OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of atom »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - atom

Pages: 1 ... 4 5 [6] 7 8 ... 14
76
German - Deutsch / Re: VPN - IPsec - Mobile Clients und DNS
« on: October 18, 2022, 11:50:09 am »
Hallo Norbert,

kannst Du mal einen Screenshot von "VPN: IPsec: Mobile Clients" posten ?

Viele Grüße,
atom

77
Virtual private networks / Re: Shrew VPN Client Connected but Security Associatetions Failed
« on: August 08, 2022, 10:29:23 am »
Hi,

Version 2.2.2 does not support IKE, technically only 2.2.1 works.
But basically I advise against using it, because the Shrew client is no longer maintained and also only supports IKEv1.

Regards,
atom

78
22.7 Legacy Series / Re: Congratulations on a job well done
« on: July 28, 2022, 07:34:00 pm »
The upgrade of my APU2 test box worked without problems.

79
Virtual private networks / Re: IPSec site-to-site traffic not flowing after a while, even though link is up
« on: May 24, 2022, 12:04:08 pm »
The IPsec logs are written to /var/log/ipsec. Just have a look at the most recent file ( and post if you have any questions ).

80
Development and Code Review / Re: Alias "port group"
« on: May 05, 2022, 01:32:32 pm »
Yes, quite obviously.   :)

Thanks

81
Development and Code Review / Re: Alias "port group"
« on: May 05, 2022, 10:03:40 am »
No, I did not notice, but now ...


82
Development and Code Review / Re: Alias "port group"
« on: May 05, 2022, 09:40:08 am »
I'm using the latest version 22.1.6.
I can create new aliases without any problems, but I cannot create aliases with the content of existing aliases, because the drop down box always shows the same entries.

Alias type hosts -> content of drop down box with 11 entries
Alias type networks -> ontent of drop down box with 11 entries
alias type ports -> ontent of drop down box with 11 entries
alias type URL -> ontent of drop down box with 11 entries
alias type URL Table -> ontent of drop down box with 10 entries
alias type MAC adresss ->  ontent of drop down box with 11 entries
alias type Dynamic IPv6 Hosts ->  ontent of drop down box with 11 entries

only for GeoIP and Network group  is the content of the drop down box correct.

The content of the drop down box always contains the following entries:
1 x GeoIP
8 x Network
2 x Host

At the moment 161 aliases are defined.

83
Development and Code Review / Re: Alias "port group"
« on: May 05, 2022, 08:56:58 am »
Hello zerwes,

I am not able to build new port aliases from existing port aliases, because in the drop down box I am only offered a few hosts instead of ports.
It doesn't matter if I select hosts, ports or mac addresses, the drop down box always shows only ( a few) hosts.

Regards,
atom

84
Development and Code Review / Alias "port group"
« on: May 04, 2022, 05:21:22 pm »
Hello,

Would it be possible to get an alias "port group" analogous to "network group" ?
It would make creating firewall rules easier because you could combine "network group" with "port group".

Thanks a lot,
atom

85
German - Deutsch / Re: IPSec Logging
« on: April 13, 2022, 03:09:21 pm »
Schwer zu sagen, wo das Problem liegt. Dazu müsste man auch mal das Log der anderen Seite sehen.
Verwunderlich ist z.B. dass die Anwort hier z.B. erst nach 5 Minuten erfolgt.

Code: [Select]
<30>1 2022-04-12T00:00:26+02:00 fw1.local charon 2623 - [meta sequenceId="518"] 09[NET] <con1|44742> sending packet: from 198.51.100.194[4500] to 203.0.113.154[4500] (480 bytes)
<30>1 2022-04-12T00:00:31+02:00 fw1.local charon 2623 - [meta sequenceId="519"] 11[NET] <con1|44740> received packet: from 203.0.113.154[4500] to 198.51.100.194[4500] (80 bytes)

Wenn das ein site2site-Tunnel sein soll, warum ist Mobike aktiv ?

86
German - Deutsch / Re: IPSec Logging
« on: April 13, 2022, 09:56:00 am »
Um so öfter die Schlüssel neu ausgehandelt werden müssen, umso mehr Log-Einträge werden erzeugt.
Die Empfehlung des BSI liegt bei 86400 / 14400. (Punkt 3.4)

https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-3.pdf

87
German - Deutsch / Re: IPSec Logging
« on: April 12, 2022, 12:05:24 pm »
Hallo,

ich würde die Lifetime von 3600 auf 86400 in Phase 1 erhöhen. Phase 2 sollte auf 3600 bleiben.

Gruße,
atom

88
Virtual private networks / Re: Mobile IPsec with TOTP
« on: March 18, 2022, 09:38:25 am »
Do you know an OTP solution that radius offers ?

89
Virtual private networks / Re: Mobile IPsec with TOTP
« on: March 17, 2022, 07:09:07 pm »
Do you have an example of an external solution ?

90
Virtual private networks / Re: Mobile IPsec with TOTP
« on: March 17, 2022, 05:05:47 pm »
Update:

I've manually created the ipsec.secrets file in /usr/local/etc/ipsec.secrets.opnsense.d .
The possibility to select TOTP as "backend for authentication" is just fake. Only the password from the /usr/local/etc/ipsec.secrets.opnsense.d/ ipsec.secrets is sufficient to authenticate on the Windows.

Pages: 1 ... 4 5 [6] 7 8 ... 14
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2