Topics

1

Intrusion Detection and Prevention / IPS allowing traffic despite policy is set to drop

« on: April 22, 2023, 05:32:26 am »

I have configured Suricate on WAN interface, enabled IPS mode, downloaded and installed ET Telemetry rules and added token, created policy with all rulesets selected, action set to Alert and new action set to Drop, the other parameters have all been left to default values.
I started getting alerts in Services>Intrusion Detection>Administration>Alerts however it shows 'allowed' in action column instead of blocked.
Kindly could anyone please shed some light on how to properly configure Suricata in IPS mode to actually block traffic?

2

21.1 Legacy Series / Captive portal LDAP authentication not working but access tester works

« on: May 06, 2021, 08:31:25 pm »

Hi all, I am experiencing some issues with getting captive portal LDAP authentication working. The external LDAP authentication server was configured correctly in OPNsense and it works fine when testing via System > Access > Tester, however the captive splash screen authentication returns authentication failed.
Does anybody have any hints on what could be the root cause of this issue ?
I am running latest 21.1.5 release.

3

20.1 Legacy Series / ftp-proxy: bind failed: Address already in use

« on: June 02, 2020, 09:04:05 am »

Hello all, i am trying to setup ftp-proxy to allow external FTP clients to connect to internal FTP server, i followed the wiki and the setup should be ok however ftp-proxy is not starting (yellow background shown).
Starting from CLI it shows the following

# /usr/local/etc/rc.d/os-ftp-proxy start
osftpproxy is not running.
Starting osftpproxy.
ftp-proxy: bind failed: Address already in use
/usr/local/etc/rc.d/os-ftp-proxy: WARNING: failed to start osftpproxy

however there is nothing already bound to 127.0.0.1:8021

# netstat -ln | grep 127.0.0.1
tcp4       0      0 127.0.0.1.27017                               127.0.0.1.10607                               ESTABLISHED
tcp4       0      0 127.0.0.1.10607                               127.0.0.1.27017                               ESTABLISHED
tcp4       0      0 127.0.0.1.27017                               127.0.0.1.34104                               ESTABLISHED
tcp4       0      0 127.0.0.1.34104                               127.0.0.1.27017                               ESTABLISHED
udp4       0      0 127.0.0.1.53                                  *.*                                           
udp4       0      0 127.0.0.1.123                                 *.*                                           
udp4       0      0 127.0.0.1.46849                               127.0.0.1.9996                               
udp4       0      0 127.0.0.1.60625                               127.0.0.1.9996                               
udp4       0      0 127.0.0.1.27715                               127.0.0.1.9996                               
udp4       0      0 127.0.0.1.2056                                *.*                                           
udp4       0      0 127.0.0.1.2055                                *.*                                           
udp4       0      0 127.0.0.1.29634                               127.0.0.1.2055       

Any ideas about what could be causing this issue ?

ftp-proxy setup is the same shown in reverse FTP proxy tutorial on this forum, I have just set the source address to match the WAN CARP address where the remote FTP clients will connect to and the reverse address to match the internal FTP server IP address.

4

20.1 Legacy Series / CARP issue with one single VLAN - backup on both units

« on: May 16, 2020, 04:49:54 pm »

Hi all, I am experiencing an issue with a single CARP interface shown in backup status on both master and backup units. My HA setup consists of a primary unit and a backup unit, with multiple interfaces (WAN, LAN and VLANs on LAN interface). HA is correctly configured and it's working fine for all VIPs except for a single CARP interface for a recently added VLAN, this VIP is shown in backup status on both units.
I tried everything I could to get the issue solved, tried entering maintenance mode, disabling CARP, rebooting both units, removing and adding the CARP interface again.
I have checked the VHID and it's correct on both units, every single interface has a unique VHID assigned.
Does anyone know what could be causing such issue ?

5

20.1 Legacy Series / IPsec road warrior VPN setup compatible with Windows, Apple and Android

« on: April 18, 2020, 06:40:15 pm »

I am struggling with setting up road warrior VPN to allow remote clients to connect to corporate network, remote clients running different OS, Windows 7 and above, Mac OS/X and some Apple IOS and Android mobile clients.
I can't get a proper configuration working, I have followed all the wiki pages and tried multiple configurations many times and the only configuration I could get working on Apple Mac and IOS mobile clients is Mutual PSK + XAuth with V1 key exchange.
All other configurations I tried as per wiki pages are not working, including IKEv2 EAP-MSCHAPv2 (tried and reviewed many times the configuration).
I have read many topics on this forum and couldn't find a clear path to configure IPsec VPN and it seems like the wiki pages are lacking some details.
I would appreciate any help from someone who already experienced the same issues and could share some deeper details on how to configure IPsec VPN to allow different clients to connect.
Thanks in advance everybody.

6

20.1 Legacy Series / Assigning static virtual IPs to IPsec VPN users

« on: February 15, 2020, 05:35:46 pm »

Hello, I searched a lot about this subject however couldn't find any specific information related to IPsec VPN tunnels.
Is there any way to assign static virtual IPs to local VPN users ?