OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Ren »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Ren

Pages: [1] 2 3 4
1
19.7 Legacy Series / Re: Complex VLAN/Bridge Setup?
« on: January 02, 2020, 12:07:52 am »
I don't recall being able to tag SSID to VLANS on AsusWRT. Since its a dumb switch all VLANS should be available on all ports.

In any event to test the VLAN from your PC do the following

To open Device Manager:

Press Windows key + R
   Type devmgmt.msc
   Click OK.
       In Device Manager, open Network adapters.
       Right-click on the NIC and choose Properties.
       Click the Advanced tab.
       Scroll down to VLAN ID.
       Set the ID that to ISO VLAN.



If your VLAN is configured correctly your firewall should assign an IP

2
19.7 Legacy Series / Re: Complex VLAN/Bridge Setup?
« on: January 01, 2020, 10:45:19 pm »
Quote from: syndac on December 31, 2019, 08:32:03 pm
I want to separate my network devices into two networks: one for my regular devices (LAN) and one for devices that really have no business on the LAN (ISO). I'd also like any guests connecting to the network to be DHCP'd onto the ISO network. I have wired and wireless connections for both device categories. For example:

Desktop: wired (LAN)
Phone: wireless (LAN)
TV: wired (ISO)
Alexa: wireless (ISO)
Guests: wireless (ISO)

LAN: 192.168.1.0/24
ISO: 192.168.2.0/24

I'm having trouble wrapping my head around how to set up VLANs and bridging to make this possible. So far, I've tried:

1. Connect AP and wired devices to switch
2. Connect switch to firewall port 1
3. Create VLAN off port 1
4. Static-assign all IPs as necessary between the networks
5. Turn DHCP off of LAN and on for ISO

The issue that I run into is that anything that comes onto the network later ends up getting an address on the LAN network (192.168.1.x) instead of the ISO network as intended. Additionally, even though devices are statically assigned IP address on the ISO network, the devices--themselves--show that their IP address is on the LAN network (for some devices, this causes connection issues).

I'm not sure what's causing this. Am I going about this the wrong way?

What access point and switch do you have ?

3
Tutorials and FAQs / Re: How Do I Separate Wireless Network Using a VLAN
« on: August 27, 2019, 01:34:39 am »
I added an attachment to my previous post. I have a managed Netgear switch at home. Port 1 is connected to my firewall and port 2 is connected to my access point. As such i tagged port 1 to allow ALL VLANs on port (mainly because i do a lot of testing) and port 2 to do the same. So all VLANS defined on the firewall will be passed to my access point. My VLAN network for WIFI is on VLAN 2.

Since i use an UNIFI AP, i have to go into the Wireless settings for the SSID i want to assign to the VLAN and update the network setting to connect to VLAN 2 for that particular SSID ( see attached screenshot).

4
Tutorials and FAQs / Re: How Do I Separate Wireless Network Using a VLAN
« on: August 27, 2019, 01:22:53 am »
Quote from: kagbasi-wgsdac on August 26, 2019, 11:26:40 am
Thanks, I will definitely go through the official documentation that you've pointed me to. 

The problem I'm running into, though, is not the setup of the Guest Network per-say.  But rather, the VLAN.  It seems after I create the VLAN and assign it to a physical interface then create a DHCP pool on it, for some strange reason, the inbound DHCP Request (i.e., 0.0.0.0:68) is getting blocked by the "Default Deny All" policy.  I've done everything I know to do but can't seem to get past this - I must be missing something.

Are you using a managed switch ? If so, the uplink and downlink interfaces will need to be tagged. If port 1 is connected to your OpenSENSE router from switch, add VLAN tag to interface. If port 2 is connected to your AP from switch, add VLAN tag to interface.

5
Tutorials and FAQs / Re: How Do I Separate Wireless Network Using a VLAN
« on: August 26, 2019, 03:48:31 am »
See link below. Info is in docs. https://docs.opnsense.org/manual/how-tos/guestnet.html

6
18.7 Legacy Series / Re: Suricata Snort Integration option is not available after clean install
« on: January 31, 2019, 01:47:55 pm »
Quote from: franco on January 31, 2019, 11:18:19 am
Just install the snort vrt plugin again and you'll be more happy.


Cheers,
Franco

Well im stupid for some reason i thought it was on by default. No idea why. Thank uou

7
18.7 Legacy Series / Re: PPTP Setup (Need Help)
« on: January 31, 2019, 02:46:52 am »
Quote from: Monocle on January 22, 2019, 09:51:29 am
Anyone?

I'm sure GRE 47 also needs to open for PPTP connections. Unfortunately i haven't setup PPTP connections in years and not on OPENSENSE. I can fire up a VM to see how it works but i have a question, is there a specific reason you are using PPTP vs say OPENVPN  or another modern alternative ?

8
18.7 Legacy Series / [SOLVED] Suricata Snort Integration option is not available after clean install
« on: January 31, 2019, 02:35:10 am »
Seems i no longer have the option to integrate snort into suricata. This after doing a clean install and upgrading to 18.7.10_3 on my new i3 box




My J1900 box that's been up and running for months still has the option and is also on the current release

9
18.7 Legacy Series / Re: Difference between alias type
« on: November 30, 2018, 04:44:53 pm »
Quote from: bmail on November 28, 2018, 12:08:20 pm
Hello,

Could someone explain to me the difference between the type "URL (IPs)" and "URL Table (IPs)" when creating a new alias for the firewall ?

thanks a lot !
Have a good day.

I believe and i may be wrong:

URL IPS - a list of IP's from external source. Only IP's no CIDR range.
URL TABLE IP - a list of IP's from external source which can be defined as a CIDR range (192.168.0.1/24)

10
18.7 Legacy Series / Re: Plex Server - Port forwarding Issue
« on: November 29, 2018, 01:46:57 pm »
Quote from: walkerx on November 29, 2018, 10:42:30 am
Quote from: Ren on November 28, 2018, 11:01:53 pm
If you are using unbond DNS remember to set custom options
what would the need be for the custom options to be set?

DNS rebind protection may prevent secure connections to the Plex server as such its recommended to add the custom option.

11
18.7 Legacy Series / Re: Site to Site after OPNsense and pfsense
« on: November 29, 2018, 02:51:44 am »
Also posting site's A and B server and client settings would help. Specifically:

Tunnel Network
IPv4 Local Network

Im assuming you are only using IPv4

12
18.7 Legacy Series / Re: Site to Site after OPNsense and pfsense
« on: November 29, 2018, 02:46:43 am »
Quote from: Julien on November 28, 2018, 11:17:51 pm
Dear all,
I have been struggling to route traffic and running between opnsense and pfsense.
Opnsense is running 17.7.8
Pfsense is running 2.4.4
both box are running openvpn version 2.4.6_3
the tunnel is up on both sides, the issue is we cannot connect from location A to B and otherway arround.
this issue is mostly if the tunnel or remote ip are differents but i've checked them like 100 time.

Can someone please advies me how to get ths routing correctly set up.

Thank you so much

Firewall rule created on openvpn interface to allow traffic ?

13
18.7 Legacy Series / Re: Plex Server - Port forwarding Issue
« on: November 28, 2018, 11:01:53 pm »
Quote from: walkerx on November 28, 2018, 06:50:06 pm
Quote from: Ren on November 28, 2018, 05:06:38 pm
Please see https://forum.opnsense.org/index.php?topic=8710.msg39035#msg39035
I had actually already looked at that, but still wasn't working

I removed all the rules and reapplied the following settings only, any other setting under the Port Forward menu I left at their defaults (never even went into the advanced for Source)

Option
Firewall: NAT: Port Forward

Interface: WAN
TCP/IP Version: IPv4+IPv6
Destination: WAN address
Destination port range: from/to other 32400
Redirect target IP: PlexServer (or IP Address)
Redirect target port: other 32400
Description: Plex Remote Access
Nat reflection: Enable
Filter rule association: Pass

This now seems to be working, but will monitor it for the next 24/48 hours

If you are using unbond DNS remember to set custom options

14
18.7 Legacy Series / Re: Plex Server - Port forwarding Issue
« on: November 28, 2018, 05:06:38 pm »
Please see https://forum.opnsense.org/index.php?topic=8710.msg39035#msg39035

15
18.7 Legacy Series / Re: Managing DNS between branch offices?
« on: September 05, 2018, 10:43:54 pm »
Are you using opnsense at both locations for dhcp and to register those dhcp leases to dns resolver?

Do both locations have separate domain names?

If so you can add a domain override on each router to allow the remote subnet to query their dns servers .

Example:
SITE A domain name is fries.local (192.168.2.1)
SITE B domain name is burger.local (192.168.3.1)

Site A pc needs to find a PC on Site B network by hostname. I can create dns record on site A or tell the router that any incoming query for domain burger.local send it to site B's dns server to resolve

Pages: [1] 2 3 4
OPNsense is an OSS project © Deciso B.V. 2015 - 2020 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2