106
17.7 Legacy Series / Re: mobile IKE clients behind same NAT
« on: October 30, 2017, 03:51:44 pm »
Static port mapping on port 500 may help if you control the router/firewall.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
107
17.7 Legacy Series / Re: Setup SSL VPN Road Warrior - Problems
« on: October 30, 2017, 03:40:24 pm »
Your server should have produced a static key and the same key should be in your openvpn config.
Also, sometimes its just easier to delete the vpn server instance, delete the config and start over.
Also, sometimes its just easier to delete the vpn server instance, delete the config and start over.
108
General Discussion / Re: Setup for home
« on: October 30, 2017, 02:38:38 pm »
https://www.dd-wrt.com/wiki/index.php/Asus_RT-AC68U
https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point
Start where it says "long version" and do all the optional and recommended steps as well.
https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point
Start where it says "long version" and do all the optional and recommended steps as well.
109
17.7 Legacy Series / Re: Setup SSL VPN Road Warrior - Problems
« on: October 30, 2017, 12:45:10 pm »
Dumb question I'm sure... Are the ports open on the WAN?
Are you running any blocker this blocker than stuff?
Are you running any blocker this blocker than stuff?
110
17.7 Legacy Series / Re: Setup SSL VPN Road Warrior - Problems
« on: October 30, 2017, 11:59:38 am »
Yes - I'd check to be sure the Static TLS key in the server and client match.
111
17.7 Legacy Series / Re: Setup SSL VPN Road Warrior - Problems
« on: October 30, 2017, 09:23:50 am »
How are you getting your configuration from your opnsense to your ipad?
What kind of authentication is your server side set up for?
What kind of authentication is your server side set up for?
112
17.7 Legacy Series / Re: Setup SSL VPN Road Warrior - Problems
« on: October 30, 2017, 08:43:06 am »
OK - There are two parts to any vpn connection (at least).
1 is the client.
1 is the server.
So, you are using opnsense for 1? Is that the server or client?
What is the other machine?
1 is the client.
1 is the server.
So, you are using opnsense for 1? Is that the server or client?
What is the other machine?
113
Development and Code Review / Re: Feature request: Shellcmd like GUI plugin
« on: October 27, 2017, 12:37:57 pm »
When on windows, I run a small ubuntu server VM with 256mb of ram and a single core on my desktop if I suddenly need access to the console. I ssh in and execute commands from there. Optionally, a VM with a desktop is nice because it allows web access in the VM, easy cut/copy/paste etc. And your firewall remains unmolested. These can be opened and closed as easily as opening a word document.
114
17.7 Legacy Series / Re: [BUG] Default value of default gateway does not work
« on: October 25, 2017, 02:29:09 pm »
I have no LAN - WAN only.
However at first it did do some odd behavior when I had a WAN and LAN.
Basically it assigned the WAN as LAN and the LAN as WAN. So I set up the interfaces manually and that was all solved.
Now with just a WAN, resolver is slow to set up on boot and I had to enter the DNS servers manually.
Maybe just being glitchy because its running under vmware.
However at first it did do some odd behavior when I had a WAN and LAN.
Basically it assigned the WAN as LAN and the LAN as WAN. So I set up the interfaces manually and that was all solved.
Now with just a WAN, resolver is slow to set up on boot and I had to enter the DNS servers manually.
Maybe just being glitchy because its running under vmware.
115
17.7 Legacy Series / Re: [BUG] Default value of default gateway does not work
« on: October 25, 2017, 11:16:01 am »
Ahhh. So it's not just me!
I'm very new to opnsense so I just assumed I was doing something wrong. haha
I'm very new to opnsense so I just assumed I was doing something wrong. haha
116
General Discussion / Re: Any plans to scrap 32 bit support or to make AES-NI mandatory for install?
« on: October 24, 2017, 10:10:00 pm »
And I thought I needed to go get a life... Mr.hmm needs a GF or something.
117
General Discussion / Re: two questions to unbound
« on: October 23, 2017, 11:43:33 pm »
from console:
Dig google.com (or whatever)
or
nslookup google.com (or whatever)
Dig google.com (or whatever)
or
nslookup google.com (or whatever)
118
General Discussion / Re: Suricata on WAN int; very low CPU usage; is it really doing anything?
« on: October 22, 2017, 10:47:46 pm »
That's very odd. I've definitely noticed Suricata inspecting, alerting and warning on the WAN in the past. And blocking also.
Usually, its getting far fewer alerts when ran on a LAN (My experience), since if the firewall is doing its job at the wan and dropping a ton of uninvited connections Suricata monitoring the lan would never even see the traffic.
Usually, its getting far fewer alerts when ran on a LAN (My experience), since if the firewall is doing its job at the wan and dropping a ton of uninvited connections Suricata monitoring the lan would never even see the traffic.
119
17.7 Legacy Series / Re: Cannot get any thing through router. LAN-WAN or WAN-LAN
« on: October 20, 2017, 11:08:23 pm »
Firewall rules can break it if you played with them.
You can also break things by changing the LAN IP and not making the DHCP service match.
There are so many little things.
You can also break things by changing the LAN IP and not making the DHCP service match.
There are so many little things.
120
17.7 Legacy Series / Re: Newbie questions
« on: October 20, 2017, 03:03:13 pm »
When you say "filtering", what exactly do you mean?
I ask because suricata "filters" quite a bit and can be configured per interface.
But thats not the same sort of filtering you get with a proxy or transparent proxy.
Just checking to see that terminology wasn't causing problems.
I ask because suricata "filters" quite a bit and can be configured per interface.
But thats not the same sort of filtering you get with a proxy or transparent proxy.
Just checking to see that terminology wasn't causing problems.