"
Well that took about 2 mins to get working! Thank you very much!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
24.7, 24.10 Legacy Series / Re: Connecting to AD for VPN Authentication
November 01, 2024, 04:04:11 PM #2
24.7, 24.10 Legacy Series / Re: Connecting to AD for VPN Authentication
November 01, 2024, 03:55:11 PM
That sounds interesting. I'll take a look. Thanks!
#3
24.7, 24.10 Legacy Series / Connecting to AD for VPN Authentication
November 01, 2024, 11:03:36 AM
Hi,
This was working until recently, I thought I'd found an issue with a cert, but turns out it wasn't the issue. I am trying to authenticate against Windows AD (functional level 2016). Everything looks ok, certs and config, but when I use the tester, I get the following error:
LDAP bind error [error:0A000086:SSL routines::certificate verify failed (CA signature digest algorithm too weak); Can't contact LDAP server]
I don't really know where to look. For now I have set our VPN to use local users but I'd like to go back to AD if possible. Any ideas?
Thanks!
This was working until recently, I thought I'd found an issue with a cert, but turns out it wasn't the issue. I am trying to authenticate against Windows AD (functional level 2016). Everything looks ok, certs and config, but when I use the tester, I get the following error:
LDAP bind error [error:0A000086:SSL routines::certificate verify failed (CA signature digest algorithm too weak); Can't contact LDAP server]
I don't really know where to look. For now I have set our VPN to use local users but I'd like to go back to AD if possible. Any ideas?
Thanks!
#4
21.7 Legacy Series / Re: OPENVPN - Big Problem since Upgrade to 21.7.2
September 07, 2021, 02:43:59 PM
Weird. I could have sworn I'd removed that! It had worked previously, but you're right there was a space in both lists. That has fixed my issue.
Thank you!
Thank you!
#5
21.7 Legacy Series / Re: OPENVPN - Big Problem since Upgrade to 21.7.2
September 07, 2021, 02:39:01 PM
Hi Franco,
I believe he may have stumbled on a bug I am having with 21.7.2.
I have the following in my IPv4 Local Network for my OPNVPN Server 192.168.1.0/24, 192.168.3.0/24,192.168.4.0/24,192.168.8.0/24
When I click save changes I get the following error:
The following input errors were detected:
'192.168.1.0/24, 192.168.3.0/24,192.168.4.0/24,192.168.8.0/24' in 'IPv4 Local Network' may only contain valid ipv4 CIDR range(s) separated by commas.
I also have the same issue on another firewall this time it is the OPNVPN Client:
IPv4 Remote network 192.168.1.0/24,192.168.3.0/24,192.168.8.0/24
And get the error:
The following input errors were detected:
'192.168.1.0/24, 192.168.3.0/24,192.168.8.0/24' in 'IPv4 Remote Network' may only contain valid ipv4 CIDR range(s) separated by commas.
I believe he may have stumbled on a bug I am having with 21.7.2.
I have the following in my IPv4 Local Network for my OPNVPN Server 192.168.1.0/24, 192.168.3.0/24,192.168.4.0/24,192.168.8.0/24
When I click save changes I get the following error:
The following input errors were detected:
'192.168.1.0/24, 192.168.3.0/24,192.168.4.0/24,192.168.8.0/24' in 'IPv4 Local Network' may only contain valid ipv4 CIDR range(s) separated by commas.
I also have the same issue on another firewall this time it is the OPNVPN Client:
IPv4 Remote network 192.168.1.0/24,192.168.3.0/24,192.168.8.0/24
And get the error:
The following input errors were detected:
'192.168.1.0/24, 192.168.3.0/24,192.168.8.0/24' in 'IPv4 Remote Network' may only contain valid ipv4 CIDR range(s) separated by commas.
#6
Hardware and Performance / Re: [Work In Progress] OPNsense Ported into ARM Devices
May 20, 2021, 06:36:42 PM
Hi,
Firstly thank you to the OPNSense developers and the ARM port developer for all the work so far.
I have successfully installed 21.1.5 from the image provided on to a Pi 3+.
I was wondering if anyone had tried to add a 4G/LTE connection? I guess there would need to be hardware support in the ARM/BSD build as well as OPNSense? I have been looking at the Waveshare hat (https://www.waveshare.com/wiki/SIM7600G-H_4G_HAT). I don't think this will work "out of the box" but I just wanted to see if anyone had tried? If not has anyone tried a 4G USB dongle? Was thinking the OPNSense Pi would make a great "road warrior" router / firewall.
Thanks!
Michael
Firstly thank you to the OPNSense developers and the ARM port developer for all the work so far.
I have successfully installed 21.1.5 from the image provided on to a Pi 3+.
I was wondering if anyone had tried to add a 4G/LTE connection? I guess there would need to be hardware support in the ARM/BSD build as well as OPNSense? I have been looking at the Waveshare hat (https://www.waveshare.com/wiki/SIM7600G-H_4G_HAT). I don't think this will work "out of the box" but I just wanted to see if anyone had tried? If not has anyone tried a 4G USB dongle? Was thinking the OPNSense Pi would make a great "road warrior" router / firewall.
Thanks!
Michael
#7
Documentation and Translation / Mailing List
January 21, 2021, 10:38:00 PM
Hi,
With the announce mailing list being discontinued, what is the best way to find out about releases? I do use twitter and follow you on there, but I found the emails useful to "flag" so I didn't forget to do the updates :)
Thanks for such a great product!
M
With the announce mailing list being discontinued, what is the best way to find out about releases? I do use twitter and follow you on there, but I found the emails useful to "flag" so I didn't forget to do the updates :)
Thanks for such a great product!
M
#8
18.1 Legacy Series / Re: Hyper-V Gen 2 VM Issues/Workarounds (Supported in Build 18.1/FreeBSD 11.1)
February 03, 2018, 02:00:07 PM
Just done my first fresh install on hyper-v and had no issues - Just as a comment :)
#9
18.1 Legacy Series / Re: WAN Gateway different subnet - Persistent
February 03, 2018, 01:55:55 PM
Thanks that fixed it!
#10
18.1 Legacy Series / Re: WAN Gateway different subnet - Persistent
February 03, 2018, 10:02:41 AM
Awesome. I'll give that a shot.
Thanks
Thanks
#11
18.1 Legacy Series / Re: Wrong Source IP Used on Outbound Traffic
February 02, 2018, 11:57:48 PM
I had this issue to. I fixed it by changing:
Translation / target in the outbound NAT from interface address to WAN address.
I hadn't experienced this issue before the 18.1 upgrade.
Translation / target in the outbound NAT from interface address to WAN address.
I hadn't experienced this issue before the 18.1 upgrade.
#12
18.1 Legacy Series / [Resolved] WAN Gateway different subnet - Persistent
February 02, 2018, 11:38:57 PM
Hi All,
I run a dedicated server. I have a slight issue in that my WAN gateway is not on the same subnet as my public IPs.
I used shellcmd in pfSense and understand that doesn't exist in OPNSense which is fine.
Can I simple add the following to my /etc/rc file? Is it persistent (i.e. upgrades & updates)?
Is there somewhere I should put it instead?
Thanks
Michael
I run a dedicated server. I have a slight issue in that my WAN gateway is not on the same subnet as my public IPs.
I used shellcmd in pfSense and understand that doesn't exist in OPNSense which is fine.
Can I simple add the following to my /etc/rc file? Is it persistent (i.e. upgrades & updates)?
Code Select
route add -net GWIP -iface em0
route add default GWIP
Is there somewhere I should put it instead?
Thanks
Michael
#13
18.1 Legacy Series / Re: Has anyone had a problem-free upgrade from OPNsense 17.7.12 to 18.1?
February 02, 2018, 06:32:29 PM
Hi,
I am a relative new comer to OPNSense, I have managed to upgrade 2 without issue, they are relatively simple firewalls though (NAT and VPN)
M
I am a relative new comer to OPNSense, I have managed to upgrade 2 without issue, they are relatively simple firewalls though (NAT and VPN)
M
#14
17.7 Legacy Series / Re: OPNSense - OpenVPN, LDAP & DUO
January 29, 2018, 09:23:32 PM
I fixed this with a bit of help from DUO.
Firstly in the LDAP connection make sure you are using the DN rather than the domain\user. Then in your DUO proxy config you need to add the following lines:
[ldap_server_auto]
...
exempt_primary_bind=false
exempt_ou_1=DN of service account
Hope this helps someone!
Firstly in the LDAP connection make sure you are using the DN rather than the domain\user. Then in your DUO proxy config you need to add the following lines:
[ldap_server_auto]
...
exempt_primary_bind=false
exempt_ou_1=DN of service account
Hope this helps someone!
#15
17.7 Legacy Series / OPNSense - OpenVPN, LDAP & DUO
January 29, 2018, 10:16:58 AM
Hi,
I have recently moved across to OPNSense from pfSense. It's a bit of a learning curve, but so far everything is going ok. I do, however, have a bit of an odd issue.
I am using DUO for 2FA on my OpenVPN setup, this works by proxying the LDAP connection through a DUO proxy authenticator. What is suppose to happen is the OPNSense box makes the LDAP call to the DUO box that then checks the username / password combo and then pushes authentication to the users mobile device.
What happens at the moment is OPNSense is making the initial LDAP connection (i.e. the proxy connection), then the user is authenticated, the DUO proxy doesn't appear to get passed anything else and the user is logged in using just their username / password and certificate.
I am at a bit of a loss as to where to start, I have raised an issue on the DUO community support too.
It looks like OPNSense LDAP is making some kind of tunnel through the proxy to the LDAP server. Does this make any sense?
Any pointers?
I have recently moved across to OPNSense from pfSense. It's a bit of a learning curve, but so far everything is going ok. I do, however, have a bit of an odd issue.
I am using DUO for 2FA on my OpenVPN setup, this works by proxying the LDAP connection through a DUO proxy authenticator. What is suppose to happen is the OPNSense box makes the LDAP call to the DUO box that then checks the username / password combo and then pushes authentication to the users mobile device.
What happens at the moment is OPNSense is making the initial LDAP connection (i.e. the proxy connection), then the user is authenticated, the DUO proxy doesn't appear to get passed anything else and the user is logged in using just their username / password and certificate.
I am at a bit of a loss as to where to start, I have raised an issue on the DUO community support too.
It looks like OPNSense LDAP is making some kind of tunnel through the proxy to the LDAP server. Does this make any sense?
Any pointers?
Pages1
