Messages

1

19.1 Production Series / Re: AD Authentication with OPNsense

« on: May 22, 2019, 08:07:14 am »

Have you considered RADIUS to link OPNsense to AD? It has a lot of security benefits and is specifically designed to allow authentication for edge devices.

I use it for a VPN and happy to assist.

Bart...

2

19.1 Production Series / Re: DLNA propacation

« on: May 16, 2019, 01:37:01 pm »

Did you bridge the interfaces? Have a search through the forum as well, there are some threads on Plex, upnp, and the likes.

Bart...

3

19.1 Production Series / Re: DLNA propacation

« on: May 16, 2019, 08:09:17 am »

Use a switch between your LAN and your wireless. Use the firewall between the switch and the internet. Don't use OPNsense as a switch.

Bart...

4

General Discussion / Re: Port Forward over VPN

« on: May 12, 2019, 02:53:58 pm »

Does the host in site B have its default gateway set to the tunnel? You may have to source NAT the traffic from site A at site B for the host at site B to be able to send reply packets back to the source.

Bart...

5

General Discussion / Re: Any IPv6 tunneling such as ISATAP or IPv6 payload over IPv4 IPSEC?

« on: May 11, 2019, 09:49:26 pm »

Can OpenVPN client access include both IPv4 and IPv6 addressing at the same time?

Indeed it can. On the OpenVPN server edit page in OPNsense you can set both an IPv4 and IPv6 subnet for the tunnel.

Bart...

6

19.1 Production Series / Re: openvpn client export not working

« on: May 11, 2019, 07:34:59 pm »

You can construct the ovpn client files from the skeleton below.

VPN, OpenVPN, servers, edit your server to find the cipher, auth, and TLS authentication.

System, Trust, Certificates to find the CN of the server certificate. Use the export buttons to get the server cert, and each user's cert and key.

Bart...

persist-tun
persist-key
cipher AES-128-CBC
auth SHA256
tls-client
client
remote <your.server.fqdn> 1194 udp
lport 0
verify-x509-name "OPNsense Cert" name
auth-user-pass
remote-cert-tls server
<ca>
Base64 text of your OPNsense CA cert
</ca>
<cert>
Base64 text of the user cert
</cert>
<key>
Base64 text of the user key
</key>
<tls-auth>
Copy of the TLS key Base64 from your OpenVPN server page
</tls-auth>
key-direction 1

7

General Discussion / Re: routing before firewall

« on: May 10, 2019, 03:12:43 pm »

No. If a firewall is between the source and destination of traffic, it will subject this traffic to the security policy. The policy can pass the traffic, but this needs to be defined in its ruleset.

Bart...

8

18.7 Legacy Series / Re: OpenVPN setup, help plz!

« on: May 07, 2019, 12:30:30 pm »

Have a look at this guide: https://www.kirkg.us/posts/building-an-openvpn-server-with-opnsense/

I've used it on 18.x with success.

Bart...

9

19.1 Production Series / Re: a VLAN Per SSID

« on: May 01, 2019, 08:56:41 pm »

You can also install the unifi controller on OPNsense although it is not a plugin: https://forum.opnsense.org/index.php?topic=5469.0

Bart...

10

19.1 Production Series / Re: a VLAN Per SSID

« on: May 01, 2019, 01:36:37 pm »

Have a look at ubiquiti access points. They allow four SSID's with a VLAN each.

Bart...

11

19.1 Production Series / Re: OpenVPN | Configuration issue? - unable to connect

« on: April 25, 2019, 08:18:28 am »

You can have a single OpenVPN configuration on the client with two remote hosts defined, which will be tried in sequence. If you don't have a preference, you can randomly pick one of them: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage search for 'random'

Bart...

12

19.1 Production Series / Re: DynDNS service truncates password

« on: April 24, 2019, 08:08:36 am »

Go right ahead: https://github.com/opnsense/plugins/issues

Bart...

13

19.1 Production Series / Re: OPNSense behind ISP Modem; all traffic blocked

« on: April 22, 2019, 08:59:48 pm »

Are you allowing RFC 1918 on your WAN interface? Interfaces, WAN, make sure 'Block private networks' is unticked.

Bart...

14

General Discussion / Re: Help installing OPNsence

« on: April 17, 2019, 08:45:03 pm »

OPNsense is not a Windows application. It is based on FreeBSD and is usually installed on bare metal.

If you want to run it as a Hyper-V virtual guest, you need to pick the V1 VM type. Search this forum for related posts.

For both scenarios, pick the DVD version.

Bart...

15

19.1 Production Series / Re: Default Configuration

« on: April 11, 2019, 09:08:02 pm »

The device names are based on the hardware and decided by FreeBSD. You could swap the cables.

Bart...