Messages

Still working through the SSL VPN setup "How-To" guide (https://docs.opnsense.org/manual/how-tos/sslvpn_client.html).

Trying to follow the guide in Step 2, "Firewall Rules" - to allow traffic from the VPN clients to the LAN interface. Specifically, in the rule for the OpenVPN interface, it seems that I'm missing something because I do not see an "OpenVPN Clients" option in the drop-down for that firewall rule (as shown in the "How-To guide"); all I get is the phrase "Nothing Selected".

Could it be that the guide has omitted a step for creating an OpenVPN client?

I think I've sorted the intention of the instructions. As it turns out there is a Google Authenticator app for iPhones, and it has a scan feature that made quick work of the graphic/bar code (whatever). And FWIW, there is also a Google Authenticator 'extension' for Chrome, and I imagine you can use this in lieu of a mobile phone (untried).

That said, the Docs are misleading, but a minor amount of word-smithing could fix that easily.

I've found what seems to be a glaring error in the 'How-To' Docs on the subject of "Setup SSL VPN Road Warrior" at the following URL:

https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

All is well until the end of Step 0; specifically, the following passage:

"Click Save and you will be redirected to the User page. Now we will activate your newly created seed with Google Authenticator. To do so click in the (i) symbol on the left of OTP seed now you will see a link to the google authenticator image. Click on it and it will open in a new browser window and an image will be displayed. This image can be scanned with you mobile see also: Configure 2FA TOTP & Google Authenticator."

In the first place, the GUI does not do what's described here: 'click the (i) symbol' only hides or reveals the Help tip. THERE IS NO URL revealed.

Second, clicking the Google Authenticator Image does nothing at all. If I scan it in my iPhone, it tells me that there IS NOT a Google Authenticator client available for iPhone!  If this was intended to be Google-centric, or Android-specific, this should have been stated in the beginning (rather than wasting someone's time reading instructions that won't work).

OTP is great stuff, and my hat's off to the project for incorporating it in OPNsense. However, the Docs should reflect reality, not wishful thinking.

~S

P.S. Here's my version info:
OPNsense 18.1.2_2-amd64
FreeBSD 11.1-RELEASE-p6
OpenSSL 1.0.2n 7 Dec 2017

Following the "HOW-TO" for "Setup SSL VPN Road Warrior"... Everything was progressing as expected, until the step called "Adding a User"; specifically these instructions:

Click Save and you will be redirected to the User page. Now we will activate your newly created seed with Google Authenticator. To do so click in the (i) symbol on the left of OTP seed now you will see a link to the google authenticator image.

Unfortunately, clicking the 'i' symbol specified does nothing! No link is presented. I've attached a partial screen shot of the relevant area.

Any ideas??

I've just upgraded my firewalls from pfSense to OPNsense. I'm struggling with two items, one of which I struggled with using pfSense also. Without further ado:

Requirement 1. I need to do remote administration of my firewalls. I understand there is some risk associated with this, but I simply have no (practical) choice.

Requirement 2. I need to be able to use the VPN feature to actually connect to hosts behind my firewall... this is the only real value of the VPN for me in this context.

Question #1: Can I use the VPN to connect to the webGUI via the LAN port (instead of a direct connect ot the WAN port)?

Question #2: Alternatively, could/should I use SSH to access the webGUI through an "SSH tunnel"?

Question #3: Once I have the VPN (OpenVPN) working, what other steps must I take to gain access to my internal hosts?