Messages

1

21.7 Legacy Series / Re: getting 500 internal server error

« on: August 30, 2021, 08:10:07 pm »

ah I see now: https://forum.opnsense.org/index.php?topic=24304.msg116518#msg116518

Thanks for the info Franco.

2

21.7 Legacy Series / Re: getting 500 internal server error

« on: August 30, 2021, 08:00:16 pm »

Franco,

On the dashboard it shows I am using LibreSSL 3.3.3, is that the information you need?

3

21.7 Legacy Series / Re: getting 500 internal server error

« on: August 30, 2021, 06:48:04 pm »

are you also running version 21.7.1?

4

21.7 Legacy Series / getting 500 internal server error

« on: August 27, 2021, 06:00:50 pm »

getting a strange error here, I am on 21.7.1 and am trying to create an internal CA under system -> trust -> authorities, I fill in the fields but when I click save I get:

5

High availability / IPsec with HA and Carp failover issue

« on: August 23, 2021, 10:03:27 pm »

Running into an issue with IPsec: I have a pair of firewalls with HA and a single opnsense firewall, the IPsec tunnel is able to establish on the primary firewall with the WAN1 VIP but when I enter CARP maintenance mode the IPsec tunnel does not establish on the standby firewall when it's active. The only way I can get this to work is utilizing DPD with time of 1 second and action of restart on the stand alone firewall. I do have MOBIKE disabled on the HA pair and the stand alone firewall.

Firewall version: 21.7.1

Any help is appreciated.

6

High availability / Re: IPSec Site to Site Tunnel with HA

« on: August 23, 2021, 04:53:56 pm »

I updated to 21.1.7 and ran that patch, before I had 43 auto generated rules, I have about 6 IPsec tunnels and after applying the patch I only have 1 auto generated rule.

7

21.1 Legacy Series / Re: netflow with URLs instead of public IPs?

« on: July 27, 2021, 04:20:20 pm »

so the request has been changed, any way to configure netflow to show URLs instead of public IPs?

8

21.1 Legacy Series / netflow with URLs instead of public IPs?

« on: July 26, 2021, 04:47:47 pm »

Hey guys,

still doing research on my end but figured I would get the ball going here, is there a way to do some kind of active directory integration and allow the opnsense firewall to be user aware with netflow?

9

21.1 Legacy Series / Re: Can I challenge let's encrypt with opnsense natted?

« on: May 05, 2021, 07:45:05 pm »

KHE,

Thanks for that, I will give that a shot.

10

21.1 Legacy Series / Re: Can I challenge let's encrypt with opnsense natted?

« on: May 05, 2021, 04:46:55 pm »

@lfirewall1243,

Can you provide screenshots of the changes you made? I am also needing this and yes I am providing services.

Thanks,

11

General Discussion / Re: migrating from Fortigate to opnsense any recommendations are appreciated!

« on: May 03, 2019, 07:40:59 pm »

so here is my game plan:

create objects (aliases)
create object groups (nested aliases)
create the ACLs
Create NAT rules

12

General Discussion / migrating from Fortigate to opnsense any recommendations are appreciated!

« on: May 03, 2019, 04:54:48 pm »

Hey guys,

I am migrating a Fortigate firewall to Opnsense. Not sure if anyone has ran into this before or has a suggestion for migrating, FYI I haven't poked around or know my way around Fortigate, all I have is the running-config via text.

13

18.7 Legacy Series / Re: Dead Peer detection

« on: December 17, 2018, 06:49:21 pm »

Thanks for the reply. So here is my scenario: I am using Opnsense here and have a site to site IPsec setup to a meraki firewall. The meraki firewall does have a 2nd WAN IP. If the active WAN IP goes and transitions to the 2nd WAN IP how does dead peer detection work? Does it detect that the active WAN IP is down due to no traffic? and does the opnsense keep trying to establish a tunnel with the previous WAN IP?

14

18.7 Legacy Series / Dead Peer detection

« on: December 17, 2018, 04:21:50 pm »

How does dead peer detection work for site to site VPN using IPsec? I have read some articles but the version associated with those articles are for 1.2, but I am on 18.7. Does this utilize ICMP or is it used to detect IKEv1/IKEv2 failure?

15

18.7 Legacy Series / Re: Site to Site VPN failover

« on: December 11, 2018, 03:48:27 pm »

The setup is going from OPNSense to ASA.