Messages

Can someone fix this issue pls?

Dear All
Im trying to install opnsense 23.1 on riverbed cx255 model which is slightly different form 550 but Ive noticed something strange that it gets installed successfully but when I reboot after install interfaces of lan and wan does not go up. while pri goes up fine. I went to the BIOS and tried all combination of bypass and no bypass. still no luck.
the original riverbed os behaves similar but during boot I hear a click and interfaces go up.
so Im hoping its just a matter of a script or something to bring them up.
the opnsense sees both interfaces as igb0 and igb1
can anyone help on this matter?

Dear All
I have setup several openvpn using the remote access option, but I have seen a strange problem when I use the openvpn own app to login, I get connected. but when the next user logs in, he can do activity but the 1st user cant.
I kept testing things out. so shall I conclude that roadwarrior via openvpn is limted to only 1 user at a time?
how can I make sure that several users can connect and use vpn at the same time?

HEllo I wanted to share my experience with site to site VPN using OVPN but instead of those lengthy setups and lots of config changes which I always think there must be a quick and easy way.
here is my trick that worked for me.
on the server side tick this option:

Redirect Gateway X
Force all client generated traffic through the tunnel.

on the client side just go and in the advanced box add this option:
redirect-gateway

hit save and with this option you will pass everything through the tunnel.
just make sure to enable compression so that you make better network traffic.

yes indeed, I think the plugin need some bug fixing pls

Dear all
Just wanted to bring attention to the ddclient plugin which seems not to be working perfectly on the recent releases
Normally it should show up that it has picked up the current wan IP and did update successfully
But I've used it on easydns and it seems to be working not while pressing apply button but when the whole system is restarted.
And it doesn't show up IP in green.
I think it needs further checking on the latest release.
I've tested it on easydns and I can't see it working properly.
I will try other providers and see.

Hi Samnet,

you need to assign an interface to ovpn client B and C, and then set static routes accordingly.
Also, you need to correct your tunnels configuration.
You have configured a S2S as a multi client network.

I.E.

Site B 192.168.33.0/24 GW 10.10.22.2 (Ovpn GW Site A)
Site C 192.168.22.0/24 GW 10.10.23.2 (Ovpn GW Site A)

And check the rules on OVPN tab

Regards

Did really get you on this
Do I need to do static route?
8 have managed to get it working by inserting remote network on each site
Would this be ok?
Also what gateway do mean?

Dear All
Im struggling to make the proper Multisite VPN to interconnect between all sites.
I recall doing it few years back but cant replicate this in the new opnsense edition. not sure if this is version restriction or something related.
I have:

Site A (Openvpn Server) Ip 192.168.11.0/24 / OVPN Tunnel IP 10.10.11.0/30 (note Ive selected /30 not /24)

Site B (Openvpn Client) Ip 192.168.22.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site C (Openvpn Client) Ip 192.168.33.0/24 / OVPN Tunnel IP 10.10.22.0/30 (note Ive selected /30 not /24)

Site B and C can ping and connect to Site A and vice versa.

but I cant get site B and C to communicate (even through Site A and yes Im fine with single point of failure on site A) I just want it to work.
I recall doing this in the past editions by adding the subnet in the "IPv4 Remote Network" of each client. but this didnt work I tried adding even on the server remote network. can someone clarify how this can be done?

thanks for clarification.
can you pls suggest any way for controlling URL access in a network with 100 desktops / laptops / mobiles many of them logging via Active Directory win2012

forget this method, I just want to control url access even via https

and no. you can  not view requested url (if you mean exactly full url) without mitm. only tcp info, tls hello and sni info (if any).

Im still not getting this right, do you mean its impossible to see full URLs without MITM?
is this a no go area at all?
I recall splice option in pfsense which used to slightly control https to some extend, is there a splice option in opnsense?

Thanks for sharing the info. can you pls lay out the steps needed for this to work,
I will need to do this for
1. email server
2. voip
3. ftp ...etc
all having separate public IPs

Hi
Im having a problem on my current opnsense, I have several VIPs like xxx.xx.xx.190 (default gw)
xxx.xx.xx.191 (opnsense wan ip) xxx.xx.xx.192 (vip and doing port forward to exchange server in my lan) xxx.xx.xx.193 (vip and doing port forward to ftp server) ...etc
my main target is to get the exchange get back to internet via ip xxx.xx.xx.192 and not via the xxx.xx.xx.191 which is opnsense.
is this possible and how?

hmmmm how can you do transparent SSL proxy without using a CA for which you have the private key?

forget this method, I just want to control url access even via https

Hi!
Can you please give more info about "transparent SSL mode that PFSense has where there is no need to add the CA in every client"?

of course there is splice option which I cant find it in opnsense.

Dear All
I know this has been asked before but no one actually compared the transparent SSL mode that PFSense has where there is no need to add the CA in every client and can do transparent SSL with no extra install on each client.
How can we achieve this transparent SSL proxy without touching CA?