Replicating some OpenWRT Configs

Started by seb101, August 01, 2019, 10:03:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 01, 2019, 10:03:41 PM
Hi,

I'm migrating to OPNsense from OpenWRT.  I'm trying to setup my router like for like before I switch, I'm mostly done but there are a few configs I can't work out how to replicate in OPNsense.  I'd appreaciate any help.

Firstly are a few firewall rules realted to IPv6 ICMP:

Code Select
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

How would those look in PF? 


Secondly, my OpenVPN server has been fine-tuned over the years.  Specifically I cant work out how to use tls-crypt (instead of tls-auth) or specify my cipher-list through the gui.  Do I just add these in as 'custom' config lines in the free-text box?


In general do the 'advanced settings' free text boxes on the config pages for services just expect config lines in the same format they would appear in the individiual apps native config files?  Are there any caveats/limitations?

Thanks a million!
January 21, 2021, 05:02:32 PM #1
You can put your certificate between <tls-crypt> and </tls-crypt> tags in the Custom Configuration box.
Print
Go Up Pages1
User actions