OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of FWMan »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - FWMan

Pages: [1]
1
24.7 Production Series / VPN Kill Switch
« on: October 15, 2024, 04:28:20 pm »
Hi, I've setup a WG VPN as per https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html including the kill switch step suggested, which works fine but I noticed if I disable the WG gateway that I've created as part of those steps the traffic goes out the default route. I assume this wouldn't normally happen so the kill switch would stop it but I wanted to prevent this, so I added a block rule, see attached with the yellow arrow. This seems to work however if I have continous ping running from a machine in the VPN_Hosts group the ping continues to respond although internet access is blocked as expected. If I start a new ping thats blocked so why wouldn't it block ICMP that was already in progress?

I need to ensure that the VPN kill switch is solid. It mentions in the above instructions that there is a couple of ways to do this, what are these?

I would appreciate any recommendations on ensuring there is no scenario where the VPN Hosts could access the internet directly (even by ICMP etc).

Thanks

2
24.7 Production Series / Firewall log full of internal ICMP
« on: October 11, 2024, 04:10:29 pm »
Hi, I've noticed according to the firewall log an internal address is trying to ping itself constantly! This is very strange. See attached

My network is 192.168.0.1/24. I've checked ARP table and it only shows 192.168.0.x addresses as expected. Also checked routes and there is nothing for anything 10.x.x.x.

I wondered if it was something to do with VPNs, so I actually disabled both the OpenVPN and WireGuard services and its still continuing.

I downloaded the config XML and searched for 10.67.28.140 and 10.67 in and there is nothing found.

I don't have many plugins just ntopng.

Any ideas?

Thanks

3
Virtual private networks / WireGuard setup blocking access to clients
« on: September 20, 2024, 06:00:30 pm »
Hi, I've been through the instructions https://docs.opnsense.org/manual/how-tos/wireguard-client.html several times and think I have set it up exactly the same but when a client/peer connects they can't access the internet or any local resources.

In the firewall log there is blocks so the rule to allow WG_Home isn't working for some reason, I don't understand why?

Also there is some errors in the WireGuard log file. See attached screenshots.

Any ideas?

Thanks

4
Web Proxy Filtering and Caching / Website domain name block not working
« on: December 14, 2023, 03:56:24 pm »
Hi, I want to block certain website domains for the whole network. I've setup bbc.co.uk as an alias and created an alias with it added called Blocked_Internet_Sites. I've created the rule in LAN above the other rules but its not being blocked. FIREWALL: DIAGNOSTICS: ALIASES shows the bbc.co.uk IP addresses.

Please see attached screenshots. What have I done wrong?

Thanks

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2