
The second is about web proxy, the parent proxy feature setting is not what I want, this settings allow all traffic to the parent proxy exclude the local domain or IPs, but I want to invert this, I only want some domains or IPs going to the parent proxy. My question is if I make changes to the config file '/usr/local/opnsense/service/templates/OPNsense/Proxy/parentproxy.conf' , will it be overwrite in the next packages update? Is there a better way to keep the file persistence?
Thanks and good day!
I am new for opnsense and this is my first topic.
I was using CP firewall for a long time(maybe 8 years), when I played VM and installed the opnsense, I found it's amazing and powerful...
Now I am planning to replace the CP, the opnsense now is all-in-one 8) FW,VPN,DNS,AD-BLOCK,AV,PROXY... and one more important thing is that I can easily customize all the settings :D
And I do need some advice on two difficult problem. The first is about certificate, I set a windowd AD CA to the Authorities and issued some certificates from the AD CA, configured the openvpn to use windows AD users auth + certificate, it works perfectly. But the CRL makes me crazy :( the windows CA CRL published every 7 days, so I need to update the CRL data in opnsense every week. I'd like to ask if there is any way to set up the opnsense auto download the CRL?
The second is about web proxy, the parent proxy feature setting is not what I want, this settings allow all traffic to the parent proxy exclude the local domain or IPs, but I want to invert this, I only want some domains or IPs going to the parent proxy. My question is if I make changes to the config file '/usr/local/opnsense/service/templates/OPNsense/Proxy/parentproxy.conf' , will it be overwrite in the next packages update? Is there a better way to keep the file persistence?
Thanks and good day!
