Questions tagged [opnsense]
The opnsense tag has no usage guidance.
38
questions
2
votes
1
answer
1k
views
I am unable to access services on the WAN IP from within the network
Normally, this would not be a desired configuration, but I am setting up a NextCloud server, and to validate the domain, it requires that it be able to access it through the public IP address. No ...
2
votes
1
answer
82
views
NTP Traffic, but NTP not installed
I have recently started with OPNSense and have limited outgoing traffic to HTTP/s, SSH ports. When analyzing my blocked traffic i found sporadic outgoing NTP-Requests from my local Linux machine.
I am ...
2
votes
1
answer
72
views
Should I run 2 firewalls or manage everything from one?
I currently have a UniFI Firewall in place and I plan to get a OPNsense firewall mainly for a VPN.
Setup:
Modem - OPNsense Firewall - UniFI Firewall - VLANS (Rules made by UniFi)
Are there any ...
1
vote
1
answer
430
views
OPNsense move interface to other hardware port
I have an OPNsense with interfaces directy configured to the hardware ports. The corresponding switch port is also an access port.
We plan to change the switch port to a trunk port to transport ...
1
vote
1
answer
2k
views
OPNsense NAT/Port Forward: Forward multiple protocols and ports
I want to forward ICMP and specific TCP and UDP ports on OPNsense but I'm unable to find a concise solution. Specifically I want to forward ICMP, http, https and UDP 32768-65535.
I'm adding a new port ...
1
vote
1
answer
3k
views
OPNsense WAN failover causes disruption when non-active WAN is down
I have the latest version of OPNsense set up in a VM on ESXi 7. OPNsense is very similar to pfSense, and I suspect the solution would apply to both. All the NICs are PCI passthrough devices:
A ...
1
vote
0
answers
182
views
LogStash and parsing OPNSenser logs
My logs are coming in as follows:
<134>May 24 14:39:32 edge.internal filterlog[2535]: 78,,,ffe6d10d1f27a42fc0edc3abb3a6d333,ovpnc1,match,pass,out,4,0x0,,63,61951,0,DF,6,tcp,60,10.8.0.2,20.44.17....
1
vote
0
answers
136
views
Routing issue on Debian 11 VM
I updated my OPnsense "router/gateway" to 23.1 a few days ago, and now I am experiencing an issue with one of my machines. I have one machine with OPnsense installed that acts as a basic NAT ...
1
vote
0
answers
1k
views
Wireguard Destination Host Unreachable on internal network
I'm setting up Wireguard to tunnel from a cloud VM to our internal network. The local server is using the Wireguard plugin for OPNSense.
OPNSense acts as firewall, dhcp, etc.
The cloud VM is not ...
1
vote
2
answers
5k
views
Offloading PPPoE from an OPNsense router
I'm running opnSense, a FreeBSD-based firewall and router similar to pfSense, in a virtual machine under VMware ESXi 7 on a Dell PowerEdge R230, as a router for my home network. No other VMs are ...
1
vote
0
answers
121
views
Can't see docker ports from external machines when using a veth interface with an OPNSense KVM
Quick summary of the setup:
Ubuntu Server 20.04 with 4 network ports
OPNsense router running in libvirt KVM
One port is WAN, three ports are LAN (bridged)
Router works great
Server (same one running ...
1
vote
0
answers
220
views
NTP ManualPeerList Client Sync Issue, Windows Server 2019
I am facing NTP syncing issue on my Windows Server 2019 which is syncing as an NTP Client. The OPNSense firewall is syncing from :
2.ie.pool.ntp.org
0.europe.pool.ntp.org
3.europe.pool.ntp.org
I have ...
0
votes
1
answer
2k
views
OPNSense logs every second: postfix/smtpd OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
I am using Postfix on OPNSense as a Smart Host for my local servers to relay mail for notifications. When I first set it up, it would spam System: Log Files: General with the following message:
...
0
votes
1
answer
293
views
TCP communication to internet broken - no SYN-ACK received
Given following network setup:
Debian bullseye host (Proxmox VE) -> OPNsense firewall doing NAT -> DSL modem (connected via PPPoE) -> Internet
The host isn't able to establish a tcp ...
0
votes
0
answers
23
views
OpenVPN via OPNsense in Hetzner Network
I am trying to set my openVPN server via OPNsense installed in the hetzner cloud in order to get access to the hetzner's internal network.
The hertzner's internal network structure is separated by ...
0
votes
0
answers
56
views
Host A in VLAN is not responding to ping from host B, but host A can ping host B
Overview: I have a issue where one host A in VLAN is not responding to ping from host B, but host A can ping host B .
A= Windows and B=Linux, VLAN=10.
A IP address = 192.168.10.100,
B IP address = 192....
0
votes
0
answers
87
views
OpenVPN Timeout when connecting
I have followed instructions here (with slight adaptations, as listed below) to set up OpenVPN on an OpnSense router, but clients are not able to connect.
Differences:
I set Local port to 1179
I set ...
0
votes
0
answers
71
views
Opnsense Wireguard Site-to-Site VPN. Don't see Windows clients
I need to make a transparent Site-to-site VPN between 2 Opnsense routers.
As I don't have admin skills I followed this tutorial https://www.wundertech.net/how-to-set-up-wireguard-in-opnsense/ I did ...
0
votes
1
answer
216
views
Inter-VLAN connection issues when devices use Wi-Fi and OPNsense router
I am trying to segregate devices in my home network with 2 different VLANs: HOME and IOT. I have the following network devices:
1 cable modem
1 OPNsense router with WAN, LAN and OPT1 ports
1 Netgear ...
0
votes
0
answers
138
views
Multiple Site-To-Site VPNs to one OpenVPN Server
I am struggling to setup multiple site-to-site vpns.
I have 3 sites:
Site A: OpenVPN Server, inside OPNsense, IP Ranges: 192.168.10.0/24
Site B: Asus Router with Fresh-Tomato, IP Ranges: 192.168.20.0/...
0
votes
0
answers
214
views
OPNsense with Radius Accounting
I've been testing OPNsense radius accounting by following this document,
https://docs.opnsense.org/manual/how-tos/accounting.html
I am able to authenticate user through the captive portal but there is ...
0
votes
0
answers
34
views
Filtering single unrouted IP with firewall VM
I have virtualization hosts (Proxmox) running multiple VMs providing public services. I'm using a firewall appliance (OPNsense) to filter the traffic.
This works fine for a routed subnet, where the ...
0
votes
0
answers
220
views
YouTube app not working with squid. What urls to bump exclude?
I have squid running with SSL Bump. The rest of the squid settings are basically defaults. I can access YouTube just fine from a browser but the android app is not working. I've already excluded ...
0
votes
0
answers
47
views
server remot access using VPN FW - TUN vs TAP
I'm trying to improve my home Firewall set up and I'm trying to figure out the best VPN configuration.
GOAL: In order to reduce the open ports of my home webserver I thought to use SSH and webmin ...
0
votes
2
answers
953
views
NFS Mouting Failing due to illegal port
I have a VM machine that has a public IP interface and a private IP interface. The private interface is assigned 192.168.50.78. Then I have a dedicated host that acts as my "router" using ...
0
votes
0
answers
544
views
2 VLANS on 1 Physical OpnSense Ethernet Port (connected to wifi access point) and 1 Captive Portals on each VLAN
I want to create a captive portal with different restriction per user account/role (student and teacher).
The Teacher can have unrestricted access.
The Student have restricted access. (only defined/...
0
votes
0
answers
198
views
Wireguard site-to-site routing opnsense
I have Wireguard running in docker container (wg-easy) on VPS, the other machine connected is home server running opnsense.
VPS:
local network is 10.0.0.0/24
local address is 10.0.0.73
Wireguard:
...
0
votes
1
answer
1k
views
Routed IPv6 on internal bridge with virtualized OPNsense router
I'm struggling with adding IPv6 to the internal bridge of my setup, here is what I have:
┌────────────────────────────────────────────────────────────────────────────────────────────────────...
0
votes
1
answer
1k
views
"DNS address could not be found" in OPNsense using OpenVPN configured for ProtonVPN
I'm trying to route the WIFI and OPT nets from my OPNsense box to my VPN. The LAN port is connected to another router and passes directly to my WAN (for greater speed and less privacy). When I connect ...
0
votes
0
answers
179
views
Movistar and OPNSense
I have a web server on my ip 192.168.1.100 under DMZ ... with a Movistar WAN
I can access from the local network, I can access from the domains assigned to it and everything without problems, I can ...
0
votes
0
answers
297
views
How can i connect OPNsense router to Mikrotik Switch
I've encountered this situation where I'm to access the switch from my router:
Here is what i have set:
Lan (DHCP 192.168.50.1 , DHCPIPV6)
WAN (DHCP 192.168.80.1,DHCPIPV6)
Mikrotik (DHCP 192.168.80.1,...
0
votes
0
answers
926
views
Unbound not returning A records over IPv6
I recently replaced my pfSense installation with OPNsense and have been struggling a bit with the Unbound installation.
In short, it's IPv6 enabled and everything works well (both IPv6 and IPv4) in ...
0
votes
0
answers
165
views
OpnSense: Interface Offline
I'm setting up a newtwork @ home and would like to keep Wired Devices and Wireless Devices separated.
My main network interface is on em0 - 10.0.0.1/24
I've created a VLAN on em5 - 1.0.100.1/24
This ...
0
votes
1
answer
832
views
OPNSense and Unifi RADIUS issue
I have an OPNSense firewall and a Unifi controller I am trying to enable Radius authentication and Radius Vlan assignment
On the unifi side I have done the following
Created an SSID
Created A radius ...
0
votes
0
answers
177
views
How to implement firewall to grant network access for VPN users as-needed (per-user principle of least privilege, OpenVPN)
How can I setup OpenVPN in conjunction with my firewall in such a way that my VPN users' traffic is DROPed by default to all network resources, and only ACCEPTed through the firewall if that user ...
0
votes
0
answers
2k
views
Load balancing with OPNSense, relayd or haproxy?
There is two main options for load-balancing in OPNsense (and pfSense): relayd and haproxy. pfSense has removed relayd in favour of haproxy [1,2], but OPNsense still supports it. In what usecases we ...
-1
votes
0
answers
24
views
Windows server IP address [migrated]
Currently, I'm using Oracle Virtual Box 7.0.12. My Windows 10 Server has a static IP address of 192.168.10.10/24. The roles I added were Active Directory, DHCP, DNS, and IIS services. However, it is ...
-2
votes
1
answer
401
views
Can I use Laptop with one WiFi and one Ethernet Port interface to setup firewall - OPNSense?
I am trying to setup OPNsense Firewall at my residence using a spare laptop which has one WiFI and one Ethernet interface. I was able to install OPNsense and configure the interfaces to LAN and WAN. ...