Posts tagged #opnsense

OPNSense OpenVPN Instances and NordVPN Clients

Ever since I switched from a Juniper SRX to an Opnsense firewall, I was able to use a VPN provider to circumvent certain geofenced websites (mostly news outlets in other countries). Opnsense has the option to create OpenVPN client tunnels, and by creating (firewall) policies, you can direct traffic to a different destination (gateway).

My VPN provider (NordVPN) has a nice support page on how to achieve this, but it’s based on a relative old Opnsense version (v21). Since the release of v24, the configuration of (client) OpenVPN configurations can (also) be done through instances, and the old way is being depricated (and gone in v26.1)

Read more …
Posted on March 27, 2025 by Willem and filed under Security, Tips'n Tricks, Opnsense and tagged openvpn nordvpn opnsense instances.

Raspberry Pi OPNsense Captive Portal Voucher Generation

When I received my new HP/Aruba iAP-305-RW access points I started to think about introducing a wireless guest network. Not a network with a pre-shared key, but something more secure and flexible. The HP/Aruba AP’s have the option for captive portal, but it doesn’t have a good integration with ACME/Let’s Encrypt certificates. My OPNsense firewall has very good integration with ACME/Let’s Encypt, and has the option of deploying a Captive Portal.

Configuring the Captive Portal on the OPNsense firewall is pretty straightforward. It’s well documented, and is up-and-running in minutes. The main challenge was creating a way to supply the credentials to the users. The default option is to generate voucher codes and print them. Not really an option, since I loose those pieces of paper before I even printed them.

The newer OPNsense software has a decent API, which also includes API options for captive portal. This opened up an option including a Raspberry Pi.

Read more …
Posted on July 19, 2023 by Willem and filed under Programming, Raspberry Pi, Security, Gadgets and tagged opnsense raspberry pi captive portal python api.