1681
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1682
Development and Code Review / Re: [Template / Cicada] - short preview
« on: March 10, 2018, 07:06:36 pm »please feedback me!Not your code, have not looked yet on it - the JS code for the calendar is bad.
1683
Development and Code Review / Re: [Template / Cicada] - short preview
« on: March 10, 2018, 01:54:14 pm »
I do not like this code - looks like really bad quality.
1684
Web Proxy Filtering and Caching / Re: WPAD inquiry
« on: March 10, 2018, 12:06:24 am »what if i do not do the Step 8 - Configure OS/Browser on the client side, would the https sites still be filtered?
yes but you would permanently get error messages like "This connection is untrusted", "Signed by an unknown issuer" etc.
In other words it makes the web hard to use.
1685
Web Proxy Filtering and Caching / Re: WPAD inquiry
« on: March 09, 2018, 10:51:52 am »Fabian, do you know why it's not yet merged? A client was asking yesterday about WPAD
Probably due to limited time of Franco. FYI This is what you need:
https://github.com/opnsense/core/pull/2018 - Proxy PAC (required component)
https://github.com/opnsense/core/pull/2088 - WPAD via DHCP (optional component -> this way Windows detects the proxy; requires DNS support)
https://github.com/opnsense/core/pull/2097 - WPAD via DNS (suggested component -> this way Firefox detects the proxy)
1686
Web Proxy Filtering and Caching / Re: WPAD inquiry
« on: March 09, 2018, 08:19:19 am »in pfsense i mostly rely on wpad and squidguard to filter https content w/o changing settings in the client side. i just want to know if that is still applicable in opensense?
* squidguard is not supported - content is filtered using native acls of squid
* WPAD is open as a Pull Request on GitHub. You can apply the patch manually but if you don't know how it is done, you may break your proxy config so I would suggest you to wait until it is merged. As an alternative, you can configure the Proxy as a transparent proxy:
https://docs.opnsense.org/manual/how-tos/proxytransparent.html
1687
General Discussion / Re: squidguard
« on: March 06, 2018, 08:46:29 pm »
We do not have squidguard and will very likely not add it since we are using plain squid features to achieve the same goal.
You can use a remote blacklist for that - the same formats are supported.
https://docs.opnsense.org/manual/how-tos/proxywebfilter.html
You can use a remote blacklist for that - the same formats are supported.
https://docs.opnsense.org/manual/how-tos/proxywebfilter.html
1688
18.1 Legacy Series / Re: Tarpit
« on: March 05, 2018, 05:00:46 pm »
We do not have a node mail server. It is a postfix mail server with rspamd as a milter.
1689
General Discussion / Re: Cronjob to change the WiFi password
« on: March 03, 2018, 09:35:44 pm »
you need to update config.xml and then you have to reload the interface configuration for the wireless interface.
1690
Documentation and Translation / Re: Open up the wiki to the community
« on: February 23, 2018, 10:15:23 pm »
Docs: https://github.com/opnsense/docs
Translation: You need an account that has to be requested via project @ mail address.
Translation: You need an account that has to be requested via project @ mail address.
1691
18.1 Legacy Series / Re: [SOLVED] Submitting suggested changes to the Docs
« on: February 21, 2018, 08:31:47 pm »
Pull request: https://github.com/opnsense/docs/pull/9
1692
18.1 Legacy Series / Re: [SOLVED] Submitting suggested changes to the Docs
« on: February 20, 2018, 08:33:20 pm »I'm afraid quotes would only make this more confusing, so I'll address your points this way:
1. Which image, and what do you expect - I cannot follow you.
Ans: The image I was referring to was the QR image that was displayed on the configuration page for the OTP. This image only appeared if the Help link was clicked. But, contrary to the information in the How-To guide at the time, clicking that image took you nowhere.
I am talking about that one - maybe we are not talking about the same thing:
https://docs.opnsense.org/manual/how-tos/two_factor.html
Ans: And what I tried to give you was detailed information - a detailed description for the How-To guide that could be used in lieu of the one that's there now. I think the only point I got wrong was incorrectly calling the QR code an Aztec code. Other than that, I feel the description reflects the way the OTP configuration page is implemented.
Can you provide the URL please?
1693
18.1 Legacy Series / Re: OPNsense contacting Google DNS?
« on: February 19, 2018, 06:04:13 pm »
Everything that will be sent out on WAN will be shown as source is WAN IP as this is what is going on. Think about it - especially in context of Source Network Address Translation.
1694
German - Deutsch / Re: gesonderte Firewallregel für einen Benutzer
« on: February 19, 2018, 05:58:19 pm »
Im Grunde gibt es sowas für PF, allerdings weiß ich nicht ob das auf FreeBSD auch geht:
https://www.openbsd.org/faq/pf/authpf.html
Das funktioniert dahingehend, dass in der Firewall die IP mit einem Benutzer temporär verknüpft wird - im Fall von authpf mittels einer aktiven SSH verbindung. Wenn die SSH Verbindung abbricht oder beendet wird, ist der "Status" weg.
Dies könnte zwar auch im CaptivePortal implementiert werden, wird aber auf absehbare Zeit nicht geschen.
https://www.openbsd.org/faq/pf/authpf.html
Das funktioniert dahingehend, dass in der Firewall die IP mit einem Benutzer temporär verknüpft wird - im Fall von authpf mittels einer aktiven SSH verbindung. Wenn die SSH Verbindung abbricht oder beendet wird, ist der "Status" weg.
Dies könnte zwar auch im CaptivePortal implementiert werden, wird aber auf absehbare Zeit nicht geschen.
1695
18.1 Legacy Series / Re: [SOLVED] Submitting suggested changes to the Docs
« on: February 19, 2018, 05:47:21 pm »I can see that the How-To guide has been edited - thank you for that! But it hasn't addressed all of the errors, unless there's been a code change (I couldn't see where that had happened, but if it has, please disregard the following):Second, clicking the Google Authenticator Image does nothing at all. <snip>
Which image, and what do you expect - I cannot follow you.
Here's what the How-To guide says now:This is the behaviour of very old OPNsense boxes - I patched the link out of it so I don't think you are referring to a 17.x or 18.x version.QuoteTo do so click in the (i) symbol on the left of OTP seed now you will see a link to the google authenticator image. Click on it and it will open in a new browser window and an image will be displayed. This image can be scanned with you mobile
I think what it should say (again, unless there's been a code change) is something along these lines:QuoteTo do so click in the (i) symbol on the left of OTP seed now you will see an Aztec code (https://en.wikipedia.org/wiki/Aztec_Code) displayed in this area. Position the Aztec code so that it is fully visible on your computer display, start the Google Authenticator app on your mobile device, select the "Scan" function in the app, point the mobile's camera at the Aztec code and read it. Your Google Authenticator app should now have the information it needs, and begin generating the 6-character OTP codes immediately!
We do NOT provide an Aztec code - it is a standard QR code. An that information is exactly what I have added in the pull request (adding the phone side).
Finally, pardon me if this seems ungrateful or nit-picking (or incorrect). This is how it worked for me, once I got past some of the confusion. It's such an amazing feature really... it seems a shame to sully it with instructions that are misleading.
Incorrect stuff should be fixed but we need detailed information.