Moving over from PFSense with public IPs - Have some questions!

Started by Bear, November 22, 2019, 04:12:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 22, 2019, 04:12:02 PM
I guess this'll be my introductory post. :)

I'm a longtime user of m0n0wall who later moved to pfsense on a Dell system, and most recently, I purchased a Qotom i3-7130u-based system to move to to opnsense.

I had a couple of issues with pfsense that I'm hoping the community here can help me sort out before I try to move my opnsense box into "production."

1) I'm running pfsense (and soon opnsense) as a filtering bridge.  Randomly, my administration page will be accessible or unaccessible from the internal part of the bridge (It's expressly prohibited from the outside part) - Will I have a similar issue with pfsense?  Is there any rhyme or reason why this would occur?

Is there a better mode (rather than resorting to 1:1 NAT which has its own issues I'd prefer to avoid) for using OpnSense with a /26 of Public IPs?

2) OpenVPN has always been weird under pfsense.  For example, only one user actually works.  No other users will authenticate.  If I delete the user that works, the next user who is at the top of the config screen suddenly works without any change of credentials, certificate, account, etc.  Has anyone had this issue on opnsense?

Thanks for any help - This looks to be a great community.

-Bear

November 22, 2019, 06:15:02 PM #1
1) i dont know, maybe someone else can help you with it.

2) Openvpn works perfect with Opnsense, i prefer it before Ipsec. Openvpn is easy to setup and works with multiple users. I am having around 60 Users on one active Openvpn Server instance and its working.
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
November 22, 2019, 06:22:56 PM #2
Silencing the interface on a bridge can be a pain (e.g. on linux, but maybe not much better with BSD), sometimes you get access if you don't want and sometimes the other way around.

The basis for opnsense is HardendBSD, but I guess they use the same NIC drivers. Give it a try! :-)
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
November 22, 2019, 09:52:15 PM #3
My current problem is, the management interface is accessible one minute, inaccessible the next from the LAN port.  The only way I can typically guarantee access is by using another opt port with DHCP configured on it to configure the firewall, which is a bit annoying.  I'll have to see if that carries on to opnsense or not...
November 24, 2019, 07:06:07 PM #4
I have seen on bridges (underLinux) that from one moment to the next one of the interfaces sends some arp spam and tries to grab the IP for the bridge from the DHCP server. And other weired things. These pieces of hardware and the drivers are sometimes difficult to predict imho...

Maybes drivers in BSD are better. Or not...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
November 24, 2019, 10:05:52 PM #5
I found the problem for accessing the management interface.  The IP was assigned to the WAN device, not the bridge device, so that was creating some weirdness.  I've got that resolved in my OPNsense setup.  Now I need to fix an issue with OpenVPN...
Print
Go Up Pages1
User actions