OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of nikkon »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - nikkon

Pages: 1 [2] 3 4 ... 7
16
Virtual private networks / Re: wireguard point to point guidance
« on: February 10, 2022, 09:37:48 am »
it works. the tunnel is up. the interface has been created.
Now I need to figure out how to route traffic through the tunnel

thank you

17
Virtual private networks / Re: wireguard point to point guidance
« on: February 09, 2022, 11:37:31 am »
thanks for sharing this.
let me go through this and see how it turns out :)

18
Virtual private networks / wireguard point to point guidance
« on: February 09, 2022, 09:37:16 am »
Hello,

Did anyone managed to set a point-to-point Wireguard VPN?
Can you please point me to some docs (the one on opnsense is incomplete i believe)

Thanks

19
Tutorials and FAQs / Re: HOWTO - Routing Opnsense traffic over SurfsharkVPN
« on: January 21, 2022, 11:19:34 am »
something happen after the last update.
I cannot route 1 internal IP through the VPN tunnel anymore.
Does it work for the rest of you?


20
Hardware and Performance / Re: Ten64 NXP CPU
« on: August 21, 2021, 03:24:24 pm »
I believe so.

21
Hardware and Performance / Ten64 NXP CPU
« on: August 19, 2021, 11:16:52 am »
Hello,

Did anyone tested this hardware? looks pretty awesome
https://www.traverse.com.au/hardware-1.html


22
Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6
« on: August 14, 2021, 03:39:34 pm »
On the 21.7.1 version the DoT doesn’t work easy. Required 3 service restarts. No idea why.
Once I define and enable the entries under Unbound -> DNS over TLS and enable 1 of them, dns is dead.

2021-08-14T15:37:31   unbound[96235]   [96235:0] info: mesh has 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 21 recursion replies sent, 0 replies dropped, 0 states jostled out   
2021-08-14T15:37:31   unbound[96235]   [96235:0] info: server stats for thread 7: requestlist max 4 avg 0.545455 exceeded 0 jostled 0   
2021-08-14T15:37:31   unbound[96235]   [96235:0] info: server stats for thread 7: 146 queries, 125 answers from cache, 21 recursions, 1 prefetch, 0 rejected by ip ratelimiting

Finally it started working

https://1.1.1.1/help#eyJpc0NmIjoiTm8iLCJpc0RvdCI6IlllcyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJBTVMiLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==

23
Hardware and Performance / compatible USB Wifi
« on: February 17, 2021, 09:14:54 am »
Hi there

Is there any compatible USB WIFI that works with Opnsense?
Has anyone tested any?

thanks
 

24
Tutorials and FAQs / Re: HOWTO - Routing Opnsense traffic over SurfsharkVPN
« on: January 24, 2021, 01:11:40 am »
I believe you could use it too

25
Tutorials and FAQs / Re: HOWTO - Routing Opnsense traffic over SurfsharkVPN
« on: January 16, 2021, 12:10:22 am »
Hi,

If you route all your traffic, or one entire network then I believe it makes sense not to check it.
I only need one IP to be routed and this was the only way.

however note that this option still allows the server to set the TCP/IP properties of the client's TUN/TAP interface.

All the best from Amsterdam


Sent from my iPad using Tapatalk

26
Tutorials and FAQs / HOWTO - Routing Opnsense traffic over SurfsharkVPN
« on: January 11, 2021, 12:04:57 am »
Hi all,

My first time writing a howto, if there are inconsistencies just let me know and I'll be happy to address them.
Long story short: I was looking for a VPN provider for only 1 of my local ips (one Jail in particular). As so I decided to go with SurfShark VPN, and bellow is the step-by-step config:

Step 1
  Create SurfShark account and login
  Once in, Go to Manual Setup -> Manual -> Credentials. (Keep those safe)
  Switch back to Files and choose one of the servers you want (servers in the respective country you decide you
  will use as exit point)

Step 2
   In Opnsesen: Go to System -> Trust -> Certificates
     Press on + Add button. Then fill the fields out like this:
Descriptive Name: SurfsharkVPN
Method: Import an existing Certificate Authority
Certificate data:

-----BEGIN CERTIFICATE-----
MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV
BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS
b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE
BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv
b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o
SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua
Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C
c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp
FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI
yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn
TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe
ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t
tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP
SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m
iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z
CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD
ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z
S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf
ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+
303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q
5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx
KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK
ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG
EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq
X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087
FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC
LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI
623cSEC3Q3UZutsEm/UplsM=
-----END CERTIFICATE-----

This data can be also found in the CA&TLS certificates archive under the "Other configuration files" section on your SurfShark account.

Step 3
   In Opnsense: Under VPN -> OpenVPN -> Clients 
   Add new client:
  Disable this client: leave unchecked.
  Server mode: Peer to Peer (SSL/TLS);
  Protocol: UDP on IPv4 only (you can also use TCP);
  Device mode: tun – Layer 3 Tunnel Mode;
  Interface: WAN; (whatever name your wan interface has)
  Local port: leave blank;
  Server host or address: The server hostname that you want to connect to from the list of servers from
  Step 1
  Server port: 1194 (use 1443 if you use TCP as I do);
  Proxy host or address: leave blank;
  Proxy port: leave blank;
  Proxy Authentication: None;
  Description: Any name you like.
 
  Remember to use your credentials from step1 (the one advised to be kept safe  :P)
 
  Enable TLS Authentication for packets and use the following TLS Key:

-----BEGIN OpenVPN Static key V1-----
b02cb1d7c6fee5d4f89b8de72b51a8d0
c7b282631d6fc19be1df6ebae9e2779e
6d9f097058a31c97f57f0c35526a44ae
09a01d1284b50b954d9246725a1ead1f
f224a102ed9ab3da0152a15525643b2e
ee226c37041dc55539d475183b889a10
e18bb94f079a4a49888da566b9978346
0ece01daaf93548beea6c827d9674897
e7279ff1a19cb092659e8c1860fbad0d
b4ad0ad5732f1af4655dbd66214e552f
04ed8fd0104e1d4bf99c249ac229ce16
9d9ba22068c6c0ab742424760911d463
6aafb4b85f0c952a9ce4275bc821391a
a65fcd0d2394f006e3fba0fd34c4bc4a
b260f4b45dec3285875589c97d3087c9
134d3a3aa2f904512e85aa2dc2202498
-----END OpenVPN Static key V1-----

TLS Key Usage Mode: TLS Authentication
Peer certificate authority: SurfsharkVPN;
Client certificate: webConfigurator default or as in my case the Let's Encrypt one
Encryption Algorithm: AES-256-GCM
Enable NCP: Check.
NCP Algorithms: AES-256-GCM (256 bit key, 128 bit block)
Auth digest algorithm: SHA512 (512-bit)
Hardware Crypto: No hardware crypto acceleration.
Don't pull routes: check
Compression: No prefference

Add this under Advanced:
   tls-client;
   remote-random;
   tun-mtu 1500;
   tun-mtu-extra 32;
   mssfix 1450;
   persist-key;
   persist-tun;
   reneg-sec 0;
   remote-cert-tls server;

Step 4
   In Opnsense interface go to Interfaces -> Assignment -> Add Interface ovpnc1 (in my case) to the interfaces and give it a name (in my case is simply Surfshark)
   Once the interface is created:  IPv4 Configuration Type : None

Step 4.1
   If you want all your traffic to be routed via Surfshark, then select this new created interface as the outgoing interface for DNS (Unbound & any other resolver)
   In order for the DNS to work, you need to :
   check Forwarding Mode
   uncheck DNSSEC support
   Services-> Unbound DNS-> Advanced: check both Hide Identity & Hide Version
   
Step 5
   Firewall -> NAT-> Outbound:  change from Automatic outbound NAT rule generation
  (no manual rules can be used) to Hybrid outbound NAT rule generation
  (automatically generated rules are applied after manual rules)
   Add one rule :
   Interface      Source                                 Source Port                   Destination       Destination Port   NAT Address      NAT Port   Static Port   Description   
Surfshark   <localhost you want to route >     <ports you want to route>     *                         *   Interface address   *   NO    SurfSharkVPN

#this will apply only to 1 host in your network
If you want to route all your traffic simply change source with the ip address of your lan interface (192.168.1.1/24 as example)

Step 6
Firewall-> Rules-> Surfshark
Protocol   Source       Port   Destination        Port   Gateway                Schedule   Description    
IPv4 *   Lan_Wired net   *   <my specific host>    *   SURFSHARK_VPNV4     *           VPN allow traffic
Firewall-> Rules-> Lan
Protocol        Source                Port  Destination        Port   Gateway                    Schedule   Description
IPv4 *   <my specific host>     *   *                  *   SURFSHARK_VPNV4   *   gateway VPN

Step 7
System-> Settings-> General:
Under DNS Servers add:
DNS Server 1: 162.252.172.57; Gateway: SURFSHARKVPN_VPNV4
DNS Server 2: 149.154.159.92; Gateway: SURFSHARKVPN_VPNV4

Step 8
Check the connection - VPN-> OpenVPN-> Log File & VPN-> OpenVPN-> Connection Status


I hope this will help.
enjoy





27
Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering
« on: September 03, 2020, 05:19:11 pm »
cool

28
20.7 Legacy Series / Re: [Solved] Upgrade to 20.7.2 WAN speed down to 10%
« on: September 03, 2020, 03:52:27 pm »
not really because in my case, it always ends up with a reboot -> 0 logs
hope to catch it something next time

29
20.7 Legacy Series / Re: Upgrade OPNsense 20.7.2 reboot fails due to suricata pid
« on: September 03, 2020, 03:33:35 pm »
in my case suricata starts, then it freeze the system completely
the big problem i see is with the wan connection - being disconnected all the time.

30
20.7 Legacy Series / Re: [Solved] Upgrade to 20.7.2 WAN speed down to 10%
« on: September 03, 2020, 03:28:13 pm »
after updating to OPNsense 20.7.2-amd64
my wan is constantly disconnecting!
Interface is an intel em0
connection is a DHCP
any clue? or hotfix?

Pages: 1 [2] 3 4 ... 7
OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2