Messages

Hi all,

I've got an OPNsense installation with 2 VLAN (VLAN10 and VLAN20), and I've noted under "Firewall: Rules: VLAN10" there are 3 "Automatically generated rules" but I cannot see the same under "Firewall: Rules: VLAN20".

So I would kindly ask how these rules are assigned to interfaces under firewall?

Thank you in advance.

Cheers,
Svenny

I've found the solution: in Interface -> My_Interface -> IPv4 Upstream Gateway option I have to choose the right gateway and not "Auto-detect". Now Dynamic DNS works for the second gateway too!

Cheers,
Svenny

Hi all, I'm trying to set Dynamic DNS (FreeDNS service) with a multiWAN (2 gateways) installation but I always receive the IP of the default gateway as an answer to DNS queries. For Dynamic DNS configuration I've choosen the right "Interface to monitor" for each interface.

I read the following post where the problem had already been highlighted in the past:

https://forum.opnsense.org/index.php?topic=5692.0

I tested some command on the shell with curl which return the same IP address:

Code Select Expand


root@OPNsense:~ # curl --interface pppoe0 ifconfig.me
1.2.3.4
root@OPNsense:~ # curl --interface re1 ifconfig.me
1.2.3.4


Is there a way to resolve this issue?

Many thanks in advance.

Cheers,
Svenny

You're right, I did not search the forum, sorry.

Problem solved. Thank you.

Cheers,
Svenny

It works with Duck DNS!

Cheers,
Svenny

I received the following log:

Code Select Expand



Jun 29 16:41:40 OPNsense.localdomain php-cgi[64680]: /services_dyndns_edit.php: Dynamic DNS (mypersonal.domain.com): _checkStatus() starting.
Jun 29 16:41:40 OPNsense.localdomain php-cgi[64680]: /services_dyndns_edit.php: Dynamic DNS (mypersonal.domain.com): Current Service: freedns
Jun 29 16:41:40 OPNsense.localdomain php-cgi[64680]: /services_dyndns_edit.php: Dynamic DNS (mypersonal.domain.com): PAYLOAD: Error 404 : Page not found
Jun 29 16:41:40 OPNsense.localdomain php-cgi[64680]:
Jun 29 16:41:40 OPNsense.localdomain php-cgi[64680]: /services_dyndns_edit.php: Dynamic DNS (mypersonal.domain.com): (Unknown Response)



Cheers,
Svenny

Hi all, I'm also interested in this feature. Is it possible to install pfnattrack without breaking something in OPNsense?

Many thanks.

Cheers,
Svenny

I think that problem has something to do with this:

https://forum.opnsense.org/index.php?topic=10183.0

I followed the suggestion proposed by franco (I had already done this):

https://github.com/opnsense/core/issues/2914#issuecomment-439904741

but it does not change things.

Versions:
        OPNsense 21.1.5-amd64
        FreeBSD 12.1-RELEASE-p16-HBSD
        OpenSSL 1.1.1k 25 Mar 2021

Cheers, Sven

Hi all,

I've tried to add an Android Gateway to my OPNsense setup through the use of a Raspberry Pi and an Android phone working in USB tethering. This gateway is going to be connected when needed. I'm not going to use it in a Multi-WAN environment, just using it through policy routing. It's working nicely but I have found some "anomalies", probably because I didn't follow the steps in a correct order...

I've assigned my re1 interfaces as OPT1 and I've configured it:

Code Select Expand


IPv4 address -> 192.168.42.214/24
IPv4 Upstream Gateway -> Auto-detect


The I've configured the gateway as follows:

Code Select Expand


Name      Interface Protocol Priority Gateway      Monitor IP
ANDROIDGW OPT1 IPv4 255    192.168.42.129 8.8.4.4


Then I've added a rule to accept traffic for DNS from LAN:

Code Select Expand


Protocol Source Port Destination Port Gateway
TCP/UDP *         *     This Firewall 53 (DNS)


Followed by policy routing rule for the Android Gateway:

Code Select Expand


Protocol Source   Port Destination Port Gateway
any          IP_My_PC     *              *             *      ANDROIDGW


I thought that being OPT1 connected to a gateway OPNsense would have added a rule for it in the Outbound NAT, but it's not like this. The only rule for Outbound NAT is for the WAN:

Code Select Expand


WAN LAN networks, Loopback networks, OPT1 networks, 127.0.0.0/8, 10.10.0.0/24


And OPT1 interface is there as if OPNsense would treat it as an internal interface. So I switched Firewall:NAT:Outbound mode to Hybrid and added a rule for NAT on OPT1 and it just worked.

I've tried also to setup the OPT1 interface "IPv4 Upstream Gateway" as "ANDROID GW 192.168.42.129" (instead of Auto-detect) but that does not change things.

So I'm here to ask: is there a way to tell OPNsense that OPT1 is not an internal interface and it should not be listed as source in the WAN Outbound NAT rule? is there a way to add automatic Outbound NAT rule for an interface connected to a gateway?

Sorry for the long post and many thanks in advance for your time.

Cheers, Sven

Many thanks for your reply. I would not enforce password changing to my users, I'll just suggest changing the password every 90 days via OPNsense GUI when they are connected to LAN (yes I'll use the local database of OPNsense). I've tested it now, it's even possible to change user's password when connected through the VPN, without loosing connection.

Hi all,

I want to offer my users the opportunity to change their password, so through "System: Access: Users: System Privileges" I gave them the "System: User Password Manager" permission. This is intended for VPN password changing every 90 days, so the users are able to change their password without admin intervention.

Is it safe to give out this kind of permission? (Access to the OPNsense GUI is allowed only via LAN.)

Many thanks in advance.