Topics

106

Zenarmor (Sensei) / ZenArmor Integration into PFELK

« on: May 19, 2023, 09:31:53 pm »

Hello all,

Has anyone looked at integrating Zenarmor into PFELK, so that there is one place for visualization? I would suspect no but if the folks from Sunny Valley want to discuss I am happy to help. My PFELK instance is now operational.

Thanks,
Steve

107

Zenarmor (Sensei) / Zenarmor and Elasticsearch

« on: May 15, 2023, 03:41:41 am »

I noticed that Zenarmor supports both a local or a remote ES database. If I went the local route can I:

1) Reconfigure Zenarmor to point to a remote ES database when I deploy one?
2) Where does the local ES database get installed?
3) Point the ES local database to its own partition?

Down the road I am going to be deploying a PFELK instance, which will have a ES database. I will want to consolidate my Zenarmor ES database into the PFELK database.

Thanks,
Steve

108

Zenarmor (Sensei) / ZenArmor and Pihole

« on: May 10, 2023, 09:38:54 pm »

Hello all,

I have been using OPNsense and Pihole together in my home environment. I have recently installed ZenArmor and upgraded it to a Home license. Do I really need both Pihole and ZenArmor? I feel like this is duplication of functionality.

Thanks,
Steve

109

Virtual private networks / OpenVPN - V2.11.3

« on: May 04, 2023, 09:28:20 pm »

Hello all,

I see with OPNsense 23.1.7 we have updated OpenVPN to 2.6.3. Currently the most recent update is at 2.11.3. Is there anything precluding updating OpenVPN to 2.11?

Thanks,
Steve

110

Zenarmor (Sensei) / IPTV and Zenarmor Block

« on: May 04, 2023, 04:05:51 pm »

Hello all,

I turned on the block categories yesterday and my IPTV service got caught up in this. Which category does this fall into and can I exempt certain internal IPs from this?

Thanks,
Steve

111

General Discussion / DNS Miss??

« on: May 01, 2023, 05:54:14 pm »

Hello all,

In bringing up my new firewall I cannot seem to resolve Internet addresses on my local LAN.

I do a DNS lookup from the firewall(Diags/DNS Lookup) and I am able to resolve. When I try to ping Yahoo.com it tells me it cannot resolve. When I try to trace, with the source on my WAN it tells me unknown host. Under System/Settings/General I list my DNS servers with a gateway of my WAN interface

Ok what did I miss?

Steve

112

General Discussion / OPNsense on VMware

« on: April 30, 2023, 06:29:20 pm »

Hello all,

I am trying to virtualize my home OPNsense server on VMware ESXi 8. I have been able to spin up the vm, but when I begin to enable my vlans over their interfaces my OPNsense hangs up and goes dead. I then reboot it and lose all communication with it. I can no longer login to it via GUI and IP of LAN interface does not ping any longer.

Are there any gotchas in what I am trying to do? My hardware based OPNsense is all vlan, and I need this setup with my WiFi especially(multiple SSIDs). Is there a good forum or document that describes the process of implementing a solid virtualized firewall with vlans? I am able to deploy it using standard LAN and WAN interfaces but not with VLANs.

Thanks,
Steve

113

23.1 Legacy Series / OPNsense Misidentifying CPU in Unit

« on: April 30, 2023, 05:12:21 pm »

Hello all,

I am running 23.1.6 on a Lenovo M720Q, with an Intel 8100T CPU. OPNsense identifies it as a 2 core 2 thread CPU, when in fact it is a 4 core 4 thread CPU. Where does this CPU identification come from in the OPNsense software? Wanted to let you know of this.

Thanks,
Steve

114

General Discussion / CIDR and How Does OPNsense Use It

« on: April 20, 2023, 04:53:46 am »

Hello all,

I am in the midst of trying to build an OPNsense virtual firewall on a MSP's VMware vCD multi-tenant cloud infrastructure. Under vCD I create network segments in CIDR format(10.0.1.1/24, not 10.0.1.0/24). I have created each of my private LAN segments in "isolated" mode, meaning these segments have no access to the edge of the vCD world. Doing this allows the OPNsense firewall sit in front of these segments and handle everything that is needed for communication, whether it be DNS, routing, firewalling, and access to the outside world.

I am seeing curious issues when standing up a DHCP server on the OPNsense server. I see continual DHCPDISCOVER and DHCPOFFER but no DHCPACK. I have never seen this before. I have a physical OPNsense firewall at home and there are no issues with DHCP. I am wondering if the CIDR format of defining networks in vCD is conflicting with the OPNsense format. For example I have defined a network segment as 10.0.1.1/24 in vCD, meaning the gateway is at 10.0.1.1 but I cannot use this IP for my static LAN interface, as the IP is no longer available for use. I have to increment up one and use 10.0.1.2 as the static LAN interface IP. I wonder if that is conflicting with the 10.0.1.0/24 that the DHCP server on OPNsense announces in its startup log.

Help?! Anyone built on a vCD infrastructure? If I can figure this out then everything else works, including HA.

Steve

115

General Discussion / DHCP Server on a Multi Segment Network

« on: April 20, 2023, 02:57:40 am »

Hello all,

When I create a DHCP server for each segment on a multi-segment network does the DHCP server reside on each segment or does it reside on the LAN segment?

Thanks,
Steve

116

General Discussion / DHCP Weirdness

« on: April 19, 2023, 05:02:30 am »

Hello all,

I have a virtual firewall setup on ESXi. Its operating fine with the exception of DHCP. The three segments behind my firewall are what I call isolated networks and are relying on OPNsense to handle everything, including routing and other services, DHCP being one of those services. When I setup my DHCP server and setup a vm to obtain its IP from the DHCP server I get weird info back from the log, as shown in the attached screenshot. I do not understand why this is not DHCPACKing.

Anyone seen this before?

Steve

117

General Discussion / Automating OPNsense Install

« on: April 17, 2023, 08:30:45 pm »

Hello all,

Has anyone spent time trying to automate the OPNsense install, so that it takes into consideration how you want your NICs defined at install time? Just trying to see how I can have an update install without all the initial NIC configuration.

Thanks,
Steve

118

23.1 Legacy Series / Deploying OPNsense in a vCD World

« on: April 16, 2023, 09:21:03 pm »

Hello all,

I am working to deploy a firewall within a provider's vCD environment. I am able to deploy the vm just fine but I am noticing that I cannot enable guest customizations when using a FreeBSD image, whether it be the OPNsense ISO or a straight vanilla FreeBSD ISO. I was wondering if anyone has had any luck in a vCD world and how did you get the Guest OS Customization edit button to not be greyed out.

Thanks,
Steve

119

High availability / Pool of Public Addresses

« on: April 16, 2023, 05:51:41 pm »

Hello all,

I have a pool of 6 IPs for public facing devices. In a HA config how would I best configure my physical interfaces and my VIP. Can I do this with static IPs on all? Does OPNsense like this form of config?

Steve

120

High availability / CARP - What Does This Msg Mean

« on: April 15, 2023, 10:53:50 pm »

Hello all,

I have setup my HA pair of firewalls and I think all is working well. Right now my secondary firewall is turned off. I turned on what should be my primary firewall but I am seeing some msgs that lead me to believe it thinks it is a backup? Please see attached screenshot.

What do these CARP msgs mean? Am I getting this bc the secondary is indeed turned off?

Thanks,
Steve