Category: OPNSense

Route-based VPN between OPNSense and StrongSwan

Today I’ve spent a little bit of my time to figure out how to move away from policy-based VPN in favour of a route-based one instead. I was eyeing the concept for a while now and wanted to use it in my home lab to solve a couple of problems I was trying to turn a blind eye to. Without further ado, please follow the guide below to set up a route-based VPN between a StrongSwan-based peer (on RPi 3+) and an OPNSense appliance.

Continue reading

Defining encryption domains per VPN peer in CheckPoint

Vendors generally implement VPNs in a way where phase 1 and phase 2 settings are defined per VPN peer (aka 3rd party we will be establishing the VPN tunnel with) which gives us the flexibility in regards to subnets we will be using for phase 2.

CheckPoint, however, does things a little bit differently which can sometimes give us couple of hours of pain when troubleshooting. Learn how to force CheckPoint to switch to the “traditional” way of configuring phase 2 settings in this guide!

Continue reading

OPNSense – Monitor number of connected OpenVPN users with Zabbix

Hello everyone!

Recently I’ve been toying around with my new, fully featured lab. I couldn’t decide what kind of firewall I’d like to use (obviously considering the fact that I was trying to avoid getting anything commercial). I really enjoyed using pfSense in the past but felt like the UI was a bit dated. Fortunately, OPNSense exists!

After configuring everything and setting up remote access I decided to set up a Zabbix server in my new environment to keep an eye on various things. The one thing I couldn’t monitor, however, was the amount of remote users connected to my OpenVPN server hosted on my OPNSense firewall.

I read a couple of articles, as well as few stackoverflow questions and thought to myself – alright, that won’t be pretty. And it’s not. But hey, it works!

Continue reading