Topics

1

19.7 Production Series / OpenVPN - retrieve connected clients

« on: October 10, 2019, 10:25:14 pm »

Hello,

i need to set static IP for special openvpnclients... but, it doesn't work in the way how it was working on plain openvpn config: i'm trying to add "ifconfig-push 192.168.200.200 255.255.255.0"  to Client Override config.

client can't connect with this setting.

So, if there are problem to set static address - is it possible somehow to get ip addresses thru RestAPI (maybe there are hidden feature) or thru cli interface (like connect thru ssh and run "openvpn get clients")

both ways will work, also like setting static IP

2

19.1 Legacy Series / nginx 1.7: banning, even if Learning Mode on.

« on: February 06, 2019, 08:17:53 pm »

latest opnsense with latest nginx module.

i turned  Learning Mode for every location ON, and still see errors: Unsucessful status code You got banned permanently from this server.

how to turn this blocking rule? or to setup for bypass all traffic?

3

19.1 Legacy Series / OpenVPN - two servers. First working as needed, second - not.

« on: January 30, 2019, 08:15:30 pm »

Hello!

I have setup - opnsense 19.1 (but i updated today, was 18 series, problem the same.)

and 2 openvpn server instances:
* Roadwarriors - Remote Aceess + LDAP auth
* site-to-site - Peer to Peer SSL/TLS

First one working as expected - every client connects and gets to internal network.
Second - client connects, but it cannot access to local network.
Only gate is accessable.

On firewall i see only one OpenVPN tab. (on pfsense every vpn instance creates its own tab).
and i thought, broblem is firewall... but i have only one rule - pass all.
 
next, i tried to assign ovpns2 interface. And Firewall with this interfaces created. But, it doesn't help too.

what it could be? how to access local network from "Peer to Peer" connection?

4

18.7 Legacy Series / TOR: is it possible to use tor router only for blocked resources?

« on: December 20, 2018, 02:29:25 pm »

Hello,

i'm trying to configure TOR to bypass blocks, that made our government (we are not allowed to use linkedin, slack and telegram, for example).

nowadays, i use additional VPS with openvpn + alias setting to route several services. 
but, now i learned about TOR, and i think it can help me.

i've downloaded package, turned it on, and created setup on local machine - added TOR as Socks Proxy - and i was able to access it.
With that - i found, that all traffic goes thru TOR, which slows down main connections.


Next i found setting "Fascist Mode", but i can't understand how it should work?

if i turn it on - nothing changes.


could you please point me where is my mistake?

5

18.7 Legacy Series / os-openconnect as Cisco AnyConnect

« on: October 05, 2018, 01:27:06 pm »

Hello,

i'm migrating to  OPNsense from pfsense... and found great module - os-openconnect.
on pf i was using plain openconnect from pkgs.

and it was not very comfortable to use, cause i had to manage NAT rules manually (i wrote a simple script, but it needs to be updated sometimes)
so.

problem is - there is no way to add authgroup, certificate and key in web GUI on opnsense.
So, my workaround - is to edit

Code: [Select]

/usr/local/etc/rc.d/opnsense-openconnect  and add needed keys to the start function:

Code: [Select]

openconnect_start()
{
        echo "starting openconnect"
          echo ${openconnect_flags}
/usr/local/sbin/openconnect --authgroup SSLVPNClient -c /path/to/crt.cer -k /path/to/crt.key ${openconnect_flags} < /usr/local/etc/openconnect.secret 2>&1 > /dev/null
        sleep 5
ifconfig tun30000 name ocvpn0
ifconfig ocvpn0 group ocvpn
return 0
}

and it works fine.
Where can i create Feature Request for it?


And there is a bug - some servers asks for username with case sensitive requrements. Web GUI doesn't allow it. So i had to remove it in config and put it on rc.d script too