OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of smajor »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - smajor

Pages: [1] 2
1
19.1 Legacy Series / VPN Setup
« on: March 09, 2019, 03:12:44 am »
Hi All,

I've followed the instructions here, as they seem to offer compatibility with macOS, iOS, Windows, and Android.

https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-rsamschapv2.html

I've done everything per those instructions and the test user.  ...and... now what?  How do I configure the clients?  That seems to be missing.

I initially followed this guide, which at least had instructions for the clients, which seems to have additional steps for the firewall (which makes sense and the first link doesn't have) but it didn't work:

https://docs.opnsense.org/manual/how-tos/ipsec-road.html

I'm not a VPN/IPsec expert at all, but there seems to be a lot of work done in this area with a lot of changes, and as someone who doesn't work at lot with VPN and isn't familiar with setting it up, I'm finding the documentation either a bit out of date and/or confusing.

Does anyone have a guide, external blog, anything with clear and simple to follow directions to get this working?

Thanks!

2
17.1 Legacy Series / Install Freezes at Guided Installation
« on: February 25, 2017, 06:13:15 pm »
I'm trying to do a fresh install on a 2nd machine to use as a backup incase the main router goes down.  I never had problems installing v15 or v16, but man, the FreeBSD underpinnings of v17 seem to be making what was once simple, frustrating.

First it wouldn't boot until I did the steps here:
https://forum.opnsense.org/index.php?topic=4389.msg17200#msg17200

Now, I make it all the way to "Guided Installation" but on that screen I can't select anything. It's just frozen. No keyboard input. Nothin'. I have to force reset the PC.

3
General Discussion / USB Flash Drive Format to store backup Configuration
« on: February 20, 2017, 06:54:08 pm »
I've been banging my head against the wall for the past hour on, what I thought based on my Ubuntu experiences, would be a fairly simple thing to do.

I'm trying to get my OPNsense configuration onto an old USB Flash drive of low capacity (hey, not much good for anything else nowadays!) so that when/if I have a melt down or replace hardware, I can insert the USB stick during install and choose "Restore Configuration" and be on my way.

In doing a dry run with this, the OPNsense installer (or rather FreeBSD) refuses to see the format on the flash drive complaining that it isn't formatted or an unknown partition type.

I figured that most distros on the planet would understand at least FAT16 or 32 by now, I guess not. I tried formatting in UFS2, but I either failed horribly or it doesn't like that either.

Could anyone tell me exactly what it might be looking for in terms of formatting and exactly how to do this so it works?

Personally frustrated, but appreciative of any help or suggestion!

Thanks all!

4
16.1 Legacy Series / IDS Rule Descriptions
« on: March 10, 2016, 02:44:08 am »
Hi all,

Is there a better description of the IDS rules? All the info buttons go to here: http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ

...and that's fine, great descriptions of the obvious ones, but there are many more rules available than the generic descriptions listed there.

Some are self-explanatory or subsets of the lists on that page, which is again, easy.  Others I just don't have a clue about.

5
16.1 Legacy Series / fsck and OpnSense
« on: March 01, 2016, 12:47:11 am »
I recently discovered that my filesystem didn't come up cleanly after a power outage and may be related to some issues I had.

I did the old school boot into single user mode and ran fsck - actually twice before everything got cleaned up.

Is there a built in with with OpnSense to do this?  I found this with pfSense:

touch /root/force_fsck would force a check/repair on reboot.  Didn't seem to affect OpnSense.  This might be something handy to have as a GUI option down the road?

6
16.1 Legacy Series / Help Configuring Split DNS
« on: February 21, 2016, 12:24:08 am »
I'm looking for some advice on configuring my router's DNS. I run split DNS, I want my internal NAT clients to resolve to an internal NATted DNS server.

My main issue is that I have a web server, among other services, running on NAT and I find that OPNsense cannot resolve to things like URLs on my web-server.  Possibly because of my internal DNS being on a system behind NAT as well.

What would be best practice for this? Under System>Settings>General should I use my internal DNS server or External, or both? Or is there some other setting I need to have a look at?

Thanks all for any tips.

7
16.1 Legacy Series / Intrusion Detection Settings - Left vs. Right Checkboxes?
« on: January 30, 2016, 04:53:44 pm »
Hi all, I'm a bit confused about the checkboxes here...

For example, under rulesets, we have the first item "botcc.portgrouped" with a check box to the immediate left and to the right a checkbox for "enabled".

Obviously, the right checkbox is explanatory.  What's the left checkbox for?

8
15.7 Legacy Series / [SOLVED] DNS MX Record?
« on: December 06, 2015, 06:06:33 pm »
Apologies if this is in the GUI and I'm overlooking it.  I'm interested in having OPNsense take over my DNS duties as it seems to do everything I need for my relatively simple LAN.

I need one host to have an MX record, but I can't seem to find an option to add it. If it does not exist, maybe a simple checkbox "
  • Add an MX Record for this host" could be done at some point?

9
15.7 Legacy Series / Random Non-Responsiveness
« on: November 21, 2015, 07:02:48 pm »
Hi all, somewhere around 15.7.19, or my enabling DHCP, OPNsense has started randomly freezing. All interfaces go dead and I'm forced to power off and back on.  I run the CPU headless, so I don't see what might be happening on the screen. I've attached a display for "next time."

The interval can be completely random.  Several days to just hours apart.  Mostly the latter.

I thought maybe the older hardware I was on was having a problem, so I migrated to a newer box.  The exact same issues happen with it.

The web GUI doesn't detect a programming, but I submitted one via that mechanism anyhow in hopes that may show something. Are there any other logs available via the shell I can look at or submit?

10
15.7 Legacy Series / [SOLVED] 15.7.18 "not a valid source IP address or alias"
« on: November 05, 2015, 11:37:18 pm »
While you can now select an alias that uses a URL Table (IPs) - thanks for the bug fix! When using "URL Table (IPs)", you cannot set the Alias in a rule. You receive a "[alias name] not a valid source IP address or alias".

Using the same URL and creating an identical rule with a "URL IPs" works as expected.

Thanks!

11
15.7 Legacy Series / URL Alias Confusion
« on: October 29, 2015, 11:42:35 pm »
Hi all, here is what I'm trying to accomplish. I thought I had it figured out, I suppose I do not.

I have a URL to a list of IPs in CIDR format hosted on a web server. Example of IPs in the list would look like this:

66.249.81.205/32
66.249.81.215/32
66.251.216.0/24
69.1.253.0/24
72.251.244.16/32

In the URL section of Alias, I've tried to add this under both "URL (IP)" and "URL Tables (IP)" [I really don't know what the difference is with these - the full help doesn't explain it nor the the link to the wiki have anything about this].

Whichever I choose, I've tried both, nothing seems to be downloaded (that I can tell) nor can I select the alias when I create a rule - it simply isn't in the list.

Does this feature not work the way I think it works?  If it does, what am I doing wrong?

Thanks!

12
General Discussion / [SOLVED] Auto-Updating Alias Lists from URL?
« on: October 26, 2015, 02:14:19 pm »
My apologies if this has already been asked.  I'd like to make use of some black lists provided via URL in cidr format.  I use a couple now by manually copy/pasting via bulk import into OPNsense alias lists.

1) is there a way to do this currently outside the GUI along with periodically updating the list?

2) is this a feature that will make it into OPNsense? It seems aliases could be more valuable if some automation was added to them.

Thank you.

13
15.7 Legacy Series / [SOLVED] OPNsense 15.7.7_1-i386 - Connection Error checking for updates
« on: August 08, 2015, 07:45:03 pm »
I've been successfully doing updates with the GUI since 15.1.  Yesterday, and today, checking for updates results in:

Connection Error
Click to retry

Problems at your end?

14
15.7 Legacy Series / IDS Auto-block
« on: July 31, 2015, 11:17:29 pm »
Is it (or will it be) possible to auto-block external addresses that are located by the IDS and Suricata rules?

The alerts are fantastic for tracking down a misbehaving host. It isn't always possible to 1) get to it right away and 2) monitor threats realtime.

Or does it already do this and I'm not seeing a setting or understanding that enabling will do this.

Thank you as always.

15
15.7 Legacy Series / Suricata/OPNsense Questions
« on: July 06, 2015, 12:35:10 am »
Greetings. I'm exploring 15.7 and found the Intrusion Detection!  Excellent job, devs!

First, I checked the wiki because I'd like to learn a little more about it since I've not heard of Suricata before now. Some general questions:

1) By default, IDS is monitoring LAN, is this correct? I would have thought I'd want to watch for these at WAN.

2) Is there a list somewhere, (Suricata site?) that defines what all of these rulesets are? Some are obvious, some not so much.

Once again, thank you. Very nifty!

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2