Idea(s) for the road map

Started by fabian, August 10, 2016, 05:10:09 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
August 10, 2016, 05:10:09 PM

       
  • migrate to PHP 7 and Phalcon 3
August 10, 2016, 08:55:27 PM #1
OTP
Make it configable when OTP is used (e.g. Login via WAN you need OTP, LAN you need no OTP)
OTP
Offer to enter the OTP in a extra field instead of before the "normal" password

GUI - Reporting
Use the given Interface name instead of the "technical" (e.g. opt7 is named as WAN 100Mbit but displayed in Reporting as opt7) (Reporting- Settings)

GUI- Debugging while vpn
make it more live in viewing logs while trying to make vpn connections for better understanding why its not working - or filtering logs for each connection to make it easier identify

VPN - SSL VPN (WEB-VPN)
take a look at https://service.tu-dortmund.de/ssl-vpn-web-vpn or https://www.barracuda.com/products/sslvpn?L=de for example

GUI - Console
a console in the GUI

GUI - Rework of the Interface Overview
The overview is better, but I think it can be better. For Example Status Color, direct links to edit
for example is the dashboard view for me really better than the special site for the overview

GUI - Reference to my Point GUI- Debugging while vpn
While working on the interface or the settings of things a popup with the live view of what happening to debug

GUI - OPENVPN
Adminstrable Settings to customize the Site for the normal clients to download when they log in to export their profiles

GUI - OPENVPN/Firewall
Customizable Profiles with specialed firewall settings. Make it possible to define for groups or user special firewall settings for user/groups.

SQUID Settings
for multiwan situation more customizing options in the squid config site

GUI - Firewall log
make it work that a click on the block button shows why the connection was blocked
perhaps make buttons to make a rule to allow the connection

GUI - Diagnostic
Make a new menu point with diagnostic tools

Apinger / Gateway Status
make it customizable (time between ping etc.)

THANKS FOR YOUR WORK






August 11, 2016, 09:11:42 AM #2
Uh, Phalcon 3 is out? Shiny.... 8)

Here are some of my items:

o FreeBSD 11
o Suricata and Squid as a plugin
o Single-slice nano with growfs
o Screen reader optimisations
August 11, 2016, 08:19:44 PM #3
PIE base is already done and PIE ports is nearing completion. Dogfooding PIE ports in HardenedBSD first. But wait! There's more! Also included will be RELRO + BIND_NOW. :)
August 11, 2016, 09:06:24 PM #4
@Andreas: The german forum has already a topic for SSL VPN: https://forum.opnsense.org/index.php?topic=1279.0
August 11, 2016, 09:19:21 PM #5
right @fabian
its a try to get it on the roadmap :D
August 11, 2016, 09:31:50 PM #6

  • more customizing options on the squid.conf
  • sarg or lightsquid features fully integrated

:)
August 17, 2016, 06:37:24 PM #7

  • gui option for bandwidth throttling one or more domain
August 18, 2016, 07:01:28 PM #8

  • own cron jobs
August 21, 2016, 02:06:15 AM #9
Change behaviour of opnsense so that answer packages on the WAN interface will be send to the originator in the same WAN subnet and not always to the (upstream) gateway,
September 04, 2016, 03:02:31 PM #10
fail2ban plugin - especially useful for those of use using it in a hosted VM and have to enable HTTPS WAN access. Currently I've moved the HTTPS port from 443 to keep script kiddies out, a configurable fail2ban would be useful to those testing to deploy on Linode/DO.

And it's a great plugin that's useful for almost every public facing network service.
September 04, 2016, 08:23:11 PM #11
@Strykar fail2ban like functionality for the webgui and ssh is enabled by default in OPNsense (https://github.com/opnsense/sshlockout_pf).
After 15 retries it locks the ip address using two aliases (sshlockout, webConfiguratorlockout).
September 05, 2016, 01:55:30 PM #12
Can you please take Captive Portal with Multi-WAN in this release?
-=Srijan Nandi
September 06, 2016, 01:22:45 PM #13
Quote from: AdSchellevis on September 04, 2016, 08:23:11 PM
@Strykar fail2ban like functionality for the webgui and ssh is enabled by default in OPNsense (https://github.com/opnsense/sshlockout_pf).
After 15 retries it locks the ip address using two aliases (sshlockout, webConfiguratorlockout).
Nice! Any chance this could be made port/application agnostic and configurable via the web interface? It could then be used for slowing down brute force attempts of any network facing services.
September 06, 2016, 01:35:09 PM #14
Add RADIUS support for IPsec authentication and accounting.

Currently IPsec supports just PSK and RSA, since we currently already support adding external RADIUS servers, let strongSwan forward authentication and accounting traffic to the same RADIUS server if selected.
FreeRADIUS and Microsoft NPS are tested as working by strongSwan and shouldn't be too much effort to integrate.

This would require strongswan be compiled with '--enable-eap-radius'. Specify the RADIUS server IP + auth and accounting port in '/usr/local/etc/strongswan.d/eap-radius.conf' and set 'rightauth=eap-radius'.

strongSwan also supports DAE with RADIUS.
'The Dynamic Authorization Extension allows a RADIUS backend to actively terminate a session using a Disconnect-Request, or change the timeout of a session using a Session-Timeout attribute in a CoA-Request. The extension is enabled using a dae section in the eap-radius configuration.'

See https://wiki.strongswan.org/projects/strongswan/wiki/EAPRAdius
Print
Go Up Pages1 2
User actions