Messages

1

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: December 20, 2018, 02:25:15 pm »

Hi,

Is there anything special to do with VLAN?

We have interfaces tagged and untagged. When I activated Sensei and configured just a few web categories to test, everything worked well with the untagged interface but all VLAN networks lost connectivity, devices in all VLAN not even get IP address by DHCP. And the problem persisted even when I deselected those interfaces to get managed by Sensei, I had to stop it and uninstall it to get VLAN networks working again.

Thanks!

2

19.1 Legacy Series / Re: 19.1 development milestones

« on: December 19, 2018, 01:51:43 pm »

No, there are different lists to select which include some kind like categorie, e.g. 1M top porn sites, malware domains, ad's etc.

Hi, and you can add the option to blacklist specific domains, in a text-box (like the whitelist option)? For example, block Ads, Malware, etc from the list AND Facebook.com, Twitter.com or any other domain we want to add in a block-list.

That would be enough for us, is the main reason to use pfBlocker in our school: block and unblock (if categories makes an unwanted block) specific websites via DNS.

Thanks!

3

19.1 Legacy Series / Re: 19.1 development milestones

« on: November 22, 2018, 02:28:35 pm »

And its planned to add those features in the near future?

4

19.1 Legacy Series / Re: 19.1 development milestones

« on: November 22, 2018, 02:24:59 pm »

It's in Bind Plugin already and I'll add Dome stuff to a new dnscrypt-proxy. Unbound may follow, but no idea before 19.1

Is possible to add content filter categories to block through Bind Plugin (like Shallalist)? And blacklist specific websites, like Squid do but with DNSBL?

Thanks!

5

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: November 22, 2018, 02:09:46 pm »

Hi,

The maximum of 1000 concurrent users is an approximation for better hardware performance or an strict software limit?

thanks

6

General Discussion / Re: FreeRADIUS for MAC Filter

« on: October 09, 2018, 10:28:37 am »

Can you try adding users where user and password are the Mac address?

That's it! I knew was a stupid question

And some way to import users from CSV or similar?

7

General Discussion / FreeRADIUS for MAC Filter

« on: October 08, 2018, 03:19:49 pm »

Hi, we use Unifi for our WiFi network and we want to implement a MAC Whitelist Filter. The problem is Unifi only allow a maximum of 512 addresses, and we have around 800, so we have to use an external solution through RADIUS.

Is possible to use OPNSense with FreeRADIUS for the MAC Whitelist Filter? I just installed it but I don't see the option. Sorry if is a stupid question, it's my first time with radius...

8

17.1 Legacy Series / Re: Help Install Lightsquid

« on: May 17, 2017, 03:13:56 pm »

Hi, thanks for the replies, I got it. The steps for OPNSense are:

1) Install the package.

2) Go to /usr/local/etc/lightsquid/lightsquid.cfg and change the path of access.log to /var/log/squid/access.log

3) Run /usr/local/www/lightsquid/lightparser.pl, the first time with access.log.*.gz too:

/usr/local/www/lightsquid/lightparser.pl
/usr/local/www/lightsquid/lightparser.pl /var/log/squid/access.log.0.gz
/usr/local/www/lightsquid/lightparser.pl /var/log/squid/access.log.1.gz
...

4) Use crontab -e to program it (in no less than 10 minutes period).

5) Visit opnsense-IP/lightsquid/index.cgi

9

17.1 Legacy Series / [SOLVED] Help Install Lightsquid

« on: May 08, 2017, 03:16:38 pm »

Hi, I need to install Lightsquid but all tutorials I find are for Apache and non-FreeBSD.

Anyone are using it? How can I do?

10

17.1 Legacy Series / Webproxy log

« on: March 31, 2017, 01:38:55 pm »

Is there any add-on like Lightsquid to store and view the Webproxy logs?

11

17.1 Legacy Series / Re: Help! PPPoe not working

« on: March 29, 2017, 09:33:33 am »

Check your ISP config, may be all traffic have to be tagged and you need to make an VLAN for the PPPoE interface.

12

17.1 Legacy Series / Re: ERR_CONNECTION_TIMED_OUT

« on: March 22, 2017, 12:35:06 pm »

I've experienced the same error in my network. In my case, there are many moments along the day with "microcuts". Usually a page fail to load showing that error, but few seconds later if I refresh everything works fine. ¿How can I test if is an ISP problem?

Well, I can say is solved for me. My problem was related with ISP cheap router and double NAT. I removed the ISP router and connected directly with PPPoE and now everythings works fine.

13

17.1 Legacy Series / Re: ERR_CONNECTION_TIMED_OUT

« on: March 16, 2017, 03:21:02 pm »

I've experienced the same error in my network. In my case, there are many moments along the day with "microcuts". Usually a page fail to load showing that error, but few seconds later if I refresh everything works fine. ¿How can I test if is an ISP problem?

14

17.1 Legacy Series / Performance problem

« on: February 14, 2017, 10:04:19 am »

Hi,

I work in a school, and we have ~700 iPad and ~300 computers in the network. The Firewall specs are:

Intel Xeon E5-2620 v2
16 GB RAM
Dual Nic Intel Gigabit IT-350-T2
Samsung SSD 750 EVO 250GB

The Internet line is a 300/300MB FTTH and the net schema is:

ISP router ------ OPNSense Firewall ------- LAN Network

Since a while, I've having a lot of performance troubles in specific moments of the day. 95% of time everything works great but sometimes is like the network is overloaded and the web navigation become really slow. For example, everday at 9:15 (when the classes start and everybody begin to work) it happens. Sometimes for a few minutes, sometimes for an entire hour, and is impossible to work in that condition.

As I said, I've been months with this troubles and I tested some things I thought were the cause of the problem. I finally discard this (maybe I'm wrong):

1) Is not a proxy performance problem. I have it in transparanent mode with NO SSL. If I disable it, the problem continues.
2) Is not a DNS problem. I tried with DNS Resolver, DNS Forwarder, with default config, the problem continues.
3) Is not an ISP problem. When the network is "overloaded", if I conect my computer directly to the ISP router, the navigation speed is great while in the LAN network is really crappy.
4) Is not coming from a particular area of the school. I try to unplug every single cable in the main switch and anything change. (If I unplug all of them at the same time, the navigation in my computer is great).
5) Is not a ISP throughput problem. The FTTH line is 300/300. When the network is "overloaded", the traffic graph usually shows no more 50-100MB. In other moments, when the network works fine, I can reach 300MB without any issues.

Last thing I did is replace in the firewall the HDD by an SSD, and install the last version of OPNSense from scratch, and nothing change.

I'm very lost and I don't know how to debug the problem. I don't know what to look and how to do it to find the cause of the problem. How can I discard that is a Firewall related problem?

Thanks in advance.

P.S: Sorry for my english, I need the help of Google Translator many times.

15

16.7 Legacy Series / Re: [SOLVED]Web proxy unespected block

« on: January 31, 2017, 03:16:19 pm »

Apparently was a server issue, now works perfectly.

Thanks for the support!