Messages

1891

16.7 Legacy Series / Re: IPv6 --> Client's get IPv6 address for round about one hour....

« on: November 30, 2016, 04:07:41 pm »

How about running the Fritzbox in bridge mode and letting OPNsense deal with the IPv6?

Bart...

1892

16.7 Legacy Series / Re: IPv6 --> Client's get IPv6 address for round about one hour....

« on: November 30, 2016, 08:31:39 am »

Does the Fritzbox have a static route for the subnet behind the OPNsense?

Bart...

1893

General Discussion / Re: how to get Report ???

« on: November 27, 2016, 05:08:27 pm »

You have to get your users to authenticate to a proxy to track (web) activity per user. If you set the portal to authenticate to an external directory, then this will give you the login/logout times (if the users bother to log out). Bandwidth consumption is captured by Netflow, but this is tied to a source IP and not to a user ID.

Bart...

1894

16.7 Legacy Series / Re: Opnsense Bridge with Squid transparent problem

« on: November 25, 2016, 06:08:17 pm »

Isn't that what a proxy is supposed to do? If you want the traffic to come from the source, you need to by-pass Squid.

Bart...

1895

General Discussion / Re: Separate guests on subnet from each other

« on: November 24, 2016, 07:04:42 pm »

How are the clients separated? If they share a broadcast domain, they won't need to go through the gateway.

Bart...

1896

16.7 Legacy Series / Re: Video Games and OPNSense - Rainbow Six Siege

« on: November 24, 2016, 07:02:39 pm »

Hi Sam, have you tried a one-to-one NAT? Provided you have spare public IP's of course.

Bart...

1897

General Discussion / Re: Set Static IP from ISP to LAN client

« on: November 24, 2016, 11:20:32 am »

All the IP's in your WAN subnet are trunked through the same PPP tunnel to your provider. It's up to you if the IP is up in the sense of responding to traffic.

Bart...

1898

General Discussion / Re: OpenVPN Road Warrior Route All Traffic To VPN

« on: November 22, 2016, 10:44:21 pm »

For IPv4 traffic, tick 'Redirect Gateway' on the OpenVPN server config. For IPv6 traffic add the advanced option on the same page:

push "route-ipv6 2000::/3"

Bart...

1899

16.7 Legacy Series / Re: Data warning when using 4G/LTE?

« on: November 19, 2016, 08:16:16 pm »

Hi Pontus,

You can configure Netflow on OPNsense to send traffic data to an analyser and use that to report and notify.

Something like Solarwinds could do what you're looking for http://www.solarwinds.com/netflow-traffic-analyzer

Bart...

1900

16.7 Legacy Series / Re: IPv6 - routing seems to be lost after rebooting opnsense/pfsense

« on: November 18, 2016, 08:41:02 am »

Sorry, missed your line about the routing being restored after 10-15 minutes. That is a bit long for the interface to settle down but not too unusual.

Bart...

1901

16.7 Legacy Series / Re: IPv6 - routing seems to be lost after rebooting opnsense/pfsense

« on: November 18, 2016, 08:36:16 am »

Hi Matthias,

That is not normal behaviour. Can you still ping IPv6 targets from the firewall itself?

Does your provider give you a static IPv6 block? If so, it may be worth picking a /64 from that range and assign that to your LAN instead of tracking the WAN interface.

Also check the DHCPv6 client configuration on the WAN interface page. Particularly try the 'Use IPv4 connectivity' setting.

Bart...

1902

General Discussion / Re: How to Port & Install Additional Package?

« on: November 17, 2016, 03:48:17 pm »

A DMZ is easy enough to set up with either hypervisor, since the host will have multiple network interfaces to support OPNsense.

Bart...

1903

General Discussion / Re: How to Port & Install Additional Package?

« on: November 17, 2016, 08:32:43 am »

If you have a powerful enough machine, you could run a hypervisor on it (e.g. VMware ESXi or Microsoft Hyper-V) and provision a VM for OPNsense and one or more for the other LAN services you are considering.

Bart...

1904

16.7 Legacy Series / Re: Block outgoing connection for app?

« on: November 14, 2016, 11:01:55 am »

The firewall only sees traffic identified by the source IP, destination IP, protocol, source port and destination port (for those protocols that use ports).

Unless the application is uniquely identifiable by those, you cannot block it. OPNsense has no agents on the clients that can tie their traffic to a specific process on the client.

Bart...

1905

General Discussion / Re: Firewall rule question => Blocking Incoming Traffic for Single Destination

« on: November 13, 2016, 06:44:10 pm »

If you are blocking traffic to a single host, the network mask is /32.

Bart...