Messages

1

Virtual private networks / Re: OpnSense .ovpn export fails to import into Ubuntu 22.04 OpenVPN

« on: September 30, 2022, 08:22:57 am »

Hi Lawrence,

You don't need to store your private key in a keystore - it is part of the ovpn file in the <key> </key> stanza. You don't need to (re)import the config file, just copy it from a working machine - it is self-contained.

The errors you're seeing are caused by the store not having a trust path to a known CA. You'd need to import the OPNsense CA cert into your OS CA store. But as mentioned, you don't need to use the OS PKI since OpenVPN can override it.

On any unix implementation of the OpenVPN client, you can run it with the ovpn file as an argument and it will give you foreground diagnostics.

Do those steps give you a connection?

Bart...

2

Virtual private networks / Re: OpnSense .ovpn export fails to import into Ubuntu 22.04 OpenVPN

« on: September 28, 2022, 07:24:41 pm »

Can you copy the office.ovpn to linux and run it in the foreground?

openvpn office.ovpn

That will show any errors in the console

Bart...

3

Hardware and Performance / Re: Wifi not recognized by opnsense - Intel Centrino Advanced-N 6205 card

« on: September 26, 2022, 05:11:46 pm »

Nobody have a bug with an intel card?

WiFi is notoriously poor on FreeBSD and even then mostly runs in client mode, not AP. Also, the best place for your firewall is rarely the best place for AP coverage.

Most here run separate WiFi infra, I would guess.

Bart...

4

Tutorials and FAQs / Re: Network management

« on: September 26, 2022, 08:00:38 am »

Indeed, you may need some nifty filtering if there is a bit of traffic. Capture lives under Interfaces, Diagnostics. Wireshark is your friend.

Bart...

5

22.7 Production Series / Re: Wake on Lan

« on: September 26, 2022, 07:58:00 am »

A bridge is probably a bit overkill for just WoL  It is likely easier to link your networks externally to OPNsense with the low cost of switches nowadays.

6

22.1 Legacy Series / Re: Connect to WAN IP from within LAN opnsense seems to be blocking ?

« on: September 25, 2022, 09:05:55 am »

Even setting this up from a single IP is not fully secure. IP addresses can be spoofed which makes them an imperfect authentication method.

Set up a VPN server on OPNsense to connect to local services. That uses "proper" cryptography to authenticate you.

Bart...

7

22.7 Production Series / Re: Wake on Lan

« on: September 25, 2022, 09:01:26 am »

WoL is a layer 2 broadcast packet and OPNsense is a layer 3 device - as are most firewalls.

You need to bridge OPT1 and LAN or move your WoL source to LAN

Bart...

8

Tutorials and FAQs / Re: Network management

« on: September 25, 2022, 08:53:46 am »

Are you seeing blocked traffic in your logs? What do the packet traces on the firewall show?

Bart...

9

Tutorials and FAQs / Re: Network management

« on: September 24, 2022, 01:09:07 pm »

Firewall, NAT, Outbound NAT. Add 192.168.1.0/24 (?!?) to your WAN interface

Bart...

10

22.7 Production Series / Re: OpenVPN clients not following static route on OpnSense box?

« on: September 22, 2022, 07:37:58 am »

Do a packet capture on the OPT1 interface and confirm that the traffic is routed correctly both ways. If you can ping from the firewall but not one of the subnets, it's likely a routing issue outside the firewall.

Bart...

11

General Discussion / Re: firewall rules not block

« on: September 22, 2022, 07:24:08 am »

Your rule only stops pings to the firewall itself. Is that what you are testing?

12

General Discussion / Re: opnsense port [Lan] aint working anymore

« on: September 19, 2022, 09:28:35 am »

You can set the interface IP addresses through the console

13

General Discussion / Re: Cryptography settings

« on: September 16, 2022, 11:26:51 pm »

Check your CPU to see what it supports. Open a shell and run 'sysctl hw.model' then look up the model:

https://ark.intel.com/content/www/us/en/ark.html
https://www.amd.com/en/products/specifications

Bart...

14

General Discussion / Re: Best Practices with VLANs, which to assign to LAN Interface?

« on: September 15, 2022, 12:17:05 pm »

my vlans are made and managed by opnsense itself  and dhcp'd across the vlan.

All devices along your path; (v)switch, access point, etc. need to use the same VLAN tag to be able to transfer packets between them. You can trunk different tags over the same physical link, but you do need to declare the same VLAN number(s) at both ends.

There are a few image sharing and on-line diagram sites that you can link to.

Bart...

15

22.7 Production Series / Re: Recurring Kernel Panics - Fatal trap 12: page fault while in kernel mode

« on: September 14, 2022, 06:30:43 pm »

I know it rules out containers (at least in the free version) but my ESXi VM with OPNsense has never crashed in its many years of use.

Bart...