Schlagwort-Archive: OPNsense

Using OpenConnect with newly released OPNsense 18.1.1

Veröffentlicht am

Hey guys, with the release of 18.1.1 we introduced the OpenConnect plugin with no real introduction. So what is it used for or for I can use it? Imagine you have a Cisco ASA within your company allowing you to use AnyConnect on your PC to connect to. This now can be done via the plugin and you can allow multiple inside hosts to reach you company LAN!

Just install the plugin the usual way, go to VPN – OpenConnect and set the server host and username/password. If you are using groups you should add the groupname behind the server URI.

When you have this enabled you have also a new interface in your firewall rules and you can set up fine grained rules who can reach the company LAN.

Ok, what’s missing? Sure, you LAN clients have an internal IP, so you need some NAT. Go to Firewall – NAT – Outbound and set a rule on your OpenConnect interface, source and destination properly and with interface nat all the specified packets will be hidden behind your VPN IP received by the Cisco ASA.

For further questions reach me out in the forums, bug reports very welcomed at gitub in the plugins repo!

OPNsense: Adding inputs.ping to telegraf plugin

Veröffentlicht am

Last week there was a feature request to add the ping input to telegraf for monitoring latency.

First we check the .sample conf:

# [[inputs.ping]]
# ## NOTE: this plugin forks the ping command. You may need to set capabilities
# ## via setcap cap_net_raw+p /bin/ping
# #
# ## List of urls to ping
# urls = [„www.google.com“] # required
# ## number of pings to send per collection (ping -c <COUNT>)
# # count = 1
# ## interval, in s, at which to ping. 0 == default (ping -i <PING_INTERVAL>)
# # ping_interval = 1.0
# ## per-ping timeout, in s. 0 == no timeout (ping -W <TIMEOUT>)
# # timeout = 1.0
# ## interface to send ping from (ping -I <INTERFACE>)
# # interface = „“

 

Ok, seems we only need a checkbox to enable/disable ping and a field for adding hosts/urls to monitor. If this would only be one host, a simple text field is fine, but what about monitoring multiple hosts? We need the CSVListField type!

 

So this is our form:

Then the model:

And the templating in the telegraf.conf:

 

Forms and model is quite easy but what about templating? Contents of the object CSVListField look like:

8.8.8.8, 8.8.4.4

But we need:

‚8.8.8.8‘,’8.8.4.4′

 

To be honest I don’t know how to do it, but the good thing is, there is a community! I just pushed my ideas via a pull request and got the fix promptly:

https://github.com/opnsense/plugins/pull/522#issuecomment-360843054

 

You don’t have to be an expert to contribute code 🙂