121
20.7 Legacy Series / Re: GeoIP Rules Question
« on: August 10, 2020, 08:41:16 pm »
What countries are you blocking for in and out ?
i am just curious.
i am just curious.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
122
20.7 Legacy Series / Re: [SOLVED] GEOIP blocking no longer working 20.7
« on: August 10, 2020, 08:08:37 pm »
I managed to get this resolved.
make sure to delete the existing ALIASE and create a new one, for me it loaded the rules and IP.
if you dont want to delete the aliase because it on plenty of rules, just unselect the countries, save it and readd them again and it should update.
if it will remain working i dont know, but ill report back after two days
make sure to delete the existing ALIASE and create a new one, for me it loaded the rules and IP.
if you dont want to delete the aliase because it on plenty of rules, just unselect the countries, save it and readd them again and it should update.
if it will remain working i dont know, but ill report back after two days
123
20.7 Legacy Series / Re: [SOLVED] GEOIP blocking no longer working 20.7
« on: August 10, 2020, 12:18:35 pm »
Invert for me also not working.
i think this is a bug and has nothing to do with the invert.
It inverts the match. Say you add a rule allowing any source to destination 8.8.8.8, that allows traffic to 8.8.8.8. Change that to inverted destination and it's allow to destination not 8.8.8.8 - e.g. anything but 8.8.8.8.
i think this is a bug and has nothing to do with the invert.
It inverts the match. Say you add a rule allowing any source to destination 8.8.8.8, that allows traffic to 8.8.8.8. Change that to inverted destination and it's allow to destination not 8.8.8.8 - e.g. anything but 8.8.8.8.
124
20.7 Legacy Series / Re: [Not Yet Solved] GeoIP
« on: August 07, 2020, 12:23:17 pm »
Can you please change to UnResolved.
as people and developers thinks its fixed.
is the IDS using thise GEOPIP as wel?
i have our Production still at OPNsense 20.1.8_1-amd64 amd dont want to update yet as we need the GEOIP
as people and developers thinks its fixed.
is the IDS using thise GEOPIP as wel?
i have our Production still at OPNsense 20.1.8_1-amd64 amd dont want to update yet as we need the GEOIP
125
20.7 Legacy Series / Re: [SOLVED] GeoIP
« on: August 07, 2020, 02:53:24 am »
Reading the threat it shows Solved.
i ve readen it carefully for over 5 times but cannot quite see the result.
mine it doesnt works at all the logs shows
Created new aliace, updated/removed but no ip shows up.
Hope someone can explain how to get this set up.
i ve readen it carefully for over 5 times but cannot quite see the result.
mine it doesnt works at all the logs shows
Code: [Select]
2020-08-06T15:50:02 /update_tables.py[35043]: geoip updated (files: 499 lines: 404488)
2020-08-05T15:49:01 /update_tables.py[78660]: geoip updated (files: 499 lines: 404488)
2020-08-04T15:48:02 /update_tables.py[26100]: geoip updated (files: 499 lines: 402405)
2020-08-03T15:47:02 /update_tables.py: geoip updated (files: 499 lines: 402405)Created new aliace, updated/removed but no ip shows up.
Hope someone can explain how to get this set up.
126
Tutorials and FAQs / Re: LetsEncrypt - Whitelist
« on: August 07, 2020, 02:32:52 am »
You are welcome,
if i've found a new FQDN i'll add them
for now the latest updated list is.
if i've found a new FQDN i'll add them
for now the latest updated list is.
Code: [Select]
outbound1.letsencrypt.org
outbound2.letsencrypt.org
acme-v01.api.letsencrypt.org
acme-staging.api.letsencrypt.org
acme-v02.api.letsencrypt.org
acme-staging-v02.api.letsencrypt.org
127
20.7 Legacy Series / Re: [SOLVED] GeoIP
« on: August 04, 2020, 02:40:47 pm »
i have exact the same problem, when the GEOIP is there it breaks the rules and it drops everything
128
Tutorials and FAQs / Re: LetsEncrypt - Whitelist
« on: August 04, 2020, 01:43:38 am »
i have been doing packet spoofing and found those FQDN who are used for validations and renew
acme-v01.api.letsencrypt.org
acme-staging.api.letsencrypt.org
acme-v02.api.letsencrypt.org
acme-staging-v02.api.letsencrypt.org
IP will be changed each 3 month according to their policies.
acme-v01.api.letsencrypt.org
acme-staging.api.letsencrypt.org
acme-v02.api.letsencrypt.org
acme-staging-v02.api.letsencrypt.org
IP will be changed each 3 month according to their policies.
129
Tutorials and FAQs / Re: LetsEncrypt - Whitelist
« on: June 17, 2020, 01:18:59 pm »
Thank you So Much Thomas,
i am using it too now, i'll monitor it, hopefully we will keep their IP updated.
much appreciate it and stay safe
i am using it too now, i'll monitor it, hopefully we will keep their IP updated.
much appreciate it and stay safe
130
Tutorials and FAQs / Re: LetsEncrypt - Whitelist
« on: June 08, 2020, 08:57:07 pm »
Thank you Thomas,
you have the rule on the top of the firewall WAN,
can show the rule? are allowing it to the WAN addres or to this firewall ?
why are you using two rules one with FQDN and IP ?
you have the rule on the top of the firewall WAN,
can show the rule? are allowing it to the WAN addres or to this firewall ?
why are you using two rules one with FQDN and IP ?
131
Tutorials and FAQs / Re: LetsEncrypt - Whitelist
« on: June 05, 2020, 04:41:22 pm »
have to use those ips if blocking GEOIP ?
132
20.1 Legacy Series / Re: How to Configure Wireguard for Remote users
« on: June 05, 2020, 03:41:32 pm »You should move it to How-To section, as 20.1 is outdated in some timeit works as well on 20.7,
how can i move it ?
133
20.1 Legacy Series / How to Configure Wireguard for Remote users
« on: June 03, 2020, 07:41:58 pm »
Dear all,
couple of weeks i've strugeling on getting wireguard configured and working,
today i am going to explain how to do with screenshots.
Step 1, Go to plugin and install wireguard
Step 2
go to VPN >> Wireguard >>> and Enable it
Step 3
Go to VPN WireGuard Local, and create a Local connection.
Chose a tunnel IP.
please notte: do not enter private or public key, they will be generate automatically
Step 4
open the created local connection and save the public key / private key on a notepad you gonna need it.
Step 5
go to VPN >> Wireguard >>Endpoints and create a Endpoint " Endpoint is like a user", we will use Julien as my name for this Endpoint.
Step 6
Install Wireguard on Windows/Mac OSX, this methode works for both Windows and Mac OSX
after the installation Chose add tunnel and than Add a empty Tunnel
Step 7
copy the Public key from the Windows Client and save it at the Endpoint of the user as showed below on the picture
Step 8
Go To VPN >>> WireGuard>>> Local and add Julien to the Peer so the Endpoint would be permited to connect using the Peer " see screenshot"
Click Save, and Go back up General and Click on Save Again " see screenshot"
Step 9
Go to Interfaces >> Assigmenet and add WG0 " Wiregaurd" interface, Call it " Remote Users" or whatever you want.
PS: Dont change anything on the settings, leave it as it IPV4/IPV6 on NONE, Wireguard will take care of that part. after it done, restart wireguard service and you should see it will detect it new IP " see below picture.
Step 10,
Go to the Firewall >> Rules > And find the interface you created, mine call Remote Users and create a firewall looks like the one on the screenshot.
Go To Firewall >> Rules >> WAN and create incoming connections on the WAN Side.
PS: this rule is not restricted yet, when the connection is up you can restricted to ip/port/ect...
the Windows Client connection should looks like this.
like this you should the connection is set up and active.
if you have a remote users using 4G/ UMTS connection maybe is smart though to use MTU
I hope the Admin will PIN the post,
this week i will create a new tutorial how to do site to site using wireguard.
couple of weeks i've strugeling on getting wireguard configured and working,
today i am going to explain how to do with screenshots.
Step 1, Go to plugin and install wireguard
Step 2
go to VPN >> Wireguard >>> and Enable it
Step 3
Go to VPN WireGuard Local, and create a Local connection.
Chose a tunnel IP.
please notte: do not enter private or public key, they will be generate automatically
Step 4
open the created local connection and save the public key / private key on a notepad you gonna need it.
Step 5
go to VPN >> Wireguard >>Endpoints and create a Endpoint " Endpoint is like a user", we will use Julien as my name for this Endpoint.
Step 6
Install Wireguard on Windows/Mac OSX, this methode works for both Windows and Mac OSX
after the installation Chose add tunnel and than Add a empty Tunnel
Step 7
copy the Public key from the Windows Client and save it at the Endpoint of the user as showed below on the picture
Step 8
Go To VPN >>> WireGuard>>> Local and add Julien to the Peer so the Endpoint would be permited to connect using the Peer " see screenshot"
Click Save, and Go back up General and Click on Save Again " see screenshot"
Step 9
Go to Interfaces >> Assigmenet and add WG0 " Wiregaurd" interface, Call it " Remote Users" or whatever you want.
PS: Dont change anything on the settings, leave it as it IPV4/IPV6 on NONE, Wireguard will take care of that part. after it done, restart wireguard service and you should see it will detect it new IP " see below picture.
Step 10,
Go to the Firewall >> Rules > And find the interface you created, mine call Remote Users and create a firewall looks like the one on the screenshot.
Go To Firewall >> Rules >> WAN and create incoming connections on the WAN Side.
PS: this rule is not restricted yet, when the connection is up you can restricted to ip/port/ect...
the Windows Client connection should looks like this.
Code: [Select]
[Interface]
Address = 10.171.1.2/31
PrivateKey = LaptopPrivKey
DNS = 10.10.1.20
[Peer]
PublicKey = OpnsensePUBLICkey
AllowedIPs = 0.0.0.0/0
Endpoint = my.ddns.example.com:51820like this you should the connection is set up and active.
if you have a remote users using 4G/ UMTS connection maybe is smart though to use MTU
Code: [Select]
[Interface]
Address = 10.171.1.2/31
PrivateKey = LaptopPrivKey
MTU = 1380
DNS = 10.10.1.20
[Peer]
PublicKey = OpnsensePUBLICkey
AllowedIPs = 0.0.0.0/0
Endpoint = my.ddns.example.com:51820I hope the Admin will PIN the post,
this week i will create a new tutorial how to do site to site using wireguard.
134
19.7 Legacy Series / Re: Route OPENVPN Multi WAN
« on: August 25, 2019, 09:38:51 pm »
Anyone had a idea about my issue ?
Thank you
Thank you
135
19.7 Legacy Series / Re: Route OPENVPN Multi WAN
« on: August 12, 2019, 04:10:20 pm »Mhm, then I would do a package caputre on the interfaces to see if the outbound NAT is correct.i did a packet capture but nothing happens on the openvpn interface.
If I remember correctly to use openvpn on both wan connections you would configure the openvpn server to localhost and do some port forwardings to the local port on each wan interface, not sure if it's still the prefered way.
i am not willing to have openvpn to run on multiwan but only on one wan "WAN1".