Messages

1

Tutorials and FAQs / Re: Access home LAN from outside - VPN or Port Forwarding (Pros and Cons)

« on: February 04, 2022, 12:00:20 am »

@allebone: thanks for the reference for guacamole.  that looks like a solution that might make sense.

@pankaj: I work in education and the rule is primarily to prevent students from abusing the network.  IT Staff like myself are limited in the ways we can gain access to an external network for testing, but it is allowed and a normal part of our work.

2

General Discussion / using OPNsense as a netboot server

« on: February 03, 2022, 04:26:48 pm »

Due to limited hardware I'm interested in using OPNSense as a netboot pxe server instance.

So the dhcp config sets opnsense as the next server and the tftp service is enabled from plugins and running.

I can use syslinux to build something but it seems that the netboot.xyz project has done nearly everything I would do, and a few things I dont need to do.

my clients are strictly pxe, so somehow I'd have to chainload ipxe from pxe, then use ipxe to load the netboot.xyz project.

My problem seems to be discussed here:  https://ipxe.org/howto/chainloading.

I don't understand how to take the section on "breaking the loop with the DHCP server" and implement it in OPNsense.

I was able to recompile the code and embed a script, but that only works for the bios side of things.  When I tried to do the same for the uefi boot file, things broke.

Any tips or pointers on how to do what the article suggests in the way of modifying the dhcp server would be helpful.

3

Tutorials and FAQs / Re: Access home LAN from outside - VPN or Port Forwarding (Pros and Cons)

« on: February 02, 2022, 10:16:52 pm »

Having done both solutions, the only one that has been bullet proof for me has been port forwarding.  I had a vpn setup but work changed a security profile and doesnt allow vpn traffic unless it is from an approved vpn client, and directed into the lan, vs out of it.

I ended up using a non-standard port to forward into the standard ssh port to a specific host that has key based login only.  From there you can tunnel a vnc and/or rdp connection to a internal gui box and have full net access.  The performance is passable.

4

19.1 Legacy Series / sip softphone client setup

« on: April 12, 2019, 06:35:38 pm »

I need some advice on how to setup opnsense to allow sip client to work correctly.

By using Wireshark I was able to determine that SIP authentication requests were being sent, but no reply was received.  If I enable my full-dns work vpn then the soft phone setup works fine.

Other folks in my office have informed me that it works for them without vpn, so that suggests to me that my opnsense box is somehow blocking sip or sip replies.

Can someone explain the right setup for this?  Thanks.

5

18.7 Legacy Series / Re: OpenVPN split tunnel how to

« on: August 24, 2018, 05:34:19 pm »

Im using Tunnelblick for mac.

6

18.7 Legacy Series / OpenVPN split tunnel how to

« on: August 24, 2018, 03:22:02 pm »

I need some help finding a good how to so I can setup split tunneling with my openvpn setup that is already working through opnsense.

I have an issue at work when I vpn home for offsite testing of various items namely some of my work functionality is broken because the vpn is taking over all dns requests and in this case thats not quite what I want, so I'm asking for some help to find the right setting(s) to change.

After reading openvpn docs I think what I want to do is possible, but just don't see how to do it in opnsense.  If openvpn is not the right tool, I'm willing to consider alternatives as well.