{"id":1789,"date":"2022-02-18T23:02:02","date_gmt":"2022-02-18T23:02:02","guid":{"rendered":"https:\/\/wordpress.pedrorotoli.com\/?p=1789"},"modified":"2022-05-01T09:31:52","modified_gmt":"2022-05-01T08:31:52","slug":"5109-politicas-de-seguranca","status":"publish","type":"post","link":"https:\/\/wordpress.pedrorotoli.com\/?p=1789","title":{"rendered":"Trabalho Final 5109"},"content":{"rendered":"<h2>\u00cdndice<\/h2>\n<ul>\n<li>Vyos<\/li>\n<li>Instala\u00e7\u00e3o do pfSense<\/li>\n<li>Acesso Atrav\u00e9s da Interface Web<\/li>\n<li>Primeira Regra de Firewall<\/li>\n<li>Desativar DHCP na LAN\/Green<\/li>\n<li>Restringir Pedidos DNS<\/li>\n<li>Bloquear Tr\u00e1fego ICMP<\/li>\n<li>Proxy<\/li>\n<li>Bloquear AnyDesk<\/li>\n<li>Port Forwarding<\/li>\n<li>Instalar OPNsense<\/li>\n<li>DHCP no OPNsense<\/li>\n<li>Bloquear Dom\u00ednios .de<\/li>\n<li>VPN IPsec Entre OPNsense e pfSense<\/li>\n<li>VPN OpenVPN Entre OPNsense e pfSense<\/li>\n<li>Remote Users<\/li>\n<li>Remote Users no OPNsense<\/li>\n<li>Captive Portal no pfSense<\/li>\n<li>Captive Portal no OPNsense<\/li>\n<li>High Availability no pfSense<\/li>\n<li>High Availability no OPNsense<\/li>\n<li>Conclus\u00e3o<\/li>\n<\/ul>\n<h3>Introdu\u00e7\u00e3o<\/h3>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_1893\" aria-describedby=\"caption-attachment-1893\" style=\"width: 1714px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1893\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/5109diagrama.png\" alt=\"Diagrama da Rede\" width=\"1714\" height=\"1095\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/5109diagrama.png 1714w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/5109diagrama-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/5109diagrama-768x491.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/5109diagrama-1536x981.png 1536w\" sizes=\"auto, (max-width: 1714px) 100vw, 1714px\" \/><figcaption id=\"caption-attachment-1893\" class=\"wp-caption-text\">Diagrama da Rede<\/figcaption><\/figure>\n<p>A topologia da rede ir\u00e1 seguir a estrutura da imagem acima.<\/p>\n<p>Ser\u00e3o configurados firewalls pfSense e OPNsense em failover, e ter\u00e3o VPNs IPsec e OpenVPN <em>site-to-site<\/em>, e OpenVPN para remote clients.<\/p>\n<p>Ser\u00e1 feita a integra\u00e7\u00e3o com Active Directory para autentica\u00e7\u00e3o de <em>users<\/em> para alguns servi\u00e7os, Captive Portal tanto no pfSense quanto no OPNsense tamb\u00e9m ser\u00e1 configurado.<\/p>\n<p>V\u00e1rias regras de firewall para bloquear acessos tanto externos quanto internos, <em>port forwarding<\/em> para acessar atrav\u00e9s da internet websites hospedados internamente.<\/p>\n<p>Entre outras configura\u00e7\u00f5es, incluindo algumas configura\u00e7\u00f5es em roteadores Vyos, que far\u00e3o a liga\u00e7\u00e3o entre as diferentes zonas.<\/p>\n<h3>Vyos<\/h3>\n<p>Vamos come\u00e7ar por alterar o hostname dos roteadores, para isso \u00e9 preciso primeiro entrar no modo de configura\u00e7\u00e3o com o comando <span style=\"font-family: andale mono, monospace;\">configure<\/span>, depois disso para alterar o hostname \u00e9 s\u00f3 utilizar os seguintes comandos:<\/p>\n<pre>set system host-name <strong>&lt;nome&gt;<\/strong>\r\ncommit\r\nsave<\/pre>\n<p>Repita nos tr\u00eas roteadores, dando os nomes adequados.<\/p>\n<p>Depois disso \u00e9 preciso atribuir IPs \u00e0s interfaces. Os IPs ser\u00e3o atribu\u00eddos de acordo com a lista abaixo:<\/p>\n<p>R1:<br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:25:FB:70 eth0 &#8211; NAT &#8211; 10.255.59.1\/16<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:25:FB:71 eth1 &#8211; R1R3 &#8211; 10.155.170.29\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:25:FB:72 eth2 &#8211; R1R2 &#8211; 10.155.170.21\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:25:FB:73 eth3 &#8211; WAN &#8211; 10.155.170.17\/30<\/span><br \/>\nR2:<br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:34:2D:50 eth0 &#8211; R1R2 &#8211; 10.155.170.22\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:34:2D:51 eth1 &#8211; R2R3 &#8211; 10.155.170.25\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:34:2D:52 eth2 &#8211; R2OPN &#8211; 10.155.170.1\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:34:2D:53 eth3 &#8211; Host &#8211; 10.10.10.10\/24<\/span><br \/>\nR3<br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:35:D2:60 eth0 &#8211; R1R3 &#8211; 10.155.170.30\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:35:D2:61 eth1 &#8211; R2R3 &#8211; 10.155.170.26\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:35:D2:62 eth2 &#8211; R3PF &#8211; 10.155.170.9\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:35:D2:63 eth3 &#8211; Host &#8211; 10.10.10.11\/24<\/span><\/p>\n<p>Para atribuir um IP \u00e0 uma interface \u00e9 s\u00f3 utilizar os seguintes comandos:<\/p>\n<pre>set interfaces ethernet eth<strong>x<\/strong> address <strong>x.x.x.x\/x\r\n<\/strong>set interfaces ethernet eth<strong>x<\/strong> description <strong>&lt;text&gt;<\/strong><\/pre>\n<p>Ap\u00f3s configurar os IPs das interfaces \u00e9 s\u00f3 fazer o <span style=\"font-family: andale mono, monospace;\">commit<\/span> e depois o <span style=\"font-family: andale mono, monospace;\">save<\/span>.<\/p>\n<p>As redes nas interfaces Host s\u00e3o apenas o acesso por SSH aos roteadores atrav\u00e9s do Host onde as VMs est\u00e3o rodando, e para habilitar esse acesso utilize o seguinte comando:<\/p>\n<pre>set service ssh port 22<\/pre>\n<p>Com os roteadores j\u00e1 com os IPs corretos nas interfaces corretas (e com suas interfaces ligadas \u00e0s redes corretas no hypervisor) j\u00e1 \u00e9 poss\u00edvel haver comunica\u00e7\u00e3o entre eles, entretanto eles ainda n\u00e3o conseguem acessar a internet, para isso \u00e9 preciso primeiro configurar o NAT no roteador que est\u00e1 ligado \u00e0 internet, que nesse caso \u00e9 o R1.<\/p>\n<p>Vamos come\u00e7ar por configurar a rota de dreno, e para isso iremos configurar uma rota est\u00e1tica, apontando para o IP do gateway que o R1 utiliza para acessar a internet:<\/p>\n<pre>set protocols static route 0.0.0.0\/0 next-hop 10.255.0.1<\/pre>\n<p>Aqui, o IP <span style=\"font-family: andale mono, monospace;\">10.255.0.1<\/span> \u00e9 o IP do gateway que o R1 est\u00e1 utilizando para acessar a internet.<\/p>\n<p>Depois de configurada a rota est\u00e1tica \u00e9 preciso configurar o NAT, primeiro \u00e9 preciso criar uma regra dizendo qual \u00e9 a interface que est\u00e1 ligada ao gateway, que nesse caso \u00e9 a interface <span style=\"font-family: andale mono, monospace;\">eth0<\/span>, para criar essa regra utilizamos o seguinte comando:<\/p>\n<pre>set nat source rule 100 outbound-interface eth0<\/pre>\n<p>Agora \u00e9 preciso configurar o endere\u00e7o que ser\u00e1 utilizado para fazer essa tradu\u00e7\u00e3o, isso pode ser feito de duas maneiras, indicando diretamente qual \u00e9 o endere\u00e7o de IP, caso tenha um IP est\u00e1tico na interface que foi configurada como <span style=\"font-family: andale mono, monospace;\">outbound<\/span>, ou configurar como <span style=\"font-family: andale mono, monospace;\">masquerade<\/span>, que \u00e9 especialmente \u00fatil caso o roteador esteja recebendo o IP da interface externa por DHCP, nesse caso irei configurar especificando o endere\u00e7o de IP diretamente, j\u00e1 que essa interface tem um IP est\u00e1tico, isso \u00e9 feito com o seguinte comando:<\/p>\n<pre>set nat source rule 100 translation address 10.255.59.1<\/pre>\n<p>Depois disso podemos configurar o IP do servidor DNS que o roteador ir\u00e1 utilizar para fazer a resolu\u00e7\u00e3o de dom\u00ednios, caso isso seja desejado, isso pode ser feito com o seguinte comando:<\/p>\n<pre>set system name-server <strong>x.x.x.x<\/strong><\/pre>\n<p>Depois disso \u00e9 s\u00f3 fazer o <span style=\"font-family: andale mono, monospace;\">commit<\/span> e <span style=\"font-family: andale mono, monospace;\">save<\/span>.<\/p>\n<p>E com isso o R1 j\u00e1 tem acesso \u00e0 internet, e os dispositivos que est\u00e3o ligados a ele tamb\u00e9m o tem, caso estejam configurados apropriadamente, e para que os outros dois roteadores tamb\u00e9m tenham acesso \u00e0 internet \u00e9 preciso configurar as rotas, isso pode ser feito manualmente, atrav\u00e9s de rotas est\u00e1ticas, ou atrav\u00e9s de um protocolo de roteamento, nesse caso ser\u00e1 utilizado o protocolo <a href=\"https:\/\/en.wikipedia.org\/wiki\/Open_Shortest_Path_First\">OSPF<\/a> (Open Shortest Path First), que ir\u00e1 se encarregar de propagar as redes dispon\u00edveis entre os roteadores.<\/p>\n<p>Vamos come\u00e7ar por configurar o R1, os comandos s\u00e3o os seguintes:<\/p>\n<pre>set interfaces loopback lo address 10.1.1.1\/32\r\nset protocols ospf area 0 network 10.155.170.16\/30\r\nset protocols ospf area 0 network 10.155.170.20\/30\r\nset protocols ospf area 0 network 10.155.170.28\/30\r\nset protocols ospf passive-interface eth0\r\nset protocols ospf passive-interface eth3\r\nset protocols ospf default-information originate always\r\nset protocols ospf default-information originate metric 10\r\nset protocols ospf default-information originate metric-type 2\r\nset protocols ospf parameters router-id 10.1.1.1\r\nset protocols ospf redistribute connected metric-type 2\r\nset protocols ospf redistribute connected route-map CONNECT\r\nset policy route-map CONNECT rule 10 action permit\r\nset policy route-map CONNECT rule 10 match interface lo<\/pre>\n<p>O primeiro comando define o endere\u00e7o da interface <span style=\"font-family: andale mono, monospace;\">loopback<\/span>, que tamb\u00e9m servir\u00e1 como o ID do roteador.<\/p>\n<p>Os pr\u00f3ximos tr\u00eas comandos servem para configurar as redes que ser\u00e3o anunciadas, para que possam ser acessadas atrav\u00e9s de outros roteadores.<\/p>\n<p>Os pr\u00f3ximos dois comandos configuram as interfaces <span style=\"font-family: andale mono, monospace;\">eth0<\/span> e <span style=\"font-family: andale mono, monospace;\">eth3<\/span> como passivas, ou seja, interfaces que n\u00e3o tem um roteador utilizando OSPF ligado a elas, evitando assim que tr\u00e1fego OSPF seja enviado atrav\u00e9s dessa interface, reduzindo a &#8220;polui\u00e7\u00e3o&#8221; nessa rede e tamb\u00e9m a carga no roteador, j\u00e1 que n\u00e3o precisar\u00e1 processar comunica\u00e7\u00e3o dos protocolos de roteamento nessas interfaces.<\/p>\n<p>Os pr\u00f3ximos tr\u00eas comandos servem para anunciar a rota de dreno, para que os outros roteadores possam ter acesso \u00e0 internet.<\/p>\n<p>O pr\u00f3ximo comando configura o ID do roteador, que \u00e9 igual ao IP da interface <span style=\"font-family: andale mono, monospace;\">loopback<\/span>.<\/p>\n<p>Os pr\u00f3ximos dois comandos configuram a distribui\u00e7\u00e3o das rotas pelo protocolo e como \u00e9 feito o c\u00e1lculo dos pesos das rotas.<\/p>\n<p>Os dois \u00faltimos configuram as regras da distribui\u00e7\u00e3o.<\/p>\n<p>Depois de feita a configura\u00e7\u00e3o \u00e9 s\u00f3 fazer o <span style=\"font-family: andale mono, monospace;\">commit<\/span> e <span style=\"font-family: andale mono, monospace;\">save<\/span>.<\/p>\n<p>Com isso j\u00e1 temos o OSPF configurando no R1, agora \u00e9 s\u00f3 configurar o R2 e R3, a configura\u00e7\u00e3o \u00e9 similar, omitindo apenas a parte da rota de dreno, j\u00e1 que apenas o R1 est\u00e1 ligado \u00e0 internet.<\/p>\n<p>A configura\u00e7\u00e3o do R2 \u00e9 a seguinte:<\/p>\n<pre>set interfaces loopback lo address 10.2.2.2\/32\r\nset protocols ospf area 0 network 10.155.170.0\/30\r\nset protocols ospf area 0 network 10.155.170.20\/30\r\nset protocols ospf area 0 network 10.155.170.24\/30\r\nset protocols ospf passive-interface eth2\r\nset protocols ospf passive-interface eth3\r\nset protocols ospf parameters router-id 10.2.2.2\r\nset protocols ospf redistribute connected metric-type 2\r\nset protocols ospf redistribute connected route-map CONNECT\r\nset policy route-map CONNECT rule 10 action permit\r\nset policy route-map CONNECT rule 10 match interface lo<\/pre>\n<p>E para o R3:<\/p>\n<pre>set interfaces loopback lo address 10.3.3.3\/32\r\nset protocols ospf area 0 network 10.155.170.8\/30\r\nset protocols ospf area 0 network 10.155.170.24\/30\r\nset protocols ospf area 0 network 10.155.170.28\/30\r\nset protocols ospf passive-interface eth2\r\nset protocols ospf passive-interface eth3\r\nset protocols ospf parameters router-id 10.3.3.3\r\nset protocols ospf redistribute connected metric-type 2\r\nset protocols ospf redistribute connected route-map CONNECT\r\nset policy route-map CONNECT rule 10 action permit\r\nset policy route-map CONNECT rule 10 match interface lo<\/pre>\n<p>Com isso j\u00e1 temos o OSPF configurado, e assim j\u00e1 temos acesso, de qualquer ponto da rede, \u00e0 internet e \u00e0s redes que foram anunciadas.<\/p>\n<p>As redes ficar\u00e3o, por enquanto, distribu\u00eddas dessa maneira:<br \/>\n<span style=\"font-family: andale mono, monospace;\">R1R3 &#8211; 10.155.170.28\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">R3R2 &#8211; 10.155.170.24\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">R1R2 &#8211; 10.155.170.20\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">WAN &#8211; 10.155.170.16\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">R3pf &#8211; 10.155.170.8\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">R2OP &#8211; 10.155.170.0\/30<\/span><\/p>\n<figure id=\"attachment_1880\" aria-describedby=\"caption-attachment-1880\" style=\"width: 652px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1880\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/001-OSPF-R1.png\" alt=\"OSPF R1\" width=\"652\" height=\"544\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/001-OSPF-R1.png 652w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/001-OSPF-R1-512x427.png 512w\" sizes=\"auto, (max-width: 652px) 100vw, 652px\" \/><figcaption id=\"caption-attachment-1880\" class=\"wp-caption-text\">OSPF R1<\/figcaption><\/figure>\n<p>As rotas configuradas no R1 atrav\u00e9s do OSPF.<\/p>\n<figure id=\"attachment_1881\" aria-describedby=\"caption-attachment-1881\" style=\"width: 650px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1881\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/002-OSPF-R2.png\" alt=\"OSPF R2\" width=\"650\" height=\"577\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/002-OSPF-R2.png 650w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/002-OSPF-R2-512x454.png 512w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><figcaption id=\"caption-attachment-1881\" class=\"wp-caption-text\">OSPF R2<\/figcaption><\/figure>\n<p>Tamb\u00e9m no R2.<\/p>\n<figure id=\"attachment_1882\" aria-describedby=\"caption-attachment-1882\" style=\"width: 648px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1882\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/003-OSPF-R3.png\" alt=\"OSPF R3\" width=\"648\" height=\"576\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/003-OSPF-R3.png 648w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/003-OSPF-R3-512x455.png 512w\" sizes=\"auto, (max-width: 648px) 100vw, 648px\" \/><figcaption id=\"caption-attachment-1882\" class=\"wp-caption-text\">OSPF R3<\/figcaption><\/figure>\n<p>E no R3.<\/p>\n<p>Tamb\u00e9m podemos fazer alguns testes de conectividade para confirmar que os tr\u00eas roteadores tem acesso \u00e0 internet.<\/p>\n<figure id=\"attachment_1883\" aria-describedby=\"caption-attachment-1883\" style=\"width: 606px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1883\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/004-dig-R1.png\" alt=\"dig R1\" width=\"606\" height=\"576\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/004-dig-R1.png 606w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/004-dig-R1-512x487.png 512w\" sizes=\"auto, (max-width: 606px) 100vw, 606px\" \/><figcaption id=\"caption-attachment-1883\" class=\"wp-caption-text\">dig R1<\/figcaption><\/figure>\n<p>O comando <span style=\"font-family: andale mono, monospace;\">dig<\/span> no R1 mostrando que a resolu\u00e7\u00e3o de endere\u00e7os est\u00e1 funcionando corretamente utilizando o servidor secund\u00e1rio da Cloudflare.<\/p>\n<figure id=\"attachment_1884\" aria-describedby=\"caption-attachment-1884\" style=\"width: 638px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1884\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/005-dig-R2.png\" alt=\"dig R2\" width=\"638\" height=\"451\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/005-dig-R2.png 638w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/005-dig-R2-512x362.png 512w\" sizes=\"auto, (max-width: 638px) 100vw, 638px\" \/><figcaption id=\"caption-attachment-1884\" class=\"wp-caption-text\">dig R2<\/figcaption><\/figure>\n<p>Mesma coisa no R2, utilizando o servidor prim\u00e1rio da OpenDNS\/Cisco.<\/p>\n<figure id=\"attachment_1885\" aria-describedby=\"caption-attachment-1885\" style=\"width: 648px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1885\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/006-dig-R3.png\" alt=\"dig R3\" width=\"648\" height=\"492\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/006-dig-R3.png 648w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/006-dig-R3-512x389.png 512w\" sizes=\"auto, (max-width: 648px) 100vw, 648px\" \/><figcaption id=\"caption-attachment-1885\" class=\"wp-caption-text\">dig R3<\/figcaption><\/figure>\n<p>E no R3, utilizando o servidor prim\u00e1rio da Cloudflare.<\/p>\n<figure id=\"attachment_1886\" aria-describedby=\"caption-attachment-1886\" style=\"width: 750px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1886\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/007-ping-R1.png\" alt=\"ping R1\" width=\"750\" height=\"434\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/007-ping-R1.png 750w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/007-ping-R1-512x296.png 512w\" sizes=\"auto, (max-width: 750px) 100vw, 750px\" \/><figcaption id=\"caption-attachment-1886\" class=\"wp-caption-text\">ping R1<\/figcaption><\/figure>\n<p>Ping funcionando corretamente tanto especificando diretamente o IP como fazendo a resolu\u00e7\u00e3o do endere\u00e7o no R1.<\/p>\n<figure id=\"attachment_1888\" aria-describedby=\"caption-attachment-1888\" style=\"width: 672px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1888\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/008-ping-R2.png\" alt=\"ping R2\" width=\"672\" height=\"446\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/008-ping-R2.png 672w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/008-ping-R2-512x340.png 512w\" sizes=\"auto, (max-width: 672px) 100vw, 672px\" \/><figcaption id=\"caption-attachment-1888\" class=\"wp-caption-text\">ping R2<\/figcaption><\/figure>\n<p>Mesma coisa para o R2.<\/p>\n<figure id=\"attachment_1889\" aria-describedby=\"caption-attachment-1889\" style=\"width: 682px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1889\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/009-ping-R3.png\" alt=\"ping R3\" width=\"682\" height=\"451\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/009-ping-R3.png 682w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/009-ping-R3-512x339.png 512w\" sizes=\"auto, (max-width: 682px) 100vw, 682px\" \/><figcaption id=\"caption-attachment-1889\" class=\"wp-caption-text\">ping R3<\/figcaption><\/figure>\n<p>E para o R3.<\/p>\n<p>As configura\u00e7\u00f5es dos roteadores devem ficar assim:<\/p>\n<p>R1<\/p>\n<pre>interfaces {\r\n    ethernet eth0 {\r\n        address 10.255.59.1\/16\r\n        description Interwebs\r\n        hw-id 00:50:56:25:fb:70\r\n    }\r\n    ethernet eth1 {\r\n        address 10.155.170.29\/30\r\n        description R1R3\r\n        hw-id 00:50:56:25:fb:71\r\n    }\r\n    ethernet eth2 {\r\n        address 10.155.170.21\/30\r\n        description R1R2\r\n        hw-id 00:50:56:25:fb:72\r\n    }\r\n    ethernet eth3 {\r\n        address 10.155.170.17\/30\r\n        description WAN\r\n        hw-id 00:50:56:25:fb:73\r\n    }\r\n    loopback lo {\r\n        address 10.1.1.1\/32\r\n    }\r\n}\r\nnat {\r\n    source {\r\n        rule 100 {\r\n            outbound-interface eth0\r\n            translation {\r\n                address 10.255.59.1\r\n            }\r\n        }\r\n    }\r\n}\r\npolicy {\r\n    route-map CONNECT {\r\n        rule 10 {\r\n            action permit\r\n            match {\r\n                interface lo\r\n            }\r\n        }\r\n    }\r\n}\r\nprotocols {\r\n    ospf {\r\n        area 0 {\r\n            network 10.155.170.28\/30\r\n            network 10.155.170.20\/30\r\n            network 10.155.170.16\/30\r\n        }\r\n        default-information {\r\n            originate {\r\n                always\r\n                metric 10\r\n                metric-type 2\r\n            }\r\n        }\r\n        parameters {\r\n            abr-type cisco\r\n            router-id 10.1.1.1\r\n        }\r\n        passive-interface eth0\r\n        passive-interface eth3\r\n        redistribute {\r\n            connected {\r\n                metric-type 2\r\n                route-map CONNECT\r\n            }\r\n        }\r\n        refresh {\r\n        }\r\n    }\r\n    static {\r\n        route 0.0.0.0\/0 {\r\n            next-hop 10.255.0.1 {\r\n            }\r\n        }\r\n    }\r\n}\r\nservice {\r\n    ssh {\r\n        port 22\r\n    }\r\n}\r\nsystem {\r\n    config-management {\r\n        commit-revisions 100\r\n    }\r\n    console {\r\n        device ttyS0 {\r\n            speed 115200\r\n        }\r\n    }\r\n    host-name R1\r\n    login {\r\n        user vyos {\r\n            authentication {\r\n                encrypted-password $6$FLgoZsMdlnVN2$z7o2ezyVHgqAjtPv\/UyPE3l46Kg7\/DJGZP9YChYmmVETaf4ozbivfu9EfZKxNf67P4nQepmK3gYohHyRlO8Ob0\r\n                plaintext-password \"\"\r\n                public-keys crappy-key {\r\n                    key AAAAB3NzaC1yc2EAAAADAQABAAAAgQC5nbn8bcXoMbr6+kdYK6rgifD2UbNTSh2rfXuMZO5dqp8z4GQ9fQoqUl47AiGrX4cmfoTN31VATWwLy8V8mh5rUj0eNGPSzWzx5Z9+2eGVIpkRMk4JlptHoBzIil9UhF8kUJlJr7g70jXdcB41lCboW0DxqrUBUCJd0G8+NatMiQ==\r\n                    type ssh-rsa\r\n                }\r\n            }\r\n        }\r\n    }\r\n    name-server 1.1.1.1\r\n    ntp {\r\n        server 0.pool.ntp.org {\r\n        }\r\n        server 1.pool.ntp.org {\r\n        }\r\n        server 2.pool.ntp.org {\r\n        }\r\n    }\r\n    syslog {\r\n        global {\r\n            facility all {\r\n                level info\r\n            }\r\n            facility protocols {\r\n                level debug\r\n            }\r\n        }\r\n    }\r\n}\r\n\r\n\r\n\/\/ Warning: Do not remove the following line.\r\n\/\/ vyos-config-version: \"broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@20:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1\"\r\n\/\/ Release version: 1.3.0-rc6\r\n<\/pre>\n<p>R2<\/p>\n<pre>interfaces {\r\n    ethernet eth0 {\r\n        address 10.155.170.22\/30\r\n        description R1R2\r\n        hw-id 00:50:56:34:2d:50\r\n    }\r\n    ethernet eth1 {\r\n        address 10.155.170.25\/30\r\n        description R2R3\r\n        hw-id 00:50:56:34:2d:51\r\n    }\r\n    ethernet eth2 {\r\n        address 10.155.170.1\/30\r\n        description R2OPN\r\n        hw-id 00:50:56:34:2d:52\r\n    }\r\n    ethernet eth3 {\r\n        address 10.10.10.10\/24\r\n        description Host\r\n        hw-id 00:50:56:34:2d:53\r\n    }\r\n    loopback lo {\r\n        address 10.2.2.2\/32\r\n    }\r\n}\r\npolicy {\r\n    route-map CONNECT {\r\n        rule 10 {\r\n            action permit\r\n            match {\r\n                interface lo\r\n            }\r\n        }\r\n    }\r\n}\r\nprotocols {\r\n    ospf {\r\n        area 0 {\r\n            network 10.155.170.0\/30\r\n            network 10.155.170.20\/30\r\n            network 10.155.170.24\/30\r\n        }\r\n        parameters {\r\n            abr-type cisco\r\n            router-id 10.2.2.2\r\n        }\r\n        redistribute {\r\n            connected {\r\n                metric-type 2\r\n                route-map CONNECT\r\n            }\r\n        }\r\n    }\r\n    static {\r\n    }\r\n}\r\nservice {\r\n    ssh {\r\n        port 22\r\n    }\r\n}\r\nsystem {\r\n    config-management {\r\n        commit-revisions 100\r\n    }\r\n    console {\r\n        device ttyS0 {\r\n            speed 115200\r\n        }\r\n    }\r\n    host-name R2\r\n    login {\r\n        user vyos {\r\n            authentication {\r\n                encrypted-password $6$FLgoZsMdlnVN2$z7o2ezyVHgqAjtPv\/UyPE3l46Kg7\/DJGZP9YChYmmVETaf4ozbivfu9EfZKxNf67P4nQepmK3gYohHyRlO8Ob0\r\n                plaintext-password \"\"\r\n                public-keys crappy-key {\r\n                    key AAAAB3NzaC1yc2EAAAADAQABAAAAgQC5nbn8bcXoMbr6+kdYK6rgifD2UbNTSh2rfXuMZO5dqp8z4GQ9fQoqUl47AiGrX4cmfoTN31VATWwLy8V8mh5rUj0eNGPSzWzx5Z9+2eGVIpkRMk4JlptHoBzIil9UhF8kUJlJr7g70jXdcB41lCboW0DxqrUBUCJd0G8+NatMiQ==\r\n                    type ssh-rsa\r\n                }\r\n            }\r\n        }\r\n    }\r\n    name-server 1.1.1.1\r\n    ntp {\r\n        server 0.pool.ntp.org {\r\n        }\r\n        server 1.pool.ntp.org {\r\n        }\r\n        server 2.pool.ntp.org {\r\n        }\r\n    }\r\n    syslog {\r\n        global {\r\n            facility all {\r\n                level info\r\n            }\r\n            facility protocols {\r\n                level debug\r\n            }\r\n        }\r\n    }\r\n}\r\n\r\n\r\n\/\/ Warning: Do not remove the following line.\r\n\/\/ vyos-config-version: \"broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@20:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1\"\r\n\/\/ Release version: 1.3.0-rc6\r\n<\/pre>\n<p>R3<\/p>\n<pre>interfaces {\r\n    ethernet eth0 {\r\n        address 10.155.170.30\/30\r\n        description R1R3\r\n        hw-id 00:50:56:35:d2:60\r\n    }\r\n    ethernet eth1 {\r\n        address 10.155.170.26\/30\r\n        description R2R3\r\n        hw-id 00:50:56:35:d2:61\r\n    }\r\n    ethernet eth2 {\r\n        address 10.155.170.9\/30\r\n        description R3PF\r\n        hw-id 00:50:56:35:d2:62\r\n    }\r\n    ethernet eth3 {\r\n        address 10.10.10.11\/24\r\n        description Host\r\n        hw-id 00:50:56:35:d2:63\r\n    }\r\n    loopback lo {\r\n        address 10.3.3.3\/32\r\n    }\r\n}\r\npolicy {\r\n    route-map CONNECT {\r\n        rule 10 {\r\n            action permit\r\n            match {\r\n                interface lo\r\n            }\r\n        }\r\n    }\r\n}\r\nprotocols {\r\n    ospf {\r\n        area 0 {\r\n            network 10.155.170.28\/30\r\n            network 10.155.170.24\/30\r\n            network 10.155.170.8\/30\r\n        }\r\n        parameters {\r\n            abr-type cisco\r\n            router-id 10.3.3.3\r\n        }\r\n        redistribute {\r\n            connected {\r\n                metric-type 2\r\n                route-map CONNECT\r\n            }\r\n        }\r\n    }\r\n    static {\r\n    }\r\n}\r\nservice {\r\n    ssh {\r\n        port 22\r\n    }\r\n}\r\nsystem {\r\n    config-management {\r\n        commit-revisions 100\r\n    }\r\n    console {\r\n        device ttyS0 {\r\n            speed 115200\r\n        }\r\n    }\r\n    host-name R3\r\n    login {\r\n        user vyos {\r\n            authentication {\r\n                encrypted-password $6$FLgoZsMdlnVN2$z7o2ezyVHgqAjtPv\/UyPE3l46Kg7\/DJGZP9YChYmmVETaf4ozbivfu9EfZKxNf67P4nQepmK3gYohHyRlO8Ob0\r\n                plaintext-password \"\"\r\n                public-keys crappy-key {\r\n                    key AAAAB3NzaC1yc2EAAAADAQABAAAAgQC5nbn8bcXoMbr6+kdYK6rgifD2UbNTSh2rfXuMZO5dqp8z4GQ9fQoqUl47AiGrX4cmfoTN31VATWwLy8V8mh5rUj0eNGPSzWzx5Z9+2eGVIpkRMk4JlptHoBzIil9UhF8kUJlJr7g70jXdcB41lCboW0DxqrUBUCJd0G8+NatMiQ==\r\n                    type ssh-rsa\r\n                }\r\n            }\r\n        }\r\n    }\r\n    name-server 1.1.1.1\r\n    ntp {\r\n        server 0.pool.ntp.org {\r\n        }\r\n        server 1.pool.ntp.org {\r\n        }\r\n        server 2.pool.ntp.org {\r\n        }\r\n    }\r\n    syslog {\r\n        global {\r\n            facility all {\r\n                level info\r\n            }\r\n            facility protocols {\r\n                level debug\r\n            }\r\n        }\r\n    }\r\n}\r\n\r\n\r\n\/\/ Warning: Do not remove the following line.\r\n\/\/ vyos-config-version: \"broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@20:ipoe-server@1:ipsec@5:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@20:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1\"\r\n\/\/ Release version: 1.3.0-rc6\r\n<\/pre>\n<h3>Instala\u00e7\u00e3o do pfSense<\/h3>\n<p>O pfSense ficar\u00e1 ligado ao R3, e ter\u00e1 internamente 3 redes, Green, Blue e Orange (DMZ), e mais adiante, uma quarta rede para a sincroniza\u00e7\u00e3o com uma segunda inst\u00e2ncia para alta disponibilidade, contando com a interface WAN, para um total de 5 interfaces necess\u00e1rias, e como para os roteadores, uma interface extra para acesso direto do Host para facilitar o acesso \u00e0 interface web diretamente pelo Host, sem precisar de uma VM para isso, para um total de 6 interfaces de rede.<\/p>\n<p>As interfaces ficar\u00e3o dessa maneira:<\/p>\n<p><span style=\"font-family: andale mono, monospace;\">00:50:56:33:94:B0 &#8211; R3-pf\/WAN 10.155.170.10\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:33:94:B1 &#8211; pfGreen 172.29.170.1\/23<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:33:94:B2 &#8211; pfOrange 10.18.170.1\/29<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:33:94:B3 &#8211; pfBlue 10.0.170.1\/24<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:33:94:B4 &#8211; pfSync 172.168.255.1\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:33:94:B5 &#8211; Host 10.10.10.20\/24<\/span><\/p>\n<p>Ap\u00f3s a instala\u00e7\u00e3o, para evitar problemas, recomendo n\u00e3o s\u00f3 remover o ISO da VM, mas remover completamente a &#8220;unidade \u00f3ptica&#8221;, para n\u00e3o correr o risco da VM iniciar atrav\u00e9s de alguma imagem que esteja l\u00e1.<\/p>\n<p>Ap\u00f3s reiniciar a VM chegamos a essa tela:<\/p>\n<figure id=\"attachment_1813\" aria-describedby=\"caption-attachment-1813\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1813\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/001-pfSense-primeiro-boot.png\" alt=\"pfSense primeiro boot\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/001-pfSense-primeiro-boot.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/001-pfSense-primeiro-boot-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1813\" class=\"wp-caption-text\">pfSense primeiro boot<\/figcaption><\/figure>\n<p>Aqui iremos iniciar a configura\u00e7\u00e3o, primeiro vamos configurar as interfaces, para isso escolha a op\u00e7\u00e3o <span style=\"font-family: andale mono, monospace;\">1) Assign Interfaces<\/span>.<\/p>\n<figure id=\"attachment_1814\" aria-describedby=\"caption-attachment-1814\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1814\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/002-Assign-Interfaces.png\" alt=\"Assign Interfaces\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/002-Assign-Interfaces.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/002-Assign-Interfaces-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1814\" class=\"wp-caption-text\">Assign Interfaces<\/figcaption><\/figure>\n<p>N\u00e3o iremos configurar VLANs, por isso selecione <span style=\"font-family: andale mono, monospace;\">n<\/span>.<\/p>\n<p>A primeira interface a ser definida \u00e9 a WAN, nesse caso, que aqui ser\u00e1 a interface <span style=\"font-family: andale mono, monospace;\">em0<\/span>.<\/p>\n<figure id=\"attachment_1815\" aria-describedby=\"caption-attachment-1815\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1815\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/003-Definir-interfaces-WAN.png\" alt=\"Definir interfaces - WAN\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/003-Definir-interfaces-WAN.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/003-Definir-interfaces-WAN-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1815\" class=\"wp-caption-text\">Definir interfaces &#8211; WAN<\/figcaption><\/figure>\n<p>Depois disso ser\u00e1 pedido para escolhermos qual ser\u00e1 a interface para a LAN, aqui ser\u00e1 a <span style=\"font-family: andale mono, monospace;\">em1<\/span>.<\/p>\n<figure id=\"attachment_1816\" aria-describedby=\"caption-attachment-1816\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1816\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/004-Definir-interfaces-LAN.png\" alt=\"Definir interfaces - LAN\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/004-Definir-interfaces-LAN.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/004-Definir-interfaces-LAN-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1816\" class=\"wp-caption-text\">Definir interfaces &#8211; LAN<\/figcaption><\/figure>\n<p>Depois disso ser\u00e1 pedido para definir as interfaces Optional 1-4, \u00e9 s\u00f3 continuar por ordem, escolhendo as interfaces <span style=\"font-family: andale mono, monospace;\">em2<\/span> at\u00e9 <span style=\"font-family: andale mono, monospace;\">em5<\/span>.<\/p>\n<figure id=\"attachment_1817\" aria-describedby=\"caption-attachment-1817\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1817\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/005-Definir-interfaces-OPT1.png\" alt=\"Definir interfaces - OPT1\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/005-Definir-interfaces-OPT1.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/005-Definir-interfaces-OPT1-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1817\" class=\"wp-caption-text\">Definir interfaces &#8211; OPT1<\/figcaption><\/figure>\n<p>Quando terminado teremos as 6 interfaces definidas.<\/p>\n<figure id=\"attachment_1818\" aria-describedby=\"caption-attachment-1818\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1818\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/006-Interfaces-definidas.png\" alt=\"Interfaces definidas\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/006-Interfaces-definidas.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/006-Interfaces-definidas-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1818\" class=\"wp-caption-text\">Interfaces definidas<\/figcaption><\/figure>\n<p>Ap\u00f3s alguns momentos estamos de volta \u00e0 tela inicial, dessa vez com as 6 interfaces \u00e0 mostra.<\/p>\n<figure id=\"attachment_1820\" aria-describedby=\"caption-attachment-1820\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1820\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/007-Tela-inicial-mostrando-6-interfaces.png\" alt=\"Tela inicial mostrando 6 interfaces\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/007-Tela-inicial-mostrando-6-interfaces.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/007-Tela-inicial-mostrando-6-interfaces-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1820\" class=\"wp-caption-text\">Tela inicial mostrando 6 interfaces<\/figcaption><\/figure>\n<p>Agora ser\u00e1 preciso definirmos alguns IPs, para isso escolha a op\u00e7\u00e3o <span style=\"font-family: andale mono, monospace;\">2) Set interface(s) IP address<\/span>.<\/p>\n<figure id=\"attachment_1821\" aria-describedby=\"caption-attachment-1821\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1821\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/008-Escolha-a-interface-a-definir-o-IP.png\" alt=\"Escolha a interface a definir o IP\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/008-Escolha-a-interface-a-definir-o-IP.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/008-Escolha-a-interface-a-definir-o-IP-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1821\" class=\"wp-caption-text\">Escolha a interface a definir o IP<\/figcaption><\/figure>\n<p>Aqui podemos escolher qual interface desejamos dar um IP, vamos come\u00e7ar pela interface 1 &#8211; WAN.<\/p>\n<figure id=\"attachment_1822\" aria-describedby=\"caption-attachment-1822\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1822\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/009-Configurar-por-DHCP-s-n.png\" alt=\"Configurar por DHCP s\/n\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/009-Configurar-por-DHCP-s-n.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/009-Configurar-por-DHCP-s-n-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1822\" class=\"wp-caption-text\">Configurar por DHCP s\/n<\/figcaption><\/figure>\n<p>Ser\u00e1 perguntado se desejamos usar DHCP para atribuir um IP a essa interface, iremos atribuir IPs manualmente, por isso selecione <span style=\"font-family: andale mono, monospace;\">n<\/span>.<\/p>\n<figure id=\"attachment_1823\" aria-describedby=\"caption-attachment-1823\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1823\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/010-Definir-IP-da-WAN.png\" alt=\"Definir IP da WAN\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/010-Definir-IP-da-WAN.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/010-Definir-IP-da-WAN-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1823\" class=\"wp-caption-text\">Definir IP da WAN<\/figcaption><\/figure>\n<p>O IP dessa interface ficar\u00e1 como <span style=\"font-family: andale mono, monospace;\">10.155.170.1\/30<\/span>.<\/p>\n<figure id=\"attachment_1824\" aria-describedby=\"caption-attachment-1824\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-1824 size-full\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/011-Definir-IP-do-gateway-1.png\" alt=\"Definir IP do gateway\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/011-Definir-IP-do-gateway-1.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/011-Definir-IP-do-gateway-1-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1824\" class=\"wp-caption-text\">Definir IP do gateway<\/figcaption><\/figure>\n<p>Agora precisamos definir o IP do gateway, para que o pfSense tenha acesso \u00e0 internet, que aqui ser\u00e1 <span style=\"font-family: andale mono, monospace;\">10.155.170.9<\/span>.<\/p>\n<figure id=\"attachment_1827\" aria-describedby=\"caption-attachment-1827\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1827\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/012-Configurar-IPv6.png\" alt=\"Configurar IPv6\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/012-Configurar-IPv6.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/012-Configurar-IPv6-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1827\" class=\"wp-caption-text\">Configurar IPv6<\/figcaption><\/figure>\n<p>Agora ser\u00e1 perguntado se desejamos configurar IPv6 por DHCP, n\u00e3o iremos utilizar IPv6, por isso selecione <span style=\"font-family: andale mono, monospace;\">n<\/span>.<\/p>\n<figure id=\"attachment_1828\" aria-describedby=\"caption-attachment-1828\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1828\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/013-Endereco-IPv6-para-WAN.png\" alt=\"Endere\u00e7o IPv6 para WAN\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/013-Endereco-IPv6-para-WAN.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/013-Endereco-IPv6-para-WAN-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1828\" class=\"wp-caption-text\">Endere\u00e7o IPv6 para WAN<\/figcaption><\/figure>\n<p>Como dissemos que n\u00e3o queremos configurar IPv6 por DHCP, nos \u00e9 pedido para definir manualmente um endere\u00e7o, como n\u00e3o iremos utilizar IPv6, apenas aperte Enter.<\/p>\n<figure id=\"attachment_1829\" aria-describedby=\"caption-attachment-1829\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1829\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/014-Protocolo-da-interface-web.png\" alt=\"Protocolo da interface web\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/014-Protocolo-da-interface-web.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/014-Protocolo-da-interface-web-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1829\" class=\"wp-caption-text\">Protocolo da interface web<\/figcaption><\/figure>\n<p>Agora nos \u00e9 perguntado se desejamos mudar o protocolo da interface web de HTTPS para HTTP, escolha a op\u00e7\u00e3o que desejar, tendo sempre em mente que n\u00e3o \u00e9 recomendado o acesso \u00e0 interface web atrav\u00e9s da interface WAN, e caso realmente seja necess\u00e1rio, \u00e9 recomendado utilizar HTTPS.<\/p>\n<figure id=\"attachment_1830\" aria-describedby=\"caption-attachment-1830\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1830\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/015-Interface-WAN-configurada.png\" alt=\"Interface WAN configurada\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/015-Interface-WAN-configurada.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/015-Interface-WAN-configurada-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1830\" class=\"wp-caption-text\">Interface WAN configurada<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos a interface WAN configurada.<\/p>\n<p>O processo \u00e9 o mesmo para configurar o IP das outras interfaces, as \u00fanicas diferen\u00e7as sendo n\u00e3o ser necess\u00e1rio configurar o endere\u00e7o de um gateway, j\u00e1 que para essas interfaces, o pr\u00f3prio pfSense ser\u00e1 o gateway, e nos ser perguntado se desejamos habilitar o servidor DHCP nessas interfaces, para atribuir IPs aos clientes que sejam ligados a ela.<\/p>\n<p>\u00c9 poss\u00edvel configurar o resto das interfaces diretamente por aqui ou continuar a configura\u00e7\u00e3o atrav\u00e9s de um cliente ligado \u00e0 rede LAN, como temos a interface OPT4, que ser\u00e1 utilizada para esse fim, irei configurar apenas mais essa interface por aqui, antes de continuar a configura\u00e7\u00e3o pela interface web.<\/p>\n<figure id=\"attachment_1831\" aria-describedby=\"caption-attachment-1831\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1831\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/016-Habilitar-o-servidor-DHCP.png\" alt=\"Habilitar o servidor DHCP\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/016-Habilitar-o-servidor-DHCP.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/016-Habilitar-o-servidor-DHCP-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1831\" class=\"wp-caption-text\">Habilitar o servidor DHCP<\/figcaption><\/figure>\n<p>Aqui nos \u00e9 perguntado se desejamos habilitar o servidor DHCP para essa interface, aqui n\u00e3o ser\u00e1 necess\u00e1rio, selecione a op\u00e7\u00e3o <span style=\"font-family: andale mono, monospace;\">n<\/span>.<\/p>\n<figure id=\"attachment_1832\" aria-describedby=\"caption-attachment-1832\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1832\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/017-Interfaces-configuradas.png\" alt=\"Interfaces configuradas\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/017-Interfaces-configuradas.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/017-Interfaces-configuradas-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1832\" class=\"wp-caption-text\">Interfaces configuradas<\/figcaption><\/figure>\n<p>Aqui podemos ver as interfaces que temos configuradas nesse momento, as restantes interfaces ser\u00e3o configuradas atrav\u00e9s da interface web, mas para podermos a acessar atrav\u00e9s da interface OPT4 precisamos primeiro desativar o firewall, j\u00e1 que nesse momento ela pode ser acessada apenas atrav\u00e9s da interface LAN.<\/p>\n<p>Para desativar o firewall \u00e9 preciso acessar o terminal, para isso selecione a op\u00e7\u00e3o <span style=\"font-family: andale mono, monospace;\">8) Shell<\/span>.<\/p>\n<figure id=\"attachment_1833\" aria-describedby=\"caption-attachment-1833\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1833\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/018-Shell.png\" alt=\"Shell\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/018-Shell.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/018-Shell-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1833\" class=\"wp-caption-text\">Shell<\/figcaption><\/figure>\n<p>Aqui podemos desativar temporariamente o firewall com o comando <span style=\"font-family: andale mono, monospace;\">pfctl -d<\/span>.<\/p>\n<figure id=\"attachment_1834\" aria-describedby=\"caption-attachment-1834\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1834\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/019-Firewall-desativado.png\" alt=\"Firewall desativado\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/019-Firewall-desativado.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/019-Firewall-desativado-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-1834\" class=\"wp-caption-text\">Firewall desativado<\/figcaption><\/figure>\n<p>E aqui podemos ver que o firewall foi desativado, tenha aten\u00e7\u00e3o que sempre que alguma configura\u00e7\u00e3o for aplicada atrav\u00e9s da interface web, por isso \u00e9 poss\u00edvel que seja necess\u00e1rio repetir esse procedimento algumas vezes at\u00e9 que o acesso por essa interface esteja completamente configurado.<\/p>\n<p>E com isso j\u00e1 podemos acessar a interface web atrav\u00e9s do IP <span style=\"font-family: andale mono, monospace;\">10.10.10.20<\/span>.<\/p>\n<h3>Acesso Atr\u00e1ves da Interface Web<\/h3>\n<figure id=\"attachment_1836\" aria-describedby=\"caption-attachment-1836\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1836\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/020-Interface-web-certificado.png\" alt=\"Interface web - certificado\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/020-Interface-web-certificado.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/020-Interface-web-certificado-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/020-Interface-web-certificado-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1836\" class=\"wp-caption-text\">Interface web &#8211; certificado<\/figcaption><\/figure>\n<p>Como esse \u00e9 um certificado criado pelo pr\u00f3prio pfSense, \u00e9 preciso o aceitar manualmente.<\/p>\n<figure id=\"attachment_1837\" aria-describedby=\"caption-attachment-1837\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1837\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/021-Login-interface-web.png\" alt=\"Login interface web\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/021-Login-interface-web.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/021-Login-interface-web-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/021-Login-interface-web-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1837\" class=\"wp-caption-text\">Login interface web<\/figcaption><\/figure>\n<p>E com isso j\u00e1 temos acesso \u00e0 interface web, as credenciais de acesso s\u00e3o <span style=\"font-family: andale mono, monospace;\">admin<\/span> e <span style=\"font-family: andale mono, monospace;\">pfsense<\/span>.<\/p>\n<figure id=\"attachment_1839\" aria-describedby=\"caption-attachment-1839\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1839\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/022-Configuracao-inicial.png\" alt=\"Configura\u00e7\u00e3o inicial\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/022-Configuracao-inicial.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/022-Configuracao-inicial-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/022-Configuracao-inicial-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1839\" class=\"wp-caption-text\">Configura\u00e7\u00e3o inicial<\/figcaption><\/figure>\n<p>E com isso podemos iniciar o processo de configura\u00e7\u00e3o, clique em <em>Next<\/em> para prosseguir.<\/p>\n<figure id=\"attachment_1840\" aria-describedby=\"caption-attachment-1840\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1840\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/023-Netgate-Support.png\" alt=\"Netgate Support\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/023-Netgate-Support.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/023-Netgate-Support-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/023-Netgate-Support-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1840\" class=\"wp-caption-text\">Netgate Support<\/figcaption><\/figure>\n<p>Caso queira mais informa\u00e7\u00f5es sobre as op\u00e7\u00f5es de suporte da Netgate clique em <em>Learn more<\/em>, caso contr\u00e1rio, clique em <em>Next<\/em> para prosseguir.<\/p>\n<figure id=\"attachment_1841\" aria-describedby=\"caption-attachment-1841\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1841\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/024-Informacoes-Gerais.png\" alt=\"Informa\u00e7\u00f5es Gerais\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/024-Informacoes-Gerais.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/024-Informacoes-Gerais-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/024-Informacoes-Gerais-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1841\" class=\"wp-caption-text\">Informa\u00e7\u00f5es Gerais<\/figcaption><\/figure>\n<p>Aqui \u00e9 poss\u00edvel configurar o hostname, dom\u00ednio e endere\u00e7os dos servidores de DNS que deseja utilizar.<\/p>\n<figure id=\"attachment_1842\" aria-describedby=\"caption-attachment-1842\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1842\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/025-Informacoes-Gerais.png\" alt=\"Informa\u00e7\u00f5es Gerais\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/025-Informacoes-Gerais.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/025-Informacoes-Gerais-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/025-Informacoes-Gerais-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1842\" class=\"wp-caption-text\">Informa\u00e7\u00f5es Gerais<\/figcaption><\/figure>\n<p>Ap\u00f3s configurar da maneira que deseja, clique em <em>Next<\/em>.<\/p>\n<figure id=\"attachment_1843\" aria-describedby=\"caption-attachment-1843\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1843\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/026-Time-Server.png\" alt=\"Time Server\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/026-Time-Server.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/026-Time-Server-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/026-Time-Server-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1843\" class=\"wp-caption-text\">Time Server<\/figcaption><\/figure>\n<p>Aqui pode configurar o servidor NTP e o fuso hor\u00e1rio que deseja, clique em <em>Next<\/em> quando estiver satisfeito.<\/p>\n<figure id=\"attachment_1844\" aria-describedby=\"caption-attachment-1844\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1844\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/027-Configurar-a-interface-WAN.png\" alt=\"Configurar a interface WAN\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/027-Configurar-a-interface-WAN.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/027-Configurar-a-interface-WAN-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/027-Configurar-a-interface-WAN-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1844\" class=\"wp-caption-text\">Configurar a interface WAN<\/figcaption><\/figure>\n<p>Aqui pode fazer configura\u00e7\u00f5es \u00e0 interface WAN.<\/p>\n<figure id=\"attachment_1845\" aria-describedby=\"caption-attachment-1845\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1845\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/028-Configurar-Interface-WAN-Permitir-redes-privadas.png\" alt=\"Configurar Interface WAN - Permitir redes privadas\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/028-Configurar-Interface-WAN-Permitir-redes-privadas.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/028-Configurar-Interface-WAN-Permitir-redes-privadas-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/028-Configurar-Interface-WAN-Permitir-redes-privadas-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1845\" class=\"wp-caption-text\">Configurar Interface WAN &#8211; Permitir redes privadas<\/figcaption><\/figure>\n<p>Como iremos trabalhar apenas com IPs privados, \u00e9 preciso desativar essas duas op\u00e7\u00f5es, caso contr\u00e1rio n\u00e3o iremos conseguir acessar os servidor que est\u00e3o do lado de dentro do firewall, depois de desselecionar essas duas op\u00e7\u00f5es, clique em <em>Next<\/em>.<\/p>\n<figure id=\"attachment_1846\" aria-describedby=\"caption-attachment-1846\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1846\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/029-Configurar-interface-LAN.png\" alt=\"Configurar interface LAN\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/029-Configurar-interface-LAN.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/029-Configurar-interface-LAN-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/029-Configurar-interface-LAN-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1846\" class=\"wp-caption-text\">Configurar interface LAN<\/figcaption><\/figure>\n<p>Aqui podemos configurar o IP da interface LAN, ficar\u00e1 na rede Green<\/p>\n<figure id=\"attachment_1847\" aria-describedby=\"caption-attachment-1847\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1847\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/030-Novo-IP-para-a-interface-LAN.png\" alt=\"Novo IP para a interface LAN\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/030-Novo-IP-para-a-interface-LAN.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/030-Novo-IP-para-a-interface-LAN-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/030-Novo-IP-para-a-interface-LAN-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1847\" class=\"wp-caption-text\">Novo IP para a interface LAN<\/figcaption><\/figure>\n<p>Depois de colocar o IP que deseja para essa interface, clique em <em>Next<\/em>.<\/p>\n<figure id=\"attachment_1848\" aria-describedby=\"caption-attachment-1848\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1848\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/031-Definir-a-senha-da-conta-admin.png\" alt=\"Definir a senha da conta admin\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/031-Definir-a-senha-da-conta-admin.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/031-Definir-a-senha-da-conta-admin-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/031-Definir-a-senha-da-conta-admin-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1848\" class=\"wp-caption-text\">Definir a senha da conta admin<\/figcaption><\/figure>\n<p>Agora \u00e9 preciso definir uma nova senha para a conta <span style=\"font-family: andale mono, monospace;\">admin<\/span>, depois de escolher a nova senha clique em <em>Next<\/em>.<\/p>\n<figure id=\"attachment_1849\" aria-describedby=\"caption-attachment-1849\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1849\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/032-Aplicar-as-novas-configuracoes.png\" alt=\"Aplicar as novas configura\u00e7\u00f5es\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/032-Aplicar-as-novas-configuracoes.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/032-Aplicar-as-novas-configuracoes-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/032-Aplicar-as-novas-configuracoes-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1849\" class=\"wp-caption-text\">Aplicar as novas configura\u00e7\u00f5es<\/figcaption><\/figure>\n<p>Agora ser\u00e1 preciso aplicar as novas configura\u00e7\u00f5es, clique em <em>Reload<\/em>.<\/p>\n<figure id=\"attachment_1850\" aria-describedby=\"caption-attachment-1850\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1850\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/033-Terminar.png\" alt=\"Terminar\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/033-Terminar.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/033-Terminar-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/033-Terminar-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1850\" class=\"wp-caption-text\">Terminar<\/figcaption><\/figure>\n<p>E com isso terminamos as configura\u00e7\u00f5es iniciais, clique em <em>Finish<\/em> para terminar.<\/p>\n<p>Depois de clicar em <em>Finish<\/em> ser\u00e1 preciso desativar novamente o firewall atrav\u00e9s do terminal.<\/p>\n<figure id=\"attachment_1851\" aria-describedby=\"caption-attachment-1851\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1851\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/034-Notificacoes-Legais.png\" alt=\"Notifica\u00e7\u00f5es Legais\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/034-Notificacoes-Legais.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/034-Notificacoes-Legais-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/034-Notificacoes-Legais-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1851\" class=\"wp-caption-text\">Notifica\u00e7\u00f5es Legais<\/figcaption><\/figure>\n<p>Depois que o firewall for desativado temos acesso \u00e0 interface principal, clique em Accept para fechar esse popup.<\/p>\n<figure id=\"attachment_1852\" aria-describedby=\"caption-attachment-1852\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1852\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/035-Pesquisa.png\" alt=\"Pesquisa\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/035-Pesquisa.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/035-Pesquisa-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/035-Pesquisa-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1852\" class=\"wp-caption-text\">Pesquisa<\/figcaption><\/figure>\n<p>Caso queira participar da pesquisa clique no link <em>User survey<\/em>, caso contr\u00e1rio clique em <em>Close<\/em>.<\/p>\n<figure id=\"attachment_1853\" aria-describedby=\"caption-attachment-1853\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1853\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/036-Dashboard.png\" alt=\"Dashboard\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/036-Dashboard.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/036-Dashboard-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/036-Dashboard-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1853\" class=\"wp-caption-text\">Dashboard<\/figcaption><\/figure>\n<p>E com isso temos acesso ao Dashboard.<\/p>\n<figure id=\"attachment_1854\" aria-describedby=\"caption-attachment-1854\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1854\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/037-Firewall-Rules.png\" alt=\"Firewall - Rules\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/037-Firewall-Rules.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/037-Firewall-Rules-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/037-Firewall-Rules-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1854\" class=\"wp-caption-text\">Firewall &#8211; Rules<\/figcaption><\/figure>\n<p>Vamos come\u00e7ar por permitir o acesso \u00e0 interface web atrav\u00e9s da interface OPT4, para isso v\u00e1 em <strong>Firewall -&gt; Rules<\/strong>.<\/p>\n<h3>Primeira Regra de Firewall<\/h3>\n<figure id=\"attachment_1855\" aria-describedby=\"caption-attachment-1855\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1855\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/038-OPT4.png\" alt=\"OPT4\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/038-OPT4.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/038-OPT4-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/038-OPT4-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1855\" class=\"wp-caption-text\">OPT4<\/figcaption><\/figure>\n<p>Clique na aba OPT4.<\/p>\n<figure id=\"attachment_1856\" aria-describedby=\"caption-attachment-1856\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1856\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/039-Adicionar-Regra.png\" alt=\"Adicionar Regra\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/039-Adicionar-Regra.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/039-Adicionar-Regra-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/039-Adicionar-Regra-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1856\" class=\"wp-caption-text\">Adicionar Regra<\/figcaption><\/figure>\n<p>Clique em <em>Add<\/em>.<\/p>\n<figure id=\"attachment_1857\" aria-describedby=\"caption-attachment-1857\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1857\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/040-Nova-regra.png\" alt=\"Nova regra\" width=\"1117\" height=\"1131\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/040-Nova-regra.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/040-Nova-regra-506x512.png 506w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/040-Nova-regra-768x778.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-1857\" class=\"wp-caption-text\">Nova regra<\/figcaption><\/figure>\n<p>Essa regra ir\u00e1 permitir qualquer protocolo (pode restringir apenas a TCP para apenas ter acesso \u00e0 interface web), ir\u00e1 permitir tr\u00e1fego originado da rede configurada na interface OPT4, caso deseje pode restringir apenas a um \u00fanico endere\u00e7o de IP, e o destino \u00e9 apenas ao IP que foi dado a essa interface, dessa maneira nenhum tr\u00e1fego vindo dessa rede chegar\u00e1 a nenhuma outra rede do pfSense.<\/p>\n<p>Depois de terminada a configura\u00e7\u00e3o da regra clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_1858\" aria-describedby=\"caption-attachment-1858\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1858\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/041-Aplicar-alteracoes.png\" alt=\"Aplicar altera\u00e7\u00f5es\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/041-Aplicar-alteracoes.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/041-Aplicar-alteracoes-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/041-Aplicar-alteracoes-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1858\" class=\"wp-caption-text\">Aplicar altera\u00e7\u00f5es<\/figcaption><\/figure>\n<p>Agora ser\u00e1 preciso aplicar essas altera\u00e7\u00f5es, para isso clique em <em>Apply Changes<\/em>.<\/p>\n<figure id=\"attachment_1859\" aria-describedby=\"caption-attachment-1859\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1859\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/042-Alteracoes-aplicadas-com-sucesso.png\" alt=\"Altera\u00e7\u00f5es aplicadas com sucesso\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/042-Alteracoes-aplicadas-com-sucesso.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/042-Alteracoes-aplicadas-com-sucesso-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/042-Alteracoes-aplicadas-com-sucesso-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1859\" class=\"wp-caption-text\">Altera\u00e7\u00f5es aplicadas com sucesso<\/figcaption><\/figure>\n<p>\u00c9 poss\u00edvel que demore alguns instantes at\u00e9 essa regra ficar ativa, por isso \u00e9 normal que perca acesso \u00e0 interface web temporariamente.<\/p>\n<p>E com isso j\u00e1 n\u00e3o precisamos mais nos preocupar em ficar sem acesso \u00e0 interface web sempre que for feita alguma altera\u00e7\u00e3o ao firewall, e para confirmar que o firewall est\u00e1 ativo, pode ir at\u00e9 o terminal e utilizar o comando <span style=\"font-family: andale mono, monospace;\">pfctl -e<\/span> para o ativar, dever\u00e1 receber de volta uma mensagem dizendo que ele j\u00e1 est\u00e1 ativo.<\/p>\n<p>Iremos configurar as outras interfaces de rede, mas para isso, primeiro ser\u00e1 necess\u00e1rio desativar alguns servi\u00e7os DHCPv6 que est\u00e3o ativos.<\/p>\n<figure id=\"attachment_1865\" aria-describedby=\"caption-attachment-1865\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1865\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/043-Servidor-DHCPv6.png\" alt=\"Servidor DHCPv6\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/043-Servidor-DHCPv6.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/043-Servidor-DHCPv6-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/043-Servidor-DHCPv6-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1865\" class=\"wp-caption-text\">Servidor DHCPv6<\/figcaption><\/figure>\n<p>Para isso clique em <strong>Services -&gt; DHCPv6 &amp; RA<\/strong>.<\/p>\n<figure id=\"attachment_1866\" aria-describedby=\"caption-attachment-1866\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1866\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/044-Desativar-Servidor-DHCPv6.png\" alt=\"Desativar Servidor DHCPv6\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/044-Desativar-Servidor-DHCPv6.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/044-Desativar-Servidor-DHCPv6-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/044-Desativar-Servidor-DHCPv6-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1866\" class=\"wp-caption-text\">Desativar Servidor DHCPv6<\/figcaption><\/figure>\n<p>Em <em>DHCPv6 Server<\/em> desselecione a op\u00e7\u00e3o <em>Enable DHCPv6 server on interface LAN<\/em> e depois clique em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_1867\" aria-describedby=\"caption-attachment-1867\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1867\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/045-Router-Advertisements.png\" alt=\"Router Advertisements\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/045-Router-Advertisements.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/045-Router-Advertisements-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/045-Router-Advertisements-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1867\" class=\"wp-caption-text\">Router Advertisements<\/figcaption><\/figure>\n<p>Depois, na aba <em>Router Advertisements<\/em>, em <em>Router mode<\/em> selecione <em>Disabled<\/em>, depois clique no bot\u00e3o <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<p>Com isso j\u00e1 podemos alterar as configura\u00e7\u00f5es da interface LAN.<\/p>\n<figure id=\"attachment_1868\" aria-describedby=\"caption-attachment-1868\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1868\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/046-Configurar-interface-LAN.png\" alt=\"Configurar interface LAN\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/046-Configurar-interface-LAN.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/046-Configurar-interface-LAN-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/046-Configurar-interface-LAN-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1868\" class=\"wp-caption-text\">Configurar interface LAN<\/figcaption><\/figure>\n<p>Clique em <strong>Interfaces -&gt; LAN<\/strong>.<\/p>\n<figure id=\"attachment_1869\" aria-describedby=\"caption-attachment-1869\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1869\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/047-Alterar-o-nome-da-interface.png\" alt=\"Alterar o nome da interface\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/047-Alterar-o-nome-da-interface.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/047-Alterar-o-nome-da-interface-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/047-Alterar-o-nome-da-interface-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1869\" class=\"wp-caption-text\">Alterar o nome da interface<\/figcaption><\/figure>\n<p>Aqui podemos fazer v\u00e1rias altera\u00e7\u00f5es nessa interface, incluindo o seu IP, nesse caso apenas o seu nome\/descri\u00e7\u00e3o ser\u00e1 alterado.<\/p>\n<figure id=\"attachment_1870\" aria-describedby=\"caption-attachment-1870\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1870\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/048-Novo-nome-e-salvar.png\" alt=\"Novo nome e salvar\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/048-Novo-nome-e-salvar.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/048-Novo-nome-e-salvar-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/048-Novo-nome-e-salvar-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1870\" class=\"wp-caption-text\">Novo nome e salvar<\/figcaption><\/figure>\n<p>Ap\u00f3s escrever o novo nome, em <em>IPv6 Configuration Type<\/em> selecione <em>None<\/em>, depois clique no bot\u00e3o <em>Save<\/em>, no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_1871\" aria-describedby=\"caption-attachment-1871\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1871\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/049-Aplicar-Alteracoes.png\" alt=\"Aplicar Altera\u00e7\u00f5es\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/049-Aplicar-Alteracoes.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/049-Aplicar-Alteracoes-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/049-Aplicar-Alteracoes-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1871\" class=\"wp-caption-text\">Aplicar Altera\u00e7\u00f5es<\/figcaption><\/figure>\n<p>Clique em <em>Apply Changes<\/em>.<\/p>\n<figure id=\"attachment_1872\" aria-describedby=\"caption-attachment-1872\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1872\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/050-Novo-nove-da-interface-LAN.png\" alt=\"Novo nove da interface LAN\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/050-Novo-nove-da-interface-LAN.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/050-Novo-nove-da-interface-LAN-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/050-Novo-nove-da-interface-LAN-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1872\" class=\"wp-caption-text\">Novo nove da interface LAN<\/figcaption><\/figure>\n<p>Aqui podemos ver que a interface LAN agora se chama GREEN (Em alguns locais o nome aparece com todas as letras mai\u00fasculas, em outros\u00a0 aparece da maneira como foi escrita, isso \u00e9 normal).<\/p>\n<p>Ap\u00f3s repetir esses passos para a interface OPT4 para a Renomear para Host, vamos configurar as interfaces para as redes Blue e Orange.<\/p>\n<figure id=\"attachment_1873\" aria-describedby=\"caption-attachment-1873\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1873\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/051-Configurar-interface-OPT1-Orange.png\" alt=\"Configurar interface OPT1\/Orange\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/051-Configurar-interface-OPT1-Orange.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/051-Configurar-interface-OPT1-Orange-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/051-Configurar-interface-OPT1-Orange-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1873\" class=\"wp-caption-text\">Configurar interface OPT1\/Orange<\/figcaption><\/figure>\n<p>Vamos as configurar por ordem, come\u00e7ando pela interface OPT1, que ficar\u00e1 como Orange, clique em <strong>Interfaces -&gt; OPT1<\/strong>.<\/p>\n<figure id=\"attachment_1874\" aria-describedby=\"caption-attachment-1874\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1874\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/052-Interface-OPT1-Orange.png\" alt=\"Interface OPT1-Orange\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/052-Interface-OPT1-Orange.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/052-Interface-OPT1-Orange-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/052-Interface-OPT1-Orange-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1874\" class=\"wp-caption-text\">Interface OPT1-Orange<\/figcaption><\/figure>\n<p>Aqui temos acesso \u00e0s configura\u00e7\u00f5es dessa interface.<\/p>\n<figure id=\"attachment_1875\" aria-describedby=\"caption-attachment-1875\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1875\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/053-Interface-Orange-DMZ.png\" alt=\"Interface Orange (DMZ)\" width=\"1117\" height=\"1432\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/053-Interface-Orange-DMZ.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/053-Interface-Orange-DMZ-399x512.png 399w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/053-Interface-Orange-DMZ-768x985.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-1875\" class=\"wp-caption-text\">Interface Orange (DMZ)<\/figcaption><\/figure>\n<p>\u00c9 preciso primeiro habilitar essa interface, selecione a op\u00e7\u00e3o <em>Enable interface<\/em>, depois, em <em>Description<\/em>, d\u00ea o nome que deseja, nesse caso ficar\u00e1 como <em>Orange (DMZ)<\/em>, em <em>IPv4 Configuration Type<\/em>, selecione <em>Static IPv4<\/em>, e mais abaixo, em <em>IPv4 Address<\/em>, coloque o IP e m\u00e1scara que deseja para essa interface, nesse caso ficar\u00e1 como <span style=\"font-family: andale mono, monospace;\">10.18.170.1\/29<\/span>, depois disso clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_1876\" aria-describedby=\"caption-attachment-1876\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1876\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/054-Aplicar-Alteracoes.png\" alt=\"Aplicar Altera\u00e7\u00f5es\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/054-Aplicar-Alteracoes.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/054-Aplicar-Alteracoes-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/054-Aplicar-Alteracoes-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1876\" class=\"wp-caption-text\">Aplicar Altera\u00e7\u00f5es<\/figcaption><\/figure>\n<p>Clique em <em>Apply Changes<\/em>.<\/p>\n<figure id=\"attachment_1891\" aria-describedby=\"caption-attachment-1891\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1891\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/055-Interface-Blue.png\" alt=\"Interface Blue\" width=\"1117\" height=\"1432\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/055-Interface-Blue.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/055-Interface-Blue-399x512.png 399w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/055-Interface-Blue-768x985.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-1891\" class=\"wp-caption-text\">Interface Blue<\/figcaption><\/figure>\n<p>Repetir os passos para a interface Blue.<\/p>\n<figure id=\"attachment_1892\" aria-describedby=\"caption-attachment-1892\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1892\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/056-Interfaces-configuradas.png\" alt=\"Interfaces configuradas\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/056-Interfaces-configuradas.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/056-Interfaces-configuradas-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/056-Interfaces-configuradas-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1892\" class=\"wp-caption-text\">Interfaces configuradas<\/figcaption><\/figure>\n<p>E com isso j\u00e1 temos as interfaces que iremos precisar nesse momento j\u00e1 configuradas.<\/p>\n<h3>Desativar DHCP na LAN\/Green<\/h3>\n<p>Na rede Green teremos uma m\u00e1quina com o Windows Server, que tem o seu pr\u00f3prio servidor DHCP, e para evitar conflitos precisamos primeiro desativar o servidor DHCP do pfSense que est\u00e1 ativo na interface Green.<\/p>\n<figure id=\"attachment_1895\" aria-describedby=\"caption-attachment-1895\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1895\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/057-Servidor-DHCP.png\" alt=\"Servidor DHCP\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/057-Servidor-DHCP.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/057-Servidor-DHCP-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/057-Servidor-DHCP-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1895\" class=\"wp-caption-text\">Servidor DHCP<\/figcaption><\/figure>\n<p>V\u00e1 em <strong>Services -&gt; DHCP Server<\/strong>.<\/p>\n<figure id=\"attachment_1896\" aria-describedby=\"caption-attachment-1896\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1896\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/058-Servidor-DHCP-ativo.png\" alt=\" Servidor DHCP ativo\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/058-Servidor-DHCP-ativo.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/058-Servidor-DHCP-ativo-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/058-Servidor-DHCP-ativo-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1896\" class=\"wp-caption-text\">Servidor DHCP ativo<\/figcaption><\/figure>\n<p>Aqui podemos ver que o servidor DHCP est\u00e1 ativo nessa interface.<\/p>\n<figure id=\"attachment_1897\" aria-describedby=\"caption-attachment-1897\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1897\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/059-Servidor-DHCP-desativado.png\" alt=\"Servidor DHCP desativado\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/059-Servidor-DHCP-desativado.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/059-Servidor-DHCP-desativado-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/059-Servidor-DHCP-desativado-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1897\" class=\"wp-caption-text\">Servidor DHCP desativado<\/figcaption><\/figure>\n<p>Desative-o e clique no bot\u00e3o <em>Save<\/em> no fim da p\u00e1gina.<\/p>\n<p>Com isso o servidor DHCP do Windows Server n\u00e3o ter\u00e1 mais problemas e poder\u00e1 atribuir IPs aos clientes que estejam ligados a essa rede.<\/p>\n<figure id=\"attachment_1900\" aria-describedby=\"caption-attachment-1900\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1900\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/060-Cliente-com-IP-atribuido-pelo-Windows-Server.png\" alt=\"Cliente com IP atribu\u00eddo pelo Windows Server\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/060-Cliente-com-IP-atribuido-pelo-Windows-Server.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/060-Cliente-com-IP-atribuido-pelo-Windows-Server-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/060-Cliente-com-IP-atribuido-pelo-Windows-Server-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/060-Cliente-com-IP-atribuido-pelo-Windows-Server-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-1900\" class=\"wp-caption-text\">Cliente com IP atribu\u00eddo pelo Windows Server<\/figcaption><\/figure>\n<p>Aqui temos o cliente que recebeu IP atrav\u00e9s do servidor DHCP do Windows Server.<\/p>\n<figure id=\"attachment_1901\" aria-describedby=\"caption-attachment-1901\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1901\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/061-Lease-DHCP-Windows-Server.png\" alt=\"Lease DHCP Windows Server\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/061-Lease-DHCP-Windows-Server.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/061-Lease-DHCP-Windows-Server-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/061-Lease-DHCP-Windows-Server-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/061-Lease-DHCP-Windows-Server-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-1901\" class=\"wp-caption-text\">Lease DHCP Windows Server<\/figcaption><\/figure>\n<p>E aqui temos o Lease no Windows Server.<\/p>\n<h3>Restringir Pedidos DNS<\/h3>\n<p>Agora \u00e9 preciso restringir o acesso \u00e0 servidores DNS para os dispositivos que estejam na rede Green, permitindo apenas o Windows Server fazer esses pedidos, para que os outros dispositivos possam usar apenas o Windows Server como servidor DNS.<\/p>\n<p>A zona Green, previamente LAN, no pfSense, por defini\u00e7\u00e3o vem com algumas regras j\u00e1 configuradas no firewall, uma para permitir sempre os dispositivos ligados a essa rede o acesso \u00e0 interface web, e outra para permitir qualquer tipo de tr\u00e1fego que esteja saindo dessa rede.<\/p>\n<p>Ser\u00e3o necess\u00e1rias algumas regras para bloquear o acesso \u00e0 servidores DNS externos para os clientes, enquanto esse acesso \u00e9 permitido ao Windows Server, tamb\u00e9m ser\u00e1 necess\u00e1rio criar uma regra para permitir que os clientes naveguem na internet.<\/p>\n<figure id=\"attachment_1903\" aria-describedby=\"caption-attachment-1903\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1903\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/062-Firewall-Rules.png\" alt=\"Firewall - Rules\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/062-Firewall-Rules.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/062-Firewall-Rules-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/062-Firewall-Rules-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1903\" class=\"wp-caption-text\">Firewall &#8211; Rules<\/figcaption><\/figure>\n<p>O primeiro passo \u00e9 ir at\u00e9 a p\u00e1gina das regras do firewall, clique em <strong>Firewall -&gt; Rules<\/strong>.<\/p>\n<figure id=\"attachment_1904\" aria-describedby=\"caption-attachment-1904\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1904\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/063-Regras-do-Firewall-na-rede-Green.png\" alt=\"Regras do Firewall na rede Green\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/063-Regras-do-Firewall-na-rede-Green.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/063-Regras-do-Firewall-na-rede-Green-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/063-Regras-do-Firewall-na-rede-Green-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1904\" class=\"wp-caption-text\">Regras do Firewall na rede Green<\/figcaption><\/figure>\n<p>V\u00e1 para a aba da rede Green.<\/p>\n<figure id=\"attachment_1905\" aria-describedby=\"caption-attachment-1905\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1905\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/064-Regra-que-permite-todo-o-trafego-desativada.png\" alt=\"Regra que permite todo o tr\u00e1fego desativada\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/064-Regra-que-permite-todo-o-trafego-desativada.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/064-Regra-que-permite-todo-o-trafego-desativada-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/064-Regra-que-permite-todo-o-trafego-desativada-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1905\" class=\"wp-caption-text\">Regra que permite todo o tr\u00e1fego desativada<\/figcaption><\/figure>\n<p>Ser\u00e1 preciso desativar ou remover a regra que permite todo o tr\u00e1fego originado dessa rede, para a desativar clique no \u00edcone \ud83d\udeab que est\u00e1 do lado direito da regra, e caso queira a excluir clique no \u00edcone \ud83d\uddd1 que est\u00e1 do lado direito da regra, depois clique em <em>Apply Changes<\/em>.<\/p>\n<figure id=\"attachment_1906\" aria-describedby=\"caption-attachment-1906\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1906\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/065-Firewall-Aliases.png\" alt=\"Firewall - Aliases\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/065-Firewall-Aliases.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/065-Firewall-Aliases-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/065-Firewall-Aliases-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1906\" class=\"wp-caption-text\">Firewall &#8211; Aliases<\/figcaption><\/figure>\n<p>Como ser\u00e1 necess\u00e1rio aplicar a mesma regra para mais do que uma porta, para n\u00e3o ter que criar duas regras iguais para portas diferentes, vamos criar aliases para essas portas, para isso clique em <strong>Firewall -&gt; Aliases<\/strong>.<\/p>\n<figure id=\"attachment_1907\" aria-describedby=\"caption-attachment-1907\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1907\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/066-Criar-aliases-para-as-portas.png\" alt=\"Criar aliases para as portas\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/066-Criar-aliases-para-as-portas.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/066-Criar-aliases-para-as-portas-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/066-Criar-aliases-para-as-portas-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1907\" class=\"wp-caption-text\">Criar aliases para as portas<\/figcaption><\/figure>\n<p>Para criar esses aliases v\u00e1 para a aba <em>Ports<\/em> e clique em <em>Add<\/em>.<\/p>\n<figure id=\"attachment_1908\" aria-describedby=\"caption-attachment-1908\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1908\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/067-Portas-do-servico-DNS.png\" alt=\"Portas do servi\u00e7o DNS\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/067-Portas-do-servico-DNS.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/067-Portas-do-servico-DNS-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/067-Portas-do-servico-DNS-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1908\" class=\"wp-caption-text\">Portas do servi\u00e7o DNS<\/figcaption><\/figure>\n<p>\u00c9 preciso dar um nome a esse alias, a descri\u00e7\u00e3o \u00e9 opcional, em <em>Type<\/em> certifique-se de que <em>Port(s)<\/em> esteja selecionado, e abaixo, em <em>Port(s)<\/em>, iremos adicionar as portas.<\/p>\n<p>A primeira porta ser\u00e1 a 53, que \u00e9 a porta tradicionalmente utilizada pelo servi\u00e7o DNS, coloque o n\u00famero da porta e uma descri\u00e7\u00e3o, se desejar, depois clique em <em>Add Port<\/em>, para adicionarmos uma segunda porta, essa segunda porta ser\u00e1 a porta 853, que \u00e9 utilizada pelo servi\u00e7o DNS quando o tr\u00e1fego \u00e9 encriptado.<\/p>\n<p>Depois de adicionar essas duas portas clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_1909\" aria-describedby=\"caption-attachment-1909\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1909\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/068-Portas-Web.png\" alt=\"Portas Web\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/068-Portas-Web.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/068-Portas-Web-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/068-Portas-Web-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1909\" class=\"wp-caption-text\">Portas Web<\/figcaption><\/figure>\n<p>O processo ser\u00e1 repetido para o tr\u00e1fego HTTP e HTTPS, nesse caso para as portas 80 e 443.<\/p>\n<figure id=\"attachment_1910\" aria-describedby=\"caption-attachment-1910\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1910\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/069-Aliases-criados.png\" alt=\"Aliases criados\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/069-Aliases-criados.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/069-Aliases-criados-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/069-Aliases-criados-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1910\" class=\"wp-caption-text\">Aliases criados<\/figcaption><\/figure>\n<p>Aqui temos os dois aliases criados.<\/p>\n<figure id=\"attachment_1911\" aria-describedby=\"caption-attachment-1911\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1911\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/070-Regra-permitindo-DNS-para-o-Windows-Server.png\" alt=\"Regra permitindo DNS para o Windows Server\" width=\"1117\" height=\"1322\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/070-Regra-permitindo-DNS-para-o-Windows-Server.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/070-Regra-permitindo-DNS-para-o-Windows-Server-433x512.png 433w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/070-Regra-permitindo-DNS-para-o-Windows-Server-768x909.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-1911\" class=\"wp-caption-text\">Regra permitindo DNS para o Windows Server<\/figcaption><\/figure>\n<p>Agora vamos criar as regras no firewall, para isso volte at\u00e9 a p\u00e1gina das regras para a rede Green e clique em <em>Add<\/em> para criar uma nova regra (a ordem importa, por isso essa regra deve ser a primeira da lista, por isso clique no bot\u00e3o <em>Add<\/em> com a seta apontando para cima).<\/p>\n<p>Aqui iremos configurar essa regra, em <em>Action<\/em> selecione <em>Pass<\/em>, a interface deve ser <em>GREEN<\/em>, como n\u00e3o estamos utilizando IPv6, em <em>Address Family<\/em> selecione <em>IPv4<\/em>, em <em>Protocol<\/em> selecione <em>TCP\/UDP<\/em>, j\u00e1 que em alguns casos espec\u00edficos TCP \u00e9 utilizado pelo DNS.<\/p>\n<p>Em <em>Source<\/em> selecione <em>Single host or alias<\/em> e coloque o IP do Windows Server, j\u00e1 que ele ser\u00e1 o \u00fanico com permiss\u00e3o para acessar servidores DNS externos.<\/p>\n<p>Em <em>Destination<\/em> deixe <em>any<\/em>, e em <em>Destination Port Range<\/em> deixe o primeiro e terceiro campos como <em>(other)<\/em> e no segundo e quarto coloque o alias criado para as portas DNS.<\/p>\n<p>Caso queira colocar uma descri\u00e7\u00e3o para essa regra, a coloque no campo <em>Description<\/em>, em <em>Extra Options<\/em>.<\/p>\n<p>Depois clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_1913\" aria-describedby=\"caption-attachment-1913\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1913\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/071-Regra-para-bloquear-o-trafego-DNS-para-a-rede-Green.png\" alt=\"Regra para bloquear o tr\u00e1fego DNS para a rede Green\" width=\"1117\" height=\"1322\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/071-Regra-para-bloquear-o-trafego-DNS-para-a-rede-Green.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/071-Regra-para-bloquear-o-trafego-DNS-para-a-rede-Green-433x512.png 433w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/071-Regra-para-bloquear-o-trafego-DNS-para-a-rede-Green-768x909.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-1913\" class=\"wp-caption-text\">Regra para bloquear o tr\u00e1fego DNS para a rede Green<\/figcaption><\/figure>\n<p>Agora iremos criar uma regra que ir\u00e1 bloquear o tr\u00e1fego DNS para fora da rede para o resto dos dispositivos.<\/p>\n<p>A primeira parte \u00e9 igual \u00e0 regra anterior, com a \u00fanica diferen\u00e7a sendo que em <em>Action<\/em>, iremos selecionar <em>Block<\/em> em vez de <em>Pass<\/em>.<\/p>\n<p>Em <em>Source<\/em> selecione <em>GREEN net<\/em>, j\u00e1 que essa regra se aplica ao tr\u00e1fego originado da rede inteira.<\/p>\n<p><em>Destination<\/em> ficar\u00e1 da mesma maneira que a regra anterior.<\/p>\n<p>Coloque uma descri\u00e7\u00e3o apropriada e clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_1914\" aria-describedby=\"caption-attachment-1914\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1914\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/072-Regras-de-acesso-a-DNS-criadas.png\" alt=\"Regras de acesso a DNS criadas\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/072-Regras-de-acesso-a-DNS-criadas.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/072-Regras-de-acesso-a-DNS-criadas-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/072-Regras-de-acesso-a-DNS-criadas-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1914\" class=\"wp-caption-text\">Regras de acesso a DNS criadas<\/figcaption><\/figure>\n<p>Aqui podemos ver as duas regras para o acesso a servidores DNS externos, \u00e9 importante que elas estejam nessa ordem, a regra que permite o acesso ao Windows Server acima da regra que bloqueia o acesso \u00e0 rede.<\/p>\n<figure id=\"attachment_1915\" aria-describedby=\"caption-attachment-1915\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1915\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/073-Regra-permitindo-o-acesso-web.png\" alt=\"Regra permitindo o acesso web\" width=\"1117\" height=\"1322\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/073-Regra-permitindo-o-acesso-web.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/073-Regra-permitindo-o-acesso-web-433x512.png 433w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/073-Regra-permitindo-o-acesso-web-768x909.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-1915\" class=\"wp-caption-text\">Regra permitindo o acesso web<\/figcaption><\/figure>\n<p>Agora para a cria\u00e7\u00e3o da regra que permite o acesso \u00e0 web aos dispositivos da rede Green.<\/p>\n<p>Essa regra ir\u00e1 permitir o acesso, por isso em <em>Action<\/em> \u00e9 preciso selecionar <em>Pass<\/em>, a interface \u00e9 <em>GREEN<\/em> e nesse caso o protocolo \u00e9 apenas <em>TCP<\/em>.<\/p>\n<p>Essa regra ir\u00e1 permitir o tr\u00e1fego originado de toda a rede Green, por isso em <em>Source<\/em> selecione <em>Green net<\/em>.<\/p>\n<p>Em Destination, deixe como <em>any<\/em> e para as portas, da mesma maneira como foi feito para as regras para o DNS, coloque o nome do alias criado para as portas web.<\/p>\n<p>D\u00ea uma descri\u00e7\u00e3o para a regra e clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_1916\" aria-describedby=\"caption-attachment-1916\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1916\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/074-Regras-criadas-para-a-zona-Green.png\" alt=\"Regras criadas para a zona Green\" width=\"1136\" height=\"794\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/074-Regras-criadas-para-a-zona-Green.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/074-Regras-criadas-para-a-zona-Green-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/074-Regras-criadas-para-a-zona-Green-768x537.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1916\" class=\"wp-caption-text\">Regras criadas para a zona Green<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos as regras b\u00e1sicas criadas e j\u00e1 podemos fazer alguns testes.<\/p>\n<figure id=\"attachment_1918\" aria-describedby=\"caption-attachment-1918\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1918\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/075-Dig-em-um-cliente.png\" alt=\"Dig em um cliente\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/075-Dig-em-um-cliente.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/075-Dig-em-um-cliente-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/075-Dig-em-um-cliente-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/075-Dig-em-um-cliente-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-1918\" class=\"wp-caption-text\">Dig em um cliente<\/figcaption><\/figure>\n<p>Aqui podemos ver que o cliente n\u00e3o consegue utilizar nenhum outro servidor DNS al\u00e9m do Windows Server.<\/p>\n<figure id=\"attachment_1919\" aria-describedby=\"caption-attachment-1919\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1919\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/076-Dig-no-Windows-Server.png\" alt=\"Dig no Windows Server\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/076-Dig-no-Windows-Server.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/076-Dig-no-Windows-Server-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/076-Dig-no-Windows-Server-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/076-Dig-no-Windows-Server-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-1919\" class=\"wp-caption-text\">Dig no Windows Server<\/figcaption><\/figure>\n<p>O Windows Server tem acesso \u00e0 servidores DNS externos.<\/p>\n<figure id=\"attachment_1920\" aria-describedby=\"caption-attachment-1920\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1920\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/077-Acesso-a-paginas-web-pelo-cliente.png\" alt=\"Acesso \u00e0 p\u00e1ginas web pelo cliente\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/077-Acesso-a-paginas-web-pelo-cliente.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/077-Acesso-a-paginas-web-pelo-cliente-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/077-Acesso-a-paginas-web-pelo-cliente-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/077-Acesso-a-paginas-web-pelo-cliente-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-1920\" class=\"wp-caption-text\">Acesso \u00e0 p\u00e1ginas web pelo cliente<\/figcaption><\/figure>\n<p>O cliente pode navegar na internet sem problemas.<\/p>\n<figure id=\"attachment_1921\" aria-describedby=\"caption-attachment-1921\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1921\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/078-Acesso-a-paginas-web-pelo-Windows-Server.png\" alt=\"Acesso \u00e0 p\u00e1ginas web pelo Windows Server\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/078-Acesso-a-paginas-web-pelo-Windows-Server.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/078-Acesso-a-paginas-web-pelo-Windows-Server-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/078-Acesso-a-paginas-web-pelo-Windows-Server-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/078-Acesso-a-paginas-web-pelo-Windows-Server-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-1921\" class=\"wp-caption-text\">Acesso \u00e0 p\u00e1ginas web pelo Windows Server<\/figcaption><\/figure>\n<p>Assim como o Windows Server.<\/p>\n<h4>Bloquear Tr\u00e1fego ICMP<\/h4>\n<p>Iremos bloquear o tr\u00e1fego ICMP originado das redes internas do firewall para todas as redes no intervalo <span style=\"font-family: andale mono, monospace;\">10.155.170.0\/27<\/span>, para isso \u00e9 preciso criar uma regra que ir\u00e1 bloquear esse tipo de tr\u00e1fego.<\/p>\n<p>Aqui temos duas op\u00e7\u00f5es, criar uma regra para cada interface ou criar uma regra flutuante e selecionar de uma s\u00f3 vez todas as interfaces internas, para facilitar a gest\u00e3o, vamos optar por uma regra flutuante.<\/p>\n<p>Depois de decidir onde essa regra ser\u00e1 criada, \u00e9 preciso decidir como essa regra ser\u00e1 criada, e existem algumas maneiras diferentes de o fazer, uma delas \u00e9 criar duas regras, uma permitindo o tr\u00e1fego ICMP, originado das redes internas, para todas as redes, com outra regra bloqueando apenas o tr\u00e1fego destinado \u00e0 rede que n\u00e3o desejamos (e isso pode ser feito de duas &#8220;maneiras&#8221;, uma delas \u00e9 com a regra que permite o tr\u00e1fego ICPM para todas as redes primeiro, e a regra que bloqueia o tr\u00e1fego para a rede que desejamos bloquear abaixo da regra anterior, ou ent\u00e3o colocar essa regra logo acima e selecionar a op\u00e7\u00e3o <em>Quick<\/em>, que aplica a regra imediatamente caso haja uma correspond\u00eancia, e dessa maneira n\u00e3o chega a comparar com as regras a seguir), e outra \u00e9 criar uma regra que permite o tr\u00e1fego ICMP originado das redes internas e quando selecionamos o destino, colocamos a rede que n\u00e3o queremos que esteja acess\u00edvel e selecionamos a op\u00e7\u00e3o <em>Invert match<\/em>, dessa maneira o tr\u00e1fego \u00e9 permitido para todas as redes, exceto a rede que especificamos.<\/p>\n<p>Iremos criar uma regra flutuante com a op\u00e7\u00e3o <em>Invert match<\/em>, para simplificar e usarmos apenas uma \u00fanica regra.<\/p>\n<figure id=\"attachment_1925\" aria-describedby=\"caption-attachment-1925\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1925\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/079-Firewall-Rules.png\" alt=\"Firewall - Rules\" width=\"1136\" height=\"793\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/079-Firewall-Rules.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/079-Firewall-Rules-512x357.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/079-Firewall-Rules-768x536.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1925\" class=\"wp-caption-text\">Firewall &#8211; Rules<\/figcaption><\/figure>\n<p>Clique em <strong>Firewall -&gt; Rules<\/strong>.<\/p>\n<figure id=\"attachment_1926\" aria-describedby=\"caption-attachment-1926\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1926\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/080-Firewall-Floating-Rules.png\" alt=\"Firewall - Floating Rules\" width=\"1136\" height=\"793\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/080-Firewall-Floating-Rules.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/080-Firewall-Floating-Rules-512x357.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/080-Firewall-Floating-Rules-768x536.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1926\" class=\"wp-caption-text\">Firewall &#8211; Floating Rules<\/figcaption><\/figure>\n<p>Depois na aba <em>Floating<\/em> e em <em>Add<\/em> (como n\u00e3o temos nenhuma regra aqui, tanto faz se \u00e9 para adicionar uma regra acima ou abaixo).<\/p>\n<figure id=\"attachment_1927\" aria-describedby=\"caption-attachment-1927\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1927\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/081-Regra-ICMP.png\" alt=\"Regra ICMP\" width=\"1117\" height=\"1408\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/081-Regra-ICMP.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/081-Regra-ICMP-406x512.png 406w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/081-Regra-ICMP-768x968.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-1927\" class=\"wp-caption-text\">Regra ICMP<\/figcaption><\/figure>\n<p>Em <em>Action<\/em> selecione <em>Pass<\/em>, em <em>Interface<\/em> selecione as interfaces das redes internas, nesse caso ser\u00e3o as interfaces <em>GREEN<\/em>, <em>ORANGEDMZ<\/em> e <em>BLUE<\/em>, em <em>Direction<\/em> deixe como <em>any<\/em>, <em>Address<\/em> <em>Family<\/em> fica como <em>IPv4<\/em>, como nas outras regras, e em <em>Protocol<\/em> selecione <em>ICMP<\/em>, pode deixar a op\u00e7\u00e3o <em>ICMP Subtypes<\/em> como <em>any<\/em>.<\/p>\n<p>A op\u00e7\u00e3o <em>Source<\/em> pode ficar como <em>any<\/em>, j\u00e1 que essa regra ser\u00e1 aplicada a v\u00e1rias interfaces, com diferentes redes, e em <em>Destination<\/em> selecione a op\u00e7\u00e3o <em>Invert match<\/em> e no menu a op\u00e7\u00e3o <em>Network<\/em>, e adicione a rede que deseja bloquear, como iremos bloquear v\u00e1rias redes cont\u00edguas, podemos simplesmente colocar o endere\u00e7o da primeira rede e uma m\u00e1scara que abranja todas as redes em quest\u00e3o.<\/p>\n<p>Coloque uma descri\u00e7\u00e3o e clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_1928\" aria-describedby=\"caption-attachment-1928\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1928\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/082-Aplicar-regra.png\" alt=\"Aplicar regra\" width=\"1136\" height=\"793\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/082-Aplicar-regra.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/082-Aplicar-regra-512x357.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/082-Aplicar-regra-768x536.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1928\" class=\"wp-caption-text\">Aplicar regra<\/figcaption><\/figure>\n<p>A regra j\u00e1 foi criada, mas ainda n\u00e3o est\u00e1 ativa, clique em <em>Apply Changes<\/em> para que seja aplicada.<\/p>\n<figure id=\"attachment_1929\" aria-describedby=\"caption-attachment-1929\" style=\"width: 1136px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1929\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/083-Regra-aplicada.png\" alt=\"Regra aplicada\" width=\"1136\" height=\"793\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/083-Regra-aplicada.png 1136w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/083-Regra-aplicada-512x357.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/083-Regra-aplicada-768x536.png 768w\" sizes=\"auto, (max-width: 1136px) 100vw, 1136px\" \/><figcaption id=\"caption-attachment-1929\" class=\"wp-caption-text\">Regra aplicada<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos a nossa regra ativa e podemos fazer alguns testes.<\/p>\n<figure id=\"attachment_1931\" aria-describedby=\"caption-attachment-1931\" style=\"width: 777px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1931\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/084-Novo-IP-no-R1.png\" alt=\"Novo IP no R1\" width=\"777\" height=\"610\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/084-Novo-IP-no-R1.png 777w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/084-Novo-IP-no-R1-512x402.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/084-Novo-IP-no-R1-768x603.png 768w\" sizes=\"auto, (max-width: 777px) 100vw, 777px\" \/><figcaption id=\"caption-attachment-1931\" class=\"wp-caption-text\">Novo IP no R1<\/figcaption><\/figure>\n<p>Adicionei um novo IP a uma das interfaces do R1 e adicionei a rede desse IP nas redes propagadas pelo OSPF para que seja propagada aos outros roteadores.<\/p>\n<figure id=\"attachment_1932\" aria-describedby=\"caption-attachment-1932\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1932\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/085-Ping-de-um-cliente-em-uma-rede-interna.png\" alt=\"Ping de um cliente em uma rede interna\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/085-Ping-de-um-cliente-em-uma-rede-interna.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/085-Ping-de-um-cliente-em-uma-rede-interna-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/085-Ping-de-um-cliente-em-uma-rede-interna-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/085-Ping-de-um-cliente-em-uma-rede-interna-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-1932\" class=\"wp-caption-text\">Ping de um cliente em uma rede interna<\/figcaption><\/figure>\n<p>E aqui podemos ver que o cliente, do lado de dentro do firewall, n\u00e3o consegue fazer ping a redes que configuramos para serem exclu\u00eddas na regra, entretanto, consegue fazer ping ao IP adicionado ao R1.<\/p>\n<h3>Proxy<\/h3>\n<p>Existem alguma maneiras diferentes de se configurar um proxy no pfSense, aqui iremos instalar o Squid.<\/p>\n<figure id=\"attachment_1952\" aria-describedby=\"caption-attachment-1952\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1952\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/086-Package-Manager.png\" alt=\"Package Manager\" width=\"1051\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/086-Package-Manager.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/086-Package-Manager-512x370.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/086-Package-Manager-768x555.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1952\" class=\"wp-caption-text\">Package Manager<\/figcaption><\/figure>\n<p>Para instalar o <em>Squid<\/em> v\u00e1 em <strong>System<\/strong> <strong>-&gt;<\/strong> <strong>Package Manager<\/strong>.<\/p>\n<figure id=\"attachment_1953\" aria-describedby=\"caption-attachment-1953\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1953\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/087-Available-Packages.png\" alt=\"Available Packages\" width=\"1051\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/087-Available-Packages.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/087-Available-Packages-512x370.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/087-Available-Packages-768x555.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1953\" class=\"wp-caption-text\">Available Packages<\/figcaption><\/figure>\n<p>Depois clique na aba <em>Available Packages<\/em>.<\/p>\n<figure id=\"attachment_1954\" aria-describedby=\"caption-attachment-1954\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1954\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/088-Squid.png\" alt=\"Squid\" width=\"1051\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/088-Squid.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/088-Squid-512x370.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/088-Squid-768x555.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1954\" class=\"wp-caption-text\">Squid<\/figcaption><\/figure>\n<p>No campo <em>Search term<\/em> coloque <em>squid<\/em> e clique em <em>Search<\/em>, depois em <em>Install<\/em> para o pacote <em>squid<\/em>.<\/p>\n<figure id=\"attachment_1955\" aria-describedby=\"caption-attachment-1955\" style=\"width: 1068px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1955\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/089-Confirmar-instalacao.png\" alt=\"Confirmar instala\u00e7\u00e3o\" width=\"1068\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/089-Confirmar-instalacao.png 1068w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/089-Confirmar-instalacao-512x364.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/089-Confirmar-instalacao-768x546.png 768w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><figcaption id=\"caption-attachment-1955\" class=\"wp-caption-text\">Confirmar instala\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Clique em <em>Confirm<\/em> para confirmar a instala\u00e7\u00e3o do pacote.<\/p>\n<figure id=\"attachment_1956\" aria-describedby=\"caption-attachment-1956\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1956\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/090-Instalacao-do-Squid.png\" alt=\"Instala\u00e7\u00e3o do Squid\" width=\"1051\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/090-Instalacao-do-Squid.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/090-Instalacao-do-Squid-512x370.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/090-Instalacao-do-Squid-768x555.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1956\" class=\"wp-caption-text\">Instala\u00e7\u00e3o do Squid<\/figcaption><\/figure>\n<p>Com isso a instala\u00e7\u00e3o do <em>Squid<\/em> ser\u00e1 iniciada, aguarde alguns momentos at\u00e9 que seja terminada.<\/p>\n<figure id=\"attachment_1958\" aria-describedby=\"caption-attachment-1958\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1958\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/091-Instalacao-terminada-com-sucesso.png\" alt=\"Instala\u00e7\u00e3o terminada com sucesso\" width=\"1051\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/091-Instalacao-terminada-com-sucesso.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/091-Instalacao-terminada-com-sucesso-512x370.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/091-Instalacao-terminada-com-sucesso-768x555.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1958\" class=\"wp-caption-text\">Instala\u00e7\u00e3o terminada com sucesso<\/figcaption><\/figure>\n<p>Com isso temos o <em>Squid<\/em> instalado com sucesso.<\/p>\n<figure id=\"attachment_1960\" aria-describedby=\"caption-attachment-1960\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1960\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/092-Squid-Proxy-Server.png\" alt=\"Squid Proxy Server\" width=\"1051\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/092-Squid-Proxy-Server.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/092-Squid-Proxy-Server-512x370.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/092-Squid-Proxy-Server-768x555.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1960\" class=\"wp-caption-text\">Squid Proxy Server<\/figcaption><\/figure>\n<p>Depois de terminar a instala\u00e7\u00e3o, clique em <strong>Services<\/strong> <strong>-&gt;<\/strong> <strong>Squid Proxy Server<\/strong>.<\/p>\n<figure id=\"attachment_1961\" aria-describedby=\"caption-attachment-1961\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1961\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/093-Proxy-Server.png\" alt=\"Proxy Server\" width=\"1051\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/093-Proxy-Server.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/093-Proxy-Server-512x370.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/093-Proxy-Server-768x555.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1961\" class=\"wp-caption-text\">Proxy Server<\/figcaption><\/figure>\n<p>Com isso entramos nas configura\u00e7\u00f5es do servidor proxy, mas antes que possamos fazer qualquer outra coisa, \u00e9 preciso configurar o cache local, para isso clique na aba <em>Local Cache<\/em>.<\/p>\n<figure id=\"attachment_1962\" aria-describedby=\"caption-attachment-1962\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1962\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/094-Local-Cache.png\" alt=\"Local Cache\" width=\"1051\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/094-Local-Cache.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/094-Local-Cache-512x370.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/094-Local-Cache-768x555.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1962\" class=\"wp-caption-text\">Local Cache<\/figcaption><\/figure>\n<p>Aqui \u00e9 poss\u00edvel fazer v\u00e1rias configura\u00e7\u00f5es referentes ao <em>caching<\/em> de conte\u00fado, para que os computadores da rede n\u00e3o tenham que ir buscar na internet conte\u00fado que esteja salvo em cache, possivelmente poupando largura de banda e aumentando a velocidade das transfer\u00eancias para os clientes, mas aqui n\u00e3o iremos usar essa fun\u00e7\u00e3o, caso queira mais informa\u00e7\u00f5es sobre essa funcionalidade pode sempre ler a documenta\u00e7\u00e3o.<\/p>\n<p>Em <em>Disable Caching<\/em>, selecione a op\u00e7\u00e3o <em>Disable caching completely<\/em> e depois clique no bot\u00e3o <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<p>Antes de continuarmos a configura\u00e7\u00e3o \u00e9 preciso primeiro criar um novo certificado CA para a emiss\u00e3o de um novo certificado que ser\u00e1 utilizado pelo proxy.<\/p>\n<figure id=\"attachment_1963\" aria-describedby=\"caption-attachment-1963\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1963\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/095-Certificate-Manager.png\" alt=\"Certificate Manager\" width=\"1051\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/095-Certificate-Manager.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/095-Certificate-Manager-512x370.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/095-Certificate-Manager-768x555.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1963\" class=\"wp-caption-text\">Certificate Manager<\/figcaption><\/figure>\n<p>Clique em <strong>System<\/strong> <strong>-&gt;<\/strong> <strong>Cert. Manager<\/strong>.<\/p>\n<figure id=\"attachment_1964\" aria-describedby=\"caption-attachment-1964\" style=\"width: 1068px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1964\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/096-Adicionar-novo-certificado-CA.png\" alt=\"Adicionar novo certificado CA\" width=\"1068\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/096-Adicionar-novo-certificado-CA.png 1068w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/096-Adicionar-novo-certificado-CA-512x364.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/096-Adicionar-novo-certificado-CA-768x546.png 768w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><figcaption id=\"caption-attachment-1964\" class=\"wp-caption-text\">Adicionar novo certificado CA<\/figcaption><\/figure>\n<p>Aqui iremos criar o novo certificado CA, para isso, na aba <em>CAs<\/em>, clique em <em>Add<\/em>.<\/p>\n<figure id=\"attachment_1965\" aria-describedby=\"caption-attachment-1965\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1965\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/097-Criar-certificado.png\" alt=\"Criar certificado\" width=\"1051\" height=\"1302\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/097-Criar-certificado.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/097-Criar-certificado-413x512.png 413w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/097-Criar-certificado-768x951.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1965\" class=\"wp-caption-text\">Criar certificado<\/figcaption><\/figure>\n<p>Aqui \u00e9 preciso preencher os campos para gerar o certificado.<\/p>\n<p>Esse certificado ser\u00e1 utilizado para que o proxy, configurado como <em>man-in-the-middle<\/em>, possa inspecionar todo o tr\u00e1fego que passe por isso, isso tem \u00f3bvias implica\u00e7\u00f5es de privacidade, e sempre que esse tipo de proxy for utilizado \u00e9 preciso comunicar os usu\u00e1rios, tamb\u00e9m \u00e9 preciso verificar a legalidade desse tipo de uso onde se encontra, j\u00e1 que como todo o tr\u00e1fego \u00e9 decriptado, a cadeia de confian\u00e7a entre servidor e cliente \u00e9 quebrada, e todo o tr\u00e1fego que era confidencial, agora est\u00e1 vis\u00edvel para o proxy, quest\u00f5es \u00e9ticas e legais \u00e0 parte, prossiga por conta pr\u00f3pria.<\/p>\n<figure id=\"attachment_1966\" aria-describedby=\"caption-attachment-1966\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1966\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/098-Preencher-dados-do-certificado.png\" alt=\"Preencher dados do certificado\" width=\"1051\" height=\"1302\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/098-Preencher-dados-do-certificado.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/098-Preencher-dados-do-certificado-413x512.png 413w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/098-Preencher-dados-do-certificado-768x951.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1966\" class=\"wp-caption-text\">Preencher dados do certificado<\/figcaption><\/figure>\n<p>Essa autoridade certificadora \u00f3bviamente n\u00e3o \u00e9 a mesma que emitiu os certificados leg\u00edtimos dos websites que ser\u00e3o visitados, por isso \u00e9 de bom tom deixar claro a finalidade desse certificado e n\u00e3o tentar enganar os usu\u00e1rios do sistema.<\/p>\n<p>Depois de preencher os dados clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_1967\" aria-describedby=\"caption-attachment-1967\" style=\"width: 1068px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1967\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/099-Certificado-criado.png\" alt=\"Certificado criado\" width=\"1068\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/099-Certificado-criado.png 1068w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/099-Certificado-criado-512x364.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/099-Certificado-criado-768x546.png 768w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><figcaption id=\"caption-attachment-1967\" class=\"wp-caption-text\">Certificado criado<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos o certificado criado, agora \u00e9 preciso exportar esse certificado para que ele possa ser importado nas m\u00e1quinas clientes, para isso, em <em>Actions<\/em>, do lado direito da janela, clique no \u00edcone redondo similar a uma roda dentada, assim ir\u00e1 exportar o certificado que pode ser instalado nas m\u00e1quinas clientes, essa instala\u00e7\u00e3o pode ser feita de v\u00e1rias maneiras, e vai depender do OS utilizado, no caso de m\u00e1quinas Windows que fa\u00e7am parte de um dom\u00ednio com um servidor AD, isso pode ser feito atrav\u00e9s de GPOs.<\/p>\n<p>Depois de importar o certificato CA nas m\u00e1quinas clientes, elas ir\u00e3o aceitar os certificados gerados pelo pfSense, e para que a mensagem dizendo que existe um poten\u00e7\u00e3o risco ao acessar a interface web, podemos criar um novo certificado para ela.<\/p>\n<figure id=\"attachment_1968\" aria-describedby=\"caption-attachment-1968\" style=\"width: 1068px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1968\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/100-Criar-certificado.png\" alt=\"Criar certificado\" width=\"1068\" height=\"759\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/100-Criar-certificado.png 1068w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/100-Criar-certificado-512x364.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/100-Criar-certificado-768x546.png 768w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><figcaption id=\"caption-attachment-1968\" class=\"wp-caption-text\">Criar certificado<\/figcaption><\/figure>\n<p>Clique na aba <em>Certificates<\/em> e depois no bot\u00e3o <em>Add\/Sign<\/em>.<\/p>\n<figure id=\"attachment_1972\" aria-describedby=\"caption-attachment-1972\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1972\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/101-Criar-Novo-Certificado.png\" alt=\"Criar Novo Certificado\" width=\"1051\" height=\"1637\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/101-Criar-Novo-Certificado.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/101-Criar-Novo-Certificado-329x512.png 329w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/101-Criar-Novo-Certificado-768x1196.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/101-Criar-Novo-Certificado-986x1536.png 986w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1972\" class=\"wp-caption-text\">Criar Novo Certificado<\/figcaption><\/figure>\n<p>Aqui \u00e9 s\u00f3 preencher o certificado como for mais apropriado, e em <em>Certificate Type<\/em> selecionar a op\u00e7\u00e3o <em>Server Certificate<\/em>.<\/p>\n<figure id=\"attachment_1973\" aria-describedby=\"caption-attachment-1973\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1973\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/102-Dados-do-Novo-Certificado.png\" alt=\"Dados do Novo Certificado\" width=\"1051\" height=\"1637\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/102-Dados-do-Novo-Certificado.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/102-Dados-do-Novo-Certificado-329x512.png 329w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/102-Dados-do-Novo-Certificado-768x1196.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/102-Dados-do-Novo-Certificado-986x1536.png 986w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1973\" class=\"wp-caption-text\">Dados do Novo Certificado<\/figcaption><\/figure>\n<p>Depois de preencher os dados corretamente, clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_1975\" aria-describedby=\"caption-attachment-1975\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1975\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/103-Novo-Certificado-Criado.png\" alt=\"Novo Certificado Criado\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/103-Novo-Certificado-Criado.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/103-Novo-Certificado-Criado-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/103-Novo-Certificado-Criado-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1975\" class=\"wp-caption-text\">Novo Certificado Criado<\/figcaption><\/figure>\n<p>E com isso j\u00e1 temos o novo certificado criado, agora \u00e9 preciso configurar o sistema para utilizar esse novo certificado na interface web.<\/p>\n<figure id=\"attachment_1976\" aria-describedby=\"caption-attachment-1976\" style=\"width: 1068px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1976\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/104-System-Advanced.png\" alt=\"System - Advanced\" width=\"1068\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/104-System-Advanced.png 1068w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/104-System-Advanced-512x362.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/104-System-Advanced-768x544.png 768w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><figcaption id=\"caption-attachment-1976\" class=\"wp-caption-text\">System &#8211; Advanced<\/figcaption><\/figure>\n<p>Clique em <strong>System -&gt; Advanced<\/strong>.<\/p>\n<figure id=\"attachment_1977\" aria-describedby=\"caption-attachment-1977\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1977\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/105-SSL-TLS-Certificate.png\" alt=\"SSL\/TLS Certificate\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/105-SSL-TLS-Certificate.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/105-SSL-TLS-Certificate-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/105-SSL-TLS-Certificate-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1977\" class=\"wp-caption-text\">SSL\/TLS Certificate<\/figcaption><\/figure>\n<p>Aqui temos a configura\u00e7\u00e3o atual da interface web, em <em>SSL\/TLS Certificate<\/em> podemos ver que o certificado que foi gerado durante a instala\u00e7\u00e3o est\u00e1 sendo utilizado, precisamos selecionar o certificado que acabamos de gerar.<\/p>\n<figure id=\"attachment_1978\" aria-describedby=\"caption-attachment-1978\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1978\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/106-Selecionar-o-Nosso-Certificado.png\" alt=\"Selecionar o Nosso Certificado\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/106-Selecionar-o-Nosso-Certificado.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/106-Selecionar-o-Nosso-Certificado-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/106-Selecionar-o-Nosso-Certificado-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1978\" class=\"wp-caption-text\">Selecionar o Nosso Certificado<\/figcaption><\/figure>\n<p>Selecione o certificado que foi criado e clique em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_1979\" aria-describedby=\"caption-attachment-1979\" style=\"width: 959px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1979\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/107-Novo-Certificado-Ativo.png\" alt=\"Novo Certificado Ativo\" width=\"959\" height=\"955\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/107-Novo-Certificado-Ativo.png 959w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/107-Novo-Certificado-Ativo-512x510.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/107-Novo-Certificado-Ativo-150x150.png 150w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/107-Novo-Certificado-Ativo-768x765.png 768w\" sizes=\"auto, (max-width: 959px) 100vw, 959px\" \/><figcaption id=\"caption-attachment-1979\" class=\"wp-caption-text\">Novo Certificado Ativo<\/figcaption><\/figure>\n<p>E aqui temos o novo certificado ativo.<\/p>\n<p>Vamos agora configurar o proxy, volte para a p\u00e1gina de configura\u00e7\u00e3o do proxy.<\/p>\n<figure id=\"attachment_1981\" aria-describedby=\"caption-attachment-1981\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1981\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/108-Configurar-e-Habilitar-o-Proxy.png\" alt=\"Configurar e Habilitar o Proxy\" width=\"1051\" height=\"3849\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/108-Configurar-e-Habilitar-o-Proxy.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/108-Configurar-e-Habilitar-o-Proxy-140x512.png 140w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/108-Configurar-e-Habilitar-o-Proxy-601x2200.png 601w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/108-Configurar-e-Habilitar-o-Proxy-768x2813.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/108-Configurar-e-Habilitar-o-Proxy-559x2048.png 559w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1981\" class=\"wp-caption-text\">Configurar e Habilitar o Proxy<\/figcaption><\/figure>\n<p>Aqui temos o proxy configurado, primeiro \u00e9 preciso o habilitar, para isso, em <em>Enable Squid Proxy<\/em>, marque a caixa <em>Check to enable the Squid proxy<\/em>, e certifeique-se de que a caixa de sele\u00e7\u00e3o em\u00a0<em>Keep Settings\/Data<\/em> tamb\u00e9m esteja selecionada, caso contr\u00e1rio, todas as configura\u00e7\u00f5es ser\u00e3o perdidas caso seja necess\u00e1rio reinstalar o pacote, ou caso seja instalada uma atualiza\u00e7\u00e3o.<\/p>\n<p>Em <em>Proxy Interface(s)<\/em> selecione as interfaces que deseja que o proxy esteja ativo, nesse caso ele est\u00e1 ativo apenas na interface <em>Green<\/em>.<\/p>\n<p>Em <em>Proxy Port<\/em> \u00e9 poss\u00edvel configurar a porta em que o servidor proxy vai aceitar conex\u00f5es, caso n\u00e3o esteja utilizando o modo transparente, a porta padr\u00e3o \u00e9 a 3128.<\/p>\n<p>Em <em>Transparent HTTP Proxy<\/em> marque a caixa <em>Enable transparent mode to forward all requests for destination port 80 to the proxy server.<\/em> para ativar o proxy transparente, dessa maneira, n\u00e3o ser\u00e1 preciso configurar nenhuma op\u00e7\u00e3o de proxy nos clientes, e o tr\u00e1fego ir\u00e1 passar pelo servidor automaticamente, tenha aten\u00e7\u00e3o que o modo transparente n\u00e3o permite configura\u00e7\u00f5es mais avan\u00e7adas, como filtros baseados em autentica\u00e7\u00e3o LDAP e similares.<\/p>\n<p>Em <em>Transparent Proxy Interface(s)<\/em> \u00e9 poss\u00edvel escolher em quais interfaces o proxy transparente est\u00e1 ativo.<\/p>\n<p><em>Bypass Proxy for Private Address Destination<\/em> serve para que tr\u00e1fego para redes privadas n\u00e3o passe pelo proxy, isso pode ser beneficial quando n\u00e3o seja necess\u00e1rio monitorar o tr\u00e1fego a sites internos.<\/p>\n<p>Em <em>Bypass Proxy for These Source IPs<\/em> \u00e9 poss\u00edvel configurar quais clientes n\u00e3o ter\u00e3o seu tr\u00e1fego interceptado, interessante para servidores, por exemplo.<\/p>\n<p><em>Bypass Proxy for These Destination IPs<\/em> faz o oposto, libera o tr\u00e1fego para um destino espec\u00edfico, dessa maneira todos os clientes poder\u00e3o acessar esses endere\u00e7os sem ter seu tr\u00e1fego interceptado, \u00fatil para invadir a privacidade dos usu\u00e1rios caso acessem sites com informa\u00e7\u00f5es pessoais e privadas.<\/p>\n<p>Abaixo, em <em>HTTPS\/SSL Interception<\/em>, marque a caixa <em>Enable SSL filtering<\/em>, para configurar o proxy como <em>Man In the Middle<\/em>.<\/p>\n<p>Em <em>SSL\/MITM Mode<\/em> selecione a op\u00e7\u00e3o <em>Splice Whitelist, Bump Otherwise<\/em>, essa op\u00e7\u00e3o n\u00e3o vai desencriptar o tr\u00e1fego do que estiver em uma whitelist nas ACLs, caso contr\u00e1rio vai desencriptar o tr\u00e1fego e apresentar um certificado auto-assinado para o cliente, interceptando esse tr\u00e1fego.<\/p>\n<p><em>SSL Intercept Interface(s)<\/em> \u00e9 com nos casos anteriores, selecione as interfaces de rede em que essa op\u00e7\u00e3o estar\u00e1 ativa.<\/p>\n<p><em>SSL Proxy Port<\/em> serve para configurar a porta para o tr\u00e1fego SSL, por defini\u00e7\u00e3o \u00e9 a porta 3129.<\/p>\n<p>EM <em>SSL Proxy Compatibility Mode<\/em> selecione <em>Modern<\/em>, para que utilize os algor\u00edtmos mais recentes e seguros.<\/p>\n<p>Em <em>CA<\/em> selecione o certificado CA que foi criado anteriormente para essa finalidade.<\/p>\n<p><em>SSL Certificate Daemon Children<\/em> configura o n\u00famero de processos utilizados para gerar certificados, esses certificados s\u00e3o mantidos em cache, entretanto, caso o processador n\u00e3o seja muito r\u00e1pido, pode ser necess\u00e1rio aumentar esse n\u00famero para aproveitar ao m\u00e1ximo o n\u00famero de n\u00facleos\/threads de processamento caso esteja utilizando o firewall em uma rede movimentada e com muitos clientes, para que n\u00e3o haja muita espera na gera\u00e7\u00e3o dos certificados.<\/p>\n<p><em>Remote Cert Checks<\/em> \u00e9 utilizado para configurar como o servidor ir\u00e1 lidar com certificados remotos, sendo poss\u00edvel aceitar qualquer tipo de certificado do lado do website, mesmo certificados inv\u00e1lidos, isso vai fazer com que os usu\u00e1rios pensem que o site est\u00e1 seguro quando na verdade n\u00e3o est\u00e1, geralmente n\u00e3o \u00e9 boa ideia.<\/p>\n<p><em>Certificate Adapt<\/em> altera o certificado, geralmente n\u00e3o \u00e9 necess\u00e1rio configurar essa op\u00e7\u00e3o.<\/p>\n<p>Configure as op\u00e7\u00f5es de <em>loggin<\/em> de acordo com as suas necessidades, e da\u00ed para baixo n\u00e3o\u00e9 preciso fazer nenhuma altera\u00e7\u00e3o para que o proxy funcione.<\/p>\n<p>Depois de terminar a configura\u00e7\u00e3o, clique em <em>Save.<\/em><\/p>\n<p>E com isso j\u00e1 temos o proxy em modo transparente ativo.<\/p>\n<figure id=\"attachment_1983\" aria-describedby=\"caption-attachment-1983\" style=\"width: 959px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1983\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/109-Proxy-Transparente-Funcionando.png\" alt=\"Proxy Transparente Funcionando\" width=\"959\" height=\"1039\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/109-Proxy-Transparente-Funcionando.png 959w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/109-Proxy-Transparente-Funcionando-473x512.png 473w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/109-Proxy-Transparente-Funcionando-768x832.png 768w\" sizes=\"auto, (max-width: 959px) 100vw, 959px\" \/><figcaption id=\"caption-attachment-1983\" class=\"wp-caption-text\">Proxy Transparente Funcionando<\/figcaption><\/figure>\n<p>Aqui podemos ver que o proxy transparente est\u00e1 funcionando, temos o certificado emitido pelo servidor, no lugar do certificado original do website.<\/p>\n<p>Com o proxy transparente configurado, podemos agora instalar o SquidGuard para bloquear ou permitir o acesso a determinados tipos de websites, a instala\u00e7\u00e3o dele \u00e9 feita da mesma maneira que o Squid, v\u00e1 em <strong>System -&gt; Package Manager<\/strong> e pesquise pelo nome do pacote, depois o instale.<\/p>\n<p>Depois de instalado v\u00e1 para a sua p\u00e1gina de configura\u00e7\u00e3o em <strong>Services -&gt; SquidGuard Proxy Filter<\/strong>.<\/p>\n<figure id=\"attachment_1985\" aria-describedby=\"caption-attachment-1985\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1985\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/110-SquidGuard.png\" alt=\"SquidGuard\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/110-SquidGuard.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/110-SquidGuard-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/110-SquidGuard-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1985\" class=\"wp-caption-text\">SquidGuard<\/figcaption><\/figure>\n<p>Para que ele possa ser utilizado \u00e9 preciso marcar a caixa em <em>Enable<\/em>, e como iremos utilizar uma blacklist para fazer o filtro de websites, tamb\u00e9m \u00e9 preciso marcar a caixa em <em>Blacklist<\/em>, no final da p\u00e1gina, e em <em>Blacklist URL<\/em> coloque o endere\u00e7o da blacklist que o SquidGuard ir\u00e1 baixar para utilizar.<\/p>\n<figure id=\"attachment_1986\" aria-describedby=\"caption-attachment-1986\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1986\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/111-Configuracao-Inicial-do-SquidGuard.png\" alt=\"Configura\u00e7\u00e3o Inicial do SquidGuard\" width=\"1051\" height=\"1906\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/111-Configuracao-Inicial-do-SquidGuard.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/111-Configuracao-Inicial-do-SquidGuard-282x512.png 282w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/111-Configuracao-Inicial-do-SquidGuard-768x1393.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/111-Configuracao-Inicial-do-SquidGuard-847x1536.png 847w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1986\" class=\"wp-caption-text\">Configura\u00e7\u00e3o Inicial do SquidGuard<\/figcaption><\/figure>\n<p>Aqui podemos ver como fica essa configura\u00e7\u00e3o.<\/p>\n<p>Uma das blacklists mais utilizadas, shallalist, do site <a href=\"https:\/\/www.shallalist.de\/\">https:\/\/www.shallalist.de\/<\/a>, est\u00e1 indispon\u00edvel por tempo indeterminado. \u00c9 poss\u00edvel encontrar a \u00faltima vers\u00e3o dispon\u00edvel para download em sites como no <a href=\"https:\/\/web.archive.org\/\">Wayback Machine<\/a>, ou utilizar outras listas.<\/p>\n<p>Depois de fazer a configura\u00e7\u00e3o clique em <em>Save<\/em>, isso ir\u00e1 salvar as configura\u00e7\u00f5es e iniciar o servi\u00e7o.<\/p>\n<figure id=\"attachment_1987\" aria-describedby=\"caption-attachment-1987\" style=\"width: 1068px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1987\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/112-Fazer-o-Download-da-Blacklist.png\" alt=\"Fazer o Download da Blacklist\" width=\"1068\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/112-Fazer-o-Download-da-Blacklist.png 1068w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/112-Fazer-o-Download-da-Blacklist-512x362.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/112-Fazer-o-Download-da-Blacklist-768x544.png 768w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><figcaption id=\"caption-attachment-1987\" class=\"wp-caption-text\">Fazer o Download da Blacklist<\/figcaption><\/figure>\n<p>Com as configura\u00e7\u00f5es salvas e o servi\u00e7o iniciado, v\u00e1 para a aba <em>Blacklist<\/em>, aqui iremos fazer o download da lista, para isso \u00e9 s\u00f3 clicar no bot\u00e3o <em>Download<\/em>, tenha aten\u00e7\u00e3o que o download pode n\u00e3o ser iniciado imediatamente, sendo necess\u00e1rio clicar v\u00e1rias vezes nesse bot\u00e3o.<\/p>\n<figure id=\"attachment_1988\" aria-describedby=\"caption-attachment-1988\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1988\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/113-Download-Iniciado.png\" alt=\"Download Iniciado\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/113-Download-Iniciado.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/113-Download-Iniciado-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/113-Download-Iniciado-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1988\" class=\"wp-caption-text\">Download Iniciado<\/figcaption><\/figure>\n<p>Ap\u00f3s o download ser\u00e1 criada a base de dados, esse processo pode demorar algum tempo para concluir.<\/p>\n<p>Depois que a cria\u00e7\u00e3o da base de dados for conclu\u00edda, a blacklist estar\u00e1 ativa e pode ser configurada na aba <em>Common ACL<\/em>, e por defini\u00e7\u00e3o est\u00e1 configurada para bloquear todos os dom\u00ednios.<\/p>\n<figure id=\"attachment_1989\" aria-describedby=\"caption-attachment-1989\" style=\"width: 960px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1989\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/114-Website-Bloqueado.png\" alt=\"Website Bloqueado\" width=\"960\" height=\"1040\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/114-Website-Bloqueado.png 960w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/114-Website-Bloqueado-473x512.png 473w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/114-Website-Bloqueado-768x832.png 768w\" sizes=\"auto, (max-width: 960px) 100vw, 960px\" \/><figcaption id=\"caption-attachment-1989\" class=\"wp-caption-text\">Website Bloqueado<\/figcaption><\/figure>\n<p>Agora \u00e9 preciso configurar o que est\u00e1 bloqueado e o que est\u00e1 liberado, para isso abra a aba <em>Common ACL<\/em>.<\/p>\n<figure id=\"attachment_1990\" aria-describedby=\"caption-attachment-1990\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1990\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/115-Common-ACL.png\" alt=\"Common ACL\" width=\"1051\" height=\"1126\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/115-Common-ACL.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/115-Common-ACL-478x512.png 478w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/115-Common-ACL-768x823.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1990\" class=\"wp-caption-text\">Common ACL<\/figcaption><\/figure>\n<p>Aqui temos a configura\u00e7\u00e3o inicial, em <em>Target Rules<\/em> podemos ver que est\u00e1 configurado como <em>!all<\/em>, ou seja, <em>not all<\/em>, dessa maneira n\u00e3o deixa passar todos os websites que est\u00e3o na lista, para alterar isso \u00e9 preciso clicar, em <em>Target Rules List<\/em>, no bot\u00e3o <strong>+<\/strong>, para expandir a lista.<\/p>\n<figure id=\"attachment_1991\" aria-describedby=\"caption-attachment-1991\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1991\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/116-Lista-de-Regras.png\" alt=\"Lista de Regras\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/116-Lista-de-Regras.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/116-Lista-de-Regras-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/116-Lista-de-Regras-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1991\" class=\"wp-caption-text\">Lista de Regras<\/figcaption><\/figure>\n<p>Aqui podemos ver que a op\u00e7\u00e3o <em>Default access [all]<\/em>, est\u00e1 configurada como <em>deny<\/em>, bloqueando todos os sites por defini\u00e7\u00e3o.<\/p>\n<p>Dessa maneira podemos criar uma whitelist que ir\u00e1 liberar categorias de websites enquanto todo o resto est\u00e1 bloqueado, mas n\u00e3o \u00e9 o que queremos nesse momento.<\/p>\n<figure id=\"attachment_1992\" aria-describedby=\"caption-attachment-1992\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1992\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/117-Lista-de-Regras-Reconfigurada.png\" alt=\"Lista de Regras Reconfigurada\" width=\"1051\" height=\"2936\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/117-Lista-de-Regras-Reconfigurada.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/117-Lista-de-Regras-Reconfigurada-183x512.png 183w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/117-Lista-de-Regras-Reconfigurada-788x2200.png 788w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/117-Lista-de-Regras-Reconfigurada-768x2145.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/117-Lista-de-Regras-Reconfigurada-550x1536.png 550w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/117-Lista-de-Regras-Reconfigurada-733x2048.png 733w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1992\" class=\"wp-caption-text\">Lista de Regras Reconfigurada<\/figcaption><\/figure>\n<p>Aqui temos a lista configurada para deixar passar todos os sites, menos os que foram configurados para serem bloqueados, como redes sociais, sites de pornografia, not\u00edcias e chat.<\/p>\n<p>Depois de terminar a configura\u00e7\u00e3o clique em <em>Save<\/em> e na aba <em>General settings<\/em>, clique em <em>Apply<\/em>, para que as configura\u00e7\u00f5es sejam aplicadas.<\/p>\n<figure id=\"attachment_1993\" aria-describedby=\"caption-attachment-1993\" style=\"width: 1920px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1993\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/118-Websites-Funcionais-e-Bloqueados.png\" alt=\"Websites Funcionais e Bloqueados\" width=\"1920\" height=\"1040\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/118-Websites-Funcionais-e-Bloqueados.png 1920w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/118-Websites-Funcionais-e-Bloqueados-512x277.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/118-Websites-Funcionais-e-Bloqueados-768x416.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/118-Websites-Funcionais-e-Bloqueados-1536x832.png 1536w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><figcaption id=\"caption-attachment-1993\" class=\"wp-caption-text\">Websites Funcionais e Bloqueados<\/figcaption><\/figure>\n<p>Agora podemos ver que podemos navegar nos sites que n\u00e3o est\u00e3o bloqueados.<\/p>\n<p>E se voltarmos para as configura\u00e7\u00f5es do proxy transparente no Squid, e adicionarmos o IP do Windows Server, por exemplo, no campo <em>Bypass Proxy for These Source IPs<\/em>, poderemos ver como o Windows Server pode acessar a internet normalmente.<\/p>\n<figure id=\"attachment_1994\" aria-describedby=\"caption-attachment-1994\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1994\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/119-Bypass-Proxy-for-These-Source-IPs.png\" alt=\"Bypass Proxy for These Source IPs\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/119-Bypass-Proxy-for-These-Source-IPs.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/119-Bypass-Proxy-for-These-Source-IPs-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/119-Bypass-Proxy-for-These-Source-IPs-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1994\" class=\"wp-caption-text\">Bypass Proxy for These Source IPs<\/figcaption><\/figure>\n<p>Depois de colocar o IP da m\u00e1quina que deseja que n\u00e3o tenha seu tr\u00e1fego interceptado, clique no bot\u00e3o <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_1995\" aria-describedby=\"caption-attachment-1995\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1995\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/120-Windows-Server-Acessando-a-Web-Sem-Proxy.png\" alt=\"Windows Server Acessando a Web Sem Proxy\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/120-Windows-Server-Acessando-a-Web-Sem-Proxy.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/120-Windows-Server-Acessando-a-Web-Sem-Proxy-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/120-Windows-Server-Acessando-a-Web-Sem-Proxy-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/120-Windows-Server-Acessando-a-Web-Sem-Proxy-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-1995\" class=\"wp-caption-text\">Windows Server Acessando a Web Sem Proxy<\/figcaption><\/figure>\n<p>Aqui podemos ver que o Windows Server n\u00e3o s\u00f3 pode acessar websites que est\u00e3o bloqueados para o resto da rede, mas como n\u00e3o tem o seu tr\u00e1fego interceptado, como podemos ver pelo fato de o website estar utilizando o seu certificado original.<\/p>\n<p>A op\u00e7\u00e3o <em>Bypass Proxy for These Destination IPs<\/em> funciona da mesma maneira, se adicionarmos um dom\u00ednio, esse website ficar\u00e1 acess\u00edvel para toda a rede sem passar pelo proxy.<\/p>\n<figure id=\"attachment_1997\" aria-describedby=\"caption-attachment-1997\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1997\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/121-Bloquear-Webmail.png\" alt=\"Bloquear Webmail\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/121-Bloquear-Webmail.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/121-Bloquear-Webmail-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/121-Bloquear-Webmail-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-1997\" class=\"wp-caption-text\">Bloquear Webmail<\/figcaption><\/figure>\n<p>E se voltarmos para a configura\u00e7\u00e3o da <em>Common ACL<\/em>, no SquidGuard, e bloquear o acesso a webmails, os clientes tamb\u00e9m deixar\u00e3o de ter acesso a servi\u00e7os de webmail, enquanto mant\u00e9m o acesso ao resto dos websites.<\/p>\n<figure id=\"attachment_1998\" aria-describedby=\"caption-attachment-1998\" style=\"width: 1920px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1998\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/122-Webmail-Bloqueado.png\" alt=\"Webmail Bloqueado\" width=\"1920\" height=\"1040\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/122-Webmail-Bloqueado.png 1920w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/122-Webmail-Bloqueado-512x277.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/122-Webmail-Bloqueado-768x416.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/122-Webmail-Bloqueado-1536x832.png 1536w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><figcaption id=\"caption-attachment-1998\" class=\"wp-caption-text\">Webmail Bloqueado<\/figcaption><\/figure>\n<p>Na imagem acima podemos ver que os servi\u00e7os de webmail est\u00e3o bloqueados.<\/p>\n<h3>Bloquear AnyDesk<\/h3>\n<p>Vamos bloquear o acesso a ferramentas de acesso remoto, como o AnyDesk, mas para isso \u00e9 preciso primeiro permitir que ela funcione.<\/p>\n<p>Quando foi feita a configura\u00e7\u00e3o inicial do firewall, foi removida a regra que permite o tr\u00e1fego, tanto para dentro como para fora, de qualquer tipo de protocolo, em qualquer porta, para permitir apenas o tr\u00e1fego web, por isso ser\u00e1 preciso habilitar a regra no firewall que permite esse tr\u00e1fego na rede <em>Green<\/em>.<\/p>\n<figure id=\"attachment_2000\" aria-describedby=\"caption-attachment-2000\" style=\"width: 1068px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2000\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/123-Firewall-Rules-Green.png\" alt=\"Firewall Rules - Green\" width=\"1068\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/123-Firewall-Rules-Green.png 1068w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/123-Firewall-Rules-Green-512x362.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/123-Firewall-Rules-Green-768x544.png 768w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><figcaption id=\"caption-attachment-2000\" class=\"wp-caption-text\">Firewall Rules &#8211; Green<\/figcaption><\/figure>\n<p>V\u00e1 para a p\u00e1gina das regras do firewall para a rede Green, aqui iremos habilitar a regra <em>Default allow LAN to any rule<\/em>, que foi desabilitada inicialmente, para isso clique no \u00edcone de um quadrado com uma <em>checkmark<\/em> dentro.<\/p>\n<figure id=\"attachment_2001\" aria-describedby=\"caption-attachment-2001\" style=\"width: 1068px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2001\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/124-Firewall-Rules-Green-Default-allow-LAN-to-any-rule.png\" alt=\"Firewall Rules - Green - Default allow LAN to any rule\" width=\"1068\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/124-Firewall-Rules-Green-Default-allow-LAN-to-any-rule.png 1068w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/124-Firewall-Rules-Green-Default-allow-LAN-to-any-rule-512x362.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/124-Firewall-Rules-Green-Default-allow-LAN-to-any-rule-768x544.png 768w\" sizes=\"auto, (max-width: 1068px) 100vw, 1068px\" \/><figcaption id=\"caption-attachment-2001\" class=\"wp-caption-text\">Firewall Rules &#8211; Green &#8211; Default allow LAN to any rule<\/figcaption><\/figure>\n<p>Depois de a habilitar, a ferramenta AnyDesk, e outras, j\u00e1 dever\u00e3o funcionar, podemos fazer um teste para experimentar.<\/p>\n<figure id=\"attachment_2002\" aria-describedby=\"caption-attachment-2002\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2002\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/125-AnyDesk-em-um-Cliente-na-WAN.png\" alt=\"AnyDesk em um Cliente na WAN\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/125-AnyDesk-em-um-Cliente-na-WAN.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/125-AnyDesk-em-um-Cliente-na-WAN-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/125-AnyDesk-em-um-Cliente-na-WAN-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/125-AnyDesk-em-um-Cliente-na-WAN-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2002\" class=\"wp-caption-text\">AnyDesk em um Cliente na WAN<\/figcaption><\/figure>\n<p>O cliente AnyDesk funciona normalmente em um cliente na WAN, como \u00e9 de esperar.<\/p>\n<figure id=\"attachment_2003\" aria-describedby=\"caption-attachment-2003\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2003\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/126-AnyDesk-em-um-Cliente-na-Rede-Green.png\" alt=\"AnyDesk em um Cliente na Rede Green\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/126-AnyDesk-em-um-Cliente-na-Rede-Green.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/126-AnyDesk-em-um-Cliente-na-Rede-Green-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/126-AnyDesk-em-um-Cliente-na-Rede-Green-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/126-AnyDesk-em-um-Cliente-na-Rede-Green-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2003\" class=\"wp-caption-text\">AnyDesk em um Cliente na Rede Green<\/figcaption><\/figure>\n<p>O cliente AnyDesk funcionando em um cliente na rede Green depois de habilitar a regra no firewall.<\/p>\n<figure id=\"attachment_2004\" aria-describedby=\"caption-attachment-2004\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2004\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/127-Cliente-Dentro-da-Rede-Green-Sendo-Acessado-Remotamente.png\" alt=\"Cliente Dentro da Rede Green Sendo Acessado Remotamente\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/127-Cliente-Dentro-da-Rede-Green-Sendo-Acessado-Remotamente.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/127-Cliente-Dentro-da-Rede-Green-Sendo-Acessado-Remotamente-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/127-Cliente-Dentro-da-Rede-Green-Sendo-Acessado-Remotamente-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/127-Cliente-Dentro-da-Rede-Green-Sendo-Acessado-Remotamente-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2004\" class=\"wp-caption-text\">Cliente Dentro da Rede Green Sendo Acessado Remotamente<\/figcaption><\/figure>\n<p>Existem algumas maneiras diferentes de bloquear o AnyDesk, \u00e9 poss\u00edvel utilizar o pfBlockerNG e bloquear utilizando DNS, tamb\u00e9m \u00e9 poss\u00edvel bloquear as portas utilizadas pelo servi\u00e7o, e tamb\u00e9m \u00e9 poss\u00edvel bloquear os IPs dos servidores do AnyDesk.<\/p>\n<p>Irei bloquear utilizando os IPs, e tamb\u00e9m a porta utilizada. Para descobrir quais s\u00e3o os IPs que o AnyDesk utiliza \u00e9 poss\u00edvel fazer uma captura de pacotes e analizar esse tr\u00e1fego.<\/p>\n<figure id=\"attachment_2005\" aria-describedby=\"caption-attachment-2005\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2005\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/128-Diagnostics-Packet-Capure.png\" alt=\"Diagnostics - Packet Capure\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/128-Diagnostics-Packet-Capure.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/128-Diagnostics-Packet-Capure-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/128-Diagnostics-Packet-Capure-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-2005\" class=\"wp-caption-text\">Diagnostics &#8211; Packet Capture<\/figcaption><\/figure>\n<p>Clique em <strong>Diagnostics -&gt; Packet Capture<\/strong>.<\/p>\n<figure id=\"attachment_2006\" aria-describedby=\"caption-attachment-2006\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2006\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/129-Packet-Capture.png\" alt=\"Packet Capture\" width=\"1051\" height=\"1370\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/129-Packet-Capture.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/129-Packet-Capture-393x512.png 393w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/129-Packet-Capture-768x1001.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-2006\" class=\"wp-caption-text\">Packet Capture<\/figcaption><\/figure>\n<p>Aqui podemos fazer a captura de pacotes com o <em>tcpdump<\/em>.<\/p>\n<figure id=\"attachment_2007\" aria-describedby=\"caption-attachment-2007\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2007\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/130-Configuracoes-da-Captura.png\" alt=\"Configura\u00e7\u00f5es da Captura\" width=\"1051\" height=\"1370\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/130-Configuracoes-da-Captura.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/130-Configuracoes-da-Captura-393x512.png 393w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/130-Configuracoes-da-Captura-768x1001.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-2007\" class=\"wp-caption-text\">Configura\u00e7\u00f5es da Captura<\/figcaption><\/figure>\n<p>Antes de fazer a captura, se certifique de que o AnyDesk est\u00e1 completamente encerrado no cliente.<\/p>\n<p>A interface que ser\u00e1 monitorada ser\u00e1 a <em>Green<\/em>, para reduzir ru\u00eddo, em <em>Address Family<\/em> selecione IPv4 e em <em>Protocol<\/em> TCP.<\/p>\n<p><em>Host Address<\/em> \u00e9 o do cliente que tem o AnyDesk instalado, n\u00e3o iremos selecionar nenhuma porta, j\u00e1 que o programa pode utilizar diferentes portas, e ainda n\u00e3o sabemos quais s\u00e3o.<\/p>\n<p>Em <em>Count<\/em> coloque um valor elevado, de 500 para cima, e selecione a op\u00e7\u00e3o <em>Do reverse DNS lookup<\/em> em <em>Reverse DNS Lookup<\/em>, isso ir\u00e1 facilitar a nossa vida, j\u00e1 que ir\u00e1 identificar os dom\u00ednios associados aos endere\u00e7os de IP, dessa maneira ser\u00e1 mais f\u00e1cil identificar os servidores utilizados pelo AnyDesk.<\/p>\n<p>Depois disso clique em <em>Start<\/em> para iniciar a captura e abra o AnyDesk no cliente.<\/p>\n<p>Ap\u00f3s o AnyDesk se conectar aos servidores do servi\u00e7o, inicie uma sess\u00e3o de conex\u00e3o remota com outra m\u00e1quina, depois termine essa sess\u00e3o, e pare a captura no <em>Packet Capture<\/em> clicando em <em>Stop<\/em>.<\/p>\n<p>Em <em>Packets Captures<\/em> dever\u00e1 ter v\u00e1rias linhas similares a essas:<\/p>\n<pre>12:24:24.903953 IP 172.29.170.40.56640 &gt; 20.73.130.64.https: tcp 0\r\n12:24:24.903994 IP 20.73.130.64.https &gt; 172.29.170.40.56640: tcp 0\r\n12:24:27.616956 IP 172.29.170.40.56641 &gt; relay-2056cafc.net.anydesk.com.https: tcp 0\r\n12:24:27.617022 IP relay-2056cafc.net.anydesk.com.https &gt; 172.29.170.40.56641: tcp 0\r\n12:24:27.617475 IP 172.29.170.40.56641 &gt; relay-2056cafc.net.anydesk.com.https: tcp 0\r\n12:24:27.810187 IP 172.29.170.40.56641 &gt; relay-2056cafc.net.anydesk.com.https: tcp 273\r\n12:24:27.810226 IP relay-2056cafc.net.anydesk.com.https &gt; 172.29.170.40.56641: tcp 0\r\n12:24:27.856224 IP relay-2056cafc.net.anydesk.com.https &gt; 172.29.170.40.56641: tcp 1460<\/pre>\n<p>Copie tudo o que tiver nessa janela para um documento de texto em uma m\u00e1quina ou VM linux e crie o seguinte script bash nessa mesma m\u00e1quina:<\/p>\n<pre>#!\/bin\/bash\r\n\r\ncat $1 | egrep -ho '(relay.*anydesk\\.com)' | sort --unique &gt;&gt; unique-urls.txt\r\n\r\necho '' &gt; IPs.txt\r\nrm IPs.txt\r\n\r\ncat unique-urls.txt | while read line\r\ndo\r\n    dig @1.1.1.1 $line | egrep -ho '([0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)$' | egrep -ho '([0-9]+\\.[0-9]+\\.[0-9]+\\.)' | sort --unique &gt;&gt; IPs.txt\r\ndone\r\n\r\nrm unique-urls.txt\r\n\r\necho '' &gt; $2\r\nrm $2\r\n\r\ncat IPs.txt | while read line\r\ndo\r\n    for x in {0..255}\r\n    do\r\n\tdig @1.1.1.1 -x ${line}${x} | grep 'anydesk\\.com\\.$' &gt;&gt; $2\r\n    done\r\ndone\r\n\r\nrm IPs.txt\r\n<\/pre>\n<p>Esse script \u00e9 executado da seguinte maneira:<\/p>\n<p><span style=\"font-family: andale mono, monospace;\">script.sh captura.txt ips.txt<\/span> onde <span style=\"font-family: andale mono, monospace;\">captura.txt<\/span> \u00e9 o nome do documento de texto onde colocou a sa\u00edda dos pacotes capturados e <span style=\"font-family: andale mono, monospace;\">ips.txt<\/span> \u00e9 o nome do documento de texto que ir\u00e1 conter os IPs dos servidores associados com o AnyDesk.<\/p>\n<p>\u00c9 comum empresas comprarem blocos de IPs, isso significa que \u00e9 poss\u00edvel que em um intervalo de IPs cont\u00edguo \u00e9 comum encontrar v\u00e1rios servidores\/endere\u00e7os que fazem parte do mesmo dom\u00ednio. Esse script encontra todos os endere\u00e7os \u00fanicos em que os tr\u00eas primeiros octetos do IP s\u00e3o iguais, e depois faz uma consulta reversa com todos os valores poss\u00edveis no quarto octeto, e faz isso para todas as redes \u00fanicas que foram encontradas.<\/p>\n<p>Depois que o script terminar de ser executado, crie regras no firewall bloqueando o tr\u00e1fego a esses IPs ou apenas \u00e0s faixas de endere\u00e7os associadas \u00e0 AnyDesk, quando aplicar as regras, repita os passos da captura de pacotes, j\u00e1 que o programa ir\u00e1 tentar se conectar em servidores diferentes quando n\u00e3o conseguir se conectar aos que foram bloqueados, e quando n\u00e3o encontrar mais nenhum IP novo na captura de pacotes j\u00e1 n\u00e3o deve haver mais nenhum endere\u00e7o novo com que se preocupar.<\/p>\n<p>Tamb\u00e9m \u00e9 poss\u00edvel criar uma regra bloqueando o tr\u00e1fego destinado \u00e0 porta 6568, que segundo as p\u00e1ginas de suporte do AnyDesk, \u00e9 uma das portas utilizadas pelo servi\u00e7o.<\/p>\n<p>Fazendo isso o AnyDesk deixar\u00e1 de funcionar para os clientes que est\u00e3o na rede onde foram aplicadas essas regras do firewall.<\/p>\n<figure id=\"attachment_2011\" aria-describedby=\"caption-attachment-2011\" style=\"width: 1051px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2011\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/131-Regras-Para-Bloquear-o-AnyDesk.png\" alt=\"Regras Para Bloquear o AnyDesk\" width=\"1051\" height=\"756\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/131-Regras-Para-Bloquear-o-AnyDesk.png 1051w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/131-Regras-Para-Bloquear-o-AnyDesk-512x368.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/131-Regras-Para-Bloquear-o-AnyDesk-768x552.png 768w\" sizes=\"auto, (max-width: 1051px) 100vw, 1051px\" \/><figcaption id=\"caption-attachment-2011\" class=\"wp-caption-text\">Regras Para Bloquear o AnyDesk<\/figcaption><\/figure>\n<p>Aqui podemos ver as regras que foram criadas para bloquear o AnyDesk.<\/p>\n<p>Tamb\u00e9m \u00e9 poss\u00edvel criar um <em>Alias<\/em> com todos os endere\u00e7os\/faixas de IP e criar uma \u00fanica regra associada a esse <em>Alias<\/em>.<\/p>\n<figure id=\"attachment_2012\" aria-describedby=\"caption-attachment-2012\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2012\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/132-AnyDesk-Bloqueado.png\" alt=\"AnyDesk Bloqueado\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/132-AnyDesk-Bloqueado.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/132-AnyDesk-Bloqueado-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/132-AnyDesk-Bloqueado-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/132-AnyDesk-Bloqueado-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2012\" class=\"wp-caption-text\">AnyDesk Bloqueado<\/figcaption><\/figure>\n<p>Aqui podemos ver que o AnyDesk no cliente na rede Green n\u00e3o consegue se conectar aos servidores do servi\u00e7o.<\/p>\n<h3>Configurar acesso pelo TeamViewer<\/h3>\n<p>Vamos primeiro confirmar que temos acesso de redes externas.<\/p>\n<figure id=\"attachment_2014\" aria-describedby=\"caption-attachment-2014\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2014\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/133-TeamViewer-Acessando-Cliente-Dentro-do-Firewall.png\" alt=\"TeamViewer - Acessando Cliente Dentro do Firewall\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/133-TeamViewer-Acessando-Cliente-Dentro-do-Firewall.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/133-TeamViewer-Acessando-Cliente-Dentro-do-Firewall-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/133-TeamViewer-Acessando-Cliente-Dentro-do-Firewall-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/133-TeamViewer-Acessando-Cliente-Dentro-do-Firewall-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2014\" class=\"wp-caption-text\">TeamViewer &#8211; Acessando Cliente Dentro do Firewall<\/figcaption><\/figure>\n<p>Na imagem acima temos uma m\u00e1quina de fora da rede acessando uma m\u00e1quina interna atrav\u00e9s do TeamViewer.<\/p>\n<figure id=\"attachment_2015\" aria-describedby=\"caption-attachment-2015\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2015\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/134-TeamViewer-Cliente-Sendo-Acessado.png\" alt=\"TeamViewer - Cliente Sendo Acessado\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/134-TeamViewer-Cliente-Sendo-Acessado.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/134-TeamViewer-Cliente-Sendo-Acessado-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/134-TeamViewer-Cliente-Sendo-Acessado-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/134-TeamViewer-Cliente-Sendo-Acessado-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2015\" class=\"wp-caption-text\">TeamViewer &#8211; Cliente Sendo Acessado<\/figcaption><\/figure>\n<p>E na imagem acima vemos o cliente sendo acessado remotamente.<\/p>\n<p>O processo para bloquear o acesso pelo TeamViewer \u00e9 similar ao que foi feito para bloquear o AnyDesk.<\/p>\n<p>O TeamViewer usa primariamente a porta 5938 para se conectar, mas infelizmente apenas bloquear essa porta n\u00e3o \u00e9 suficiente, j\u00e1 que caso essa porta n\u00e3o esteja acess\u00edvel, ele utiliza as portas 443 e 80 para iniciar as conex\u00f5es.<\/p>\n<p>Ser\u00e1 preciso criar uma lista de IPs que o TeamViewer utiliza, o script anterior pode ser adaptado para criar essa lista.<\/p>\n<p>Ap\u00f3s fazer alguns ajustes no script, consegui a seguinte lista de IPs que o TeamViewer utiliza:<\/p>\n<pre>158.176.86.10\r\n158.176.86.11\r\n158.176.86.12\r\n158.176.86.13\r\n158.176.86.14\r\n158.176.86.15\r\n158.176.86.16\r\n158.176.86.2\r\n158.176.86.3\r\n158.176.86.4\r\n158.176.86.5\r\n158.176.86.6\r\n158.176.86.7\r\n158.176.86.8\r\n158.176.86.9\r\n\r\n178.255.155.164\r\n178.255.155.165\r\n178.255.155.166\r\n178.255.155.167\r\n178.255.155.168\r\n178.255.155.169\r\n178.255.155.170\r\n178.255.155.171\r\n178.255.155.172\r\n178.255.155.173\r\n178.255.155.174\r\n178.255.155.175\r\n178.255.155.176\r\n178.255.155.177\r\n178.255.155.178\r\n178.255.155.179\r\n178.255.155.180\r\n178.255.155.181\r\n178.255.155.182\r\n178.255.155.183\r\n178.255.155.187\r\n178.255.155.188\r\n178.255.155.189\r\n178.255.155.190\r\n\r\n188.172.219.132\r\n188.172.219.133\r\n188.172.219.134\r\n188.172.219.135\r\n188.172.219.136\r\n188.172.219.137\r\n188.172.219.138\r\n188.172.219.139\r\n188.172.219.140\r\n188.172.219.141\r\n188.172.219.142\r\n188.172.219.143\r\n188.172.219.144\r\n188.172.219.145\r\n188.172.219.146\r\n188.172.219.147\r\n188.172.219.152\r\n188.172.219.153\r\n188.172.219.154\r\n188.172.219.155\r\n188.172.219.156\r\n188.172.219.157\r\n188.172.219.158\r\n\r\n188.172.233.164\r\n188.172.233.165\r\n188.172.233.166\r\n188.172.233.167\r\n188.172.233.168\r\n188.172.233.169\r\n188.172.233.170\r\n188.172.233.171\r\n188.172.233.172\r\n188.172.233.173\r\n188.172.233.174\r\n188.172.233.175\r\n188.172.233.176\r\n188.172.233.177\r\n188.172.233.178\r\n188.172.233.179\r\n188.172.233.180\r\n188.172.233.181\r\n188.172.233.182\r\n188.172.233.183\r\n188.172.233.184\r\n188.172.233.185\r\n188.172.233.186\r\n188.172.233.187\r\n188.172.233.188\r\n\r\n188.172.233.4\r\n188.172.233.5\r\n188.172.233.6\r\n\r\n188.172.235.124\r\n188.172.235.125\r\n188.172.235.126\r\n188.172.235.132\r\n188.172.235.133\r\n188.172.235.134\r\n188.172.235.135\r\n188.172.235.136\r\n188.172.235.137\r\n188.172.235.138\r\n188.172.235.139\r\n188.172.235.140\r\n188.172.235.141\r\n188.172.235.142\r\n188.172.235.143\r\n188.172.235.144\r\n188.172.235.145\r\n188.172.235.146\r\n188.172.235.147\r\n188.172.235.148\r\n188.172.235.149\r\n188.172.235.150\r\n188.172.235.151\r\n188.172.235.152\r\n188.172.235.153\r\n188.172.235.154\r\n188.172.235.155\r\n188.172.235.156\r\n188.172.235.157\r\n188.172.235.158\r\n\r\n188.172.235.68\r\n188.172.235.69\r\n188.172.235.70\r\n188.172.235.71\r\n188.172.235.72\r\n\r\n188.172.246.164\r\n188.172.246.165\r\n188.172.246.166\r\n188.172.246.167\r\n188.172.246.168\r\n188.172.246.169\r\n188.172.246.170\r\n188.172.246.171\r\n188.172.246.172\r\n188.172.246.173\r\n188.172.246.174\r\n188.172.246.175\r\n188.172.246.176\r\n188.172.246.177\r\n188.172.246.178\r\n188.172.246.179\r\n188.172.246.180\r\n188.172.246.181\r\n188.172.246.182\r\n188.172.246.183\r\n188.172.246.184\r\n188.172.246.185\r\n188.172.246.187\r\n188.172.246.188\r\n188.172.246.189\r\n188.172.246.190\r\n\r\n213.227.168.132\r\n213.227.168.133\r\n213.227.168.134\r\n213.227.168.135\r\n213.227.168.136\r\n213.227.168.137\r\n213.227.168.138\r\n213.227.168.139\r\n213.227.168.140\r\n213.227.168.141\r\n213.227.168.142\r\n213.227.168.143\r\n213.227.168.144\r\n213.227.168.145\r\n213.227.168.146\r\n213.227.168.147\r\n213.227.168.148\r\n213.227.168.149\r\n213.227.168.150\r\n213.227.168.151\r\n213.227.168.181\r\n213.227.168.182\r\n213.227.168.183\r\n213.227.168.184\r\n213.227.168.185\r\n213.227.168.186\r\n213.227.168.187\r\n213.227.168.188\r\n213.227.168.189\r\n213.227.168.190\r\n\r\n217.146.13.132\r\n217.146.13.133\r\n217.146.13.134\r\n217.146.13.135\r\n217.146.13.136\r\n217.146.13.137\r\n217.146.13.138\r\n217.146.13.139\r\n217.146.13.140\r\n217.146.13.141\r\n217.146.13.142\r\n217.146.13.143\r\n217.146.13.144\r\n217.146.13.145\r\n217.146.13.146\r\n217.146.13.158\r\n\r\n217.146.14.132\r\n217.146.14.133\r\n217.146.14.134\r\n217.146.14.135\r\n217.146.14.136\r\n217.146.14.137\r\n217.146.14.138\r\n217.146.14.139\r\n217.146.14.140\r\n217.146.14.141\r\n\r\n217.146.21.132\r\n217.146.21.133\r\n217.146.21.134\r\n217.146.21.135\r\n217.146.21.136\r\n217.146.21.137\r\n217.146.21.138\r\n217.146.21.139\r\n217.146.21.140\r\n217.146.21.141\r\n\r\n217.146.2.132\r\n217.146.2.133\r\n217.146.2.134\r\n217.146.2.135\r\n217.146.2.136\r\n217.146.2.137\r\n217.146.2.138\r\n217.146.2.139\r\n217.146.2.140\r\n217.146.2.141\r\n217.146.2.142\r\n217.146.2.143<\/pre>\n<p>Como essa \u00e9 uma lista extensa, com algumas centenas de IPs, \u00e9 mais f\u00e1cil utilizar um alias bloqueando essas faixas.<\/p>\n<figure id=\"attachment_2019\" aria-describedby=\"caption-attachment-2019\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2019\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/135-Firewall-Aliases.png\" alt=\"Firewall - Aliases\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/135-Firewall-Aliases.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/135-Firewall-Aliases-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/135-Firewall-Aliases-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2019\" class=\"wp-caption-text\">Firewall &#8211; Aliases<\/figcaption><\/figure>\n<p>Clique em <strong>Firewall -&gt; Aliases<\/strong>.<\/p>\n<figure id=\"attachment_2020\" aria-describedby=\"caption-attachment-2020\" style=\"width: 1058px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2020\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/136-Aliases-IP.png\" alt=\"Aliases - IP\" width=\"1058\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/136-Aliases-IP.png 1058w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/136-Aliases-IP-512x322.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/136-Aliases-IP-768x483.png 768w\" sizes=\"auto, (max-width: 1058px) 100vw, 1058px\" \/><figcaption id=\"caption-attachment-2020\" class=\"wp-caption-text\">Aliases &#8211; IP<\/figcaption><\/figure>\n<p>Depois clique em <em>Add<\/em>.<\/p>\n<figure id=\"attachment_2021\" aria-describedby=\"caption-attachment-2021\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2021\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/137-Criar-Novo-Alias.png\" alt=\"Criar Novo Alias\" width=\"1041\" height=\"678\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/137-Criar-Novo-Alias.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/137-Criar-Novo-Alias-512x333.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/137-Criar-Novo-Alias-768x500.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2021\" class=\"wp-caption-text\">Criar Novo Alias<\/figcaption><\/figure>\n<p>D\u00ea um nome ao Alias, uma descri\u00e7\u00e3o, se achar necess\u00e1rio, e em <em>Type<\/em>, selecione <em>Host(s)<\/em>.<\/p>\n<p>No campo <em>IP or FQDN<\/em> iremos colocar as faixas de IPs, colocando o primeiro e \u00faltimo IP separados por um tra\u00e7o, dessa maneira:<\/p>\n<pre>158.176.86.2-158.176.86.16<\/pre>\n<figure id=\"attachment_2022\" aria-describedby=\"caption-attachment-2022\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2022\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/138-Definir-Faixas-de-IPs.png\" alt=\"Definir Faixas de IPs\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/138-Definir-Faixas-de-IPs.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/138-Definir-Faixas-de-IPs-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/138-Definir-Faixas-de-IPs-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2022\" class=\"wp-caption-text\">Definir Faixas de IPs<\/figcaption><\/figure>\n<p>Depois de colocar todas as faixas de IP relevantes, clique em <em>Save<\/em>.<\/p>\n<p>Depois disso volte para a janela das regras para a rede Green e clique no bot\u00e3o <em>Add<\/em> com a seta apontando para cima.<\/p>\n<figure id=\"attachment_2024\" aria-describedby=\"caption-attachment-2024\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2024\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/139-Regra-do-Firewall-Para-o-TeamViewer.png\" alt=\"Regra do Firewall Para o TeamViewer\" width=\"1041\" height=\"1322\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/139-Regra-do-Firewall-Para-o-TeamViewer.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/139-Regra-do-Firewall-Para-o-TeamViewer-403x512.png 403w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/139-Regra-do-Firewall-Para-o-TeamViewer-768x975.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2024\" class=\"wp-caption-text\">Regra do Firewall Para o TeamViewer<\/figcaption><\/figure>\n<p>A regra que ir\u00e1 bloquear o TeamViewer fica de acordo com a imagem acima.<\/p>\n<p>E <em>Action<\/em> selecione <em>Block<\/em>, <em>Interface<\/em> fica como <em>GREEN<\/em>, em <em>Protocol<\/em> selecione <em>TCP\/UDP<\/em>, em <em>Source<\/em> selecione <em>GREEN net<\/em>, em <em>Destination<\/em> selecione a op\u00e7\u00e3o <em>Single host or alias<\/em> e no campo da direita coloque o nome do alias que foi criado, com os endere\u00e7os dos servidores do TeamViewer, coloque uma descri\u00e7\u00e3o se desejar e clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2025\" aria-describedby=\"caption-attachment-2025\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2025\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/140-Aplicar-Regra-Para-Bloquear-o-TeamViewer.png\" alt=\"Aplicar Regra Para Bloquear o TeamViewer\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/140-Aplicar-Regra-Para-Bloquear-o-TeamViewer.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/140-Aplicar-Regra-Para-Bloquear-o-TeamViewer-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/140-Aplicar-Regra-Para-Bloquear-o-TeamViewer-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2025\" class=\"wp-caption-text\">Aplicar Regra Para Bloquear o TeamViewer<\/figcaption><\/figure>\n<p>Depois \u00e9 s\u00f3 aplicar a regra, com isso o TeamViewer est\u00e1 bloqueado.<\/p>\n<figure id=\"attachment_2027\" aria-describedby=\"caption-attachment-2027\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2027\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/141-TeamViewer-Bloqueado.png\" alt=\"TeamViewer Bloqueado\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/141-TeamViewer-Bloqueado.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/141-TeamViewer-Bloqueado-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/141-TeamViewer-Bloqueado-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/141-TeamViewer-Bloqueado-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2027\" class=\"wp-caption-text\">TeamViewer Bloqueado<\/figcaption><\/figure>\n<p>Na imagem acima podemos ver que o TeamViewer j\u00e1 n\u00e3o consegue mais se conectar.<\/p>\n<figure id=\"attachment_2028\" aria-describedby=\"caption-attachment-2028\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2028\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/142-Firewall-Schedules.png\" alt=\"Firewall - Schedules\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/142-Firewall-Schedules.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/142-Firewall-Schedules-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/142-Firewall-Schedules-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2028\" class=\"wp-caption-text\">Firewall &#8211; Schedules<\/figcaption><\/figure>\n<p>Essa regra deve ser aplicada apenas em dias e hor\u00e1rios espec\u00edficos, para isso iremos criar um agendamento para que seja aplicada apenas quando necess\u00e1rio.<\/p>\n<p>Clique em <strong>Firewall -&gt; Schedules<\/strong>.<\/p>\n<figure id=\"attachment_2029\" aria-describedby=\"caption-attachment-2029\" style=\"width: 1058px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2029\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/143-Schedules.png\" alt=\"Schedules\" width=\"1058\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/143-Schedules.png 1058w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/143-Schedules-512x322.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/143-Schedules-768x483.png 768w\" sizes=\"auto, (max-width: 1058px) 100vw, 1058px\" \/><figcaption id=\"caption-attachment-2029\" class=\"wp-caption-text\">Schedules<\/figcaption><\/figure>\n<p>Clique em <em>Add<\/em>.<\/p>\n<figure id=\"attachment_2030\" aria-describedby=\"caption-attachment-2030\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2030\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/144-Novo-Horario.png\" alt=\"Novo Hor\u00e1rio\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/144-Novo-Horario.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/144-Novo-Horario-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/144-Novo-Horario-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2030\" class=\"wp-caption-text\">Novo Hor\u00e1rio<\/figcaption><\/figure>\n<p>Aqui podemos fazer isso de duas maneiras, selecionar os dias \u00fateis e o hor\u00e1rio de trabalho, e aplicar esse hor\u00e1rio em uma nova regra que ir\u00e1 permitir a conex\u00e3o e que ir\u00e1 estar ativa apenas durante esses dias e horas, enquanto a regra que bloqueia continua ativa o tempo todo, ou criar algumas faixas de hor\u00e1rios especificando quando essa regra que bloqueia o TeamViewer vai estar ativa, finais de semana e fora do hor\u00e1rio de trabalho, e assim utilizar apenas uma regra no firewall.<\/p>\n<p>Aqui irei fazer da segunda maneira, para isso ser\u00e1 necess\u00e1rio tr\u00eas faixas diferentes, a primeira ser\u00e1 de Segunda \u00e0 Sexta, da meia noite (00:00) at\u00e9 as oito da manh\u00e3 (8:00), a segunda tamb\u00e9m de Segunda \u00e0 Sexta, mas dessa vez das seis da tarde (18:00) at\u00e9 a meia noite (tecnicamente n\u00e3o \u00e9 at\u00e9 a meia noite, j\u00e1 que uma faixa de hor\u00e1rio n\u00e3o pode terminar em um hor\u00e1rio menor do que o que foi iniciado, nesse caso ficar\u00e1 at\u00e9 as 23:59), e a terceira ocupara os finais de semana inteiros (0:00 at\u00e9 23:59).<\/p>\n<p>Para selecionar os dias n\u00e3o \u00e9 preciso clicar um a um, clique na parte de cima onde tem os nomes dos dias da semana: <em>Mon, Tue, Wed<\/em>&#8230;, fazendo isso ir\u00e1 selecionar automaticamente todos os dias da semana, n\u00e3o s\u00f3 no m\u00eas atual como nos meses seguintes, dessa maneira n\u00e3o \u00e9 preciso criar regras para todos os meses (quando os dias selecionados est\u00e3o com a cor azul, essa sele\u00e7\u00e3o \u00e9 aplicada a todos os meses seguintes, quando est\u00e3o a verde \u00e9 apenas para o m\u00eas atual).<\/p>\n<figure id=\"attachment_2032\" aria-describedby=\"caption-attachment-2032\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2032\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/145-Faixas-de-Horarios.png\" alt=\"Faixas de Hor\u00e1rios\" width=\"1041\" height=\"1154\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/145-Faixas-de-Horarios.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/145-Faixas-de-Horarios-462x512.png 462w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/145-Faixas-de-Horarios-768x851.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2032\" class=\"wp-caption-text\">Faixas de Hor\u00e1rios<\/figcaption><\/figure>\n<p>As faixas de hor\u00e1rios devem ficar como na imagem acima.<\/p>\n<p>Depois que terminar a cria\u00e7\u00e3o da faixa de hor\u00e1rios, clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2034\" aria-describedby=\"caption-attachment-2034\" style=\"width: 1058px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2034\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/146-Horarios-Criados.png\" alt=\"Hor\u00e1rios Criados\" width=\"1058\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/146-Horarios-Criados.png 1058w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/146-Horarios-Criados-512x322.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/146-Horarios-Criados-768x483.png 768w\" sizes=\"auto, (max-width: 1058px) 100vw, 1058px\" \/><figcaption id=\"caption-attachment-2034\" class=\"wp-caption-text\">Hor\u00e1rios Criados<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos essa faixa de hor\u00e1rios criada, agora \u00e9 s\u00f3 a aplicar na regra do firewall que est\u00e1 sendo utilizada para bloquear o TeamViewer.<\/p>\n<figure id=\"attachment_2035\" aria-describedby=\"caption-attachment-2035\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2035\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/147-Editar-Regra-do-Firewall.png\" alt=\"Editar Regra do Firewall\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/147-Editar-Regra-do-Firewall.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/147-Editar-Regra-do-Firewall-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/147-Editar-Regra-do-Firewall-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2035\" class=\"wp-caption-text\">Editar Regra do Firewall<\/figcaption><\/figure>\n<p>Para editar a regra clique no \u00edcone de um l\u00e1pis, do lado direito, na regra a ser editada, nesse caso \u00e9 a regra que bloqueia o TeamViewer.<\/p>\n<figure id=\"attachment_2036\" aria-describedby=\"caption-attachment-2036\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2036\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/148-Extra-Options-Display-Advanced.png\" alt=\"Extra Options - Display Advanced\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/148-Extra-Options-Display-Advanced.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/148-Extra-Options-Display-Advanced-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/148-Extra-Options-Display-Advanced-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2036\" class=\"wp-caption-text\">Extra Options &#8211; Display Advanced<\/figcaption><\/figure>\n<p>Em <em>Extra Options<\/em>, clique em <em>Display Advanced<\/em>.<\/p>\n<figure id=\"attachment_2038\" aria-describedby=\"caption-attachment-2038\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2038\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/149-Schedule-TeamViewer.png\" alt=\"Schedule - TeamViewer\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/149-Schedule-TeamViewer.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/149-Schedule-TeamViewer-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/149-Schedule-TeamViewer-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2038\" class=\"wp-caption-text\">Schedule &#8211; TeamViewer<\/figcaption><\/figure>\n<p>Em <em>Schedule<\/em>, selecione o hor\u00e1rio que foi acabado de ser criado, nesse caso ele se chama <em>TeamViewer<\/em>.<\/p>\n<p>Depois clique em <em>Save<\/em>, no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2039\" aria-describedby=\"caption-attachment-2039\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2039\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/150-Horario-Aplicado.png\" alt=\"Hor\u00e1rio Aplicado\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/150-Horario-Aplicado.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/150-Horario-Aplicado-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/150-Horario-Aplicado-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2039\" class=\"wp-caption-text\">Hor\u00e1rio Aplicado<\/figcaption><\/figure>\n<p>Aqui podemos ver que o hor\u00e1rio foi aplicado com sucesso \u00e0 regra.<\/p>\n<figure id=\"attachment_2040\" aria-describedby=\"caption-attachment-2040\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2040\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/151-TeamViewer-Funcionando.png\" alt=\"TeamViewer Funcionando\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/151-TeamViewer-Funcionando.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/151-TeamViewer-Funcionando-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/151-TeamViewer-Funcionando-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/151-TeamViewer-Funcionando-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2040\" class=\"wp-caption-text\">TeamViewer Funcionando<\/figcaption><\/figure>\n<p>E aqui podemos ver que o TeamViewer est\u00e1 funcionando.<\/p>\n<h3>Port Forwarding<\/h3>\n<p><em>Port Forwarding<\/em> permite que uma porta, faixa de portas ou protocolo seja exposto a um IP privado em uma das redes internas.<\/p>\n<p>Aqui iremos redirecionar duas portas externas, para portas espec\u00edficas, e diferentes, para um host em uma rede interna. As portas <span style=\"font-family: andale mono, monospace;\">22222<\/span> e <span style=\"font-family: andale mono, monospace;\">42424<\/span> ser\u00e3o redirecionadas para as portas internas <span style=\"font-family: andale mono, monospace;\">61234<\/span> e <span style=\"font-family: andale mono, monospace;\">56789<\/span> respectivamente, e ser\u00e3o apontadas para o IP <span style=\"font-family: andale mono, monospace;\">10.18.170.2<\/span>, que est\u00e1 na rede Orange e tem um webserver.<\/p>\n<figure id=\"attachment_2043\" aria-describedby=\"caption-attachment-2043\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2043\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/152-Firewall-NAT.png\" alt=\"Firewall - NAT\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/152-Firewall-NAT.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/152-Firewall-NAT-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/152-Firewall-NAT-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2043\" class=\"wp-caption-text\">Firewall &#8211; NAT<\/figcaption><\/figure>\n<p>Para criar essa regra clique em <strong>Firewall -&gt; NAT<\/strong>.<\/p>\n<figure id=\"attachment_2044\" aria-describedby=\"caption-attachment-2044\" style=\"width: 1058px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2044\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/153-Port-Forward.png\" alt=\"Port Forward\" width=\"1058\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/153-Port-Forward.png 1058w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/153-Port-Forward-512x322.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/153-Port-Forward-768x483.png 768w\" sizes=\"auto, (max-width: 1058px) 100vw, 1058px\" \/><figcaption id=\"caption-attachment-2044\" class=\"wp-caption-text\">Port Forward<\/figcaption><\/figure>\n<p>Para criar uma nova regra clique no bot\u00e3o <em>Add<\/em>.<\/p>\n<figure id=\"attachment_2045\" aria-describedby=\"caption-attachment-2045\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2045\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/154-Criar-Nova-Regra.png\" alt=\"Criar Nova Regra\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/154-Criar-Nova-Regra.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/154-Criar-Nova-Regra-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/154-Criar-Nova-Regra-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2045\" class=\"wp-caption-text\">Criar Nova Regra<\/figcaption><\/figure>\n<p>Aqui iremos configurar a regra.<\/p>\n<figure id=\"attachment_2046\" aria-describedby=\"caption-attachment-2046\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2046\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/155-Configuracao-da-Regra.png\" alt=\"Configura\u00e7\u00e3o da Regra\" width=\"1041\" height=\"1400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/155-Configuracao-da-Regra.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/155-Configuracao-da-Regra-381x512.png 381w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/155-Configuracao-da-Regra-768x1033.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2046\" class=\"wp-caption-text\">Configura\u00e7\u00e3o da Regra<\/figcaption><\/figure>\n<p>Como essa porta ser\u00e1 exposta ao exterior, em <em>Interface<\/em> precisamos selecionar <em>WAN<\/em>.<\/p>\n<p>N\u00e3o estamos utilizando IPv6, por isso em <em>Address Family<\/em> certifique-se de que tem <em>IPv4<\/em> selecionado.<\/p>\n<p>Essa porta ser\u00e1 utilizada apenas para fr\u00e1fego web, por isso em <em>Protocol<\/em> selecione apenas <em>TCP<\/em>, n\u00e3o ser\u00e1 preciso UDP nesse caso.<\/p>\n<p>Em <em>Destination<\/em> selecione <em>WAN address<\/em>, isso far\u00e1 com que o firewall redirecione essas portas quando algum cliente externo as tente acessar atrav\u00e9s do IP da interface WAN.<\/p>\n<p>Em <em>Destination port range<\/em>, nos dois campos <em>Custom<\/em>, coloque o n\u00famero da porta que ser\u00e1 aberta na interface WAN, nesse caso ser\u00e1 a porta <span style=\"font-family: andale mono, monospace;\">22222<\/span>.<\/p>\n<p>E em <em>Redirect target IP<\/em> selecione <em>Single host<\/em> e coloque o IP do webserver, que nesse caso ser\u00e1 <span style=\"font-family: andale mono, monospace;\">10.18.170.2.<\/span><\/p>\n<p>Em <em>Redirect target port<\/em> selecione a op\u00e7\u00e3o <em>Other<\/em> e em <em>Custom<\/em> coloque o n\u00famero da porta que o host est\u00e1 esperando, nesse caso a porta <span style=\"font-family: andale mono, monospace;\">61234.<\/span><\/p>\n<p>D\u00ea uma descri\u00e7\u00e3o e clique em <em>Save.<\/em><\/p>\n<figure id=\"attachment_2048\" aria-describedby=\"caption-attachment-2048\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2048\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/156-Aplicar-Regra.png\" alt=\"Aplicar Regra\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/156-Aplicar-Regra.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/156-Aplicar-Regra-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/156-Aplicar-Regra-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2048\" class=\"wp-caption-text\">Aplicar Regra<\/figcaption><\/figure>\n<p>Da mesma maneira que as regras do firewall que foram criadas at\u00e9 agora, tamb\u00e9m \u00e9 preciso aplicar as altera\u00e7\u00f5es, clique em <em>Apply Changes<\/em>, com isso j\u00e1 temos a primeira porta redirecionada.<\/p>\n<p>Agora \u00e9 s\u00f3 repetir esses passo para a outra porta.<\/p>\n<figure id=\"attachment_2049\" aria-describedby=\"caption-attachment-2049\" style=\"width: 1041px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2049\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/157-Portas-Redirecionadas.png\" alt=\"Portas Redirecionadas\" width=\"1041\" height=\"665\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/157-Portas-Redirecionadas.png 1041w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/157-Portas-Redirecionadas-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/157-Portas-Redirecionadas-768x491.png 768w\" sizes=\"auto, (max-width: 1041px) 100vw, 1041px\" \/><figcaption id=\"caption-attachment-2049\" class=\"wp-caption-text\">Portas Redirecionadas<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos as duas portas redirecionadas, agora \u00e9 s\u00f3 as testar para confirmar que est\u00e1 tudo funcionando corretamente.<\/p>\n<figure id=\"attachment_2050\" aria-describedby=\"caption-attachment-2050\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2050\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/158-Servidor-Pedindo-Autenticacao.png\" alt=\"Servidor Pedindo Autentica\u00e7\u00e3o\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/158-Servidor-Pedindo-Autenticacao.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/158-Servidor-Pedindo-Autenticacao-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/158-Servidor-Pedindo-Autenticacao-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/158-Servidor-Pedindo-Autenticacao-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2050\" class=\"wp-caption-text\">Servidor Pedindo Autentica\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Utilizando um cliente na WAN podemos ver que o redirecionamento est\u00e1 funcionando corretamente, aqui o servidor est\u00e1 pedindo autentica\u00e7\u00e3o para permitir o acesso \u00e0 p\u00e1gina.<\/p>\n<figure id=\"attachment_2051\" aria-describedby=\"caption-attachment-2051\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2051\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/159-Redirecionamento-de-Porta-Feito-com-Sucesso.png\" alt=\"Redirecionamento de Porta Feito com Sucesso\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/159-Redirecionamento-de-Porta-Feito-com-Sucesso.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/159-Redirecionamento-de-Porta-Feito-com-Sucesso-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/159-Redirecionamento-de-Porta-Feito-com-Sucesso-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/159-Redirecionamento-de-Porta-Feito-com-Sucesso-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2051\" class=\"wp-caption-text\">Redirecionamento de Porta Feito com Sucesso<\/figcaption><\/figure>\n<p>Ap\u00f3s a autentica\u00e7\u00e3o a p\u00e1gina \u00e9 carregada corretamente.<\/p>\n<figure id=\"attachment_2052\" aria-describedby=\"caption-attachment-2052\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2052\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/160-Redirecionamento-da-Porta-42424.png\" alt=\"Redirecionamento da Porta 42424\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/160-Redirecionamento-da-Porta-42424.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/160-Redirecionamento-da-Porta-42424-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/160-Redirecionamento-da-Porta-42424-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/160-Redirecionamento-da-Porta-42424-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2052\" class=\"wp-caption-text\">Redirecionamento da Porta 42424<\/figcaption><\/figure>\n<p>A mesma coisa para a porta <span style=\"font-family: andale mono, monospace;\">42424<\/span>, redirecionamento feito com sucesso.<\/p>\n<h3>Instalar OPNsense<\/h3>\n<p>O processo de instala\u00e7\u00e3o do OPNsense \u00e9 similar ao do pfSense, depois de terminada a instala\u00e7\u00e3o \u00e9 preciso fazer a configura\u00e7\u00e3o inicial\u00a0 das interfaces de rede.<\/p>\n<p>As interfaces ser\u00e3o configuradas de maneira similar a como foi feito no\u00a0 pfSense:<\/p>\n<pre>00:50:56:3C:1A:10 - R2\/WAN - 10.155.170.2\/30\r\n00:50:56:3C:1A:11 - Green - 10.53.170.1\/24\r\n00:50:56:3C:1A:12 - Blue - 10.120.170.1\/29\r\n00:50:56:3C:1A:13 - Sync - 192.168.255.253\/30\r\n00:50:56:3C:1A:14 - Host - 10.10.10.21\/24<\/pre>\n<figure id=\"attachment_2056\" aria-describedby=\"caption-attachment-2056\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2056\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/161-Configuracao-Inicial-do-OPNsense.png\" alt=\"Configura\u00e7\u00e3o Inicial do OPNsense\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/161-Configuracao-Inicial-do-OPNsense.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/161-Configuracao-Inicial-do-OPNsense-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2056\" class=\"wp-caption-text\">Configura\u00e7\u00e3o Inicial do OPNsense<\/figcaption><\/figure>\n<p>O primeiro passo \u00e9 configurar o papel das interfaces, para isso \u00e9 s\u00f3 selecionar a op\u00e7\u00e3o n\u00famero 1.<\/p>\n<figure id=\"attachment_2057\" aria-describedby=\"caption-attachment-2057\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2057\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/162-Selecionar-Interface-WAN.png\" alt=\"Selecionar Interface WAN\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/162-Selecionar-Interface-WAN.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/162-Selecionar-Interface-WAN-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2057\" class=\"wp-caption-text\">Selecionar Interface WAN<\/figcaption><\/figure>\n<p>Depois disso ser\u00e1 perguntado se desejamos configurar LAGG, ou Link Aggregation, isso n\u00e3o ser\u00e1 necess\u00e1rio nesse momento, selecione <span style=\"font-family: andale mono, monospace;\">n<\/span>, a mesma coisa para VLANs, n\u00e3o ser\u00e3o necess\u00e1rias.<\/p>\n<figure id=\"attachment_2058\" aria-describedby=\"caption-attachment-2058\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2058\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/163-Selecionar-Interfaces.png\" alt=\"Selecionar Interfaces\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/163-Selecionar-Interfaces.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/163-Selecionar-Interfaces-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2058\" class=\"wp-caption-text\">Selecionar Interfaces<\/figcaption><\/figure>\n<p>As interfaces s\u00e3o selecionadas utilizando os seus nomes, e podem ser identificadas atrav\u00e9s dos endere\u00e7os MAC.<\/p>\n<figure id=\"attachment_2059\" aria-describedby=\"caption-attachment-2059\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2059\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/164-Interfaces-Selecionadas.png\" alt=\"Interfaces Selecionadas\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/164-Interfaces-Selecionadas.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/164-Interfaces-Selecionadas-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2059\" class=\"wp-caption-text\">Interfaces Selecionadas<\/figcaption><\/figure>\n<p>Ap\u00f3s selecionar as interfaces, confirme que deseja continuar.<\/p>\n<p>Depois de selecionar as interfaces \u00e9 preciso configurar alguns endere\u00e7os de IP, para que seja poss\u00edvel acessar a interface web.<\/p>\n<figure id=\"attachment_2061\" aria-describedby=\"caption-attachment-2061\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2061\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/165-Configurar-IP.png\" alt=\"Configurar IP\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/165-Configurar-IP.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/165-Configurar-IP-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2061\" class=\"wp-caption-text\">Configurar IP<\/figcaption><\/figure>\n<p>Selecione a op\u00e7\u00e3o 2 para configurar o IP de uma interface.<\/p>\n<figure id=\"attachment_2062\" aria-describedby=\"caption-attachment-2062\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2062\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/166-Configurar-IP-da-Interface-WAN.png\" alt=\"Configurar IP da Interface WAN\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/166-Configurar-IP-da-Interface-WAN.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/166-Configurar-IP-da-Interface-WAN-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2062\" class=\"wp-caption-text\">Configurar IP da Interface WAN<\/figcaption><\/figure>\n<p>Primeiro introduza o IP da interface, depois a m\u00e1scara de rede, e por fim o endere\u00e7o do Gateway utilizado para acessar outras redes externas.<\/p>\n<figure id=\"attachment_2063\" aria-describedby=\"caption-attachment-2063\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2063\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/167-DNS.png\" alt=\"DNS\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/167-DNS.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/167-DNS-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2063\" class=\"wp-caption-text\">DNS<\/figcaption><\/figure>\n<p>N\u00e3o iremos utilizar o Gateway como DNS, selecione outro servidor DNS.<\/p>\n<figure id=\"attachment_2064\" aria-describedby=\"caption-attachment-2064\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2064\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/168-IPv6-e-Protocolo-da-Interface-Web.png\" alt=\"IPv6 e Protocolo da Interface Web\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/168-IPv6-e-Protocolo-da-Interface-Web.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/168-IPv6-e-Protocolo-da-Interface-Web-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2064\" class=\"wp-caption-text\">IPv6 e Protocolo da Interface Web<\/figcaption><\/figure>\n<p>N\u00e3o iremos utilizar IPv6, mas caso seja necess\u00e1rio, pode fazer essa configura\u00e7\u00e3o agora, tamb\u00e9m n\u00e3o iremos alterar o protocolo da interface web de http para https.<\/p>\n<figure id=\"attachment_2065\" aria-describedby=\"caption-attachment-2065\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2065\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/169-Terminando-Configuracao-da-Interface.png\" alt=\"Terminando Configura\u00e7\u00e3o da Interface\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/169-Terminando-Configuracao-da-Interface.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/169-Terminando-Configuracao-da-Interface-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2065\" class=\"wp-caption-text\">Terminando Configura\u00e7\u00e3o da Interface<\/figcaption><\/figure>\n<p>Ap\u00f3s terminar de escolher as configura\u00e7\u00f5es desejadas \u00e9 s\u00f3 aguardar um pouco para que essas configura\u00e7\u00f5es sejam aplicadas.<\/p>\n<p>Depois\u00a0 disso \u00e9 s\u00f3 repetir os mesmos passos para outras interfaces que deseje configurar j\u00e1.<\/p>\n<figure id=\"attachment_2066\" aria-describedby=\"caption-attachment-2066\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2066\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/170-WAN-e-Interface-Para-o-Host-Configuradas.png\" alt=\"WAN e Interface Para o Host Configuradas\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/170-WAN-e-Interface-Para-o-Host-Configuradas.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/170-WAN-e-Interface-Para-o-Host-Configuradas-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2066\" class=\"wp-caption-text\">WAN e Interface Para o Host Configuradas<\/figcaption><\/figure>\n<p>Caso deseje acessar a interface web atrav\u00e9s da interface LAN, pode utilizar o endere\u00e7o de IP pr\u00e9 configurado, mas caso queira utilizar outra interface ser\u00e1 preciso desativar temporariamente o firewall, assim como foi feito no pfSense.<\/p>\n<figure id=\"attachment_2067\" aria-describedby=\"caption-attachment-2067\" style=\"width: 720px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2067\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/171-Desativar-o-Firewall-Temporariamente.png\" alt=\"Desativar o Firewall Temporariamente\" width=\"720\" height=\"400\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/171-Desativar-o-Firewall-Temporariamente.png 720w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/171-Desativar-o-Firewall-Temporariamente-512x284.png 512w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><figcaption id=\"caption-attachment-2067\" class=\"wp-caption-text\">Desativar o Firewall Temporariamente<\/figcaption><\/figure>\n<p>Ap\u00f3s desativar o firewall temporariamente j\u00e1 podemos acessar a interface web tanto pela interface WAN como pela interface OPT3 (Host).<\/p>\n<figure id=\"attachment_2069\" aria-describedby=\"caption-attachment-2069\" style=\"width: 1276px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2069\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/172-Interface-Web-OPNsense.png\" alt=\"Interface Web OPNsense\" width=\"1276\" height=\"1001\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/172-Interface-Web-OPNsense.png 1276w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/172-Interface-Web-OPNsense-512x402.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/172-Interface-Web-OPNsense-768x602.png 768w\" sizes=\"auto, (max-width: 1276px) 100vw, 1276px\" \/><figcaption id=\"caption-attachment-2069\" class=\"wp-caption-text\">Interface Web OPNsense<\/figcaption><\/figure>\n<p>Com isso j\u00e1 podemos continuar a configura\u00e7\u00e3o atrav\u00e9s da interface web.<\/p>\n<p>O login pode ser feito com as mesmas credenciais que foram utilizadas durante a instala\u00e7\u00e3o e configura\u00e7\u00e3o inicial.<\/p>\n<figure id=\"attachment_2071\" aria-describedby=\"caption-attachment-2071\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2071\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/173-Configuracao-Inicial-OPNsense-Atraves-da-Web-Interface.png\" alt=\"Configura\u00e7\u00e3o Inicial OPNsense Atrav\u00e9s da Web Interface\" width=\"1408\" height=\"841\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/173-Configuracao-Inicial-OPNsense-Atraves-da-Web-Interface.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/173-Configuracao-Inicial-OPNsense-Atraves-da-Web-Interface-512x306.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/173-Configuracao-Inicial-OPNsense-Atraves-da-Web-Interface-768x459.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2071\" class=\"wp-caption-text\">Configura\u00e7\u00e3o Inicial OPNsense Atrav\u00e9s da Web Interface<\/figcaption><\/figure>\n<p>O processo de configura\u00e7\u00e3o inicial ser\u00e1 iniciado, ele \u00e9 muito similar ao processo do pfSense.<\/p>\n<figure id=\"attachment_2072\" aria-describedby=\"caption-attachment-2072\" style=\"width: 1110px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2072\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/174-Informacao-Geral.png\" alt=\"Informa\u00e7\u00e3o Geral\" width=\"1110\" height=\"777\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/174-Informacao-Geral.png 1110w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/174-Informacao-Geral-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/174-Informacao-Geral-768x538.png 768w\" sizes=\"auto, (max-width: 1110px) 100vw, 1110px\" \/><figcaption id=\"caption-attachment-2072\" class=\"wp-caption-text\">Informa\u00e7\u00e3o Geral<\/figcaption><\/figure>\n<p>Aqui \u00e9 poss\u00edvel configurar o hostname do firewall, assim como o dom\u00ednio e outras configura\u00e7\u00f5es de DNS, ap\u00f3s fazer as configura\u00e7\u00f5es adequadas clique em <em>Next<\/em>.<\/p>\n<figure id=\"attachment_2073\" aria-describedby=\"caption-attachment-2073\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2073\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/175-Time-Server-Information.png\" alt=\"Time Server Information\" width=\"1408\" height=\"841\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/175-Time-Server-Information.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/175-Time-Server-Information-512x306.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/175-Time-Server-Information-768x459.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2073\" class=\"wp-caption-text\">Time Server Information<\/figcaption><\/figure>\n<p>Selecione o fuso-hor\u00e1rio de onde est\u00e1 e time servers que deseja utilizar e clique em <em>Next<\/em>.<\/p>\n<figure id=\"attachment_2074\" aria-describedby=\"caption-attachment-2074\" style=\"width: 1110px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2074\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/176-Interface-WAN.png\" alt=\"Interface WAN\" width=\"1110\" height=\"2398\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/176-Interface-WAN.png 1110w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/176-Interface-WAN-237x512.png 237w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/176-Interface-WAN-1018x2200.png 1018w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/176-Interface-WAN-768x1659.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/176-Interface-WAN-711x1536.png 711w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/176-Interface-WAN-948x2048.png 948w\" sizes=\"auto, (max-width: 1110px) 100vw, 1110px\" \/><figcaption id=\"caption-attachment-2074\" class=\"wp-caption-text\">Interface WAN<\/figcaption><\/figure>\n<p>Aqui n\u00e3o tem muito o que fazer, a \u00fanica altera\u00e7\u00e3o \u00e9 desselecionar as op\u00e7\u00f5es que bloqueiam redes privadas e similares na interface WAN, como foi feito no pfSense, depois disso clique em <em>Next<\/em>.<\/p>\n<figure id=\"attachment_2075\" aria-describedby=\"caption-attachment-2075\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2075\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/177-Interface-LAN-Green.png\" alt=\"Interface LAN-Green\" width=\"1408\" height=\"841\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/177-Interface-LAN-Green.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/177-Interface-LAN-Green-512x306.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/177-Interface-LAN-Green-768x459.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2075\" class=\"wp-caption-text\">Interface LAN-Green<\/figcaption><\/figure>\n<p>Aqui n\u00e3o tem nada a ser feito, o resto das configura\u00e7\u00f5es dessa rede ser\u00e3o feitas mais tarde, clique em <em>Next<\/em>.<\/p>\n<figure id=\"attachment_2076\" aria-describedby=\"caption-attachment-2076\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2076\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/178-Senha-da-Conta-root.png\" alt=\"Senha da Conta root\" width=\"1408\" height=\"841\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/178-Senha-da-Conta-root.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/178-Senha-da-Conta-root-512x306.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/178-Senha-da-Conta-root-768x459.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2076\" class=\"wp-caption-text\">Senha da Conta root<\/figcaption><\/figure>\n<p>Caso deseje alterar a senha da conta root pode o fazer aqui, depois disso clique em <em>Next<\/em>.<\/p>\n<figure id=\"attachment_2077\" aria-describedby=\"caption-attachment-2077\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2077\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/179-Reload.png\" alt=\"Reload\" width=\"1408\" height=\"841\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/179-Reload.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/179-Reload-512x306.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/179-Reload-768x459.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2077\" class=\"wp-caption-text\">Reload<\/figcaption><\/figure>\n<p>Com essa configura\u00e7\u00e3o inicial terminada, clique em <em>Reload<\/em>, tenha aten\u00e7\u00e3o que caso esteja acessando a interface web por uma interface que n\u00e3o seja a LAN, isso ir\u00e1 reativar o firewall, fazendo com que o acesso \u00e0 interface web seja bloqueado novamente, por isso ser\u00e1 necess\u00e1rio o desativar novamente na shell.<\/p>\n<figure id=\"attachment_2079\" aria-describedby=\"caption-attachment-2079\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2079\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/180-Firewall-Rules-OPT3.png\" alt=\"Firewall - Rules - OPT3\" width=\"1408\" height=\"841\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/180-Firewall-Rules-OPT3.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/180-Firewall-Rules-OPT3-512x306.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/180-Firewall-Rules-OPT3-768x459.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2079\" class=\"wp-caption-text\">Firewall &#8211; Rules &#8211; OPT3<\/figcaption><\/figure>\n<p>Como foi feito no pfSense, irei criar uma regra para permitir o acesso \u00e0 interface web atrav\u00e9s da interface OPT3\/Host, para isso clique em <strong>Firewall -&gt; Rules -&gt; OPT3<\/strong>.<\/p>\n<figure id=\"attachment_2080\" aria-describedby=\"caption-attachment-2080\" style=\"width: 1533px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2080\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/181-Regras-do-Firewall-Para-OPT3.png\" alt=\"Regras do Firewall Para OPT3\" width=\"1533\" height=\"841\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/181-Regras-do-Firewall-Para-OPT3.png 1533w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/181-Regras-do-Firewall-Para-OPT3-512x281.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/181-Regras-do-Firewall-Para-OPT3-768x421.png 768w\" sizes=\"auto, (max-width: 1533px) 100vw, 1533px\" \/><figcaption id=\"caption-attachment-2080\" class=\"wp-caption-text\">Regras do Firewall Para OPT3<\/figcaption><\/figure>\n<p>Aqui temos a p\u00e1gina com as regras para essa interface. Nesse momento ainda n\u00e3o temos nenhuma regra, para criar a nova regra clique no bot\u00e3o laranja com um <strong>\u2795<\/strong>.<\/p>\n<figure id=\"attachment_2081\" aria-describedby=\"caption-attachment-2081\" style=\"width: 1210px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2081\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/182-Regra-Para-Permitir-Acesso-a-Interface-Web-OPT3.png\" alt=\"Regra Para Permitir Acesso \u00e0 Interface Web OPT3\" width=\"1210\" height=\"2167\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/182-Regra-Para-Permitir-Acesso-a-Interface-Web-OPT3.png 1210w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/182-Regra-Para-Permitir-Acesso-a-Interface-Web-OPT3-286x512.png 286w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/182-Regra-Para-Permitir-Acesso-a-Interface-Web-OPT3-768x1375.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/182-Regra-Para-Permitir-Acesso-a-Interface-Web-OPT3-858x1536.png 858w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/182-Regra-Para-Permitir-Acesso-a-Interface-Web-OPT3-1144x2048.png 1144w\" sizes=\"auto, (max-width: 1210px) 100vw, 1210px\" \/><figcaption id=\"caption-attachment-2081\" class=\"wp-caption-text\">Regra Para Permitir Acesso \u00e0 Interface Web OPT3<\/figcaption><\/figure>\n<p>Similar \u00e0 regra criada no pfSense, em <em>Action<\/em> selecione\u00a0<em>Pass<\/em>, para permitir o tr\u00e1fego, a interface \u00e9 OPT3, em <em>Direction<\/em> selecione <em>in<\/em>.<\/p>\n<p>N\u00e3o vamos utilizar IPv6, por isso em <em>TCP\/IP Version<\/em> selecione <em>IPv4<\/em>, em <em>Protocol<\/em> pode deixar como\u00a0<em>any<\/em>, mas caso queira restringir um pouco mais, pode selecionar <em>TCP<\/em>.<\/p>\n<p>Em <em>Source<\/em> selecione <em>OPT3 net<\/em>, isso ir\u00e1 permitir tr\u00e1fego originado de m\u00e1quinas originadas dessa rede, e n\u00e3o de redes diferentes, que por acaso cheguem atrav\u00e9s dessa interface, e em <em>Destination<\/em> selecione <em>OPT3 address<\/em>, para que apenas tr\u00e1fego destinado ao IP dessa interface passe, n\u00e3o queremos que nenhuma outra m\u00e1quina esteja acess\u00edvel atrav\u00e9s dessa interface.<\/p>\n<p>D\u00ea uma descri\u00e7\u00e3o \u00e0 regra e clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2082\" aria-describedby=\"caption-attachment-2082\" style=\"width: 1533px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2082\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/183-Aplicar-Alteracoes.png\" alt=\"Aplicar Altera\u00e7\u00f5es\" width=\"1533\" height=\"841\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/183-Aplicar-Alteracoes.png 1533w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/183-Aplicar-Alteracoes-512x281.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/183-Aplicar-Alteracoes-768x421.png 768w\" sizes=\"auto, (max-width: 1533px) 100vw, 1533px\" \/><figcaption id=\"caption-attachment-2082\" class=\"wp-caption-text\">Aplicar Altera\u00e7\u00f5es<\/figcaption><\/figure>\n<p>Clique em <em>Apply changes<\/em> para aplicar a regra.<\/p>\n<p>Isso pode demorar alguns instantes at\u00e9 que a regra esteja ativa, por isso \u00e9 normal que a p\u00e1gina n\u00e3o carregue, mas ap\u00f3s alguns instantes j\u00e1 deve ter acesso \u00e0 interface web atrav\u00e9s dessa interface.<\/p>\n<figure id=\"attachment_2084\" aria-describedby=\"caption-attachment-2084\" style=\"width: 1461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2084\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/184-Interfaces-LAN.png\" alt=\"Interfaces - LAN\" width=\"1461\" height=\"1046\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/184-Interfaces-LAN.png 1461w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/184-Interfaces-LAN-512x367.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/184-Interfaces-LAN-768x550.png 768w\" sizes=\"auto, (max-width: 1461px) 100vw, 1461px\" \/><figcaption id=\"caption-attachment-2084\" class=\"wp-caption-text\">Interfaces &#8211; LAN<\/figcaption><\/figure>\n<p>Agora iremos alterar os nomes das interfaces, para que tenham nomes mais descritivos, vamos come\u00e7ar pela interface LAN, para isso clique em <strong>Interfaces -&gt; [LAN]<\/strong>.<\/p>\n<figure id=\"attachment_2085\" aria-describedby=\"caption-attachment-2085\" style=\"width: 1461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2085\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/185-Renomear-Interface.png\" alt=\"Renomear Interface\" width=\"1461\" height=\"938\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/185-Renomear-Interface.png 1461w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/185-Renomear-Interface-512x329.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/185-Renomear-Interface-768x493.png 768w\" sizes=\"auto, (max-width: 1461px) 100vw, 1461px\" \/><figcaption id=\"caption-attachment-2085\" class=\"wp-caption-text\">Renomear Interface<\/figcaption><\/figure>\n<p>Em <em>Description<\/em> coloque o nome que deseja dar a interface, nesse caso ir\u00e1 se chamar <em>Green<\/em>,\u00a0 depois disso clique no bot\u00e3o Save no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2086\" aria-describedby=\"caption-attachment-2086\" style=\"width: 1461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2086\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/186-Aplicar-Alteracoes.png\" alt=\"Aplicar Altera\u00e7\u00f5es\" width=\"1461\" height=\"938\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/186-Aplicar-Alteracoes.png 1461w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/186-Aplicar-Alteracoes-512x329.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/186-Aplicar-Alteracoes-768x493.png 768w\" sizes=\"auto, (max-width: 1461px) 100vw, 1461px\" \/><figcaption id=\"caption-attachment-2086\" class=\"wp-caption-text\">Aplicar Altera\u00e7\u00f5es<\/figcaption><\/figure>\n<p>Clique em <em>Apply changes<\/em> para aplicar a nova configura\u00e7\u00e3o.<\/p>\n<figure id=\"attachment_2087\" aria-describedby=\"caption-attachment-2087\" style=\"width: 1169px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2087\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/187-Configuracoes-Interface-Blue.png\" alt=\"Configura\u00e7\u00f5es Interface Blue\" width=\"1169\" height=\"1945\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/187-Configuracoes-Interface-Blue.png 1169w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/187-Configuracoes-Interface-Blue-308x512.png 308w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/187-Configuracoes-Interface-Blue-768x1278.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/187-Configuracoes-Interface-Blue-923x1536.png 923w\" sizes=\"auto, (max-width: 1169px) 100vw, 1169px\" \/><figcaption id=\"caption-attachment-2087\" class=\"wp-caption-text\">Configura\u00e7\u00f5es Interface Blue<\/figcaption><\/figure>\n<p>A interface <em>Blue<\/em> n\u00e3o estava ativa e nem tinha IP definido, nesse caso, para a habilitar, marque a op\u00e7\u00e3o <em>Enable Interface<\/em> em <em>Enable<\/em>, em <em>Description<\/em> d\u00ea o nome que desejar \u00e0 interface, nesse caso ser\u00e1 <em>Blue<\/em>, em <em>IPv4 Configuration Type<\/em> selecione <em>Static IPv4<\/em>\u00a0e em <em>IPv4 address<\/em> coloque o endere\u00e7o de IP que deseja usar nessa interface, depois disso clique em <em>Save<\/em>.<\/p>\n<p>Repita o processo para as outras interfaces.<\/p>\n<figure id=\"attachment_2088\" aria-describedby=\"caption-attachment-2088\" style=\"width: 1461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2088\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/188-Interfaces-Configuradas.png\" alt=\"Interfaces Configuradas\" width=\"1461\" height=\"938\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/188-Interfaces-Configuradas.png 1461w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/188-Interfaces-Configuradas-512x329.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/188-Interfaces-Configuradas-768x493.png 768w\" sizes=\"auto, (max-width: 1461px) 100vw, 1461px\" \/><figcaption id=\"caption-attachment-2088\" class=\"wp-caption-text\">Interfaces Configuradas<\/figcaption><\/figure>\n<p>Aqui podemos ver que todas as interfaces j\u00e1 est\u00e3o configuradas.<\/p>\n<h3>DHCP no OPNsense<\/h3>\n<p>Foi pedido para fornecer IPs por DHCP, mas n\u00e3o foi especificado em qual das redes, por isso isso ser\u00e1 feito apenas na rede Green, entretanto, caso seja preciso em outra rede, o processo \u00e9 o mesmo.<\/p>\n<p><figure id=\"attachment_2092\" aria-describedby=\"caption-attachment-2092\" style=\"width: 1461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2092\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/189-Services-DHCPv4-Green.png\" alt=\"Services - DHCPv4 - [Green]\" width=\"1461\" height=\"938\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/189-Services-DHCPv4-Green.png 1461w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/189-Services-DHCPv4-Green-512x329.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/189-Services-DHCPv4-Green-768x493.png 768w\" sizes=\"auto, (max-width: 1461px) 100vw, 1461px\" \/><figcaption id=\"caption-attachment-2092\" class=\"wp-caption-text\">Services &#8211; DHCPv4 &#8211; [Green]<\/figcaption><\/figure>Clique em <strong>Services -&gt; DHCPv4 -&gt; [Green]<\/strong>.<\/p>\n<figure id=\"attachment_2090\" aria-describedby=\"caption-attachment-2090\" style=\"width: 1461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2090\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/190-DHCP-na-Interface-Green.png\" alt=\"DHCP na Interface Green\" width=\"1461\" height=\"938\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/190-DHCP-na-Interface-Green.png 1461w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/190-DHCP-na-Interface-Green-512x329.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/190-DHCP-na-Interface-Green-768x493.png 768w\" sizes=\"auto, (max-width: 1461px) 100vw, 1461px\" \/><figcaption id=\"caption-attachment-2090\" class=\"wp-caption-text\">DHCP na Interface Green<\/figcaption><\/figure>\n<p>Aqui podemos ver que o servidor DHCP n\u00e3o est\u00e1 ativo nessa interface.<\/p>\n<figure id=\"attachment_2093\" aria-describedby=\"caption-attachment-2093\" style=\"width: 1169px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2093\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/191-Configuracoes-do-Servidor-DHCP-na-Interface-Green.png\" alt=\"Configura\u00e7\u00f5es do Servidor DHCP na Interface Green\" width=\"1169\" height=\"2720\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/191-Configuracoes-do-Servidor-DHCP-na-Interface-Green.png 1169w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/191-Configuracoes-do-Servidor-DHCP-na-Interface-Green-220x512.png 220w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/191-Configuracoes-do-Servidor-DHCP-na-Interface-Green-946x2200.png 946w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/191-Configuracoes-do-Servidor-DHCP-na-Interface-Green-768x1787.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/191-Configuracoes-do-Servidor-DHCP-na-Interface-Green-660x1536.png 660w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/191-Configuracoes-do-Servidor-DHCP-na-Interface-Green-880x2048.png 880w\" sizes=\"auto, (max-width: 1169px) 100vw, 1169px\" \/><figcaption id=\"caption-attachment-2093\" class=\"wp-caption-text\">Configura\u00e7\u00f5es do Servidor DHCP na Interface Green<\/figcaption><\/figure>\n<p>O primeiro passo \u00e9 o ativar, para isso marque a op\u00e7\u00e3o <em>Enable DHCP server on the Green interface<\/em>, em <em>Enable<\/em>.<\/p>\n<p>Em <em>Range<\/em> \u00e9 poss\u00edvel definir a faixa de IPs que ser\u00e3o utilizados para a atribui\u00e7\u00e3o de IPs, e caso queira criar diferentes <em>pools<\/em>, com diferentes faixas de IP, pode o fazer clicando no \u00edcone laranja com um \u2795, em <em>Additional Pools<\/em>.<\/p>\n<p>Em <em>DNS servers<\/em> pode configurar os servidores DNS que deseja atribuir aos clientes, e em <em>Gateway<\/em> coloque o IP dessa pr\u00f3pria interface.<\/p>\n<p>Clique em <em>Save<\/em> no final da p\u00e1gina para salvar as configura\u00e7\u00f5es e ativar o servidor DHCP.<\/p>\n<figure id=\"attachment_2095\" aria-describedby=\"caption-attachment-2095\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2095\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/192-Cliente-Windows-Recebendo-IP.png\" alt=\"Cliente Windows Recebendo IP\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/192-Cliente-Windows-Recebendo-IP.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/192-Cliente-Windows-Recebendo-IP-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/192-Cliente-Windows-Recebendo-IP-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/192-Cliente-Windows-Recebendo-IP-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2095\" class=\"wp-caption-text\">Cliente Windows Recebendo IP<\/figcaption><\/figure>\n<p>O servidor DHCP est\u00e1 funcionando como esperado, o cliente Windows recebeu um IP sem problemas.<\/p>\n<figure id=\"attachment_2096\" aria-describedby=\"caption-attachment-2096\" style=\"width: 1482px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2096\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/193-Lista-de-Leases-no-OPNsense.png\" alt=\"Lista de Leases no OPNsense\" width=\"1482\" height=\"807\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/193-Lista-de-Leases-no-OPNsense.png 1482w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/193-Lista-de-Leases-no-OPNsense-512x279.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/193-Lista-de-Leases-no-OPNsense-768x418.png 768w\" sizes=\"auto, (max-width: 1482px) 100vw, 1482px\" \/><figcaption id=\"caption-attachment-2096\" class=\"wp-caption-text\">Lista de Leases no OPNsense<\/figcaption><\/figure>\n<p>Na imagem acima podemos ver a lista de leases no OPNsense.<\/p>\n<h3>Bloquear dom\u00ednios .de<\/h3>\n<p>Foi pedido para bloquear sites com o tld .de, isso pode ser feito de algumas maneiras diferentes, as mais comuns s\u00e3o DNS e proxy, sendo a primeira menos intrusiva e simples, mas relativamente f\u00e1cil de ser contornada caso o usu\u00e1rio tenha privil\u00e9gios administrativos na m\u00e1quina cliente que esteja utilizando, e a segunda mais garantida, mas mais complexa, al\u00e9m de ser mais onerosa para o firewall e colocar em quest\u00e3o a privacidade dos usu\u00e1rios.<\/p>\n<p>Como foi feito com o pfSense, aqui ser\u00e1 feito esse bloqueio atrav\u00e9s de proxy.<\/p>\n<figure id=\"attachment_2098\" aria-describedby=\"caption-attachment-2098\" style=\"width: 1482px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2098\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/194-System-Trust-Authorities.png\" alt=\"System - Trust - Authorities\" width=\"1482\" height=\"807\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/194-System-Trust-Authorities.png 1482w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/194-System-Trust-Authorities-512x279.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/194-System-Trust-Authorities-768x418.png 768w\" sizes=\"auto, (max-width: 1482px) 100vw, 1482px\" \/><figcaption id=\"caption-attachment-2098\" class=\"wp-caption-text\">System &#8211; Trust &#8211; Authorities<\/figcaption><\/figure>\n<p>Clique em <strong>System -&gt; Trust -&gt; Authorities<\/strong>.<\/p>\n<p>Como foi feito no pfSense, \u00e9 preciso criar uma autoridade certificadora, que ir\u00e1 emitir os certificados dos websites que ser\u00e3o acessados pelos clientes.<\/p>\n<figure id=\"attachment_2099\" aria-describedby=\"caption-attachment-2099\" style=\"width: 1461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2099\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/195-Certificate-Authority.png\" alt=\"Certificate Authority\" width=\"1461\" height=\"807\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/195-Certificate-Authority.png 1461w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/195-Certificate-Authority-512x283.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/195-Certificate-Authority-768x424.png 768w\" sizes=\"auto, (max-width: 1461px) 100vw, 1461px\" \/><figcaption id=\"caption-attachment-2099\" class=\"wp-caption-text\">Certificate Authority<\/figcaption><\/figure>\n<p>Aqui ser\u00e3o preenchidos os dados para criar a autoridade que ir\u00e1 gerar os certificados.<\/p>\n<figure id=\"attachment_2100\" aria-describedby=\"caption-attachment-2100\" style=\"width: 1186px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2100\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/196-Informacoes-da-Autoridade-Certificadora.png\" alt=\"Informa\u00e7\u00f5es da Autoridade Certificadora\" width=\"1186\" height=\"1203\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/196-Informacoes-da-Autoridade-Certificadora.png 1186w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/196-Informacoes-da-Autoridade-Certificadora-505x512.png 505w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/196-Informacoes-da-Autoridade-Certificadora-768x779.png 768w\" sizes=\"auto, (max-width: 1186px) 100vw, 1186px\" \/><figcaption id=\"caption-attachment-2100\" class=\"wp-caption-text\">Informa\u00e7\u00f5es da Autoridade Certificadora<\/figcaption><\/figure>\n<p>Da mesma maneira que foi feito no pfSense, \u00e9 importante que n\u00e3o existam ambiguidades no nome e descri\u00e7\u00e3o da autoridade, n\u00e3o tentar enganar os usu\u00e1rios e deixar claro que o tr\u00e1fego est\u00e1 sendo interceptado.<\/p>\n<p>Em <em>Descriptive name<\/em> d\u00ea um nome que seja descritivo da finalidade dessa CA, em <em>Method<\/em> selecione <em>Create an internal Certificate Authority<\/em>.<\/p>\n<p>Os pr\u00f3ximos campos, at\u00e9 <em>Country Code<\/em> podem ficar com as configura\u00e7\u00f5es padr\u00e3o, e caso queira que essa CA tenha uma vida mais longa, pode aumentar o valor no campo <em>Lifetime (days)<\/em>.<\/p>\n<p>Preencha os campos em <em>Distinguished name<\/em> de acordo com a localiza\u00e7\u00e3o e nome da organiza\u00e7\u00e3o, e em <em>Common Name<\/em> d\u00ea um nome adequado.<\/p>\n<p>depois disso clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2101\" aria-describedby=\"caption-attachment-2101\" style=\"width: 1482px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2101\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/197-CA-Criada.png\" alt=\"CA Criada\" width=\"1482\" height=\"932\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/197-CA-Criada.png 1482w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/197-CA-Criada-512x322.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/197-CA-Criada-768x483.png 768w\" sizes=\"auto, (max-width: 1482px) 100vw, 1482px\" \/><figcaption id=\"caption-attachment-2101\" class=\"wp-caption-text\">CA Criada<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos a autoridade certificadora criada e pronta para emitir novos certificados.<\/p>\n<p>E da mesma maneira que foi feito no pfSense, \u00e9 preciso exportar o certificado para que seja instalado nas m\u00e1quinas cliente, para que os certificados gerados pelo firewall para os websites sejam aceitados pelos clientes.<\/p>\n<p>A exporta\u00e7\u00e3o do certificado pode ser feita clicando no \u00edcone do com uma seta \u2b07 apontando para baixo, do lado do \u00edcone de um l\u00e1pis.<\/p>\n<p>Com isso j\u00e1 podemos fazer a configura\u00e7\u00e3o do proxy no OPNsense.<\/p>\n<figure id=\"attachment_2104\" aria-describedby=\"caption-attachment-2104\" style=\"width: 1482px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2104\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/198-Services-Web-Proxy-Administration.png\" alt=\"Services - Web Proxy - Administration\" width=\"1482\" height=\"932\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/198-Services-Web-Proxy-Administration.png 1482w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/198-Services-Web-Proxy-Administration-512x322.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/198-Services-Web-Proxy-Administration-768x483.png 768w\" sizes=\"auto, (max-width: 1482px) 100vw, 1482px\" \/><figcaption id=\"caption-attachment-2104\" class=\"wp-caption-text\">Services &#8211; Web Proxy &#8211; Administration<\/figcaption><\/figure>\n<p>Clique em <strong>Services -&gt; Web Proxy -&gt; Administration<\/strong>.<\/p>\n<figure id=\"attachment_2105\" aria-describedby=\"caption-attachment-2105\" style=\"width: 1482px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2105\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/199-Configuracoes-do-Web-Proxy.png\" alt=\"Configura\u00e7\u00f5es do Web Proxy\" width=\"1482\" height=\"932\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/199-Configuracoes-do-Web-Proxy.png 1482w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/199-Configuracoes-do-Web-Proxy-512x322.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/199-Configuracoes-do-Web-Proxy-768x483.png 768w\" sizes=\"auto, (max-width: 1482px) 100vw, 1482px\" \/><figcaption id=\"caption-attachment-2105\" class=\"wp-caption-text\">Configura\u00e7\u00f5es do Web Proxy<\/figcaption><\/figure>\n<p>Aqui temos a p\u00e1gina de configura\u00e7\u00e3o do proxy.<\/p>\n<figure id=\"attachment_2106\" aria-describedby=\"caption-attachment-2106\" style=\"width: 1482px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2106\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/200-Habilitar-Proxy.png\" alt=\"Habilitar Proxy\" width=\"1482\" height=\"932\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/200-Habilitar-Proxy.png 1482w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/200-Habilitar-Proxy-512x322.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/200-Habilitar-Proxy-768x483.png 768w\" sizes=\"auto, (max-width: 1482px) 100vw, 1482px\" \/><figcaption id=\"caption-attachment-2106\" class=\"wp-caption-text\">Habilitar Proxy<\/figcaption><\/figure>\n<p>O primeiro passo \u00e9 o habilitar, marque a op\u00e7\u00e3o <em>Enable proxy<\/em> e clique no bot\u00e3o <em>Apply<\/em>.<\/p>\n<figure id=\"attachment_2107\" aria-describedby=\"caption-attachment-2107\" style=\"width: 1186px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2107\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/201-Forward-Proxy.png\" alt=\"Forward Proxy\" width=\"1186\" height=\"1148\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/201-Forward-Proxy.png 1186w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/201-Forward-Proxy-512x496.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/201-Forward-Proxy-768x743.png 768w\" sizes=\"auto, (max-width: 1186px) 100vw, 1186px\" \/><figcaption id=\"caption-attachment-2107\" class=\"wp-caption-text\">Forward Proxy<\/figcaption><\/figure>\n<p>Clique na aba <em>Forward Proxy<\/em>.<\/p>\n<p>\u00c9 aqui que iremos configurar o proxy transparente.<\/p>\n<figure id=\"attachment_2108\" aria-describedby=\"caption-attachment-2108\" style=\"width: 1186px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2108\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/202-Proxy-Transparente-Ativado.png\" alt=\"Proxy Transparente Ativado\" width=\"1186\" height=\"1148\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/202-Proxy-Transparente-Ativado.png 1186w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/202-Proxy-Transparente-Ativado-512x496.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/202-Proxy-Transparente-Ativado-768x743.png 768w\" sizes=\"auto, (max-width: 1186px) 100vw, 1186px\" \/><figcaption id=\"caption-attachment-2108\" class=\"wp-caption-text\">Proxy Transparente Ativado<\/figcaption><\/figure>\n<p>Aqui \u00e9 preciso selecionar as op\u00e7\u00f5es <em>Enable Transparent HTTP proxy<\/em> e <em>Enable SSL<\/em> inspection, as portas podem ficar como est\u00e3o, e em <em>CA to use<\/em> selecione a CA que foi criada anteriormente, clique em <em>Apply<\/em>.<\/p>\n<p>Se habilitar a op\u00e7\u00e3o <em>full help<\/em>, no canto superior direito, vai ver onde o proxy transparente e a inspe\u00e7\u00e3o de tr\u00e1fego SSL foi habilitada, tem um link para criar uma regra de firewall, cada um deles ir\u00e1 criar uma regra diferente, um para a porta 80, para tr\u00e1fego http, e outro para a porta 443, para tr\u00e1fego https.<\/p>\n<figure id=\"attachment_2109\" aria-describedby=\"caption-attachment-2109\" style=\"width: 1169px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2109\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/203-Regra-do-Firewall-Para-a-Porta-80.png\" alt=\"Regra do Firewall Para a Porta 80\" width=\"1169\" height=\"1715\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/203-Regra-do-Firewall-Para-a-Porta-80.png 1169w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/203-Regra-do-Firewall-Para-a-Porta-80-349x512.png 349w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/203-Regra-do-Firewall-Para-a-Porta-80-768x1127.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/203-Regra-do-Firewall-Para-a-Porta-80-1047x1536.png 1047w\" sizes=\"auto, (max-width: 1169px) 100vw, 1169px\" \/><figcaption id=\"caption-attachment-2109\" class=\"wp-caption-text\">Regra do Firewall Para a Porta 80<\/figcaption><\/figure>\n<p>O primeiro link cria uma regra para direcionar o tr\u00e1fego direcionado \u00e0 porta 80, n\u00e3o \u00e9 preciso fazer nenhuma altera\u00e7\u00e3o nessa regra, apenas clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2110\" aria-describedby=\"caption-attachment-2110\" style=\"width: 1169px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2110\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/204-Regra-do-Firewall-Para-a-Porta-443.png\" alt=\"Regra do Firewall Para a Porta 443\" width=\"1169\" height=\"1715\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/204-Regra-do-Firewall-Para-a-Porta-443.png 1169w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/204-Regra-do-Firewall-Para-a-Porta-443-349x512.png 349w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/204-Regra-do-Firewall-Para-a-Porta-443-768x1127.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/204-Regra-do-Firewall-Para-a-Porta-443-1047x1536.png 1047w\" sizes=\"auto, (max-width: 1169px) 100vw, 1169px\" \/><figcaption id=\"caption-attachment-2110\" class=\"wp-caption-text\">Regra do Firewall Para a Porta 443<\/figcaption><\/figure>\n<p>Mesma coisa para a regra de direcionamento da porta 443.<\/p>\n<figure id=\"attachment_2111\" aria-describedby=\"caption-attachment-2111\" style=\"width: 1482px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2111\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/205-Regras-Aplicadas.png\" alt=\"Regras Aplicadas\" width=\"1482\" height=\"771\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/205-Regras-Aplicadas.png 1482w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/205-Regras-Aplicadas-512x266.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/205-Regras-Aplicadas-768x400.png 768w\" sizes=\"auto, (max-width: 1482px) 100vw, 1482px\" \/><figcaption id=\"caption-attachment-2111\" class=\"wp-caption-text\">Regras Aplicadas<\/figcaption><\/figure>\n<p>Com as duas regras ativas o proxy j\u00e1 deve estar funcionando para os clientes.<\/p>\n<figure id=\"attachment_2113\" aria-describedby=\"caption-attachment-2113\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2113\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/206-Proxy-Funcionando-Corretamente-no-Cliente.png\" alt=\"Proxy Funcionando Corretamente no Cliente\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/206-Proxy-Funcionando-Corretamente-no-Cliente.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/206-Proxy-Funcionando-Corretamente-no-Cliente-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/206-Proxy-Funcionando-Corretamente-no-Cliente-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/206-Proxy-Funcionando-Corretamente-no-Cliente-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2113\" class=\"wp-caption-text\">Proxy Funcionando Corretamente no Cliente<\/figcaption><\/figure>\n<p>Aqui podemos ver que o proxy est\u00e1 funcionando corretamente no cliente.<\/p>\n<p>Agora \u00e9 preciso bloquear o acesso aos websites com o tld .de, da Alemanha.<\/p>\n<figure id=\"attachment_2114\" aria-describedby=\"caption-attachment-2114\" style=\"width: 1461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2114\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/207-Forward-Proxy-Access-Control-List.png\" alt=\"Forward Proxy - Access Control List\" width=\"1461\" height=\"823\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/207-Forward-Proxy-Access-Control-List.png 1461w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/207-Forward-Proxy-Access-Control-List-512x288.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/207-Forward-Proxy-Access-Control-List-768x433.png 768w\" sizes=\"auto, (max-width: 1461px) 100vw, 1461px\" \/><figcaption id=\"caption-attachment-2114\" class=\"wp-caption-text\">Forward Proxy &#8211; Access Control List<\/figcaption><\/figure>\n<p>Voltando \u00e0 p\u00e1gina de configura\u00e7\u00e3o do proxy, na aba <em>Forward Proxy<\/em>, clique no \u00edcone de um tri\u00e2ngulo apontando para baixo \ud83d\udd3b, e na lista clique em <em>Access Control List<\/em>.<\/p>\n<figure id=\"attachment_2115\" aria-describedby=\"caption-attachment-2115\" style=\"width: 1482px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2115\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/208-ACLs.png\" alt=\"ACLs\" width=\"1482\" height=\"823\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/208-ACLs.png 1482w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/208-ACLs-512x284.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/208-ACLs-768x426.png 768w\" sizes=\"auto, (max-width: 1482px) 100vw, 1482px\" \/><figcaption id=\"caption-attachment-2115\" class=\"wp-caption-text\">ACLs<\/figcaption><\/figure>\n<p>Aqui podemos fazer v\u00e1rias configura\u00e7\u00f5es referentes a ACLs, whitelists, blacklists, etc&#8230;<\/p>\n<figure id=\"attachment_2116\" aria-describedby=\"caption-attachment-2116\" style=\"width: 1482px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2116\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/209-Bloquear-TLDs-.de_.png\" alt=\"Bloquear TLDs .de\" width=\"1482\" height=\"823\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/209-Bloquear-TLDs-.de_.png 1482w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/209-Bloquear-TLDs-.de_-512x284.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/209-Bloquear-TLDs-.de_-768x426.png 768w\" sizes=\"auto, (max-width: 1482px) 100vw, 1482px\" \/><figcaption id=\"caption-attachment-2116\" class=\"wp-caption-text\">Bloquear TLDs .de<\/figcaption><\/figure>\n<p>Para bloquear os TLDs .de \u00e9 s\u00f3 colocar a seguinte express\u00e3o regular no campo <em>Blacklist<\/em>:<\/p>\n<pre>.+\\.de<\/pre>\n<p>Depois disso clique em <em>Apply<\/em>.<\/p>\n<figure id=\"attachment_2118\" aria-describedby=\"caption-attachment-2118\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2118\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/210-TLD-.de-Bloqueado.png\" alt=\"TLD .de Bloqueado\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/210-TLD-.de-Bloqueado.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/210-TLD-.de-Bloqueado-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/210-TLD-.de-Bloqueado-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/210-TLD-.de-Bloqueado-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2118\" class=\"wp-caption-text\">TLD .de Bloqueado<\/figcaption><\/figure>\n<p>Aqui podemos ver que os dom\u00ednios foram bloqueados com sucesso.<\/p>\n<h3>VPN IPsec Entre OPNsense e pfSense<\/h3>\n<p>IPsec, ou Internet Protocol Security, \u00e9 um dos tipos de VPN dispon\u00edveis, e relativamente simples de ser configurado no OPNsense e pfSense.<\/p>\n<p>Iremos configurar um t\u00fanel <em>site to site<\/em>, ou seja, uma liga\u00e7\u00e3o entre duas, ou mais, redes remotas, que geralmente s\u00e3o utilizadas para fazer a liga\u00e7\u00e3o entre filiais e matriz.<\/p>\n<figure id=\"attachment_2123\" aria-describedby=\"caption-attachment-2123\" style=\"width: 1531px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2123\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/211-VPN-IPsec-Tunnel-Settings.png\" alt=\"VPN - IPsec - Tunnel Settings\" width=\"1531\" height=\"896\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/211-VPN-IPsec-Tunnel-Settings.png 1531w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/211-VPN-IPsec-Tunnel-Settings-512x300.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/211-VPN-IPsec-Tunnel-Settings-768x449.png 768w\" sizes=\"auto, (max-width: 1531px) 100vw, 1531px\" \/><figcaption id=\"caption-attachment-2123\" class=\"wp-caption-text\">VPN &#8211; IPsec &#8211; Tunnel Settings<\/figcaption><\/figure>\n<p>Para come\u00e7ar, clique em <strong>VPN -&gt; IPsec -&gt; Tunnel Settings<\/strong>.<\/p>\n<figure id=\"attachment_2124\" aria-describedby=\"caption-attachment-2124\" style=\"width: 1713px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2124\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/212-IPsec-Tunnel-Settings.png\" alt=\"IPsec - Tunnel Settings\" width=\"1713\" height=\"862\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/212-IPsec-Tunnel-Settings.png 1713w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/212-IPsec-Tunnel-Settings-512x258.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/212-IPsec-Tunnel-Settings-768x386.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/212-IPsec-Tunnel-Settings-1536x773.png 1536w\" sizes=\"auto, (max-width: 1713px) 100vw, 1713px\" \/><figcaption id=\"caption-attachment-2124\" class=\"wp-caption-text\">IPsec &#8211; Tunnel Settings<\/figcaption><\/figure>\n<p>\u00c9 nessa p\u00e1gina que iremos iniciar as configura\u00e7\u00f5es do t\u00fanel IPsec.<\/p>\n<p>O primeiro passo \u00e9 clicar no bot\u00e3o laranja com um \u2795, que est\u00e1 do lado direito da tela, em <em>Phase 1<\/em>.<\/p>\n<figure id=\"attachment_2126\" aria-describedby=\"caption-attachment-2126\" style=\"width: 1593px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2126\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/213-IPsec-Tunnel-Settings.png\" alt=\"IPsec - Tunnel Settings\" width=\"1593\" height=\"862\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/213-IPsec-Tunnel-Settings.png 1593w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/213-IPsec-Tunnel-Settings-512x277.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/213-IPsec-Tunnel-Settings-768x416.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/213-IPsec-Tunnel-Settings-1536x831.png 1536w\" sizes=\"auto, (max-width: 1593px) 100vw, 1593px\" \/><figcaption id=\"caption-attachment-2126\" class=\"wp-caption-text\">IPsec &#8211; Tunnel Settings<\/figcaption><\/figure>\n<p>Aqui iremos configurar a primeira fase da conex\u00e3o, que vai cuidar da troca de chaves e par\u00e2metros criptogr\u00e1ficos da conex\u00e3o.<\/p>\n<figure id=\"attachment_2127\" aria-describedby=\"caption-attachment-2127\" style=\"width: 1341px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2127\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/214-Configuracoes-IPsec-Phase-1.png\" alt=\"Configura\u00e7\u00f5es IPsec Phase 1\" width=\"1341\" height=\"2858\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/214-Configuracoes-IPsec-Phase-1.png 1341w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/214-Configuracoes-IPsec-Phase-1-240x512.png 240w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/214-Configuracoes-IPsec-Phase-1-1032x2200.png 1032w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/214-Configuracoes-IPsec-Phase-1-768x1637.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/214-Configuracoes-IPsec-Phase-1-721x1536.png 721w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/214-Configuracoes-IPsec-Phase-1-961x2048.png 961w\" sizes=\"auto, (max-width: 1341px) 100vw, 1341px\" \/><figcaption id=\"caption-attachment-2127\" class=\"wp-caption-text\">Configura\u00e7\u00f5es IPsec Phase 1<\/figcaption><\/figure>\n<p>Aqui iremos configurar a primeira parte da liga\u00e7\u00e3o, os primeiros campos podem ficar com as configura\u00e7\u00f5es padr\u00e3o, em <em>Connection method<\/em> deixe como <em>default<\/em>, <em>Key Exchange version<\/em> (IKE &#8211; Internet Key Exchange) fica como <em>V2, <\/em><em>Internet Protocol<\/em> vai ficar como <em>IPv4<\/em> e <em>Interface<\/em> como <em>WAN<\/em>.<\/p>\n<p>Em <em>Remote gateway<\/em> \u00e9 preciso colocar o IP p\u00fablico do outro roteador, ser\u00e1 esse IP que o OPNsense ir\u00e1 utilizar para encontrar o roteador remoto atrav\u00e9s da internet, aqui ficar\u00e1 com o IP <span style=\"font-family: andale mono, monospace;\">10.155.170.10<\/span>.<\/p>\n<p>Em <em>Description<\/em> coloque algo descritivo que identifique facilmente essa liga\u00e7\u00e3o.<\/p>\n<p><em>Authentication method<\/em> ficar\u00e1 como <em>Mutual PSK<\/em> (pre-shared key), significa que iremos utilizar uma senha para fazer a autentica\u00e7\u00e3o.<\/p>\n<p>O mais seguro seria utilizar um certificado, entretanto, para simplificar, e para efeitos de demonstra\u00e7\u00e3o da cria\u00e7\u00e3o do t\u00fanel, ser\u00e1 utilizada uma senha para a autentica\u00e7\u00e3o.<\/p>\n<p>Em <em>My identifier<\/em> deixe como <em>My IP address<\/em>, mesma coisa em <em>Peer Identifier<\/em>, deixe como <em>Peer IP address<\/em>.<\/p>\n<p>Em <em>Pre-Shared Key<\/em> coloque a senha que ser\u00e1 utilizada para fazer a autentica\u00e7\u00e3o, essa senha dever\u00e1 ser a mesma dos dois lados.<\/p>\n<p>Em <em>Encryption algorithm<\/em> temos v\u00e1rias op\u00e7\u00f5es, aqui foi selecionada a op\u00e7\u00e3o <em>256 bit AES-GCM with 128 bit ICV<\/em> porque permite a paraleliza\u00e7\u00e3o da encripta\u00e7\u00e3o, tendo assim melhor performance se o sistema tiver v\u00e1rias threads de processamento, selecione o algor\u00edtmo mais adequado \u00e0 situa\u00e7\u00e3o em que se encontre.<\/p>\n<p>Em <em>Hash algorithm<\/em> selecione qualquer um, menos <span style=\"font-family: andale mono, monospace;\">MD5<\/span> e <span style=\"font-family: andale mono, monospace;\">SHA1<\/span>, esses algor\u00edtmos s\u00e3o extremamente antiquados e considerados &#8220;quebrados&#8221;, aqui foi selecionado <em>SHA256<\/em>.<\/p>\n<p>O resto das op\u00e7\u00f5es podem ficar como est\u00e3o, n\u00e3o \u00e9 preciso fazer mais nenhuma altera\u00e7\u00e3o.<\/p>\n<p>Com essa configura\u00e7\u00e3o terminada, clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2128\" aria-describedby=\"caption-attachment-2128\" style=\"width: 1697px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2128\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/215-IPsec-Primeira-Fase-Terminada.png\" alt=\"IPsec - Primeira Fase Terminada\" width=\"1697\" height=\"1006\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/215-IPsec-Primeira-Fase-Terminada.png 1697w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/215-IPsec-Primeira-Fase-Terminada-512x304.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/215-IPsec-Primeira-Fase-Terminada-768x455.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/215-IPsec-Primeira-Fase-Terminada-1536x911.png 1536w\" sizes=\"auto, (max-width: 1697px) 100vw, 1697px\" \/><figcaption id=\"caption-attachment-2128\" class=\"wp-caption-text\">IPsec &#8211; Primeira Fase Terminada<\/figcaption><\/figure>\n<p>Com isso temos a primeira fase terminada, clique em <em>Apply changes<\/em> antes de continuar, depois clique no \u00edcone laranja com um \u2795 que est\u00e1 do lado direito da entrada que acabamos de completar, isso ir\u00e1 iniciar a configura\u00e7\u00e3o da segunda fase.<\/p>\n<figure id=\"attachment_2130\" aria-describedby=\"caption-attachment-2130\" style=\"width: 1676px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2130\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/216-IPsec-Phase-2.png\" alt=\"IPsec Phase 2\" width=\"1676\" height=\"940\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/216-IPsec-Phase-2.png 1676w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/216-IPsec-Phase-2-512x287.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/216-IPsec-Phase-2-768x431.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/216-IPsec-Phase-2-1536x861.png 1536w\" sizes=\"auto, (max-width: 1676px) 100vw, 1676px\" \/><figcaption id=\"caption-attachment-2130\" class=\"wp-caption-text\">IPsec Phase 2<\/figcaption><\/figure>\n<p>Aqui iremos configurar a segunda parte do t\u00fanel, respons\u00e1vel pela encripta\u00e7\u00e3o dos dados a ser transmitidos e os <em>endpoints<\/em> da liga\u00e7\u00e3o, quais redes ser\u00e3o conectadas.<\/p>\n<figure id=\"attachment_2131\" aria-describedby=\"caption-attachment-2131\" style=\"width: 1358px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2131\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/217-IPsec-Configuracao-Phase-2.png\" alt=\"IPsec - Configura\u00e7\u00e3o Phase 2\" width=\"1358\" height=\"1505\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/217-IPsec-Configuracao-Phase-2.png 1358w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/217-IPsec-Configuracao-Phase-2-462x512.png 462w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/217-IPsec-Configuracao-Phase-2-768x851.png 768w\" sizes=\"auto, (max-width: 1358px) 100vw, 1358px\" \/><figcaption id=\"caption-attachment-2131\" class=\"wp-caption-text\">IPsec &#8211; Configura\u00e7\u00e3o Phase 2<\/figcaption><\/figure>\n<p>Essa configura\u00e7\u00e3o \u00e9 mais simples, em <em>Description<\/em> d\u00ea uma descri\u00e7\u00e3o adequada, na se\u00e7\u00e3o <em>Local Network<\/em> iremos definir a rede local que ser\u00e1 o <em>endpoint<\/em> local, em <em>Type<\/em> temos selecionada a op\u00e7\u00e3o <em>Green subnet<\/em>, para que a rede Green tenha acesso \u00e0 rede remota.<\/p>\n<p>Em <em>Remote Network<\/em> iremos identificar qual ser\u00e1 a rede remota, em <em>Type<\/em> selecione <em>Network<\/em> e em <em>Address<\/em> coloque o endere\u00e7o da rede, que nesse caso \u00e9 a rede Green do pfSense.<\/p>\n<p>Abaixo, em <em>Protocol<\/em>, selecione <em>ESP<\/em>.<\/p>\n<p>Em <em>Encryption algorithms<\/em> temos v\u00e1rias op\u00e7\u00f5es, <em>AES128-256<\/em>, <em>aes128-256gcm16<\/em> e <em>NULL<\/em>, caso selecione uma das tr\u00eas primeiras op\u00e7\u00f5es,\u00a0<em>AES128-256<\/em>, tamb\u00e9m ser\u00e1 preciso selecionar um <em>Hash algorithm<\/em> abaixo, para as pr\u00f3ximas tr\u00eas j\u00e1 n\u00e3o \u00e9 preciso, e a \u00faltima op\u00e7\u00e3o n\u00e3o encripta os dados, e obviamente n\u00e3o \u00e9 recomendada, e o resto das op\u00e7\u00f5es n\u00e3o ser\u00e3o necess\u00e1rias nesse momento, podem ficar com as op\u00e7\u00f5es padr\u00e3o.<\/p>\n<p>Depois de terminar a configura\u00e7\u00e3o clique no bot\u00e3o <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2132\" aria-describedby=\"caption-attachment-2132\" style=\"width: 1697px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2132\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/218-Configuracao-IPsec-Terminada-no-OPNsense.png\" alt=\"Configura\u00e7\u00e3o IPsec Terminada no OPNsense\" width=\"1697\" height=\"992\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/218-Configuracao-IPsec-Terminada-no-OPNsense.png 1697w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/218-Configuracao-IPsec-Terminada-no-OPNsense-512x299.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/218-Configuracao-IPsec-Terminada-no-OPNsense-768x449.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/218-Configuracao-IPsec-Terminada-no-OPNsense-1536x898.png 1536w\" sizes=\"auto, (max-width: 1697px) 100vw, 1697px\" \/><figcaption id=\"caption-attachment-2132\" class=\"wp-caption-text\">Configura\u00e7\u00e3o IPsec Terminada no OPNsense<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos as configura\u00e7\u00f5es do t\u00fanel feitas no OPNsense, para que o t\u00fanel esteja ativo e pronto a receber liga\u00e7\u00f5es, selecione a op\u00e7\u00e3o <em>Enable IPsec<\/em> e clique em <em>Apply changes<\/em>, o \u00faltimo passo \u00e9 criar uma regra no firewall para permitir o tr\u00e1fego atrav\u00e9s dessa liga\u00e7\u00e3o.<\/p>\n<figure id=\"attachment_2133\" aria-describedby=\"caption-attachment-2133\" style=\"width: 1696px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2133\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/219-Firewall-Rules-IPsec.png\" alt=\"Firewall - Rules - IPsec\" width=\"1696\" height=\"992\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/219-Firewall-Rules-IPsec.png 1696w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/219-Firewall-Rules-IPsec-512x299.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/219-Firewall-Rules-IPsec-768x449.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/219-Firewall-Rules-IPsec-1536x898.png 1536w\" sizes=\"auto, (max-width: 1696px) 100vw, 1696px\" \/><figcaption id=\"caption-attachment-2133\" class=\"wp-caption-text\">Firewall &#8211; Rules &#8211; IPsec<\/figcaption><\/figure>\n<p>Clique em <strong>Firewall -&gt; Rules -&gt; IPsec<\/strong>.<\/p>\n<p>Aqui iremos criar uma regra para essa nova interface, da mesma maneira que foi feita anteriormente, clique no \u00edcone laranja com um \u2795 que est\u00e1 do lado direito.<\/p>\n<figure id=\"attachment_2134\" aria-describedby=\"caption-attachment-2134\" style=\"width: 1696px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2134\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/220-Regra-no-Firewall-Para-Permitir-Trafego-Pelo-Tunel-IPsec.png\" alt=\"Regra no Firewall Para Permitir Tr\u00e1fego Pelo T\u00fanel IPsec\" width=\"1696\" height=\"862\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/220-Regra-no-Firewall-Para-Permitir-Trafego-Pelo-Tunel-IPsec.png 1696w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/220-Regra-no-Firewall-Para-Permitir-Trafego-Pelo-Tunel-IPsec-512x260.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/220-Regra-no-Firewall-Para-Permitir-Trafego-Pelo-Tunel-IPsec-768x390.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/220-Regra-no-Firewall-Para-Permitir-Trafego-Pelo-Tunel-IPsec-1536x781.png 1536w\" sizes=\"auto, (max-width: 1696px) 100vw, 1696px\" \/><figcaption id=\"caption-attachment-2134\" class=\"wp-caption-text\">Regra no Firewall Para Permitir Tr\u00e1fego Pelo T\u00fanel IPsec<\/figcaption><\/figure>\n<p>Caso preciso de uma regra mais espec\u00edfica, pode a configurar de acordo com as suas necessidades, nesse caso, apenas para demonstrar a funcionalidade, foi criada uma regra que permite todo o tr\u00e1fego.<\/p>\n<p>Agora \u00e9 preciso replicar essas configura\u00e7\u00f5es no pfSense.<\/p>\n<figure id=\"attachment_2135\" aria-describedby=\"caption-attachment-2135\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2135\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/221-VPN-IPsec.png\" alt=\"VPN - IPsec\" width=\"1095\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/221-VPN-IPsec.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/221-VPN-IPsec-512x266.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/221-VPN-IPsec-768x398.png 768w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2135\" class=\"wp-caption-text\">VPN &#8211; IPsec<\/figcaption><\/figure>\n<p>No pfSense, clique em <strong>VPN -&gt; IPsec<\/strong>.<\/p>\n<figure id=\"attachment_2136\" aria-describedby=\"caption-attachment-2136\" style=\"width: 1112px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2136\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/222-IPsec-Tunnels.png\" alt=\"IPsec Tunnels\" width=\"1112\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/222-IPsec-Tunnels.png 1112w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/222-IPsec-Tunnels-512x262.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/222-IPsec-Tunnels-768x392.png 768w\" sizes=\"auto, (max-width: 1112px) 100vw, 1112px\" \/><figcaption id=\"caption-attachment-2136\" class=\"wp-caption-text\">IPsec Tunnels<\/figcaption><\/figure>\n<p>Aqui podemos criar as VPNs IPsec, e ver as j\u00e1 existentes.<\/p>\n<p>Para criar um novo t\u00fanel clique em <em>Add P1<\/em>.<\/p>\n<figure id=\"attachment_2137\" aria-describedby=\"caption-attachment-2137\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2137\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/223-IPsec-Phase-1.png\" alt=\"IPsec Phase 1\" width=\"1095\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/223-IPsec-Phase-1.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/223-IPsec-Phase-1-512x266.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/223-IPsec-Phase-1-768x398.png 768w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2137\" class=\"wp-caption-text\">IPsec Phase 1<\/figcaption><\/figure>\n<p>As op\u00e7\u00f5es aqui s\u00e3o muito similares \u00e0s que encontramos no OPNsense, mas com algumas diferen\u00e7as na maneira como s\u00e3o apresentadas.<\/p>\n<figure id=\"attachment_2138\" aria-describedby=\"caption-attachment-2138\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2138\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/224-Configuracoes-IPsec-Phase-1.png\" alt=\"Configura\u00e7\u00f5es IPsec Phase 1\" width=\"1095\" height=\"2792\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/224-Configuracoes-IPsec-Phase-1.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/224-Configuracoes-IPsec-Phase-1-201x512.png 201w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/224-Configuracoes-IPsec-Phase-1-863x2200.png 863w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/224-Configuracoes-IPsec-Phase-1-768x1958.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/224-Configuracoes-IPsec-Phase-1-602x1536.png 602w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/224-Configuracoes-IPsec-Phase-1-803x2048.png 803w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2138\" class=\"wp-caption-text\">Configura\u00e7\u00f5es IPsec Phase 1<\/figcaption><\/figure>\n<p>Em <em>Description<\/em> d\u00ea uma descri\u00e7\u00e3o adequada \u00e0 liga\u00e7\u00e3o, como foi feito no OPNsense.<\/p>\n<p>Na se\u00e7\u00e3o <em>IKE Endpoint Configuration<\/em> temos uma diferen\u00e7a em rela\u00e7\u00e3o ao OPNsense, l\u00e1, em <em>Key Exchange Version<\/em>, tinhamos as op\u00e7\u00f5es <em>V1 <\/em> e <em>V2<\/em>, por exemplo, fazendo mencionando apenas a vers\u00e3o do protocolo, aqui temos o seu nome completo, <em>IKEv1<\/em>\u00a0e <em>IKEv2<\/em>, como selecionamos <em>V2<\/em> no OPNsense, iremos selecionar a op\u00e7\u00e3o <em>IKEv2<\/em> aqui no pfSense, o resto das op\u00e7\u00f5es s\u00e3o iguais, com a \u00fanica diferen\u00e7a no <em>Remote Gateway<\/em>, que aqui obviamente ir\u00e1 apontar para o IP externo do OPNsense.<\/p>\n<p>Da mesma maneira que foi configurada no OPNsense, em <em>Phase 1 Proposal (Authentication)<\/em>, iremos usar as op\u00e7\u00f5es <em>Mutual PSK<\/em>, <em>My IP address<\/em>, <em>Peer IP address<\/em> e em <em>Pre-Shared Key<\/em>, a senha que foi usada no OPNsense.<\/p>\n<p>Em <em>Phase 1 Propostal (Encryption Algorithm)<\/em> \u00e9 preciso selecionar o mesmo algor\u00edtimo que foi selecionado no OPNsense, tenha apenas aten\u00e7\u00e3o que aqui essa configura\u00e7\u00e3o \u00e9 apresentada de maneira diferente. Como foi selecionado no OPNsense, selecione <em>AES256-GCM<\/em>, <em>128 bits<\/em>, <em>SHA256<\/em> e por \u00faltimo, <em>14 (2048 bit)<\/em>.<\/p>\n<p>O resto das configura\u00e7\u00f5es pode ficar com as op\u00e7\u00f5es padr\u00e3o, depois de terminar a configura\u00e7\u00e3o clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2140\" aria-describedby=\"caption-attachment-2140\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2140\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/225-Primeira-Fase-Criada.png\" alt=\"Primeira Fase Criada\" width=\"1095\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/225-Primeira-Fase-Criada.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/225-Primeira-Fase-Criada-512x266.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/225-Primeira-Fase-Criada-768x398.png 768w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2140\" class=\"wp-caption-text\">Primeira Fase Criada<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos a primeira fase criada, agora iremos criar a segunda fase, para isso clique no bot\u00e3o <em>Show Phase 2 Entries<\/em>.<\/p>\n<figure id=\"attachment_2141\" aria-describedby=\"caption-attachment-2141\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2141\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/226-Adicionar-Segunda-Fase.png\" alt=\"Adicionar Segunda Fase\" width=\"1095\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/226-Adicionar-Segunda-Fase.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/226-Adicionar-Segunda-Fase-512x266.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/226-Adicionar-Segunda-Fase-768x398.png 768w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2141\" class=\"wp-caption-text\">Adicionar Segunda Fase<\/figcaption><\/figure>\n<p>Para criar a segunda fase clique no bot\u00e3o <em>Add P2<\/em>.<\/p>\n<figure id=\"attachment_2142\" aria-describedby=\"caption-attachment-2142\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2142\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/227-Edit-Phase-2.png\" alt=\"Edit Phase 2\" width=\"1095\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/227-Edit-Phase-2.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/227-Edit-Phase-2-512x266.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/227-Edit-Phase-2-768x398.png 768w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2142\" class=\"wp-caption-text\">Edit Phase 2<\/figcaption><\/figure>\n<p>Aqui a configura\u00e7\u00e3o dever\u00e1, novamente, seguir a que foi feita anteriormente no OPNsense.<\/p>\n<figure id=\"attachment_2143\" aria-describedby=\"caption-attachment-2143\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2143\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/228-Configuracoes-da-Segunda-Fase.png\" alt=\"Configura\u00e7\u00f5es da Segunda Fase\" width=\"1095\" height=\"2128\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/228-Configuracoes-da-Segunda-Fase.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/228-Configuracoes-da-Segunda-Fase-263x512.png 263w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/228-Configuracoes-da-Segunda-Fase-768x1493.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/228-Configuracoes-da-Segunda-Fase-790x1536.png 790w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/228-Configuracoes-da-Segunda-Fase-1054x2048.png 1054w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2143\" class=\"wp-caption-text\">Configura\u00e7\u00f5es da Segunda Fase<\/figcaption><\/figure>\n<p>Em <em>Description<\/em> d\u00ea uma descri\u00e7\u00e3o adequada, e em <em>Mode<\/em>, certifique-se de <em>Tunnel IPv4<\/em> est\u00e1 selecionado, como est\u00e1 no OPNsense.<\/p>\n<p>Desse lado, a rede que ser\u00e1 ligada ser\u00e1 a Green, por isso, em <em>Local Network<\/em>, selecione <em>GREEN subnet<\/em>, e em <em>Remote Network<\/em> coloque o endere\u00e7o da rede remota, que no caso do OPNsense \u00e9 a sua rede Green, com o endere\u00e7o <span style=\"font-family: andale mono, monospace;\">10.25.170.0\/24<\/span>.<\/p>\n<p>Na se\u00e7\u00e3o <em>Phase 2 Proposal (SA\/Key Exchange)<\/em> \u00e9 preciso selecionar o mesmo protocolo e algor\u00edtimos que foram selecionados no OPNsense, por isso em <em>Protocol<\/em> selecione a op\u00e7\u00e3o <em>ESP<\/em> e em <em>Encryption Algorithms<\/em> selecione apenas a op\u00e7\u00e3o <em>AES256-GCM<\/em> de 128 bits, como foi feito no OPNsense, caso seja preciso mais algor\u00edtimos para acomodar outros <em>endpoints<\/em> com configura\u00e7\u00f5es diferentes, pode selecionar os algor\u00edtimos e configura\u00e7\u00f5es relevantes.<\/p>\n<p>Como o \u00fanico algor\u00edtimo que selecionamos foi o <em>AES256-GCM<\/em>, n\u00e3o s\u00f3 n\u00e3o \u00e9 preciso selecionar um <em>Hash Algorithm<\/em>, como essas op\u00e7\u00f5es est\u00e3o desativadas.<\/p>\n<p>N\u00e3o \u00e9 preciso fazer nenhuma altera\u00e7\u00e3o nas configura\u00e7\u00f5es seguintes, clique em <em>Save<\/em> para salvar essas configura\u00e7\u00f5es.<\/p>\n<figure id=\"attachment_2144\" aria-describedby=\"caption-attachment-2144\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2144\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/229-Tunel-IPsec-Configurado-no-pfSense.png\" alt=\"T\u00fanel IPsec Configurado no pfSense\" width=\"1095\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/229-Tunel-IPsec-Configurado-no-pfSense.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/229-Tunel-IPsec-Configurado-no-pfSense-512x266.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/229-Tunel-IPsec-Configurado-no-pfSense-768x398.png 768w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2144\" class=\"wp-caption-text\">T\u00fanel IPsec Configurado no pfSense<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos o t\u00fanel IPsec configurado no pfSense, e como foi feito no OPNsense, aqui tamb\u00e9m ser\u00e1 preciso criar uma regra no firewall para permitir o tr\u00e1fego atrav\u00e9s dessa conex\u00e3o, por isso v\u00e1 at\u00e9 as regras do firewall para a liga\u00e7\u00e3o IPsec, da mesma maneira que foi feito para as outras regras que foram criadas.<\/p>\n<figure id=\"attachment_2145\" aria-describedby=\"caption-attachment-2145\" style=\"width: 1112px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2145\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/230-Regra-do-Firewall-Para-o-Tunel-IPsec.png\" alt=\"Regra do Firewall Para o T\u00fanel IPsec\" width=\"1112\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/230-Regra-do-Firewall-Para-o-Tunel-IPsec.png 1112w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/230-Regra-do-Firewall-Para-o-Tunel-IPsec-512x262.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/230-Regra-do-Firewall-Para-o-Tunel-IPsec-768x392.png 768w\" sizes=\"auto, (max-width: 1112px) 100vw, 1112px\" \/><figcaption id=\"caption-attachment-2145\" class=\"wp-caption-text\">Regra do Firewall Para o T\u00fanel IPsec<\/figcaption><\/figure>\n<p>Novamente, caso seja preciso alguma configura\u00e7\u00e3o espec\u00edfica, pode o fazer da mesma maneira como qualquer outra regra, aqui foi criada apenas uma regra que permite todo o tipo de tr\u00e1fego apenas para demonstrar a liga\u00e7\u00e3o.<\/p>\n<figure id=\"attachment_2146\" aria-describedby=\"caption-attachment-2146\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2146\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/231-Status-IPsec.png\" alt=\"Status - IPsec\" width=\"1095\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/231-Status-IPsec.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/231-Status-IPsec-512x266.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/231-Status-IPsec-768x398.png 768w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2146\" class=\"wp-caption-text\">Status &#8211; IPsec<\/figcaption><\/figure>\n<p>Com isso j\u00e1 podemos verificar o estado do t\u00fanel, para isso clique em\u00a0 <strong>Status -&gt; IPsec.<\/strong><\/p>\n<figure id=\"attachment_2147\" aria-describedby=\"caption-attachment-2147\" style=\"width: 1112px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2147\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/232-Ligacao-Estabelecida.png\" alt=\"Liga\u00e7\u00e3o Estabelecida\" width=\"1112\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/232-Ligacao-Estabelecida.png 1112w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/232-Ligacao-Estabelecida-512x262.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/232-Ligacao-Estabelecida-768x392.png 768w\" sizes=\"auto, (max-width: 1112px) 100vw, 1112px\" \/><figcaption id=\"caption-attachment-2147\" class=\"wp-caption-text\">Liga\u00e7\u00e3o Estabelecida<\/figcaption><\/figure>\n<p>E aqui podemos ver que a liga\u00e7\u00e3o foi estabelecida com sucesso.<\/p>\n<figure id=\"attachment_2148\" aria-describedby=\"caption-attachment-2148\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2148\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/233-Ligacao-Estabelecida-Com-Sucesso-Pelo-Cliente.png\" alt=\"Liga\u00e7\u00e3o Estabelecida Com Sucesso Pelo Cliente\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/233-Ligacao-Estabelecida-Com-Sucesso-Pelo-Cliente.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/233-Ligacao-Estabelecida-Com-Sucesso-Pelo-Cliente-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/233-Ligacao-Estabelecida-Com-Sucesso-Pelo-Cliente-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/233-Ligacao-Estabelecida-Com-Sucesso-Pelo-Cliente-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2148\" class=\"wp-caption-text\">Liga\u00e7\u00e3o Estabelecida Com Sucesso Pelo Cliente<\/figcaption><\/figure>\n<p>Na imagem acima podemos ver um cliente ligado \u00e0 rede Green do OPNsense acessando uma partilha de rede no Windows Server que est\u00e1 na rede Green do pfSense.<\/p>\n<h3>VPN OpenVPN Entre OPNsense e pfSense<\/h3>\n<p>Agora iremos criar uma VPN utilizando o OpenVPN, para isso ser\u00e1 preciso primeiro desligar a liga\u00e7\u00e3o atrav\u00e9s de IPsec.<\/p>\n<figure id=\"attachment_2150\" aria-describedby=\"caption-attachment-2150\" style=\"width: 1468px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2150\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/234-Desligar-Tunel-IPsec.png\" alt=\"Desligar T\u00fanel IPsec\" width=\"1468\" height=\"806\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/234-Desligar-Tunel-IPsec.png 1468w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/234-Desligar-Tunel-IPsec-512x281.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/234-Desligar-Tunel-IPsec-768x422.png 768w\" sizes=\"auto, (max-width: 1468px) 100vw, 1468px\" \/><figcaption id=\"caption-attachment-2150\" class=\"wp-caption-text\">Desligar T\u00fanel IPsec<\/figcaption><\/figure>\n<p>Para desligar esse t\u00fanel \u00e9 s\u00f3 desselecionar a op\u00e7\u00e3o <em>Enable IPsec<\/em> e clicar em <em>Apply changes<\/em>.<\/p>\n<p>Com isso j\u00e1 podemos inicar a configura\u00e7\u00e3o da VPN OpenVPN.<\/p>\n<figure id=\"attachment_2152\" aria-describedby=\"caption-attachment-2152\" style=\"width: 1132px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2152\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/235-VPN-OpenVPN-Servers.png\" alt=\"VPN - OpenVPN - Servers\" width=\"1132\" height=\"598\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/235-VPN-OpenVPN-Servers.png 1132w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/235-VPN-OpenVPN-Servers-512x270.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/235-VPN-OpenVPN-Servers-768x406.png 768w\" sizes=\"auto, (max-width: 1132px) 100vw, 1132px\" \/><figcaption id=\"caption-attachment-2152\" class=\"wp-caption-text\">VPN &#8211; OpenVPN &#8211; Servers<\/figcaption><\/figure>\n<p>Em um t\u00fanel IPsec s\u00e3o configurados os <em>endpoints<\/em> para que possam estabelecer uma liga\u00e7\u00e3o entre si, no caso de uma liga\u00e7\u00e3o OpenVPN, \u00e9 preciso configurar um Servidor e um Cliente, qualquer um dos roteadores pode fazer o papel de Cliente ou Servidor, aqui o OPNsense ser\u00e1 configurado como Servidor e o pfSense como cliente.<\/p>\n<p>Iremos iniciar a configura\u00e7\u00e3o pelo OPNsense, para isso clique em <strong>VPN -&gt;\u00a0 OpenVPN -&gt; Servers<\/strong>.<\/p>\n<p>Agora iremos configurar o Servidor, para isso clique no \u00edcone laranja com um \u2795 que est\u00e1 do lado direito.<\/p>\n<figure id=\"attachment_2201\" aria-describedby=\"caption-attachment-2201\" style=\"width: 1115px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2201\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/236-OpenVPN-Servers.png\" alt=\"OpenVPN Servers\" width=\"1115\" height=\"598\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/236-OpenVPN-Servers.png 1115w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/236-OpenVPN-Servers-512x275.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/236-OpenVPN-Servers-768x412.png 768w\" sizes=\"auto, (max-width: 1115px) 100vw, 1115px\" \/><figcaption id=\"caption-attachment-2201\" class=\"wp-caption-text\">OpenVPN Servers<\/figcaption><\/figure>\n<p>Nessa p\u00e1gina ser\u00e1 configurado o servidor.<\/p>\n<figure id=\"attachment_2204\" aria-describedby=\"caption-attachment-2204\" style=\"width: 1343px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2204\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/237-OpenVPN-Configuracao-do-Servidor.png\" alt=\"OpenVPN - Configura\u00e7\u00e3o do Servidor\" width=\"1343\" height=\"3628\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/237-OpenVPN-Configuracao-do-Servidor.png 1343w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/237-OpenVPN-Configuracao-do-Servidor-190x512.png 190w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/237-OpenVPN-Configuracao-do-Servidor-814x2200.png 814w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/237-OpenVPN-Configuracao-do-Servidor-768x2075.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/237-OpenVPN-Configuracao-do-Servidor-569x1536.png 569w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/237-OpenVPN-Configuracao-do-Servidor-758x2048.png 758w\" sizes=\"auto, (max-width: 1343px) 100vw, 1343px\" \/><figcaption id=\"caption-attachment-2204\" class=\"wp-caption-text\">OpenVPN &#8211; Configura\u00e7\u00e3o do Servidor<\/figcaption><\/figure>\n<p>A configura\u00e7\u00e3o aqui ser\u00e1 relativamente simples, ser\u00e1 preciso dar uma descri\u00e7\u00e3o para o servidor, selecionar a interface, certificados, algor\u00edtmos de <em>hashing<\/em> e endere\u00e7os das redes a serem conectadas e a rede utilizada para fazer essa liga\u00e7\u00e3o.<\/p>\n<p>Em <em>Description<\/em> d\u00ea uma descri\u00e7\u00e3o adequada a esse servidor OpenVPN, em <em>Interface<\/em> selecione <em>WAN<\/em>, j\u00e1 que o servidor ir\u00e1 receber a conex\u00e3o remota atrav\u00e9s dessa interface, a porta pode ficar a que est\u00e1.<\/p>\n<p>Em <em>Cryptographic Settings<\/em>, podemos deixar a maior parte dos campos com as configura\u00e7\u00f5es padr\u00e3o, devemos apenas alterar a op\u00e7\u00e3o <em>Auth Digest Algorithm<\/em> para <em>SHA256<\/em> ou melhor, por quest\u00f5es de seguran\u00e7a.<\/p>\n<p>Em <em>IPv4 Tunnel Network<\/em> coloque o endere\u00e7o de uma rede que n\u00e3o esteja a ser utilizada pelo firewall e nem pelos clientes remotos, para evitar conflitos, o n\u00famero de IPs dispon\u00edveis para hosts vai depender de quantos clientes ir\u00e3o se ligar a esse servidor, aqui, como n\u00e3o teremos muitos clientes, apenas 3 bits ser\u00e3o suficientes.<\/p>\n<p>Em <em>IPv4 Local Network<\/em> coloque o endere\u00e7o da rede local que deseja expor \u00e0 VPN, e em <em>IPv4 Remote Network<\/em> o endere\u00e7o da rede remota que ser\u00e1 ligada \u00e0 rede local.<\/p>\n<p>Com isso a configura\u00e7\u00e3o est\u00e1 completa.<\/p>\n<figure id=\"attachment_2206\" aria-describedby=\"caption-attachment-2206\" style=\"width: 1390px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2206\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/238-Servidor-Criado.png\" alt=\"Servidor Criado\" width=\"1390\" height=\"782\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/238-Servidor-Criado.png 1390w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/238-Servidor-Criado-512x288.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/238-Servidor-Criado-768x432.png 768w\" sizes=\"auto, (max-width: 1390px) 100vw, 1390px\" \/><figcaption id=\"caption-attachment-2206\" class=\"wp-caption-text\">Servidor Criado<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos o servidor configurado, agora precisamos apenas de mais um passo desse lado, copiar a chave TLS que iremos utilizar no cliente que ir\u00e1 se conectar, para isso clique no bot\u00e3o com um \u00edcone de um l\u00e1pis, do lado direito.<\/p>\n<figure id=\"attachment_2207\" aria-describedby=\"caption-attachment-2207\" style=\"width: 1368px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2207\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/239-TLS-Shared-Key.png\" alt=\"TLS Shared Key\" width=\"1368\" height=\"782\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/239-TLS-Shared-Key.png 1368w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/239-TLS-Shared-Key-512x293.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/239-TLS-Shared-Key-768x439.png 768w\" sizes=\"auto, (max-width: 1368px) 100vw, 1368px\" \/><figcaption id=\"caption-attachment-2207\" class=\"wp-caption-text\">TLS Shared Key<\/figcaption><\/figure>\n<p>Iremos precisar da chave no campo <em>TLS Shared Key<\/em>.<\/p>\n<p>Com o servidor configurado e a chave identificada, \u00e9 preciso criar uma regra no firewall para permitir a conex\u00e3o atrav\u00e9s da interface <em>WAN<\/em>.<\/p>\n<figure id=\"attachment_2208\" aria-describedby=\"caption-attachment-2208\" style=\"width: 1368px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2208\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/240-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN.png\" alt=\"Regra na Interface WAN para permitir a liga\u00e7\u00e3o VPN\" width=\"1368\" height=\"782\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/240-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN.png 1368w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/240-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN-512x293.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/240-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN-768x439.png 768w\" sizes=\"auto, (max-width: 1368px) 100vw, 1368px\" \/><figcaption id=\"caption-attachment-2208\" class=\"wp-caption-text\">Regra na Interface WAN para permitir a liga\u00e7\u00e3o VPN<\/figcaption><\/figure>\n<p>Ser\u00e1 preciso criar uma regra permitindo a liga\u00e7\u00e3o de clientes remotos atrav\u00e9s da interface WAN.<\/p>\n<figure id=\"attachment_2209\" aria-describedby=\"caption-attachment-2209\" style=\"width: 1095px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2209\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/241-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN.png\" alt=\"Regra na Interface WAN para permitir a liga\u00e7\u00e3o VPN\" width=\"1095\" height=\"2247\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/241-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN.png 1095w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/241-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN-250x512.png 250w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/241-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN-1072x2200.png 1072w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/241-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN-768x1576.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/241-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN-749x1536.png 749w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/241-Regra-na-Interface-WAN-para-permitir-a-ligacao-VPN-998x2048.png 998w\" sizes=\"auto, (max-width: 1095px) 100vw, 1095px\" \/><figcaption id=\"caption-attachment-2209\" class=\"wp-caption-text\">Regra na Interface WAN para permitir a liga\u00e7\u00e3o VPN<\/figcaption><\/figure>\n<p>Essa regram \u00e9 simples, ela ser\u00e1 aplicada \u00e0 interface <em>WAN<\/em> e a dire\u00e7\u00e3o \u00e9 <em>in<\/em>, j\u00e1 que ir\u00e1 servir para aceitar liga\u00e7\u00f5es externas, o protocolo \u00e9 <em>UDP<\/em>, que \u00e9 o que foi configurado no servidor OpenVPN.<\/p>\n<p>Em <em>Source<\/em> temos algumas op\u00e7\u00f5es diferentes, podemos restringir a um \u00fanico endere\u00e7o de IP ou permitir a liga\u00e7\u00e3o \u00e0 partir de qualquer IP, sendo uma liga\u00e7\u00e3o <em>site-to-site<\/em>, o ideal \u00e9 restringir apenas a um \u00fanico IP, mas para facilitar, ficara como <em>any<\/em>, permitindo liga\u00e7\u00f5es de qualquer endere\u00e7o.<\/p>\n<p>Em <em>Destination<\/em> coloque <em>WAN address<\/em>, e em <em>Destination port<\/em> range, selecione <em>OpenVPN<\/em>.<\/p>\n<p>D\u00ea uma descri\u00e7\u00e3o para a regra e depois clique em <em>Save<\/em>, e aplique a regra.<\/p>\n<p>Com isso podemos iniciar a configura\u00e7\u00e3o no pfSense.<\/p>\n<figure id=\"attachment_2210\" aria-describedby=\"caption-attachment-2210\" style=\"width: 1501px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2210\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/242-pfSense-OpenVPN.png\" alt=\"pfSense - OpenVPN\" width=\"1501\" height=\"851\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/242-pfSense-OpenVPN.png 1501w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/242-pfSense-OpenVPN-512x290.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/242-pfSense-OpenVPN-768x435.png 768w\" sizes=\"auto, (max-width: 1501px) 100vw, 1501px\" \/><figcaption id=\"caption-attachment-2210\" class=\"wp-caption-text\">pfSense &#8211; OpenVPN<\/figcaption><\/figure>\n<p>No pfSense clique em\u00a0<strong>VPN -&gt; OpenVPN<\/strong>.<\/p>\n<figure id=\"attachment_2211\" aria-describedby=\"caption-attachment-2211\" style=\"width: 1522px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2211\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/243-OpenVPN-Clients.png\" alt=\"OpenVPN - Clients\" width=\"1522\" height=\"851\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/243-OpenVPN-Clients.png 1522w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/243-OpenVPN-Clients-512x286.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/243-OpenVPN-Clients-768x429.png 768w\" sizes=\"auto, (max-width: 1522px) 100vw, 1522px\" \/><figcaption id=\"caption-attachment-2211\" class=\"wp-caption-text\">OpenVPN &#8211; Clients<\/figcaption><\/figure>\n<p>Na aba <em>Clients<\/em> clique no bot\u00e3o <em>Add<\/em>.<\/p>\n<figure id=\"attachment_2212\" aria-describedby=\"caption-attachment-2212\" style=\"width: 1201px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2212\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/244-Configuracao-do-cliente-OpenVPN.png\" alt=\"Configura\u00e7\u00e3o do cliente OpenVPN\" width=\"1201\" height=\"3970\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/244-Configuracao-do-cliente-OpenVPN.png 1201w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/244-Configuracao-do-cliente-OpenVPN-155x512.png 155w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/244-Configuracao-do-cliente-OpenVPN-768x2539.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/244-Configuracao-do-cliente-OpenVPN-465x1536.png 465w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/244-Configuracao-do-cliente-OpenVPN-620x2048.png 620w\" sizes=\"auto, (max-width: 1201px) 100vw, 1201px\" \/><figcaption id=\"caption-attachment-2212\" class=\"wp-caption-text\">Configura\u00e7\u00e3o do cliente OpenVPN<\/figcaption><\/figure>\n<p>Em <em>Description<\/em> d\u00ea um nome adequado \u00e0 liga\u00e7\u00e3o, abaixo, em <em>Server mode<\/em>, selecione <em>Peer to Peer (Shared Key)<\/em>, como foi configurado no OPNsense, mais adiante iremos utilizar a chave gerada pelo OPNsense.<\/p>\n<p>Em <em>Server host or address<\/em> coloque o IP externo do OPNsense, que nesse caso \u00e9 <span style=\"font-family: andale mono, monospace;\">10.155.170.2<\/span>, o resto nessa se\u00e7\u00e3o pode ficar como est\u00e1.<\/p>\n<p>Em <em>Cryptographic Settings<\/em> \u00e9 preciso configurar da mesma maneira que est\u00e1 configurado o servidor no OPNsense.<\/p>\n<p>Desselecione a op\u00e7\u00e3o <em>Auto generate e n<\/em>o campo <em>Shared Key<\/em> que ir\u00e1 aparecer logo abaixo coloque a chave gerada pelo OPNsense.<\/p>\n<p>Em <em>Data Encryption Algorithms<\/em> \u00e9 preciso selecionar a op\u00e7\u00e3o que foi configurada no OPNsense, n\u00e3o \u00e9 preciso selecionar outros algor\u00edtmos, apenas o que o servidor ir\u00e1 utilizar, que nesse caso \u00e9 <span style=\"font-family: andale mono, monospace;\">AES-128-CBC (128 bit key, 128 bit block)<\/span>, e em <em>Fallback Data Encryption Algorithm<\/em> pode selecionar o mesmo, n\u00e3o far\u00e1 diferen\u00e7a, j\u00e1 que o servidor est\u00e1 configurado para utilizar um \u00fanico algor\u00edtmo, e esse cliente ir\u00e1 se conectar exclusivamente ao OPNsense, por isso n\u00e3o \u00e9 preciso suportar algor\u00edtmos diferentes.<\/p>\n<p>Em <em>Auth digest algorithm<\/em> selecione o mesmo que foi selecionado no OPNsense, que nesse caso \u00e9 o <span style=\"font-family: andale mono, monospace;\">SHA256<\/span>.<\/p>\n<p>Em <em>Tunnel Settings<\/em> ser\u00e1 preciso configurar apenas dois campos, <em>IPv4 Tunnel Network<\/em>, com a mesma rede que foi configurada no OPNsense, e <em>IPv4 Remote network(s)<\/em>, que ser\u00e1 o endere\u00e7o da rede do OPNsense que ficar\u00e1 acess\u00edvel atrav\u00e9s da VPN, que aqui ser\u00e1 a rede <span style=\"font-family: andale mono, monospace;\">10.53.170.0\/24.<\/span><\/p>\n<p>A \u00faltima op\u00e7\u00e3o a ser configurada ser\u00e1 <em>Gateway creation<\/em>, que deve ser alterada de <em>Both<\/em> para <em>IPv4 only<\/em>, depois disso clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2213\" aria-describedby=\"caption-attachment-2213\" style=\"width: 1522px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2213\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/245-Cliente-OpenVPN-configurado-no-pfSense.png\" alt=\"Cliente OpenVPN configurado no pfSense\" width=\"1522\" height=\"912\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/245-Cliente-OpenVPN-configurado-no-pfSense.png 1522w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/245-Cliente-OpenVPN-configurado-no-pfSense-512x307.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/245-Cliente-OpenVPN-configurado-no-pfSense-768x460.png 768w\" sizes=\"auto, (max-width: 1522px) 100vw, 1522px\" \/><figcaption id=\"caption-attachment-2213\" class=\"wp-caption-text\">Cliente OpenVPN configurado no pfSense<\/figcaption><\/figure>\n<p>E com isso j\u00e1 temos o cliente configurado, agora ser\u00e1 preciso voltar ao OPNsense.<\/p>\n<figure id=\"attachment_2214\" aria-describedby=\"caption-attachment-2214\" style=\"width: 1542px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2214\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/246-OPNsense-Iniciar-o-servico-OpenVPN.png\" alt=\"OPNsense - Iniciar o servi\u00e7o OpenVPN\" width=\"1542\" height=\"787\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/246-OPNsense-Iniciar-o-servico-OpenVPN.png 1542w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/246-OPNsense-Iniciar-o-servico-OpenVPN-512x261.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/246-OPNsense-Iniciar-o-servico-OpenVPN-768x392.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/246-OPNsense-Iniciar-o-servico-OpenVPN-1536x784.png 1536w\" sizes=\"auto, (max-width: 1542px) 100vw, 1542px\" \/><figcaption id=\"caption-attachment-2214\" class=\"wp-caption-text\">OPNsense &#8211; Iniciar o servi\u00e7o OpenVPN<\/figcaption><\/figure>\n<p>Na <em>Dashboard<\/em> do OPNsense, em <em>Services<\/em>, podemos ver que o servi\u00e7o <em>openvpn<\/em> n\u00e3o est\u00e1 ativo, clique no bot\u00e3o <em>play<\/em> para o iniciar, depois disso ser\u00e1 preciso criar uma regra no firewall para permitir o tr\u00e1fego atrav\u00e9s dessa liga\u00e7\u00e3o.<\/p>\n<figure id=\"attachment_2215\" aria-describedby=\"caption-attachment-2215\" style=\"width: 1563px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2215\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/247-Criar-regra-para-a-interface-OpenVPN.png\" alt=\"Criar regra para a interface OpenVPN\" width=\"1563\" height=\"787\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/247-Criar-regra-para-a-interface-OpenVPN.png 1563w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/247-Criar-regra-para-a-interface-OpenVPN-512x258.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/247-Criar-regra-para-a-interface-OpenVPN-768x387.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/247-Criar-regra-para-a-interface-OpenVPN-1536x773.png 1536w\" sizes=\"auto, (max-width: 1563px) 100vw, 1563px\" \/><figcaption id=\"caption-attachment-2215\" class=\"wp-caption-text\">Criar regra para a interface OpenVPN<\/figcaption><\/figure>\n<p>As regras para essa interface funcionam da mesma maneira que as regras criadas anteriormente, caso seja necess\u00e1rio pode criar regras para permitir apenas o m\u00ednimo necess\u00e1rio, nesse caso, para facilitar o processo, foi\u00a0 criada uma regra que permite qualquer tipo de tr\u00e1fego.<\/p>\n<figure id=\"attachment_2216\" aria-describedby=\"caption-attachment-2216\" style=\"width: 1362px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2216\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/248-pfSense-OpenVPN-conectado.png\" alt=\"pfSense - OpenVPN conectado\" width=\"1362\" height=\"887\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/248-pfSense-OpenVPN-conectado.png 1362w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/248-pfSense-OpenVPN-conectado-512x333.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/248-pfSense-OpenVPN-conectado-768x500.png 768w\" sizes=\"auto, (max-width: 1362px) 100vw, 1362px\" \/><figcaption id=\"caption-attachment-2216\" class=\"wp-caption-text\">pfSense &#8211; OpenVPN conectado<\/figcaption><\/figure>\n<p>Na imagem acima podemos ver que o t\u00fanel OpenVPN est\u00e1 conectado com sucesso, enquanto o t\u00fanel IPsec est\u00e1 desligado.<\/p>\n<p>Da mesma maneira que foi feito para a liga\u00e7\u00e3o IPsec, ser\u00e1 preciso criar uma regra no pfSense para permitir o tr\u00e1fego atrav\u00e9s to t\u00fanel OpenVPN.<\/p>\n<figure id=\"attachment_2217\" aria-describedby=\"caption-attachment-2217\" style=\"width: 1383px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2217\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/249-Regra-no-firewall-para-a-ligacao-OpenVPN.png\" alt=\"Regra no firewall para a liga\u00e7\u00e3o OpenVPN\" width=\"1383\" height=\"862\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/249-Regra-no-firewall-para-a-ligacao-OpenVPN.png 1383w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/249-Regra-no-firewall-para-a-ligacao-OpenVPN-512x319.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/249-Regra-no-firewall-para-a-ligacao-OpenVPN-768x479.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/249-Regra-no-firewall-para-a-ligacao-OpenVPN-800x500.png 800w\" sizes=\"auto, (max-width: 1383px) 100vw, 1383px\" \/><figcaption id=\"caption-attachment-2217\" class=\"wp-caption-text\">Regra no firewall para a liga\u00e7\u00e3o OpenVPN<\/figcaption><\/figure>\n<p>Novamente, para simplificar, foi criada uma regra que permite todo tipo de tr\u00e1fego, em uso real \u00e9 preciso criar regras apropriadas para o uso pretendido.<\/p>\n<figure id=\"attachment_2219\" aria-describedby=\"caption-attachment-2219\" style=\"width: 1920px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2219\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/250-Remote-Desktop-atraves-do-tunel.png\" alt=\"Remote Desktop atrav\u00e9s do t\u00fanel\" width=\"1920\" height=\"1080\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/250-Remote-Desktop-atraves-do-tunel.png 1920w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/250-Remote-Desktop-atraves-do-tunel-512x288.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/250-Remote-Desktop-atraves-do-tunel-768x432.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/250-Remote-Desktop-atraves-do-tunel-1536x864.png 1536w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><figcaption id=\"caption-attachment-2219\" class=\"wp-caption-text\">Remote Desktop atrav\u00e9s do t\u00fanel<\/figcaption><\/figure>\n<p>Acesso ao Windows Server por Remote Desktop atrav\u00e9s da VPN funcionando.<\/p>\n<h3>Remote Users<\/h3>\n<p>Com as VPNs site-to-site configuradas, agora \u00e9 preciso configurar a VPN para <em>remote users<\/em>.<\/p>\n<p>Tamb\u00e9m \u00e9 preciso um certificado para esse tipo de liga\u00e7\u00e3o, podemos utilizar o mesmo certificado que foi usado anteriormente, ou criar um novo, vamos criar um novo para haver alguma distin\u00e7\u00e3o, come\u00e7ando pela <em>Certificate Authority<\/em>.<\/p>\n<figure id=\"attachment_2222\" aria-describedby=\"caption-attachment-2222\" style=\"width: 1583px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2222\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/251-Nova-CA.png\" alt=\"Nova CA\" width=\"1583\" height=\"987\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/251-Nova-CA.png 1583w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/251-Nova-CA-512x319.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/251-Nova-CA-768x479.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/251-Nova-CA-1536x958.png 1536w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/251-Nova-CA-800x500.png 800w\" sizes=\"auto, (max-width: 1583px) 100vw, 1583px\" \/><figcaption id=\"caption-attachment-2222\" class=\"wp-caption-text\">Nova CA<\/figcaption><\/figure>\n<p>Com a nova <em>Certificate Authority<\/em> criada, j\u00e1 \u00e9 poss\u00edvel criar o novo certificado.<\/p>\n<figure id=\"attachment_2223\" aria-describedby=\"caption-attachment-2223\" style=\"width: 1562px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2223\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/252-Novo-certificado.png\" alt=\"Novo certificado\" width=\"1562\" height=\"987\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/252-Novo-certificado.png 1562w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/252-Novo-certificado-512x324.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/252-Novo-certificado-768x485.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/252-Novo-certificado-1536x971.png 1536w\" sizes=\"auto, (max-width: 1562px) 100vw, 1562px\" \/><figcaption id=\"caption-attachment-2223\" class=\"wp-caption-text\">Novo certificado<\/figcaption><\/figure>\n<p>Com o certificado criado podemos tratar da autentica\u00e7\u00e3o dos <em>users<\/em>, essa autentica\u00e7\u00e3o ser\u00e1 feita atrav\u00e9s Windows Server, para que apenas os <em>users<\/em> autorizados possam ter acesso remoto atrav\u00e9s da VPN.<\/p>\n<figure id=\"attachment_2224\" aria-describedby=\"caption-attachment-2224\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2224\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/253-User-Manager.png\" alt=\"User Manager\" width=\"1117\" height=\"640\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/253-User-Manager.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/253-User-Manager-512x293.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/253-User-Manager-768x440.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-2224\" class=\"wp-caption-text\">User Manager<\/figcaption><\/figure>\n<p>Clique em <strong>System -&gt; User Manager<\/strong>.<\/p>\n<figure id=\"attachment_2225\" aria-describedby=\"caption-attachment-2225\" style=\"width: 1134px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2225\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/254-Authentication-Servers.png\" alt=\"Authentication Servers\" width=\"1134\" height=\"640\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/254-Authentication-Servers.png 1134w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/254-Authentication-Servers-512x289.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/254-Authentication-Servers-768x433.png 768w\" sizes=\"auto, (max-width: 1134px) 100vw, 1134px\" \/><figcaption id=\"caption-attachment-2225\" class=\"wp-caption-text\">Authentication Servers<\/figcaption><\/figure>\n<p>Depois em <em>Authentication Servers<\/em>, aqui iremos configurar o acesso \u00e0s contas da AD pelo firewall, para que a autentica\u00e7\u00e3o possa ser feita, para isso clique em <em>Add<\/em>.<\/p>\n<figure id=\"attachment_2226\" aria-describedby=\"caption-attachment-2226\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2226\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/255-Configuracoes-LDAP.png\" alt=\"Configura\u00e7\u00f5es LDAP\" width=\"1117\" height=\"1988\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/255-Configuracoes-LDAP.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/255-Configuracoes-LDAP-288x512.png 288w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/255-Configuracoes-LDAP-768x1367.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/255-Configuracoes-LDAP-863x1536.png 863w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-2226\" class=\"wp-caption-text\">Configura\u00e7\u00f5es LDAP<\/figcaption><\/figure>\n<p>Acima temos a configura\u00e7\u00e3o necess\u00e1ria para se conectar e autenticar com o Windows Server, o conte\u00fado do campo <em>Authentication containers<\/em> (<em>distinguishedName<\/em>) vai depender da estrutuda da AD, e o caminho pode ser encontrado utilizando a ferramenta <em>ADSI Edit<\/em> no Windows Server.<\/p>\n<p>Depois de colocar o <em>distinguishedName<\/em> clique em <em>Select a container<\/em>.<\/p>\n<figure id=\"attachment_2227\" aria-describedby=\"caption-attachment-2227\" style=\"width: 1134px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2227\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/256-Containers-para-autenticacao.png\" alt=\"Containers para autentica\u00e7\u00e3o\" width=\"1134\" height=\"640\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/256-Containers-para-autenticacao.png 1134w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/256-Containers-para-autenticacao-512x289.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/256-Containers-para-autenticacao-768x433.png 768w\" sizes=\"auto, (max-width: 1134px) 100vw, 1134px\" \/><figcaption id=\"caption-attachment-2227\" class=\"wp-caption-text\">Containers para autentica\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Selecione os containers adequados e clique em <em>Save<\/em>, depois novamente em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<p>Agora ser\u00e1 preciso criar um novo servidor OpenVPN.<\/p>\n<figure id=\"attachment_2228\" aria-describedby=\"caption-attachment-2228\" style=\"width: 1134px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2228\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/257-OpenVPN-Servers.png\" alt=\"OpenVPN Servers\" width=\"1134\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/257-OpenVPN-Servers.png 1134w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/257-OpenVPN-Servers-512x256.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/257-OpenVPN-Servers-768x385.png 768w\" sizes=\"auto, (max-width: 1134px) 100vw, 1134px\" \/><figcaption id=\"caption-attachment-2228\" class=\"wp-caption-text\">OpenVPN Servers<\/figcaption><\/figure>\n<p>No mesmo local onde foi criado o cliente OpenVPN, mas dessa vez na aba <em>Servers<\/em>, clique em <em>Add<\/em>, para adicionar o servidor OpenVPN.<\/p>\n<figure id=\"attachment_2229\" aria-describedby=\"caption-attachment-2229\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2229\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/258-Configuracao-do-servidor-OpenVPN-no-pfSense.png\" alt=\"Configura\u00e7\u00e3o do servidor OpenVPN no pfSense\" width=\"1117\" height=\"5709\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/258-Configuracao-do-servidor-OpenVPN-no-pfSense.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/258-Configuracao-do-servidor-OpenVPN-no-pfSense-100x512.png 100w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/258-Configuracao-do-servidor-OpenVPN-no-pfSense-768x3925.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-2229\" class=\"wp-caption-text\">Configura\u00e7\u00e3o do servidor OpenVPN no pfSense<\/figcaption><\/figure>\n<p>Acima temos a configura\u00e7\u00e3o do servidor para esse cen\u00e1rio.<\/p>\n<figure id=\"attachment_2230\" aria-describedby=\"caption-attachment-2230\" style=\"width: 1134px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2230\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/259-Servidor-Configurado.png\" alt=\"Servidor Configurado\" width=\"1134\" height=\"568\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/259-Servidor-Configurado.png 1134w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/259-Servidor-Configurado-512x256.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/259-Servidor-Configurado-768x385.png 768w\" sizes=\"auto, (max-width: 1134px) 100vw, 1134px\" \/><figcaption id=\"caption-attachment-2230\" class=\"wp-caption-text\">Servidor Configurado<\/figcaption><\/figure>\n<p>J\u00e1 temos o servidor criado, agora ser\u00e1 preciso criar algumas regras no firewall para permitir as liga\u00e7\u00f5es dos clientes.<\/p>\n<figure id=\"attachment_2232\" aria-describedby=\"caption-attachment-2232\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2232\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/260-Regra-do-firewall-na-WAN-para-permitir-a-ligacao-OpenVPN.png\" alt=\"Regra do firewall na WAN para permitir a liga\u00e7\u00e3o OpenVPN\" width=\"1408\" height=\"712\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/260-Regra-do-firewall-na-WAN-para-permitir-a-ligacao-OpenVPN.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/260-Regra-do-firewall-na-WAN-para-permitir-a-ligacao-OpenVPN-512x259.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/260-Regra-do-firewall-na-WAN-para-permitir-a-ligacao-OpenVPN-768x388.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2232\" class=\"wp-caption-text\">Regra do firewall na WAN para permitir a liga\u00e7\u00e3o OpenVPN<\/figcaption><\/figure>\n<p>Com a regra criada agora \u00e9 preciso instalar um pacote para exportar as configura\u00e7\u00f5es para os clientes, para que possam se conectar.<\/p>\n<figure id=\"attachment_2233\" aria-describedby=\"caption-attachment-2233\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2233\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/261-Instalar-pacote-para-exportar-configuracao-OpenVPN-para-clientes.png\" alt=\"Instalar pacote para exportar configura\u00e7\u00e3o OpenVPN para clientes\" width=\"1408\" height=\"753\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/261-Instalar-pacote-para-exportar-configuracao-OpenVPN-para-clientes.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/261-Instalar-pacote-para-exportar-configuracao-OpenVPN-para-clientes-512x274.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/261-Instalar-pacote-para-exportar-configuracao-OpenVPN-para-clientes-768x411.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2233\" class=\"wp-caption-text\">Instalar pacote para exportar configura\u00e7\u00e3o OpenVPN para clientes<\/figcaption><\/figure>\n<p>O processo de instala\u00e7\u00e3o \u00e9 o mesmo que foi feito anteriormente, pesquise por &#8220;openvpn&#8221; e instale o pacote chamado <em>openvpn-client-export<\/em>.<\/p>\n<figure id=\"attachment_2234\" aria-describedby=\"caption-attachment-2234\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2234\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/262-System-User-Manager.png\" alt=\"System - User Manager\" width=\"1408\" height=\"753\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/262-System-User-Manager.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/262-System-User-Manager-512x274.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/262-System-User-Manager-768x411.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2234\" class=\"wp-caption-text\">System &#8211; User Manager<\/figcaption><\/figure>\n<p>Depois ser\u00e1 preciso criar uma nova conta no firewall, para que as configura\u00e7\u00f5es possam ser exportadas, para isso clique em <strong>System -&gt; User Manager<\/strong>.<\/p>\n<figure id=\"attachment_2235\" aria-describedby=\"caption-attachment-2235\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2235\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/263-Users.png\" alt=\"Users\" width=\"1430\" height=\"753\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/263-Users.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/263-Users-512x270.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/263-Users-768x404.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2235\" class=\"wp-caption-text\">Users<\/figcaption><\/figure>\n<p>Clique em <em>Add.<\/em><\/p>\n<figure id=\"attachment_2236\" aria-describedby=\"caption-attachment-2236\" style=\"width: 1127px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2236\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/264-Novo-user.png\" alt=\"Novo user\" width=\"1127\" height=\"1629\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/264-Novo-user.png 1127w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/264-Novo-user-354x512.png 354w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/264-Novo-user-768x1110.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/264-Novo-user-1063x1536.png 1063w\" sizes=\"auto, (max-width: 1127px) 100vw, 1127px\" \/><figcaption id=\"caption-attachment-2236\" class=\"wp-caption-text\">Novo user<\/figcaption><\/figure>\n<p>Essa nova conta n\u00e3o ser\u00e1 utilizada para acessar a interface web, ou para qualquer tipo de acesso direto ao firewall, por isso deve ser desativada, para isso selecione a op\u00e7\u00e3o <em>Disabled &#8211; This user cannot login<\/em>.<\/p>\n<p>Preencha os campos como achar melhor, e em <em>Certificate<\/em>, selecione a op\u00e7\u00e3o <em>Click to create a user certificate<\/em>, depois selecione a <em>CA<\/em> que foi criada anteriormente para a VPN e d\u00ea um nome adequado ao certificado, depois clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2237\" aria-describedby=\"caption-attachment-2237\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2237\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/265-Nova-conta-criada.png\" alt=\"Nova conta criada\" width=\"1430\" height=\"753\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/265-Nova-conta-criada.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/265-Nova-conta-criada-512x270.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/265-Nova-conta-criada-768x404.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2237\" class=\"wp-caption-text\">Nova conta criada<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos a nova conta criada.<\/p>\n<figure id=\"attachment_2238\" aria-describedby=\"caption-attachment-2238\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2238\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/266-Client-Export-Utility.png\" alt=\"Client Export Utility\" width=\"1408\" height=\"786\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/266-Client-Export-Utility.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/266-Client-Export-Utility-512x286.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/266-Client-Export-Utility-768x429.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2238\" class=\"wp-caption-text\">Client Export Utility<\/figcaption><\/figure>\n<p>Nas configura\u00e7\u00f5es da OpenVPN, clique na aba C<em>lient Export<\/em>.<\/p>\n<p>Aqui n\u00e3o ser\u00e1 preciso fazer nenhuma altera\u00e7\u00e3o, apenas clique no bot\u00e3o <em>Save as default<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2239\" aria-describedby=\"caption-attachment-2239\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2239\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/267-OpenVPN-Clients.png\" alt=\"OpenVPN Clients\" width=\"1408\" height=\"786\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/267-OpenVPN-Clients.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/267-OpenVPN-Clients-512x286.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/267-OpenVPN-Clients-768x429.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2239\" class=\"wp-caption-text\">OpenVPN Clients<\/figcaption><\/figure>\n<p>Logo no final da p\u00e1gina temos v\u00e1rias op\u00e7\u00f5es de configura\u00e7\u00f5es e clientes para fazer o download, aqui iremos utilizar o cliente Windows de 64-bits, fa\u00e7a o download para a m\u00e1quina que ir\u00e1 se conectar \u00e0 VPN.<\/p>\n<figure id=\"attachment_2240\" aria-describedby=\"caption-attachment-2240\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2240\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/268-Instalar-cliente-OpenVPN.png\" alt=\"Instalar cliente OpenVPN\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/268-Instalar-cliente-OpenVPN.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/268-Instalar-cliente-OpenVPN-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/268-Instalar-cliente-OpenVPN-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/268-Instalar-cliente-OpenVPN-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2240\" class=\"wp-caption-text\">Instalar cliente OpenVPN<\/figcaption><\/figure>\n<p>Inicie a instala\u00e7\u00e3o do cliente OpenVPN no cliente que ir\u00e1 fazer o acesso remoto.<\/p>\n<figure id=\"attachment_2241\" aria-describedby=\"caption-attachment-2241\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2241\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/269-Instalar-cliente-e-configuracao.png\" alt=\"Instalar cliente e configura\u00e7\u00e3o\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/269-Instalar-cliente-e-configuracao.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/269-Instalar-cliente-e-configuracao-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/269-Instalar-cliente-e-configuracao-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/269-Instalar-cliente-e-configuracao-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2241\" class=\"wp-caption-text\">Instalar cliente e configura\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Uma nova janela ir\u00e1 abrir para continuar a instala\u00e7\u00e3o, clique em <em>Install<\/em>.<\/p>\n<figure id=\"attachment_2242\" aria-describedby=\"caption-attachment-2242\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2242\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/270-Iniciar-a-ligacao-OpenVPN.png\" alt=\"Iniciar a liga\u00e7\u00e3o OpenVPN\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/270-Iniciar-a-ligacao-OpenVPN.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/270-Iniciar-a-ligacao-OpenVPN-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/270-Iniciar-a-ligacao-OpenVPN-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/270-Iniciar-a-ligacao-OpenVPN-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2242\" class=\"wp-caption-text\">Iniciar a liga\u00e7\u00e3o OpenVPN<\/figcaption><\/figure>\n<p>Ap\u00f3s a instala\u00e7\u00e3o terminar, o \u00edcone do cliente OpenVPN ir\u00e1 aparecer na\u00a0 bandeja de sistema, clique com o bot\u00e3o direito sobre ele e selecione a op\u00e7\u00e3o <em>Connect<\/em>.<\/p>\n<figure id=\"attachment_2243\" aria-describedby=\"caption-attachment-2243\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2243\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/271-Autenticacao-utilizando-o-Active-Directory.png\" alt=\"Autentica\u00e7\u00e3o utilizando o Active Directory\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/271-Autenticacao-utilizando-o-Active-Directory.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/271-Autenticacao-utilizando-o-Active-Directory-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/271-Autenticacao-utilizando-o-Active-Directory-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/271-Autenticacao-utilizando-o-Active-Directory-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2243\" class=\"wp-caption-text\">Autentica\u00e7\u00e3o utilizando o Active Directory<\/figcaption><\/figure>\n<p>Fa\u00e7a a autentica\u00e7\u00e3o com uma conta adequada.<\/p>\n<figure id=\"attachment_2244\" aria-describedby=\"caption-attachment-2244\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2244\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/272-Ligacao-feita-com-sucesso.png\" alt=\"Liga\u00e7\u00e3o feita com sucesso\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/272-Ligacao-feita-com-sucesso.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/272-Ligacao-feita-com-sucesso-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/272-Ligacao-feita-com-sucesso-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/272-Ligacao-feita-com-sucesso-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2244\" class=\"wp-caption-text\">Liga\u00e7\u00e3o feita com sucesso<\/figcaption><\/figure>\n<p>A liga\u00e7\u00e3o foi feita com sucesso.<\/p>\n<figure id=\"attachment_2245\" aria-describedby=\"caption-attachment-2245\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2245\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/273-Acesso-as-pastas-partilhadas-no-Windows-Server.png\" alt=\"Acesso \u00e0s pastas partilhadas no Windows Server\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/273-Acesso-as-pastas-partilhadas-no-Windows-Server.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/273-Acesso-as-pastas-partilhadas-no-Windows-Server-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/273-Acesso-as-pastas-partilhadas-no-Windows-Server-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/273-Acesso-as-pastas-partilhadas-no-Windows-Server-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2245\" class=\"wp-caption-text\">Acesso \u00e0s pastas partilhadas no Windows Server<\/figcaption><\/figure>\n<p>Aqui podemos ver que temos acesso ao servidor.<\/p>\n<p>Agora \u00e9 preciso restringir o acesso \u00e0 VPN durante o per\u00edodo das 8-20h, para isso ser\u00e1 preciso criar um novo agendamento, da mesma maneira que foi feita com o TeamViewer.<\/p>\n<figure id=\"attachment_2248\" aria-describedby=\"caption-attachment-2248\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2248\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/274-Novo-agendamento-para-OpenVPN.png\" alt=\"Novo agendamento para OpenVPN\" width=\"1430\" height=\"786\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/274-Novo-agendamento-para-OpenVPN.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/274-Novo-agendamento-para-OpenVPN-512x281.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/274-Novo-agendamento-para-OpenVPN-768x422.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2248\" class=\"wp-caption-text\">Novo agendamento para OpenVPN<\/figcaption><\/figure>\n<p>Com o agendamento criado j\u00e1 \u00e9 poss\u00edvel o aplicar \u00e0 regra do firewall.<\/p>\n<figure id=\"attachment_2249\" aria-describedby=\"caption-attachment-2249\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2249\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/275-Agendamento-aplicado-na-regra-da-interface-WAN.png\" alt=\"Agendamento aplicado na regra da interface WAN\" width=\"1430\" height=\"786\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/275-Agendamento-aplicado-na-regra-da-interface-WAN.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/275-Agendamento-aplicado-na-regra-da-interface-WAN-512x281.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/275-Agendamento-aplicado-na-regra-da-interface-WAN-768x422.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2249\" class=\"wp-caption-text\">Agendamento aplicado na regra da interface WAN<\/figcaption><\/figure>\n<p>O agendamento foi aplicado, agora j\u00e1 n\u00e3o ser\u00e1 mais poss\u00edvel se conectar fora do hor\u00e1rio especificado.<\/p>\n<figure id=\"attachment_2250\" aria-describedby=\"caption-attachment-2250\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2250\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/276-Nao-e-possivel-fazer-a-conexao.png\" alt=\"N\u00e3o \u00e9 poss\u00edvel fazer a conex\u00e3o\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/276-Nao-e-possivel-fazer-a-conexao.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/276-Nao-e-possivel-fazer-a-conexao-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/276-Nao-e-possivel-fazer-a-conexao-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/276-Nao-e-possivel-fazer-a-conexao-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2250\" class=\"wp-caption-text\">N\u00e3o \u00e9 poss\u00edvel fazer a conex\u00e3o<\/figcaption><\/figure>\n<p>O cliente j\u00e1 n\u00e3o consegue mais fazer a liga\u00e7\u00e3o.<\/p>\n<p>Entretanto, ainda n\u00e3o temos o proxy funcionando atrav\u00e9s da VPN, para isso ser\u00e1 preciso primeiro o habilitar na interface da VPN.<\/p>\n<figure id=\"attachment_2251\" aria-describedby=\"caption-attachment-2251\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2251\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/277-Interfaces-Assignments.png\" alt=\"Interfaces - Assignments\" width=\"1408\" height=\"786\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/277-Interfaces-Assignments.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/277-Interfaces-Assignments-512x286.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/277-Interfaces-Assignments-768x429.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2251\" class=\"wp-caption-text\">Interfaces &#8211; Assignments<\/figcaption><\/figure>\n<p>Clique em <strong>Interfaces -&gt; Assignments<\/strong>.<\/p>\n<figure id=\"attachment_2252\" aria-describedby=\"caption-attachment-2252\" style=\"width: 1409px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2252\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/278-Selecionar-porta-ovpns2.png\" alt=\"Selecionar porta ovpns2\" width=\"1409\" height=\"786\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/278-Selecionar-porta-ovpns2.png 1409w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/278-Selecionar-porta-ovpns2-512x286.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/278-Selecionar-porta-ovpns2-768x428.png 768w\" sizes=\"auto, (max-width: 1409px) 100vw, 1409px\" \/><figcaption id=\"caption-attachment-2252\" class=\"wp-caption-text\">Selecionar porta ovpns2<\/figcaption><\/figure>\n<p>Em <em>Available network ports<\/em> selecione a segunda op\u00e7\u00e3o, <em>ovpns2 (RemoteClients)<\/em> e clique em <em>Add.<\/em><\/p>\n<figure id=\"attachment_2253\" aria-describedby=\"caption-attachment-2253\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2253\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/279-Interface-adicionada-com-sucesso.png\" alt=\"Interface adicionada com sucesso\" width=\"1408\" height=\"786\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/279-Interface-adicionada-com-sucesso.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/279-Interface-adicionada-com-sucesso-512x286.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/279-Interface-adicionada-com-sucesso-768x429.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2253\" class=\"wp-caption-text\">Interface adicionada com sucesso<\/figcaption><\/figure>\n<p>A interface foi adicionada com o nome <em>OPT5<\/em>, clique sobre ela para a habilitarmos e alterar seu nome.<\/p>\n<figure id=\"attachment_2254\" aria-describedby=\"caption-attachment-2254\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2254\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/280-Habilitar-e-renomear-a-interface.png\" alt=\"Habilitar e renomear a interface\" width=\"1408\" height=\"786\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/280-Habilitar-e-renomear-a-interface.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/280-Habilitar-e-renomear-a-interface-512x286.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/280-Habilitar-e-renomear-a-interface-768x429.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2254\" class=\"wp-caption-text\">Habilitar e renomear a interface<\/figcaption><\/figure>\n<p>Selecione a op\u00e7\u00e3o <em>Enable interface<\/em> e em <em>Description<\/em> d\u00ea um nome adequado.<\/p>\n<figure id=\"attachment_2255\" aria-describedby=\"caption-attachment-2255\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2255\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/281-Status-OpenVPN.png\" alt=\"Status - OpenVPN\" width=\"1408\" height=\"791\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/281-Status-OpenVPN.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/281-Status-OpenVPN-512x288.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/281-Status-OpenVPN-768x431.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2255\" class=\"wp-caption-text\">Status &#8211; OpenVPN<\/figcaption><\/figure>\n<p>Depois ser\u00e1 preciso parar o servi\u00e7o OpenVPN temporariamente, para isso clique em <strong>Status -&gt; OpenVPN<\/strong>.<\/p>\n<figure id=\"attachment_2256\" aria-describedby=\"caption-attachment-2256\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2256\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/282-Status-dos-clientes-e-servidores-OpenVPN.png\" alt=\"Status dos clientes e servidores OpenVPN\" width=\"1408\" height=\"791\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/282-Status-dos-clientes-e-servidores-OpenVPN.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/282-Status-dos-clientes-e-servidores-OpenVPN-512x288.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/282-Status-dos-clientes-e-servidores-OpenVPN-768x431.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2256\" class=\"wp-caption-text\">Status dos clientes e servidores OpenVPN<\/figcaption><\/figure>\n<p>Aqui podemos ver o status dos clientes e servidores, para parar o servi\u00e7o, clique no bot\u00e3o com o s\u00edmbolo \u23f9, em <em>Actions<\/em>.<\/p>\n<figure id=\"attachment_2257\" aria-describedby=\"caption-attachment-2257\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2257\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/283-Servidor-OpenVPN-parado.png\" alt=\"Servidor OpenVPN parado\" width=\"1430\" height=\"791\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/283-Servidor-OpenVPN-parado.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/283-Servidor-OpenVPN-parado-512x283.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/283-Servidor-OpenVPN-parado-768x425.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2257\" class=\"wp-caption-text\">Servidor OpenVPN parado<\/figcaption><\/figure>\n<p>Com isso temos o servi\u00e7o parado.<\/p>\n<figure id=\"attachment_2258\" aria-describedby=\"caption-attachment-2258\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2258\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/284-Regra-do-firewall-para-a-interface-OpenVPNServer.png\" alt=\"Regra do firewall para a interface OpenVPNServer\" width=\"1430\" height=\"791\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/284-Regra-do-firewall-para-a-interface-OpenVPNServer.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/284-Regra-do-firewall-para-a-interface-OpenVPNServer-512x283.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/284-Regra-do-firewall-para-a-interface-OpenVPNServer-768x425.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2258\" class=\"wp-caption-text\">Regra do firewall para a interface OpenVPNServer<\/figcaption><\/figure>\n<p>Adicione uma regra de firewall que permite todo o tr\u00e1fego na interface <em>OpenVPNServer<\/em>.<\/p>\n<figure id=\"attachment_2260\" aria-describedby=\"caption-attachment-2260\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2260\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/285-Selecionar-interface-OpenVPNServer.png\" alt=\"Selecionar interface OpenVPNServer\" width=\"1408\" height=\"791\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/285-Selecionar-interface-OpenVPNServer.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/285-Selecionar-interface-OpenVPNServer-512x288.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/285-Selecionar-interface-OpenVPNServer-768x431.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2260\" class=\"wp-caption-text\">Selecionar interface OpenVPNServer<\/figcaption><\/figure>\n<p>Agora ser\u00e1 preciso fazer com que os clientes remotos utilizem o proxy, para isso acesse a p\u00e1gina de configura\u00e7\u00e3o do <em>Squid Proxy<\/em> e nos campos <em>Proxy Interface(s)<\/em>, <em>Tran<\/em><em>sparent Proxy Interface(s)<\/em> e <em>SSL INtercep Interface(s)<\/em>, selecione a interface <em>OpenVPNServer<\/em>, depois clique em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2261\" aria-describedby=\"caption-attachment-2261\" style=\"width: 1126px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2261\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/286-ACLs-Allowed-Subnets.png\" alt=\"ACLs - Allowed Subnets\" width=\"1126\" height=\"553\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/286-ACLs-Allowed-Subnets.png 1126w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/286-ACLs-Allowed-Subnets-512x251.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/286-ACLs-Allowed-Subnets-768x377.png 768w\" sizes=\"auto, (max-width: 1126px) 100vw, 1126px\" \/><figcaption id=\"caption-attachment-2261\" class=\"wp-caption-text\">ACLs &#8211; Allowed Subnets<\/figcaption><\/figure>\n<p>Depois, em <em>ACLs<\/em>, adicione a rede que selecionou para a VPN no campo <em>Allowed Subnets<\/em>, e novamente, clique em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<p>Depois disso volte para <strong>Status -&gt; OpenVPN<\/strong> e inicie novamente o servi\u00e7o.<\/p>\n<figure id=\"attachment_2262\" aria-describedby=\"caption-attachment-2262\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2262\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/287-Proxy-funcionando-corretamente-para-clientes-remotos.png\" alt=\"Proxy funcionando corretamente para clientes remotos\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/287-Proxy-funcionando-corretamente-para-clientes-remotos.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/287-Proxy-funcionando-corretamente-para-clientes-remotos-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/287-Proxy-funcionando-corretamente-para-clientes-remotos-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/287-Proxy-funcionando-corretamente-para-clientes-remotos-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2262\" class=\"wp-caption-text\">Proxy funcionando corretamente para clientes remotos<\/figcaption><\/figure>\n<p>Aqui podemos ver que o proxy est\u00e1 funcionando corretamente.<\/p>\n<h3>Remote Users OPNsense<\/h3>\n<p>Vamos agora configurar uma VPN para mobile clients no OPNsense, para que tenha acesso \u00e0 rede Green (<span style=\"font-family: andale mono, monospace;\">10.52.170.0\/24<\/span>).<\/p>\n<p>Como foi feito no pfSense, iremos precisar de um certificado para o servidor OpenVPN.<\/p>\n<figure id=\"attachment_2263\" aria-describedby=\"caption-attachment-2263\" style=\"width: 1143px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2263\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/288-System-Trust-Authorities.png\" alt=\"System - Trust - Authorities\" width=\"1143\" height=\"553\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/288-System-Trust-Authorities.png 1143w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/288-System-Trust-Authorities-512x248.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/288-System-Trust-Authorities-768x372.png 768w\" sizes=\"auto, (max-width: 1143px) 100vw, 1143px\" \/><figcaption id=\"caption-attachment-2263\" class=\"wp-caption-text\">System &#8211; Trust &#8211; Authorities<\/figcaption><\/figure>\n<p>V\u00e1 em <strong>System -&gt; Trust -&gt; Authorities<\/strong>.<\/p>\n<p>Aqui podemos ver a CA que criamos anteriormente para o proxy, podemos utilizar essa mesma CA, mas para distinguir entre os dois usos, vamos criar uma nova, da mesma maneira que foi feito anteriormente.<\/p>\n<figure id=\"attachment_2264\" aria-describedby=\"caption-attachment-2264\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2264\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/289-Nova-Certificate-Authorivy-criada.png\" alt=\"Nova Certificate Authorivy criada\" width=\"1430\" height=\"675\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/289-Nova-Certificate-Authorivy-criada.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/289-Nova-Certificate-Authorivy-criada-512x242.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/289-Nova-Certificate-Authorivy-criada-768x363.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2264\" class=\"wp-caption-text\">Nova Certificate Authorivy criada<\/figcaption><\/figure>\n<p>Com a nova CA criada j\u00e1 podemos gerar um novo certificado.<\/p>\n<figure id=\"attachment_2265\" aria-describedby=\"caption-attachment-2265\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2265\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/290-Certificates.png\" alt=\"Certificates\" width=\"1430\" height=\"675\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/290-Certificates.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/290-Certificates-512x242.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/290-Certificates-768x363.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2265\" class=\"wp-caption-text\">Certificates<\/figcaption><\/figure>\n<p>No momento temos apenas um certificado, clique no bot\u00e3o \u2795 para criar um novo certificado.<\/p>\n<figure id=\"attachment_2266\" aria-describedby=\"caption-attachment-2266\" style=\"width: 1127px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2266\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/291-Novo-certificado.png\" alt=\"Novo certificado\" width=\"1127\" height=\"1590\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/291-Novo-certificado.png 1127w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/291-Novo-certificado-363x512.png 363w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/291-Novo-certificado-768x1084.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/291-Novo-certificado-1089x1536.png 1089w\" sizes=\"auto, (max-width: 1127px) 100vw, 1127px\" \/><figcaption id=\"caption-attachment-2266\" class=\"wp-caption-text\">Novo certificado<\/figcaption><\/figure>\n<p>Aqui, o importante \u00e9, em <em>Certificate authority<\/em>, selecionar a CA que foi acabada de criar, em em <em>Type<\/em>, selecionar <em>Server Certificate<\/em>, o resto da informa\u00e7\u00e3o pode ficar como achar melhor.<\/p>\n<figure id=\"attachment_2267\" aria-describedby=\"caption-attachment-2267\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2267\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/292-Certificados-disponiveis.png\" alt=\"Certificados dispon\u00edveis\" width=\"1430\" height=\"761\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/292-Certificados-disponiveis.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/292-Certificados-disponiveis-512x272.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/292-Certificados-disponiveis-768x409.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2267\" class=\"wp-caption-text\">Certificados dispon\u00edveis<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos o novo certificado criado, agora \u00e9 preciso criar a nova conta de usu\u00e1rio que ir\u00e1 ser utilizada para fazer a autentica\u00e7\u00e3o do cliente.<\/p>\n<figure id=\"attachment_2268\" aria-describedby=\"caption-attachment-2268\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2268\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/293-System-Access-Users.png\" alt=\"System - Access - Users\" width=\"1430\" height=\"761\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/293-System-Access-Users.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/293-System-Access-Users-512x272.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/293-System-Access-Users-768x409.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2268\" class=\"wp-caption-text\">System &#8211; Access &#8211; Users<\/figcaption><\/figure>\n<p>V\u00e1 em <strong>System -&gt; Access -&gt; Users<\/strong> e clique no \u00edcone \u2795 para adicionar uma nova conta.<\/p>\n<figure id=\"attachment_2269\" aria-describedby=\"caption-attachment-2269\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2269\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/294-Nova-conta.png\" alt=\"Nova conta\" width=\"1408\" height=\"761\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/294-Nova-conta.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/294-Nova-conta-512x277.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/294-Nova-conta-768x415.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2269\" class=\"wp-caption-text\">Nova conta<\/figcaption><\/figure>\n<p>Especifique o <em>username<\/em> e senha e clique em <em>Save and go back<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2271\" aria-describedby=\"caption-attachment-2271\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2271\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/295-Nova-conta-criada.png\" alt=\"Nova conta criada\" width=\"1430\" height=\"761\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/295-Nova-conta-criada.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/295-Nova-conta-criada-512x272.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/295-Nova-conta-criada-768x409.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2271\" class=\"wp-caption-text\">Nova conta criada<\/figcaption><\/figure>\n<p>Com a nova conta criada, clique no \u00edcone do l\u00e1pis \u270f do lado direito, para editar a conta rec\u00e9m criada.<\/p>\n<figure id=\"attachment_2273\" aria-describedby=\"caption-attachment-2273\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2273\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/296-Gerar-User-Certificate.png\" alt=\"Gerar User Certificate\" width=\"1408\" height=\"761\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/296-Gerar-User-Certificate.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/296-Gerar-User-Certificate-512x277.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/296-Gerar-User-Certificate-768x415.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2273\" class=\"wp-caption-text\">Gerar User Certificate<\/figcaption><\/figure>\n<p>EM <em>User Certificates<\/em>, clique no bot\u00e3o \u2795 para gerar um novo certificado.<\/p>\n<figure id=\"attachment_2274\" aria-describedby=\"caption-attachment-2274\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2274\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/297-User-Certificate-mdafe.png\" alt=\"User Certificate mdafe\" width=\"1408\" height=\"1967\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/297-User-Certificate-mdafe.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/297-User-Certificate-mdafe-366x512.png 366w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/297-User-Certificate-mdafe-768x1073.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/297-User-Certificate-mdafe-1099x1536.png 1099w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2274\" class=\"wp-caption-text\">User Certificate mdafe<\/figcaption><\/figure>\n<p>Em <em>Certificate authority<\/em> selecione a CA que foi criada para esse fim, e em <em>Type<\/em> selecione <em>Client Certificate<\/em>, o resto das configura\u00e7\u00f5es podem ficar como achar melhor.<\/p>\n<figure id=\"attachment_2275\" aria-describedby=\"caption-attachment-2275\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2275\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/298-User-Certificate-para-o-user-mdafe-criado.png\" alt=\"User Certificate para o user mdafe criado\" width=\"1408\" height=\"742\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/298-User-Certificate-para-o-user-mdafe-criado.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/298-User-Certificate-para-o-user-mdafe-criado-512x270.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/298-User-Certificate-para-o-user-mdafe-criado-768x405.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2275\" class=\"wp-caption-text\">User Certificate para o user mdafe criado<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos o certificado para esse <em>user<\/em>, clique em <em>Save and go back<\/em>.<\/p>\n<figure id=\"attachment_2276\" aria-describedby=\"caption-attachment-2276\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2276\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/299-OpenVPN-Servers.png\" alt=\"OpenVPN Servers\" width=\"1430\" height=\"592\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/299-OpenVPN-Servers.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/299-OpenVPN-Servers-512x212.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/299-OpenVPN-Servers-768x318.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2276\" class=\"wp-caption-text\">OpenVPN Servers<\/figcaption><\/figure>\n<p>Agora iremos criar o servidor OpenVPN para os clientes remotos, como foi feito antes, v\u00e1 em <strong>VPN -&gt; OpenVPN -&gt; Servers<\/strong> e clique no \u00edcone \u2795 para criar um novo servidor.<\/p>\n<figure id=\"attachment_2277\" aria-describedby=\"caption-attachment-2277\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2277\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/300-Configuracao-OpenVPN-Server-Informacao-Geral.png\" alt=\"Configura\u00e7\u00e3o OpenVPN Server - Informa\u00e7\u00e3o Geral\" width=\"1408\" height=\"1155\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/300-Configuracao-OpenVPN-Server-Informacao-Geral.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/300-Configuracao-OpenVPN-Server-Informacao-Geral-512x420.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/300-Configuracao-OpenVPN-Server-Informacao-Geral-768x630.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2277\" class=\"wp-caption-text\">Configura\u00e7\u00e3o OpenVPN Server &#8211; Informa\u00e7\u00e3o Geral<\/figcaption><\/figure>\n<p>D\u00ea uma descri\u00e7\u00e3o adequada ao servidor, em <em>Server Mode<\/em> selecione a op\u00e7\u00e3o <em>Remote Access (User Auth)<\/em>, e em <em>Backend for authentication<\/em> selecione <em>Local Database<\/em>, para que a autentica\u00e7\u00e3o seja feita com os <em>users<\/em> do pr\u00f3prio firewall, o resto da configura\u00e7\u00e3o dessa parte \u00e9 igual \u00e0 que foi feita anteriormente, o firewall automaticamente seleciona a porta 1195, j\u00e1 que a porta 1194 j\u00e1 est\u00e1 em uso pelo outro servidor OpenVPN que foi configurado anteriormente.<\/p>\n<figure id=\"attachment_2278\" aria-describedby=\"caption-attachment-2278\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2278\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/301-Configuracao-OpenVPN-Server-Configuracao-Criptografica.png\" alt=\"Configura\u00e7\u00e3o OpenVPN Server - Configura\u00e7\u00e3o Criptogr\u00e1fica\" width=\"1408\" height=\"912\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/301-Configuracao-OpenVPN-Server-Configuracao-Criptografica.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/301-Configuracao-OpenVPN-Server-Configuracao-Criptografica-512x332.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/301-Configuracao-OpenVPN-Server-Configuracao-Criptografica-768x497.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/301-Configuracao-OpenVPN-Server-Configuracao-Criptografica-850x550.png 850w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2278\" class=\"wp-caption-text\">Configura\u00e7\u00e3o OpenVPN Server &#8211; Configura\u00e7\u00e3o Criptogr\u00e1fica<\/figcaption><\/figure>\n<p>Nas configura\u00e7\u00f5es criptogr\u00e1ficas selecione a CA que foi criada para esse fim, <em>OpenVPN-CA<\/em>, em <em>Peer Certificate Authority<\/em>, e em <em>Server Certificate<\/em> selecione o certificado que foi criado para esse servidor OpenVPN.<\/p>\n<p>O resto das configura\u00e7\u00f5es, como o algor\u00edtmo e chaves, devem ser escolhidos levando em conta o n\u00edvel de seguran\u00e7a desejado e as capacidades do sistema.<\/p>\n<figure id=\"attachment_2279\" aria-describedby=\"caption-attachment-2279\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2279\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/302-Configuracao-OpenVPN-Server-Configuracao-do-Tunel.png\" alt=\"Configura\u00e7\u00e3o OpenVPN Server - Configura\u00e7\u00e3o do T\u00fanel\" width=\"1408\" height=\"1622\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/302-Configuracao-OpenVPN-Server-Configuracao-do-Tunel.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/302-Configuracao-OpenVPN-Server-Configuracao-do-Tunel-444x512.png 444w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/302-Configuracao-OpenVPN-Server-Configuracao-do-Tunel-768x885.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/302-Configuracao-OpenVPN-Server-Configuracao-do-Tunel-1333x1536.png 1333w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2279\" class=\"wp-caption-text\">Configura\u00e7\u00e3o OpenVPN Server &#8211; Configura\u00e7\u00e3o do T\u00fanel<\/figcaption><\/figure>\n<p>Em <em>IPv4 Tunnel Network<\/em> especifique uma rede que n\u00e3o esteja em uso, ou acess\u00edvel, pelo firewall, essa ser\u00e1 a rede que ser\u00e1 utilizada no t\u00fanel que faz a liga\u00e7\u00e3o entre o cliente e o firewall.<\/p>\n<p>Habilite a op\u00e7\u00e3o <em>Redirect Gateway<\/em> para que o cliente acesse a internet atrav\u00e9s do firewall.<\/p>\n<figure id=\"attachment_2280\" aria-describedby=\"caption-attachment-2280\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2280\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/303-Configuracao-OpenVPN-Server-Configuracao-do-Cliente.png\" alt=\"Configura\u00e7\u00e3o OpenVPN Server - Configura\u00e7\u00e3o do Cliente\" width=\"1408\" height=\"1517\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/303-Configuracao-OpenVPN-Server-Configuracao-do-Cliente.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/303-Configuracao-OpenVPN-Server-Configuracao-do-Cliente-475x512.png 475w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/303-Configuracao-OpenVPN-Server-Configuracao-do-Cliente-768x827.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2280\" class=\"wp-caption-text\">Configura\u00e7\u00e3o OpenVPN Server &#8211; Configura\u00e7\u00e3o do Cliente<\/figcaption><\/figure>\n<p>Selecione a op\u00e7\u00e3o <em>Dynamic IP<\/em> e <em>Address Pool<\/em>, tamb\u00e9m selecione a op\u00e7\u00e3o <em>DNS Servers<\/em> e configure os servidores DNS que o cliente ir\u00e1 utilizar.<\/p>\n<figure id=\"attachment_2281\" aria-describedby=\"caption-attachment-2281\" style=\"width: 1408px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2281\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/304-Configuracao-OpenVPN-Server-Configuracao-Avancada.png\" alt=\"Configura\u00e7\u00e3o OpenVPN Server - Configura\u00e7\u00e3o Avan\u00e7ada\" width=\"1408\" height=\"1162\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/304-Configuracao-OpenVPN-Server-Configuracao-Avancada.png 1408w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/304-Configuracao-OpenVPN-Server-Configuracao-Avancada-512x423.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/304-Configuracao-OpenVPN-Server-Configuracao-Avancada-768x634.png 768w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\" \/><figcaption id=\"caption-attachment-2281\" class=\"wp-caption-text\">Configura\u00e7\u00e3o OpenVPN Server &#8211; Configura\u00e7\u00e3o Avan\u00e7ada<\/figcaption><\/figure>\n<p>Nessa parte n\u00e3o \u00e9 preciso fazer nenhum tipo de configura\u00e7\u00e3o especial, o que pode fazer \u00e9 alterar o <em>Verbosity level<\/em> para ter mais ou menos informa\u00e7\u00f5es nos logs, caso seja necess\u00e1rio, depois disso clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2282\" aria-describedby=\"caption-attachment-2282\" style=\"width: 1430px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2282\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/305-Novo-servidor-OpenVPN-configurado.png\" alt=\"Novo servidor OpenVPN configurado\" width=\"1430\" height=\"658\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/305-Novo-servidor-OpenVPN-configurado.png 1430w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/305-Novo-servidor-OpenVPN-configurado-512x236.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/305-Novo-servidor-OpenVPN-configurado-768x353.png 768w\" sizes=\"auto, (max-width: 1430px) 100vw, 1430px\" \/><figcaption id=\"caption-attachment-2282\" class=\"wp-caption-text\">Novo servidor OpenVPN configurado<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos o novo servidor OpenVPN configurado e ativo na porta 1195, como foi feito com o outro, \u00e9 preciso criar uma regra no firewall na interface WAN para permitir a liga\u00e7\u00e3o atrav\u00e9s dessa porta.<\/p>\n<figure id=\"attachment_2283\" aria-describedby=\"caption-attachment-2283\" style=\"width: 1545px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2283\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/306-Regra-do-firewall-para-a-WAN-permitindo-ligacoes-a-porta-1195.png\" alt=\"Regra do firewall para a WAN permitindo liga\u00e7\u00f5es \u00e0 porta 1195\" width=\"1545\" height=\"807\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/306-Regra-do-firewall-para-a-WAN-permitindo-ligacoes-a-porta-1195.png 1545w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/306-Regra-do-firewall-para-a-WAN-permitindo-ligacoes-a-porta-1195-512x267.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/306-Regra-do-firewall-para-a-WAN-permitindo-ligacoes-a-porta-1195-768x401.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/306-Regra-do-firewall-para-a-WAN-permitindo-ligacoes-a-porta-1195-1536x802.png 1536w\" sizes=\"auto, (max-width: 1545px) 100vw, 1545px\" \/><figcaption id=\"caption-attachment-2283\" class=\"wp-caption-text\">Regra do firewall para a WAN permitindo liga\u00e7\u00f5es \u00e0 porta 1195<\/figcaption><\/figure>\n<p>Com a regra criada podemos ir para o pr\u00f3ximo passo, exportar a configura\u00e7\u00e3o para o cliente que ir\u00e1 se conectar ao servidor.<\/p>\n<figure id=\"attachment_2284\" aria-describedby=\"caption-attachment-2284\" style=\"width: 1545px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2284\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/307-Exportar-configuracao-do-cliente.png\" alt=\"Exportar configura\u00e7\u00e3o do cliente\" width=\"1545\" height=\"798\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/307-Exportar-configuracao-do-cliente.png 1545w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/307-Exportar-configuracao-do-cliente-512x264.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/307-Exportar-configuracao-do-cliente-768x397.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/307-Exportar-configuracao-do-cliente-1536x793.png 1536w\" sizes=\"auto, (max-width: 1545px) 100vw, 1545px\" \/><figcaption id=\"caption-attachment-2284\" class=\"wp-caption-text\">Exportar configura\u00e7\u00e3o do cliente<\/figcaption><\/figure>\n<p>V\u00e1 em\u00a0<strong>VPN -&gt; OpenVPN -&gt; Client Export<em>.<\/em><\/strong><\/p>\n<p>Aqui, em <em>Remote Access Server<\/em> selecione o servidor que acabamos de criar, em <em>Export type<\/em> selecione <em>Archive<\/em>.<\/p>\n<p>Existem v\u00e1rias op\u00e7\u00f5es diferentes de tipos de configura\u00e7\u00f5es que podem ser exportadas, a op\u00e7\u00e3o <em>Archive<\/em> exporta a configura\u00e7\u00e3o necess\u00e1ria para se utilizar o cliente OpenVPN que j\u00e1 est\u00e1 instalado no cliente.<\/p>\n<figure id=\"attachment_2285\" aria-describedby=\"caption-attachment-2285\" style=\"width: 1545px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2285\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/308-Salvar-configuracao-para-o-user-mdafe.png\" alt=\"Salvar configura\u00e7\u00e3o para o user mdafe\" width=\"1545\" height=\"542\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/308-Salvar-configuracao-para-o-user-mdafe.png 1545w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/308-Salvar-configuracao-para-o-user-mdafe-512x180.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/308-Salvar-configuracao-para-o-user-mdafe-768x269.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/308-Salvar-configuracao-para-o-user-mdafe-1536x539.png 1536w\" sizes=\"auto, (max-width: 1545px) 100vw, 1545px\" \/><figcaption id=\"caption-attachment-2285\" class=\"wp-caption-text\">Salvar configura\u00e7\u00e3o para o user mdafe<\/figcaption><\/figure>\n<p>Mais abaixo na p\u00e1gina temos as op\u00e7\u00f5es que podem ser exportadas, clique no \u00edcone \u2601 para o <em>user<\/em> mdafe para exportar a configura\u00e7\u00e3o.<\/p>\n<figure id=\"attachment_2286\" aria-describedby=\"caption-attachment-2286\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2286\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/309-Importar-configuracao-para-o-cliente-OpenVPN.png\" alt=\"Importar configura\u00e7\u00e3o para o cliente OpenVPN\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/309-Importar-configuracao-para-o-cliente-OpenVPN.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/309-Importar-configuracao-para-o-cliente-OpenVPN-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/309-Importar-configuracao-para-o-cliente-OpenVPN-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/309-Importar-configuracao-para-o-cliente-OpenVPN-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2286\" class=\"wp-caption-text\">Importar configura\u00e7\u00e3o para o cliente OpenVPN<\/figcaption><\/figure>\n<p>Para importar a configura\u00e7\u00e3o no cliente \u00e9 s\u00f3 abrir a pasta onde o cliente OpenVPN vai buscar as configura\u00e7\u00f5es, o local dessa pasta pode ser encontrado nas configura\u00e7\u00f5es do cliente.<\/p>\n<p>Extraia o conte\u00fado do arquivo .zip para dentro dessa pasta.<\/p>\n<figure id=\"attachment_2287\" aria-describedby=\"caption-attachment-2287\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2287\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/310-Conectar-utilizando-a-nova-configuracao.png\" alt=\"Conectar utilizando a nova configura\u00e7\u00e3o\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/310-Conectar-utilizando-a-nova-configuracao.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/310-Conectar-utilizando-a-nova-configuracao-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/310-Conectar-utilizando-a-nova-configuracao-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/310-Conectar-utilizando-a-nova-configuracao-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2287\" class=\"wp-caption-text\">Conectar utilizando a nova configura\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Com a configura\u00e7\u00e3o importada j\u00e1 podemos nos conectar ao servidor OpenVPN no OPNsense, dessa vez o cliente ir\u00e1 mostrar as configura\u00e7\u00f5es dispon\u00edveis, em vez de apenas dar a op\u00e7\u00e3o para se conectar, quando havia apenas uma configura\u00e7\u00e3o.<\/p>\n<figure id=\"attachment_2288\" aria-describedby=\"caption-attachment-2288\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2288\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/311-Autenticar-utilizando-o-user-mdafe.png\" alt=\"Autenticar utilizando o user mdafe\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/311-Autenticar-utilizando-o-user-mdafe.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/311-Autenticar-utilizando-o-user-mdafe-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/311-Autenticar-utilizando-o-user-mdafe-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/311-Autenticar-utilizando-o-user-mdafe-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2288\" class=\"wp-caption-text\">Autenticar utilizando o user mdafe<\/figcaption><\/figure>\n<p>Fa\u00e7a a autentica\u00e7\u00e3o utilizando as credenciais do <em>user<\/em> que foi criado no firewall.<\/p>\n<figure id=\"attachment_2289\" aria-describedby=\"caption-attachment-2289\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2289\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/312-Ligacao-feita-com-sucesso.png\" alt=\"Liga\u00e7\u00e3o feita com sucesso\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/312-Ligacao-feita-com-sucesso.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/312-Ligacao-feita-com-sucesso-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/312-Ligacao-feita-com-sucesso-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/312-Ligacao-feita-com-sucesso-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2289\" class=\"wp-caption-text\">Liga\u00e7\u00e3o feita com sucesso<\/figcaption><\/figure>\n<p>A liga\u00e7\u00e3o foi feita com sucesso.<\/p>\n<figure id=\"attachment_2290\" aria-describedby=\"caption-attachment-2290\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2290\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/313-Cliente-acessando-a-internet-atraves-do-firewall-OPNsense-utilizando-o-tunel-OpenVPN.png\" alt=\"Cliente acessando a internet atrav\u00e9s do firewall OPNsense utilizando o t\u00fanel OpenVPN\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/313-Cliente-acessando-a-internet-atraves-do-firewall-OPNsense-utilizando-o-tunel-OpenVPN.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/313-Cliente-acessando-a-internet-atraves-do-firewall-OPNsense-utilizando-o-tunel-OpenVPN-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/313-Cliente-acessando-a-internet-atraves-do-firewall-OPNsense-utilizando-o-tunel-OpenVPN-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/313-Cliente-acessando-a-internet-atraves-do-firewall-OPNsense-utilizando-o-tunel-OpenVPN-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2290\" class=\"wp-caption-text\">Cliente acessando a internet atrav\u00e9s do firewall OPNsense utilizando o t\u00fanel OpenVPN<\/figcaption><\/figure>\n<p>Aqui podemos ver que o cliente tem acesso \u00e0 internet e que o tr\u00e1fego est\u00e1 passando pelo firewall.<\/p>\n<h3>Captive Portal no pfSense<\/h3>\n<p>Agora iremos configurar um <em>Captive Portal<\/em> na rede Blue do pfSense.<\/p>\n<p>Para isso ser\u00e1 preciso configurar um servidor DHCP para que os clientes possam receber um IP automaticamente, e o acesso \u00e0 internet ser\u00e1 condicionado, tendo a velocidade e volumes de dados transferidos limitados.<\/p>\n<figure id=\"attachment_2293\" aria-describedby=\"caption-attachment-2293\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2293\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/314-Services-DHCP-Server.png\" alt=\"Services - DHCP Server\" width=\"1463\" height=\"798\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/314-Services-DHCP-Server.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/314-Services-DHCP-Server-512x279.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/314-Services-DHCP-Server-768x419.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2293\" class=\"wp-caption-text\">Services &#8211; DHCP Server<\/figcaption><\/figure>\n<p>Clique em <strong>Services -&gt; DHCP Server<\/strong>.<\/p>\n<figure id=\"attachment_2294\" aria-describedby=\"caption-attachment-2294\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2294\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/315-Configuracoes-do-servidor-DHCP-na-interface-Blue.png\" alt=\"Configura\u00e7\u00f5es do servidor DHCP na interface Blue\" width=\"1463\" height=\"798\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/315-Configuracoes-do-servidor-DHCP-na-interface-Blue.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/315-Configuracoes-do-servidor-DHCP-na-interface-Blue-512x279.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/315-Configuracoes-do-servidor-DHCP-na-interface-Blue-768x419.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2294\" class=\"wp-caption-text\">Configura\u00e7\u00f5es do servidor DHCP na interface Blue<\/figcaption><\/figure>\n<p>Selecione a aba <em>BLUE<\/em> para configurar o servidor DHCP na interface Blue.<\/p>\n<figure id=\"attachment_2295\" aria-describedby=\"caption-attachment-2295\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2295\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/316-Habilitar-o-servidor-DHCP-e-configurar-a-pool-de-enderecos.png\" alt=\"Habilitar o servidor DHCP e configurar a pool de endere\u00e7os\" width=\"1463\" height=\"798\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/316-Habilitar-o-servidor-DHCP-e-configurar-a-pool-de-enderecos.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/316-Habilitar-o-servidor-DHCP-e-configurar-a-pool-de-enderecos-512x279.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/316-Habilitar-o-servidor-DHCP-e-configurar-a-pool-de-enderecos-768x419.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2295\" class=\"wp-caption-text\">Habilitar o servidor DHCP e configurar a pool de endere\u00e7os<\/figcaption><\/figure>\n<p>Selecione a op\u00e7\u00e3o <em>Enable<\/em> para habilitar o servi\u00e7o, em <em>Range<\/em> defina o in\u00edcio e o fim da faixa de IPs que ser\u00e3o atribu\u00eddos aos clientes.<\/p>\n<p>Tamb\u00e9m ser\u00e1 preciso configurar o servi\u00e7o para que os clientes usem o firewall como servidor DNS, mais abaixo, em <em>DNS servers<\/em>, coloque o IP da interface Blue do firewall, e depois disso clique no bot\u00e3o <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2297\" aria-describedby=\"caption-attachment-2297\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2297\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/317-Regra-do-firewall-permitindo-acesso-a-internet-na-rede-Blue-e-acesso-exclusivo-ao-DNS-do-firewall.png\" alt=\"Regra do firewall permitindo acesso \u00e0 internet na rede Blue e acesso exclusivo ao DNS do firewall\" width=\"1485\" height=\"682\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/317-Regra-do-firewall-permitindo-acesso-a-internet-na-rede-Blue-e-acesso-exclusivo-ao-DNS-do-firewall.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/317-Regra-do-firewall-permitindo-acesso-a-internet-na-rede-Blue-e-acesso-exclusivo-ao-DNS-do-firewall-512x235.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/317-Regra-do-firewall-permitindo-acesso-a-internet-na-rede-Blue-e-acesso-exclusivo-ao-DNS-do-firewall-768x353.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2297\" class=\"wp-caption-text\">Regra do firewall permitindo acesso \u00e0 internet na rede Blue e acesso exclusivo ao DNS do firewall<\/figcaption><\/figure>\n<p>Crie duas regras no firewall para a interface Blue, uma permitindo o acesso \u00e0 internet e outra que bloqueia o acesso a qualquer servidor DNS que n\u00e3o seja o pr\u00f3prio firewall, na ordem que est\u00e1 na imagem acima.<\/p>\n<figure id=\"attachment_2298\" aria-describedby=\"caption-attachment-2298\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2298\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/318-Services-Captive-Portal-1.png\" alt=\"Services - Captive Portal\" width=\"1463\" height=\"682\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/318-Services-Captive-Portal-1.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/318-Services-Captive-Portal-1-512x239.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/318-Services-Captive-Portal-1-768x358.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2298\" class=\"wp-caption-text\">Services &#8211; Captive Portal<\/figcaption><\/figure>\n<p>Agora iremos configurar o Captive Portal, clique em <strong>Services -&gt; Captive Portal<\/strong>.<\/p>\n<figure id=\"attachment_2299\" aria-describedby=\"caption-attachment-2299\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2299\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/319-Captive-Portal-Zones.png\" alt=\"Captive Portal Zones\" width=\"1485\" height=\"798\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/319-Captive-Portal-Zones.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/319-Captive-Portal-Zones-512x275.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/319-Captive-Portal-Zones-768x413.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2299\" class=\"wp-caption-text\">Captive Portal Zones<\/figcaption><\/figure>\n<p>Clique em <em>Add<\/em> para iniciarmos a cria\u00e7\u00e3o da zona para a rede Blue.<\/p>\n<figure id=\"attachment_2300\" aria-describedby=\"caption-attachment-2300\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2300\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/320-Adicionar-nova-zona-de-Captive-Portal.png\" alt=\"Adicionar nova zona de Captive Portal\" width=\"1485\" height=\"798\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/320-Adicionar-nova-zona-de-Captive-Portal.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/320-Adicionar-nova-zona-de-Captive-Portal-512x275.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/320-Adicionar-nova-zona-de-Captive-Portal-768x413.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2300\" class=\"wp-caption-text\">Adicionar nova zona de Captive Portal<\/figcaption><\/figure>\n<p>D\u00ea um nome e uma descri\u00e7\u00e3o apropriados e clique <em>Save &amp; Continue<\/em>.<\/p>\n<figure id=\"attachment_2301\" aria-describedby=\"caption-attachment-2301\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2301\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/321-Zona-criada-e-pronta-para-ser-configurada.png\" alt=\"Zona criada e pronta para ser configurada\" width=\"1485\" height=\"798\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/321-Zona-criada-e-pronta-para-ser-configurada.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/321-Zona-criada-e-pronta-para-ser-configurada-512x275.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/321-Zona-criada-e-pronta-para-ser-configurada-768x413.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2301\" class=\"wp-caption-text\">Zona criada e pronta para ser configurada<\/figcaption><\/figure>\n<p>Antes de habilitar e iniciar a configura\u00e7\u00e3o da zona, vamos criar um novo certificado para a p\u00e1gina de autentica\u00e7\u00e3o do Captive Portal.<\/p>\n<figure id=\"attachment_2302\" aria-describedby=\"caption-attachment-2302\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2302\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/322-Certificado-para-o-Captive-Portal.png\" alt=\"Certificado para o Captive Portal\" width=\"1463\" height=\"442\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/322-Certificado-para-o-Captive-Portal.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/322-Certificado-para-o-Captive-Portal-512x155.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/322-Certificado-para-o-Captive-Portal-768x232.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2302\" class=\"wp-caption-text\">Certificado para o Captive Portal<\/figcaption><\/figure>\n<p>Crie um certificado para um endere\u00e7o que ser\u00e1 utilizado na p\u00e1gina de autentica\u00e7\u00e3o, nesse caso o endere\u00e7o \u00e9 <span style=\"font-family: andale mono, monospace;\">captiveportal.rotolip.local<\/span>, mas pode ser qualquer endere\u00e7o que queira, n\u00e3o precisa ser do dom\u00ednio do Windows Server.<\/p>\n<figure id=\"attachment_2303\" aria-describedby=\"caption-attachment-2303\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2303\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/323-Editar-a-configuracao-do-Captive-Portal.png\" alt=\"Editar a configura\u00e7\u00e3o do Captive Portal\" width=\"1485\" height=\"477\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/323-Editar-a-configuracao-do-Captive-Portal.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/323-Editar-a-configuracao-do-Captive-Portal-512x164.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/323-Editar-a-configuracao-do-Captive-Portal-768x247.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2303\" class=\"wp-caption-text\">Editar a configura\u00e7\u00e3o do Captive Portal<\/figcaption><\/figure>\n<p>Voltando para a p\u00e1gina de configura\u00e7\u00e3o do Captive Portal, clique no \u00edcone do l\u00e1pis \u270f para entrar no modo de edi\u00e7\u00e3o.<\/p>\n<figure id=\"attachment_2304\" aria-describedby=\"caption-attachment-2304\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2304\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/324-Habilitar-o-Captive-Portal-e-selecionar-a-interface.png\" alt=\"Habilitar o Captive Portal e selecionar a interface\" width=\"1463\" height=\"691\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/324-Habilitar-o-Captive-Portal-e-selecionar-a-interface.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/324-Habilitar-o-Captive-Portal-e-selecionar-a-interface-512x242.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/324-Habilitar-o-Captive-Portal-e-selecionar-a-interface-768x363.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2304\" class=\"wp-caption-text\">Habilitar o Captive Portal e selecionar a interface<\/figcaption><\/figure>\n<p>Selecione a op\u00e7\u00e3o <em>Enable<\/em> para abilitar o Captive Portal, e em <em>Interfaces<\/em> selecione a interface BLUE.<\/p>\n<figure id=\"attachment_2305\" aria-describedby=\"caption-attachment-2305\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2305\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/325-Definir-a-cota-de-dados-transferidos.png\" alt=\"Definir a cota de dados transferidos\" width=\"1463\" height=\"367\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/325-Definir-a-cota-de-dados-transferidos.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/325-Definir-a-cota-de-dados-transferidos-512x128.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/325-Definir-a-cota-de-dados-transferidos-768x193.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2305\" class=\"wp-caption-text\">Definir a cota de dados transferidos<\/figcaption><\/figure>\n<p>Em <em>Traffic quota (Megabytes)<\/em> podemos definir a quantidade m\u00e1xima de dados transferidos por sess\u00e3o, nesse caso ser\u00e3o 500MB.<\/p>\n<figure id=\"attachment_2306\" aria-describedby=\"caption-attachment-2306\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2306\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/326-URL-para-onde-os-users-serao-redirecionados-apos-a-autenticacao.png\" alt=\"URL para onde os users ser\u00e3o redirecionados ap\u00f3s a autentica\u00e7\u00e3o\" width=\"1463\" height=\"367\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/326-URL-para-onde-os-users-serao-redirecionados-apos-a-autenticacao.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/326-URL-para-onde-os-users-serao-redirecionados-apos-a-autenticacao-512x128.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/326-URL-para-onde-os-users-serao-redirecionados-apos-a-autenticacao-768x193.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2306\" class=\"wp-caption-text\">URL para onde os users ser\u00e3o redirecionados ap\u00f3s a autentica\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Caso queira que os <em>users<\/em> sejam redirecionados automaticamente para uma p\u00e1gina espec\u00edfica ap\u00f3s serem autenticados, pode definir a p\u00e1gina no campo <em>After authentication Redirection URL<\/em>.<\/p>\n<figure id=\"attachment_2307\" aria-describedby=\"caption-attachment-2307\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2307\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/327-Limitar-largura-de-banda.png\" alt=\"Limitar largura de banda\" width=\"1463\" height=\"367\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/327-Limitar-largura-de-banda.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/327-Limitar-largura-de-banda-512x128.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/327-Limitar-largura-de-banda-768x193.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2307\" class=\"wp-caption-text\">Limitar largura de banda<\/figcaption><\/figure>\n<p>Para limitar a largura de banda de cada <em>user<\/em>, selecione a op\u00e7\u00e3o <em>Per-user bandwidth restriction<\/em> e em <em>Default download (Kbit\/s)<\/em> e <em>Default upload (Kbit\/s)<\/em> defina as velocidades m\u00e1ximas de download e upload, respectivamente.<\/p>\n<figure id=\"attachment_2308\" aria-describedby=\"caption-attachment-2308\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2308\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/328-Metodo-de-autenticacao.png\" alt=\"M\u00e9todo de autentica\u00e7\u00e3o\" width=\"1463\" height=\"367\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/328-Metodo-de-autenticacao.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/328-Metodo-de-autenticacao-512x128.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/328-Metodo-de-autenticacao-768x193.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2308\" class=\"wp-caption-text\">M\u00e9todo de autentica\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Em <em>Authentication Method<\/em> selecione <em>Use an Authentication backend<\/em> e em <em>Authentication Server<\/em> selecione <em>Local Database<\/em>.<\/p>\n<figure id=\"attachment_2309\" aria-describedby=\"caption-attachment-2309\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2309\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/329-Habilitar-HTTPS.png\" alt=\"Habilitar HTTPS\" width=\"1463\" height=\"367\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/329-Habilitar-HTTPS.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/329-Habilitar-HTTPS-512x128.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/329-Habilitar-HTTPS-768x193.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2309\" class=\"wp-caption-text\">Habilitar HTTPS<\/figcaption><\/figure>\n<p>Para que a autentica\u00e7\u00e3o seja feita atrav\u00e9s de HTTPS, e n\u00e3o HTTP, habilite a op\u00e7\u00e3o <em>Login &#8211; Enable HTTPS login<\/em>, e em <em>HTTPS server name<\/em> coloque a URL do servidor de autentica\u00e7\u00e3o, abaixo, em <em>SSL\/TLS Certificate<\/em> selecione o certificado que foi criado para o Captive Portal, para a mesma URL que foi indicada acima, depois clique em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2310\" aria-describedby=\"caption-attachment-2310\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2310\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/330-Vouchers-para-a-autenticacao.png\" alt=\"Vouchers para a autentica\u00e7\u00e3o\" width=\"1485\" height=\"682\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/330-Vouchers-para-a-autenticacao.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/330-Vouchers-para-a-autenticacao-512x235.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/330-Vouchers-para-a-autenticacao-768x353.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2310\" class=\"wp-caption-text\">Vouchers para a autentica\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Agora ser\u00e1 preciso gerar os vouchers que ser\u00e3o utilizados para fazer a autentica\u00e7\u00e3o, para isso clique na aba <em>Vouchers<\/em>.<\/p>\n<figure id=\"attachment_2311\" aria-describedby=\"caption-attachment-2311\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2311\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/331-Habilitar-a-criacao-de-vouchers-e-gerar-o-par-de-chaves-publica-privada.png\" alt=\"Habilitar a cria\u00e7\u00e3o de vouchers e gerar o par de chaves p\u00fablica-privada\" width=\"1463\" height=\"682\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/331-Habilitar-a-criacao-de-vouchers-e-gerar-o-par-de-chaves-publica-privada.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/331-Habilitar-a-criacao-de-vouchers-e-gerar-o-par-de-chaves-publica-privada-512x239.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/331-Habilitar-a-criacao-de-vouchers-e-gerar-o-par-de-chaves-publica-privada-768x358.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2311\" class=\"wp-caption-text\">Habilitar a cria\u00e7\u00e3o de vouchers e gerar o par de chaves p\u00fablica-privada<\/figcaption><\/figure>\n<p>Para que possamos gerar os vouchers \u00e9 preciso primeiro habilitar a sua cria\u00e7\u00e3o e gerar um par de chave p\u00fablica\/privada, para isso selecione a op\u00e7\u00e3o <em>Enable &#8211; Enable the creation, generation and activation of rolls with vouchers<\/em>, e abaixo clique no bot\u00e3o <em>Generate new keys<\/em>,\u00a0 depois disso clique no bot\u00e3o <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2312\" aria-describedby=\"caption-attachment-2312\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2312\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/332-Gerar-novos-vouchers.png\" alt=\"Gerar novos vouchers\" width=\"1463\" height=\"682\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/332-Gerar-novos-vouchers.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/332-Gerar-novos-vouchers-512x239.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/332-Gerar-novos-vouchers-768x358.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2312\" class=\"wp-caption-text\">Gerar novos vouchers<\/figcaption><\/figure>\n<p>Agora j\u00e1 podemos gerar os vouchers, para isso clique no bot\u00e3o <em>Add<\/em>.<\/p>\n<figure id=\"attachment_2313\" aria-describedby=\"caption-attachment-2313\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2313\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/333-Configuracao-dos-vouchers.png\" alt=\"Configura\u00e7\u00e3o dos vouchers\" width=\"1463\" height=\"682\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/333-Configuracao-dos-vouchers.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/333-Configuracao-dos-vouchers-512x239.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/333-Configuracao-dos-vouchers-768x358.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2313\" class=\"wp-caption-text\">Configura\u00e7\u00e3o dos vouchers<\/figcaption><\/figure>\n<p>Aqui pode configurar como os vouchers ser\u00e3o gerados, a op\u00e7\u00e3o <em>Minutes per ticket<\/em> serve para configurar a dura\u00e7\u00e3o m\u00e1xima da sess\u00e3o, nesse caso 120 minutos (2 horas), em <em>Count<\/em> o n\u00famero de vouchers a serem gerados \u00e9 indicado, nesse caso apenas 10 vouchers, a op\u00e7\u00e3o <em>Comment<\/em> \u00e9 auto explicativa.<\/p>\n<p>Depois de configurar como quer gerar os vouchers, clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2314\" aria-describedby=\"caption-attachment-2314\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2314\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/334-Vouchers-gerados.png\" alt=\"Vouchers gerados\" width=\"1463\" height=\"682\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/334-Vouchers-gerados.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/334-Vouchers-gerados-512x239.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/334-Vouchers-gerados-768x358.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2314\" class=\"wp-caption-text\">Vouchers gerados<\/figcaption><\/figure>\n<p>Com os vouchers gerados, clique no \u00edcone de uma folha com um <em>x<\/em>, que est\u00e1 do lado direito dos vouchers, para fazer o download do arquivo .csv com os c\u00f3digos.<\/p>\n<figure id=\"attachment_2315\" aria-describedby=\"caption-attachment-2315\" style=\"width: 1461px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2315\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/335-Arquivo-.csv-com-os-vouchers-gerados.png\" alt=\"Arquivo .csv com os vouchers gerados\" width=\"1461\" height=\"1151\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/335-Arquivo-.csv-com-os-vouchers-gerados.png 1461w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/335-Arquivo-.csv-com-os-vouchers-gerados-512x403.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/335-Arquivo-.csv-com-os-vouchers-gerados-768x605.png 768w\" sizes=\"auto, (max-width: 1461px) 100vw, 1461px\" \/><figcaption id=\"caption-attachment-2315\" class=\"wp-caption-text\">Arquivo .csv com os vouchers gerados<\/figcaption><\/figure>\n<p>Aqui temos os vouchers que foram gerados, e que ser\u00e3o utilizados na autentica\u00e7\u00e3o no Captive Portal.<\/p>\n<p>Entretanto, se tentar acessar a internet n\u00e3o ir\u00e1 conseguir acessar o portal de autentica\u00e7\u00e3o do Captive Portal, j\u00e1 que ainda n\u00e3o existe nenhuma entrada no servi\u00e7o DNS para o endere\u00e7o que foi configurado anteriormente.<\/p>\n<figure id=\"attachment_2316\" aria-describedby=\"caption-attachment-2316\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2316\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/336-Services-DNS-Resolver.png\" alt=\"Services - DNS Resolver\" width=\"1463\" height=\"683\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/336-Services-DNS-Resolver.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/336-Services-DNS-Resolver-512x239.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/336-Services-DNS-Resolver-768x359.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2316\" class=\"wp-caption-text\">Services &#8211; DNS Resolver<\/figcaption><\/figure>\n<p>Para que a p\u00e1gina de autentica\u00e7\u00e3o do Captive Portal possa ser acessada, ser\u00e1 preciso criar um A Record no servidor DNS do firewall, para isso clique em <strong>Services -&gt; DNS Resolver<\/strong>.<\/p>\n<figure id=\"attachment_2317\" aria-describedby=\"caption-attachment-2317\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2317\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/337-Host-Overrides.png\" alt=\"Host Overrides\" width=\"1463\" height=\"351\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/337-Host-Overrides.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/337-Host-Overrides-512x123.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/337-Host-Overrides-768x184.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2317\" class=\"wp-caption-text\">Host Overrides<\/figcaption><\/figure>\n<p>Em <em>Host Overrides<\/em> clique no bot\u00e3o <em>Add<\/em>.<\/p>\n<figure id=\"attachment_2318\" aria-describedby=\"caption-attachment-2318\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2318\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/338-A-Record-apontando-para-a-interface-Blue.png\" alt=\"A Record apontando para a interface Blue\" width=\"1463\" height=\"961\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/338-A-Record-apontando-para-a-interface-Blue.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/338-A-Record-apontando-para-a-interface-Blue-512x336.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/338-A-Record-apontando-para-a-interface-Blue-768x504.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2318\" class=\"wp-caption-text\">A Record apontando para a interface Blue<\/figcaption><\/figure>\n<p>Aqui iremos configurar o A Record que ir\u00e1 apontar a URL <span style=\"font-family: andale mono, monospace;\">captiveportal.rotolip.local<\/span> para o IP da interface Blue.<\/p>\n<p>Em <em>Host<\/em> coloque <span style=\"font-family: andale mono, monospace;\">captiveportal<\/span>, em <em>Domain<\/em> coloque <span style=\"font-family: andale mono, monospace;\">rotolip.local<\/span> e em <em>IP Address<\/em> coloque o IP da interface Blue, d\u00ea uma descri\u00e7\u00e3o apropriada e clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2319\" aria-describedby=\"caption-attachment-2319\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2319\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/339-A-Record-criado.png\" alt=\"A Record criado\" width=\"1463\" height=\"327\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/339-A-Record-criado.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/339-A-Record-criado-512x114.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/339-A-Record-criado-768x172.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2319\" class=\"wp-caption-text\">A Record criado<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos o A Record criado e j\u00e1 podemos verificar se o servi\u00e7o est\u00e1 funcionando corretamente.<\/p>\n<figure id=\"attachment_2320\" aria-describedby=\"caption-attachment-2320\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2320\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/340-Cliente-recebendo-pedido-de-autenticacao-para-poder-navegar-na-internet.png\" alt=\"Cliente recebendo pedido de autentica\u00e7\u00e3o para poder navegar na internet\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/340-Cliente-recebendo-pedido-de-autenticacao-para-poder-navegar-na-internet.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/340-Cliente-recebendo-pedido-de-autenticacao-para-poder-navegar-na-internet-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/340-Cliente-recebendo-pedido-de-autenticacao-para-poder-navegar-na-internet-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/340-Cliente-recebendo-pedido-de-autenticacao-para-poder-navegar-na-internet-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2320\" class=\"wp-caption-text\">Cliente recebendo pedido de autentica\u00e7\u00e3o para poder navegar na internet<\/figcaption><\/figure>\n<p>Aqui podemos ver que ao tentar acessar alguma p\u00e1gina da internet \u00e9 pedido para fazer login primeiro.<\/p>\n<figure id=\"attachment_2321\" aria-describedby=\"caption-attachment-2321\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2321\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/341-Pagina-de-acesso-do-Captive-Portal.png\" alt=\"P\u00e1gina de acesso do Captive Portal\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/341-Pagina-de-acesso-do-Captive-Portal.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/341-Pagina-de-acesso-do-Captive-Portal-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/341-Pagina-de-acesso-do-Captive-Portal-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/341-Pagina-de-acesso-do-Captive-Portal-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2321\" class=\"wp-caption-text\">P\u00e1gina de acesso do Captive Portal<\/figcaption><\/figure>\n<p>E temos acesso \u00e0 p\u00e1gina de autentica\u00e7\u00e3o, e podemos ver na barra de endere\u00e7o que a URL est\u00e1 funcionando como esperado.<\/p>\n<figure id=\"attachment_2322\" aria-describedby=\"caption-attachment-2322\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2322\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/342-Pagina-redirecionada.png\" alt=\"P\u00e1gina redirecionada\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/342-Pagina-redirecionada.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/342-Pagina-redirecionada-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/342-Pagina-redirecionada-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/342-Pagina-redirecionada-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2322\" class=\"wp-caption-text\">P\u00e1gina redirecionada<\/figcaption><\/figure>\n<p>Ap\u00f3s a autentica\u00e7\u00e3o, foi feito com sucesso o redirecionamento para a p\u00e1gina que foi configurada.<\/p>\n<figure id=\"attachment_2323\" aria-describedby=\"caption-attachment-2323\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2323\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/343-Sessao-iniciada.png\" alt=\"Sess\u00e3o iniciada\" width=\"1485\" height=\"590\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/343-Sessao-iniciada.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/343-Sessao-iniciada-512x203.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/343-Sessao-iniciada-768x305.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2323\" class=\"wp-caption-text\">Sess\u00e3o iniciada<\/figcaption><\/figure>\n<p>No pfSense podemos ver que temos uma sess\u00e3o iniciada com o primeiro voucher.<\/p>\n<figure id=\"attachment_2324\" aria-describedby=\"caption-attachment-2324\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2324\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/344-Velocidade-limitada-e-DNS-do-firewall-sendo-utilizado.png\" alt=\"Velocidade limitada e DNS do firewall sendo utilizado\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/344-Velocidade-limitada-e-DNS-do-firewall-sendo-utilizado.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/344-Velocidade-limitada-e-DNS-do-firewall-sendo-utilizado-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/344-Velocidade-limitada-e-DNS-do-firewall-sendo-utilizado-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/344-Velocidade-limitada-e-DNS-do-firewall-sendo-utilizado-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2324\" class=\"wp-caption-text\">Velocidade limitada e DNS do firewall sendo utilizado<\/figcaption><\/figure>\n<p>As velocidades de download e upload foram limitadas, e o cliente est\u00e1 utilizando o firewall como servidor DNS.<\/p>\n<h3>Captive Portal no OPNsense<\/h3>\n<p>Agora iremos fazer a mesma coisa, mas no OPNsense.<\/p>\n<figure id=\"attachment_2326\" aria-describedby=\"caption-attachment-2326\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2326\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/345-System-Servers.png\" alt=\"System - Servers\" width=\"1485\" height=\"797\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/345-System-Servers.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/345-System-Servers-512x275.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/345-System-Servers-768x412.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2326\" class=\"wp-caption-text\">System &#8211; Servers<\/figcaption><\/figure>\n<p>Clique em <strong>System -&gt; Access -&gt; Servers<\/strong>.<\/p>\n<p>D\u00ea um nome descritivo e em <em>Type<\/em> selecione <em>Voucher<\/em>, clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2328\" aria-describedby=\"caption-attachment-2328\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2328\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/346-Servidor-de-vouchers-criado.png\" alt=\"Servidor de vouchers criado\" width=\"1485\" height=\"492\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/346-Servidor-de-vouchers-criado.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/346-Servidor-de-vouchers-criado-512x170.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/346-Servidor-de-vouchers-criado-768x254.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2328\" class=\"wp-caption-text\">Servidor de vouchers criado<\/figcaption><\/figure>\n<p>Com isso temos o servidor de vouchers criado.<\/p>\n<figure id=\"attachment_2329\" aria-describedby=\"caption-attachment-2329\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2329\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/347-Services-Captive-Portal-Administration.png\" alt=\"Services - Captive Portal - Administration\" width=\"1485\" height=\"703\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/347-Services-Captive-Portal-Administration.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/347-Services-Captive-Portal-Administration-512x242.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/347-Services-Captive-Portal-Administration-768x364.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2329\" class=\"wp-caption-text\">Services &#8211; Captive Portal &#8211; Administration<\/figcaption><\/figure>\n<p>Clique em <strong>Services -&gt; Captive Portal -&gt; Administration<\/strong>, iremos criar a configura\u00e7\u00e3o para a zona Blue.<\/p>\n<figure id=\"attachment_2330\" aria-describedby=\"caption-attachment-2330\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2330\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/348-Habilitar-zona-e-selecionar-interfaces-e-metodo-de-autenticacao.png\" alt=\"Habilitar zona e selecionar interfaces e m\u00e9todo de autentica\u00e7\u00e3o\" width=\"1485\" height=\"495\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/348-Habilitar-zona-e-selecionar-interfaces-e-metodo-de-autenticacao.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/348-Habilitar-zona-e-selecionar-interfaces-e-metodo-de-autenticacao-512x171.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/348-Habilitar-zona-e-selecionar-interfaces-e-metodo-de-autenticacao-768x256.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2330\" class=\"wp-caption-text\">Habilitar zona e selecionar interfaces e m\u00e9todo de autentica\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Habilite a zona e em interfaces selecione apenas a interface Blue, em <em>Authenticate using<\/em> selecione o servidor de vouchers que foi criado anteriormente.<\/p>\n<figure id=\"attachment_2331\" aria-describedby=\"caption-attachment-2331\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2331\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/349-Descricao-da-zona.png\" alt=\"Descri\u00e7\u00e3o da zona\" width=\"1485\" height=\"495\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/349-Descricao-da-zona.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/349-Descricao-da-zona-512x171.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/349-Descricao-da-zona-768x256.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2331\" class=\"wp-caption-text\">Descri\u00e7\u00e3o da zona<\/figcaption><\/figure>\n<p>Aqui tamb\u00e9m \u00e9 poss\u00edvel utilizar HTTPS para o portal de autentica\u00e7\u00e3o, caso queira o fazer, se n\u00e3o desejar, apenas d\u00ea uma descri\u00e7\u00e3o para essa zona e clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2332\" aria-describedby=\"caption-attachment-2332\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2332\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/350-Aplicar-configuracao.png\" alt=\"Aplicar configura\u00e7\u00e3o\" width=\"1485\" height=\"707\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/350-Aplicar-configuracao.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/350-Aplicar-configuracao-512x244.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/350-Aplicar-configuracao-768x366.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2332\" class=\"wp-caption-text\">Aplicar configura\u00e7\u00e3o<\/figcaption><\/figure>\n<p>Clique em <em>Apply<\/em> para aplicar as altera\u00e7\u00f5es feitas.<\/p>\n<figure id=\"attachment_2333\" aria-describedby=\"caption-attachment-2333\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2333\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/351-Criar-vouchers.png\" alt=\"Criar vouchers\" width=\"1485\" height=\"700\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/351-Criar-vouchers.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/351-Criar-vouchers-512x241.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/351-Criar-vouchers-768x362.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2333\" class=\"wp-caption-text\">Criar vouchers<\/figcaption><\/figure>\n<p>Agora iremos criar os vouchers, para isso clique em <strong>Services -&gt; Captive Portal -&gt; Vouchers<\/strong>, e depois no bot\u00e3o <em>Create vouchers<\/em>.<\/p>\n<figure id=\"attachment_2334\" aria-describedby=\"caption-attachment-2334\" style=\"width: 1485px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2334\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/352-Configurar-geracao-de-vouchers.png\" alt=\"Configurar gera\u00e7\u00e3o de vouchers\" width=\"1485\" height=\"700\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/352-Configurar-geracao-de-vouchers.png 1485w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/352-Configurar-geracao-de-vouchers-512x241.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/352-Configurar-geracao-de-vouchers-768x362.png 768w\" sizes=\"auto, (max-width: 1485px) 100vw, 1485px\" \/><figcaption id=\"caption-attachment-2334\" class=\"wp-caption-text\">Configurar gera\u00e7\u00e3o de vouchers<\/figcaption><\/figure>\n<p>Aqui podemos alterar algumas configura\u00e7\u00f5es dos vouchers gerados, esses vouchers tamb\u00e9m ter\u00e3o a dura\u00e7\u00e3o de 2 horas, para isso, em <em>Validity<\/em>, selecione a op\u00e7\u00e3o <em>Custom (mninutes)<\/em> e indique a dura\u00e7\u00e3o no campo logo abaixo, tamb\u00e9m pode configurar se os vouchers expiram, e o n\u00famero de vouchers a serem gerados, nesse caso ser\u00e3o apenas 10, como foi feito anteriormente, em <em>Groupname<\/em> d\u00ea um nome para identificar esse lote de vouchers que ser\u00e3o gerados, para terminar clique em <em>Generate<\/em>.<\/p>\n<p>Ao clicar em\u00a0<em>Generate<\/em>, os vouchers ser\u00e3o gerados automaticamente e ser\u00e1 feito o download do arquivo .csv com os vouchers gerados, salve-os em um local apropriado.<\/p>\n<figure id=\"attachment_2335\" aria-describedby=\"caption-attachment-2335\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2335\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/353-Vouchers-gerados-com-sucesso.png\" alt=\"Vouchers gerados com sucesso\" width=\"1463\" height=\"700\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/353-Vouchers-gerados-com-sucesso.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/353-Vouchers-gerados-com-sucesso-512x245.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/353-Vouchers-gerados-com-sucesso-768x367.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2335\" class=\"wp-caption-text\">Vouchers gerados com sucesso<\/figcaption><\/figure>\n<p>Aqui podemos ver os vouchers que foram gerados.<\/p>\n<figure id=\"attachment_2336\" aria-describedby=\"caption-attachment-2336\" style=\"width: 983px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2336\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/354-Arquivo-.csv-com-os-vouchers.png\" alt=\"Arquivo .csv com os vouchers\" width=\"983\" height=\"524\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/354-Arquivo-.csv-com-os-vouchers.png 983w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/354-Arquivo-.csv-com-os-vouchers-512x273.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/354-Arquivo-.csv-com-os-vouchers-768x409.png 768w\" sizes=\"auto, (max-width: 983px) 100vw, 983px\" \/><figcaption id=\"caption-attachment-2336\" class=\"wp-caption-text\">Arquivo .csv com os vouchers<\/figcaption><\/figure>\n<p>Aqui, ao contr\u00e1rio do pfSense, os vouchers n\u00e3o s\u00e3o apenas um c\u00f3digo que \u00e9 introduzido, mas sim um par de username\/password.<\/p>\n<figure id=\"attachment_2337\" aria-describedby=\"caption-attachment-2337\" style=\"width: 1463px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2337\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/355-Configuracao-do-servidor-DHCP-na-interface-Blue.png\" alt=\"Configura\u00e7\u00e3o do servidor DHCP na interface Blue\" width=\"1463\" height=\"1071\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/355-Configuracao-do-servidor-DHCP-na-interface-Blue.png 1463w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/355-Configuracao-do-servidor-DHCP-na-interface-Blue-512x375.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/355-Configuracao-do-servidor-DHCP-na-interface-Blue-768x562.png 768w\" sizes=\"auto, (max-width: 1463px) 100vw, 1463px\" \/><figcaption id=\"caption-attachment-2337\" class=\"wp-caption-text\">Configura\u00e7\u00e3o do servidor DHCP na interface Blue<\/figcaption><\/figure>\n<p>Para habilitar o servidor DHCP v\u00e1 em <strong>Services -&gt; DHCPv4 -&gt; [Blue]<\/strong>.<\/p>\n<p>Selecione a op\u00e7\u00e3o <em>Enable DHCP Server on the Blue interface<\/em>, em <em>Range<\/em> indique o in\u00edcio e fim da faixa de IPs que ser\u00e3o distribu\u00eddos aos clientes, e como tamb\u00e9m iremos restringir os clientes apenas ao DNS do firewall, em <em>DNS servers<\/em> tamb\u00e9m \u00e9 preciso colocar o IP da interface Blue.<\/p>\n<p>Quando terminar clique em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2338\" aria-describedby=\"caption-attachment-2338\" style=\"width: 1533px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2338\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/356-Regras-no-firewall-da-interface-Blue-do-OPNsense-para-permitir-o-acesso-a-internet-enquanto-bloqueia-o-acesso-a-qualquer-servidos-DNS-alem-do-firewall.png\" alt=\"Regras no firewall da interface Blue do OPNsense para permitir o acesso \u00e0 internet enquanto bloqueia o acesso a qualquer servidos DNS al\u00e9m do firewall\" width=\"1533\" height=\"802\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/356-Regras-no-firewall-da-interface-Blue-do-OPNsense-para-permitir-o-acesso-a-internet-enquanto-bloqueia-o-acesso-a-qualquer-servidos-DNS-alem-do-firewall.png 1533w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/356-Regras-no-firewall-da-interface-Blue-do-OPNsense-para-permitir-o-acesso-a-internet-enquanto-bloqueia-o-acesso-a-qualquer-servidos-DNS-alem-do-firewall-512x268.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/356-Regras-no-firewall-da-interface-Blue-do-OPNsense-para-permitir-o-acesso-a-internet-enquanto-bloqueia-o-acesso-a-qualquer-servidos-DNS-alem-do-firewall-768x402.png 768w\" sizes=\"auto, (max-width: 1533px) 100vw, 1533px\" \/><figcaption id=\"caption-attachment-2338\" class=\"wp-caption-text\">Regras no firewall da interface Blue do OPNsense para permitir o acesso \u00e0 internet enquanto bloqueia o acesso a qualquer servidos DNS al\u00e9m do firewall<\/figcaption><\/figure>\n<p>Crie duas regras no firewall para a interface Blue, uma para permitir o acesso \u00e0 internet e outra para bloquear o acesso a qualquer servidor DNS que n\u00e3o seja o firewall.<\/p>\n<figure id=\"attachment_2339\" aria-describedby=\"caption-attachment-2339\" style=\"width: 1562px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2339\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/357-Firewall-Shaper-Pipes.png\" alt=\"Firewall - Shaper - Pipes\" width=\"1562\" height=\"713\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/357-Firewall-Shaper-Pipes.png 1562w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/357-Firewall-Shaper-Pipes-512x234.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/357-Firewall-Shaper-Pipes-768x351.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/357-Firewall-Shaper-Pipes-1536x701.png 1536w\" sizes=\"auto, (max-width: 1562px) 100vw, 1562px\" \/><figcaption id=\"caption-attachment-2339\" class=\"wp-caption-text\">Firewall &#8211; Shaper &#8211; Pipes<\/figcaption><\/figure>\n<p>Para limitar a largura de banda para os users do Captive Portal no OPNsense \u00e9 preciso fazer um procedimento diferente.<\/p>\n<p>Clique em <strong>Firewall -&gt; Shaper -&gt; Pipes<\/strong>, depois clique no bot\u00e3o com o \u2795 para criar um novo pipe.<\/p>\n<figure id=\"attachment_2340\" aria-describedby=\"caption-attachment-2340\" style=\"width: 1562px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2340\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/358-Criar-pipe-para-limitar-velocidade-de-download.png\" alt=\"Criar pipe para limitar velocidade de download\" width=\"1562\" height=\"432\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/358-Criar-pipe-para-limitar-velocidade-de-download.png 1562w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/358-Criar-pipe-para-limitar-velocidade-de-download-512x142.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/358-Criar-pipe-para-limitar-velocidade-de-download-768x212.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/358-Criar-pipe-para-limitar-velocidade-de-download-1536x425.png 1536w\" sizes=\"auto, (max-width: 1562px) 100vw, 1562px\" \/><figcaption id=\"caption-attachment-2340\" class=\"wp-caption-text\">Criar pipe para limitar velocidade de download<\/figcaption><\/figure>\n<p>Em <em>Bandwidth<\/em> especifique a largura de banda que deseja alocar, em <em>Bandwidth Metric<\/em>pode especificar as unidades.<\/p>\n<figure id=\"attachment_2341\" aria-describedby=\"caption-attachment-2341\" style=\"width: 1562px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2341\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/359-Descricao-do-pipe.png\" alt=\"Descri\u00e7\u00e3o do pipe\" width=\"1562\" height=\"432\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/359-Descricao-do-pipe.png 1562w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/359-Descricao-do-pipe-512x142.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/359-Descricao-do-pipe-768x212.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/359-Descricao-do-pipe-1536x425.png 1536w\" sizes=\"auto, (max-width: 1562px) 100vw, 1562px\" \/><figcaption id=\"caption-attachment-2341\" class=\"wp-caption-text\">Descri\u00e7\u00e3o do pipe<\/figcaption><\/figure>\n<p>N\u00e3o \u00e9 preciso fazer mais nenhuma configura\u00e7\u00e3o al\u00e9m de dar uma descri\u00e7\u00e3o para o pipe, quando terminar clique em <em>Save<\/em>.<\/p>\n<p>Repita o processo para o pipe para o upload.<\/p>\n<figure id=\"attachment_2342\" aria-describedby=\"caption-attachment-2342\" style=\"width: 1562px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2342\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/360-Pipes-criados.png\" alt=\"Pipes criados\" width=\"1562\" height=\"751\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/360-Pipes-criados.png 1562w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/360-Pipes-criados-512x246.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/360-Pipes-criados-768x369.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/360-Pipes-criados-1536x738.png 1536w\" sizes=\"auto, (max-width: 1562px) 100vw, 1562px\" \/><figcaption id=\"caption-attachment-2342\" class=\"wp-caption-text\">Pipes criados<\/figcaption><\/figure>\n<p>Com os pipes criados podemos criar as regras que ir\u00e3o aplicar os limites.<\/p>\n<figure id=\"attachment_2343\" aria-describedby=\"caption-attachment-2343\" style=\"width: 1562px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2343\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/361-Criar-regras.png\" alt=\"Criar regras\" width=\"1562\" height=\"751\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/361-Criar-regras.png 1562w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/361-Criar-regras-512x246.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/361-Criar-regras-768x369.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/361-Criar-regras-1536x738.png 1536w\" sizes=\"auto, (max-width: 1562px) 100vw, 1562px\" \/><figcaption id=\"caption-attachment-2343\" class=\"wp-caption-text\">Criar regras<\/figcaption><\/figure>\n<p>Clique na aba <em>Rules<\/em> e no bot\u00e3o \u2795.<\/p>\n<figure id=\"attachment_2344\" aria-describedby=\"caption-attachment-2344\" style=\"width: 1562px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2344\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/362-Criar-regra-para-download.png\" alt=\"Criar regra para download\" width=\"1562\" height=\"642\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/362-Criar-regra-para-download.png 1562w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/362-Criar-regra-para-download-512x210.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/362-Criar-regra-para-download-768x316.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/362-Criar-regra-para-download-1536x631.png 1536w\" sizes=\"auto, (max-width: 1562px) 100vw, 1562px\" \/><figcaption id=\"caption-attachment-2344\" class=\"wp-caption-text\">Criar regra para download<\/figcaption><\/figure>\n<p>Ative o switch <em>advanced mode<\/em> e se certifique de que a regra est\u00e1 ativa.<\/p>\n<p>Em <em>Interface<\/em> selecione a interface Blue, em <em>Protocol<\/em> selecione ipv4.<\/p>\n<figure id=\"attachment_2345\" aria-describedby=\"caption-attachment-2345\" style=\"width: 1562px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2345\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/363-Direcao-e-descricao-da-regra.png\" alt=\"Dire\u00e7\u00e3o e descri\u00e7\u00e3o da regra\" width=\"1562\" height=\"617\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/363-Direcao-e-descricao-da-regra.png 1562w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/363-Direcao-e-descricao-da-regra-512x202.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/363-Direcao-e-descricao-da-regra-768x303.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/363-Direcao-e-descricao-da-regra-1536x607.png 1536w\" sizes=\"auto, (max-width: 1562px) 100vw, 1562px\" \/><figcaption id=\"caption-attachment-2345\" class=\"wp-caption-text\">Dire\u00e7\u00e3o e descri\u00e7\u00e3o da regra<\/figcaption><\/figure>\n<p>Em <em>Direction<\/em> selecione <em>out<\/em>, j\u00e1 que vamos limitar a velocidade do tr\u00e1fego que <em>sai<\/em> da interface e vai para os clientes, e em <em>Target<\/em> selecione o pipe que foi criado para os downloads, d\u00ea uma descri\u00e7\u00e3o e clique em <em>Save<\/em>.<\/p>\n<p>Repita o processo para criar uma regra para os uploads, dessa vez selecionando como <em>target<\/em> o pipe de upload, e a dire\u00e7\u00e3o <em>in.<\/em><\/p>\n<figure id=\"attachment_2346\" aria-describedby=\"caption-attachment-2346\" style=\"width: 1562px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2346\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/364-Regras-criadas.png\" alt=\"Regras criadas\" width=\"1562\" height=\"752\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/364-Regras-criadas.png 1562w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/364-Regras-criadas-512x246.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/364-Regras-criadas-768x370.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/364-Regras-criadas-1536x739.png 1536w\" sizes=\"auto, (max-width: 1562px) 100vw, 1562px\" \/><figcaption id=\"caption-attachment-2346\" class=\"wp-caption-text\">Regras criadas<\/figcaption><\/figure>\n<p>Com as duas regras criadas j\u00e1 podemos testar o Captive Portal no cliente.<\/p>\n<figure id=\"attachment_2347\" aria-describedby=\"caption-attachment-2347\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2347\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/365-Cliente-Windows-na-rede-Blue-do-OPNsense-sendo-notificado-que-precisa-fazer-login-para-poder-acessar-a-internet.png\" alt=\"Cliente Windows na rede Blue do OPNsense sendo notificado que precisa fazer login para poder acessar a internet\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/365-Cliente-Windows-na-rede-Blue-do-OPNsense-sendo-notificado-que-precisa-fazer-login-para-poder-acessar-a-internet.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/365-Cliente-Windows-na-rede-Blue-do-OPNsense-sendo-notificado-que-precisa-fazer-login-para-poder-acessar-a-internet-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/365-Cliente-Windows-na-rede-Blue-do-OPNsense-sendo-notificado-que-precisa-fazer-login-para-poder-acessar-a-internet-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/365-Cliente-Windows-na-rede-Blue-do-OPNsense-sendo-notificado-que-precisa-fazer-login-para-poder-acessar-a-internet-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2347\" class=\"wp-caption-text\">Cliente Windows na rede Blue do OPNsense sendo notificado que precisa fazer login para poder acessar a internet<\/figcaption><\/figure>\n<p>Como podemos ver na imagem acima, \u00e9 pedido para iniciar sess\u00e3o para poder acessar a internet.<\/p>\n<figure id=\"attachment_2348\" aria-describedby=\"caption-attachment-2348\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2348\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/366-Portal-de-acesso-do-Captive-Portal-no-OPNsense.png\" alt=\"Portal de acesso do Captive Portal no OPNsense\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/366-Portal-de-acesso-do-Captive-Portal-no-OPNsense.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/366-Portal-de-acesso-do-Captive-Portal-no-OPNsense-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/366-Portal-de-acesso-do-Captive-Portal-no-OPNsense-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/366-Portal-de-acesso-do-Captive-Portal-no-OPNsense-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2348\" class=\"wp-caption-text\">Portal de acesso do Captive Portal no OPNsense<\/figcaption><\/figure>\n<p>O portal de acesso do Captive Portal no OPNsense \u00e9 ligeiramente diferente do pfSense, aqui n\u00e3o temos a op\u00e7\u00e3o de utilizar um token, apenas uma combina\u00e7\u00e3o de username e password.<\/p>\n<figure id=\"attachment_2349\" aria-describedby=\"caption-attachment-2349\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2349\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/367-Cliente-com-largura-de-banda-restrida-e-acesso-apenas-ao-DNS-do-firewall.png\" alt=\"Cliente com largura de banda restrida e acesso apenas ao DNS do firewall\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/367-Cliente-com-largura-de-banda-restrida-e-acesso-apenas-ao-DNS-do-firewall.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/367-Cliente-com-largura-de-banda-restrida-e-acesso-apenas-ao-DNS-do-firewall-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/367-Cliente-com-largura-de-banda-restrida-e-acesso-apenas-ao-DNS-do-firewall-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/367-Cliente-com-largura-de-banda-restrida-e-acesso-apenas-ao-DNS-do-firewall-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2349\" class=\"wp-caption-text\">Cliente com largura de banda restrida e acesso apenas ao DNS do firewall<\/figcaption><\/figure>\n<p>A largura de banda foi limitada com sucesso, e o cliente n\u00e3o tem acesso a outros servidores DNS al\u00e9m do pr\u00f3prio firewall.<\/p>\n<figure id=\"attachment_2350\" aria-describedby=\"caption-attachment-2350\" style=\"width: 1426px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2350\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/368-Sessao-iniciada-no-Captive-Portal-pelo-cliente-Windows.png\" alt=\"Sess\u00e3o iniciada no Captive Portal pelo cliente Windows\" width=\"1426\" height=\"715\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/368-Sessao-iniciada-no-Captive-Portal-pelo-cliente-Windows.png 1426w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/368-Sessao-iniciada-no-Captive-Portal-pelo-cliente-Windows-512x257.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/368-Sessao-iniciada-no-Captive-Portal-pelo-cliente-Windows-768x385.png 768w\" sizes=\"auto, (max-width: 1426px) 100vw, 1426px\" \/><figcaption id=\"caption-attachment-2350\" class=\"wp-caption-text\">Sess\u00e3o iniciada no Captive Portal pelo cliente Windows<\/figcaption><\/figure>\n<p>E no OPNsense podemos ver a sess\u00e3o do Captive Portal ativa.<\/p>\n<h3>High Availability no pfSense<\/h3>\n<p>Uma segunda inst\u00e2ncia do pfSense ser\u00e1 instalada e configurada para assumir as fun\u00e7\u00f5es da inst\u00e2ncia atual, caso ela falhe.<\/p>\n<p>O primeiro passo ser\u00e1 fazer algumas pequenas altera\u00e7\u00f5es na rede que liga o pfSense e o R3, no momento a rede configurada \u00e9 a <span style=\"font-family: andale mono, monospace;\">10.155.170.8\/30<\/span>, que tem apenas 2 IPs dispon\u00edveis, o primeiro, <span style=\"font-family: andale mono, monospace;\">10.155.170.9<\/span>, para o R3 e o segundo, <span style=\"font-family: andale mono, monospace;\">10.155.170.10<\/span>, para o pfSense, entretanto, ser\u00e1 preciso mais 2 IPs, um para a segunda inst\u00e2ncia do pfSense e outro para a interface virtual que ser\u00e1 partilhada entre as duas inst\u00e2ncias, por isso a rede ser\u00e1 expandida, de <span style=\"font-family: andale mono, monospace;\">\/30<\/span> para <span style=\"font-family: andale mono, monospace;\">\/29<\/span>, com a primeira inst\u00e2ncia passando a <span style=\"font-family: andale mono, monospace;\">10.155.170.11,<\/span> segunda inst\u00e2ncia do pfSense ficando com o endere\u00e7o <span style=\"font-family: andale mono, monospace;\">10.155.170.12<\/span> e a interface virtual <span style=\"font-family: andale mono, monospace;\">10.155.170.10<\/span>.<\/p>\n<p>Tamb\u00e9m ser\u00e1 preciso configurar a interface <span style=\"font-family: andale mono, monospace;\">OPT3<\/span>, que no momento n\u00e3o est\u00e1 em uso, para servir como link de sincroniza\u00e7\u00e3o entre as duas inst\u00e2ncias.<\/p>\n<p>A configura\u00e7\u00e3o dessa nova inst\u00e2ncia, que ficar\u00e1 com o hostname zidPR, ter\u00e1 uma configura\u00e7\u00e3o inicial muito semelhante \u00e0 da inst\u00e2ncia atual, ballaPR.<\/p>\n<p>Ser\u00e1 preciso mudar os IPs de todas as interfaces do firewall ballaPR, para um IP \u00e0 frente, por exemplo, o endere\u00e7o da interface Green vai passar de <span style=\"font-family: andale mono, monospace;\">172.29.170.1<\/span> para <span style=\"font-family: andale mono, monospace;\">172.29.170.2<\/span>, e os IPs da segunda inst\u00e2ncia, zidPR, ser\u00e3o os endere\u00e7os seguintes, isso ser\u00e1 feito para que n\u00e3o seja preciso alterar as configura\u00e7\u00f5es de servidores DHCP, ou outros servi\u00e7os que estejam configurados para usar os endere\u00e7os originais da inst\u00e2ncia ballaPR.<\/p>\n<p>Os IPs da inst\u00e2ncia zidPR fica\u00e7\u00e3o da seguinte forma:<\/p>\n<p><span style=\"font-family: andale mono, monospace;\">00:50:56:20:02:80 \u2013 R3-pf\/WAN 10.155.170.12\/29<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:20:02:81 \u2013 pfGreen 172.29.170.3\/23<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:20:02:82 \u2013 pfOrange 10.18.170.3\/29<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:20:02:83 \u2013 pfBlue 10.0.170.3\/24<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:20:02:84 \u2013 pfSync 172.168.255.2\/30<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">00:50:56:20:02:85 \u2013 Host 10.10.10.22\/24<\/span><\/p>\n<figure id=\"attachment_2353\" aria-describedby=\"caption-attachment-2353\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2353 size-full\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/369-Interfaces-ballaPR-1.png\" alt=\"Interfaces ballaPR\" width=\"1243\" height=\"682\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/369-Interfaces-ballaPR-1.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/369-Interfaces-ballaPR-1-512x281.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/369-Interfaces-ballaPR-1-768x421.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2353\" class=\"wp-caption-text\">Interfaces ballaPR<\/figcaption><\/figure>\n<figure id=\"attachment_2354\" aria-describedby=\"caption-attachment-2354\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2354 size-full\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/370-Interfaces-zidPR-1.png\" alt=\"Interfaces zidPR\" width=\"1243\" height=\"471\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/370-Interfaces-zidPR-1.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/370-Interfaces-zidPR-1-512x194.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/370-Interfaces-zidPR-1-768x291.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2354\" class=\"wp-caption-text\">Interfaces zidPR<\/figcaption><\/figure>\n<p>Nas imagens acima podemos ver que as duas inst\u00e2ncias tem as mesmas interfaces f\u00edsicas com os mesmos nomes e com os IPs em sequ\u00eancia.<\/p>\n<p>Com as interfaces j\u00e1 configuradas, \u00e9 preciso agora instalar os mesmos pacotes que foram instalados no ballaPR.<\/p>\n<figure id=\"attachment_2355\" aria-describedby=\"caption-attachment-2355\" style=\"width: 1495px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2355\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/371-Pacotes-instalados-no-firewall-ballaPR.png\" alt=\"Pacotes instalados no firewall ballaPR\" width=\"1495\" height=\"1087\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/371-Pacotes-instalados-no-firewall-ballaPR.png 1495w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/371-Pacotes-instalados-no-firewall-ballaPR-512x372.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/371-Pacotes-instalados-no-firewall-ballaPR-768x558.png 768w\" sizes=\"auto, (max-width: 1495px) 100vw, 1495px\" \/><figcaption id=\"caption-attachment-2355\" class=\"wp-caption-text\">Pacotes instalados no firewall ballaPR<\/figcaption><\/figure>\n<figure id=\"attachment_2356\" aria-describedby=\"caption-attachment-2356\" style=\"width: 1495px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2356\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/372-Pacotes-instalados-no-firewall-zidPR.png\" alt=\"Pacotes instalados no firewall zidPR\" width=\"1495\" height=\"1087\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/372-Pacotes-instalados-no-firewall-zidPR.png 1495w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/372-Pacotes-instalados-no-firewall-zidPR-512x372.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/372-Pacotes-instalados-no-firewall-zidPR-768x558.png 768w\" sizes=\"auto, (max-width: 1495px) 100vw, 1495px\" \/><figcaption id=\"caption-attachment-2356\" class=\"wp-caption-text\">Pacotes instalados no firewall zidPR<\/figcaption><\/figure>\n<p>Agora \u00e9 preciso criar as regras no firewall na interface Sync para possa haver a sincroniza\u00e7\u00e3o.<\/p>\n<figure id=\"attachment_2360\" aria-describedby=\"caption-attachment-2360\" style=\"width: 1483px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2360\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/373-Regras-de-firewall-para-a-interface-Sync.png\" alt=\"Regras de firewall para a interface Sync\" width=\"1483\" height=\"557\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/373-Regras-de-firewall-para-a-interface-Sync.png 1483w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/373-Regras-de-firewall-para-a-interface-Sync-512x192.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/373-Regras-de-firewall-para-a-interface-Sync-768x288.png 768w\" sizes=\"auto, (max-width: 1483px) 100vw, 1483px\" \/><figcaption id=\"caption-attachment-2360\" class=\"wp-caption-text\">Regras de firewall para a interface Sync<\/figcaption><\/figure>\n<p>\u00c9 preciso replicar essas regras nos dois firewalls.<\/p>\n<figure id=\"attachment_2362\" aria-describedby=\"caption-attachment-2362\" style=\"width: 1483px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2362\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/374-System-High-Avail.-Sync.png\" alt=\"System - High Avail. Sync\" width=\"1483\" height=\"557\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/374-System-High-Avail.-Sync.png 1483w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/374-System-High-Avail.-Sync-512x192.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/374-System-High-Avail.-Sync-768x288.png 768w\" sizes=\"auto, (max-width: 1483px) 100vw, 1483px\" \/><figcaption id=\"caption-attachment-2362\" class=\"wp-caption-text\">System &#8211; High Avail. Sync<\/figcaption><\/figure>\n<p>Agora ser\u00e1 preciso ativar a Alta Disponibilidade nos dois firewalls, para isso v\u00e1 em <strong>System -&gt; High Avail. Sync<\/strong>, nos dois firewalls.<\/p>\n<figure id=\"attachment_2363\" aria-describedby=\"caption-attachment-2363\" style=\"width: 1352px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2363\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/375-High-Availability-State-Synchronization-Settings.png\" alt=\"High Availability - State Synchronization Settings\" width=\"1352\" height=\"621\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/375-High-Availability-State-Synchronization-Settings.png 1352w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/375-High-Availability-State-Synchronization-Settings-512x235.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/375-High-Availability-State-Synchronization-Settings-768x353.png 768w\" sizes=\"auto, (max-width: 1352px) 100vw, 1352px\" \/><figcaption id=\"caption-attachment-2363\" class=\"wp-caption-text\">High Availability &#8211; State Synchronization Settings<\/figcaption><\/figure>\n<p>Selecione a op\u00e7\u00e3o <em>Synchronize states<\/em>, e em <em>Synchronize Interface<\/em>, selecione a interface que foi configurada para esse prop\u00f3sito, nesse caso \u00e9 a interface Sync.<\/p>\n<p>Em <em>pfSunc Synchronize Peer IP<\/em> coloque o IP da interface Sync do outro firewall, no firewall ballaPR esse IP \u00e9 <span style=\"font-family: andale mono, monospace;\">172.168.255.<\/span>2 e no zidPR \u00e9 <span style=\"font-family: andale mono, monospace;\">172.168.255.1<\/span>.<\/p>\n<figure id=\"attachment_2366\" aria-describedby=\"caption-attachment-2366\" style=\"width: 1352px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2366\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/378-High-Availability-State-Synchronization-Settings-no-zidPR.png\" alt=\"High Availability - State Synchronization Settings no zidPR\" width=\"1352\" height=\"623\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/378-High-Availability-State-Synchronization-Settings-no-zidPR.png 1352w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/378-High-Availability-State-Synchronization-Settings-no-zidPR-512x236.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/378-High-Availability-State-Synchronization-Settings-no-zidPR-768x354.png 768w\" sizes=\"auto, (max-width: 1352px) 100vw, 1352px\" \/><figcaption id=\"caption-attachment-2366\" class=\"wp-caption-text\">High Availability &#8211; State Synchronization Settings no zidPR<\/figcaption><\/figure>\n<p>N\u00e3o \u00e9 preciso fazer mais nenhuma configura\u00e7\u00e3o nessa p\u00e1gina para o segundo firewall, nesse caso pode clicar em <em>Save<\/em> no final da p\u00e1gina e continuar a configura\u00e7\u00e3o no primeiro firewall.<\/p>\n<figure id=\"attachment_2364\" aria-describedby=\"caption-attachment-2364\" style=\"width: 1352px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2364\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/376-High-Availability-Configuration-Syncronization-Settings.png\" alt=\"High Availability - Configuration Syncronization Settings\" width=\"1352\" height=\"622\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/376-High-Availability-Configuration-Syncronization-Settings.png 1352w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/376-High-Availability-Configuration-Syncronization-Settings-512x236.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/376-High-Availability-Configuration-Syncronization-Settings-768x353.png 768w\" sizes=\"auto, (max-width: 1352px) 100vw, 1352px\" \/><figcaption id=\"caption-attachment-2364\" class=\"wp-caption-text\">High Availability &#8211; Configuration Syncronization Settings<\/figcaption><\/figure>\n<p>Em <em>Synchronize Config to IP<\/em> coloque novamente o IP do segundo firewall, em <em>Remote System Username<\/em> coloque o username da conta de administrador, e em <em>Remote System Password<\/em> coloque a senha, pode deixar a op\u00e7\u00e3o <em>Synchronize admin<\/em> ativa.<\/p>\n<figure id=\"attachment_2365\" aria-describedby=\"caption-attachment-2365\" style=\"width: 1352px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2365\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/377-High-Availability-Select-options-to-sync.png\" alt=\"High Availability - Select options to sync\" width=\"1352\" height=\"708\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/377-High-Availability-Select-options-to-sync.png 1352w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/377-High-Availability-Select-options-to-sync-512x268.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/377-High-Availability-Select-options-to-sync-768x402.png 768w\" sizes=\"auto, (max-width: 1352px) 100vw, 1352px\" \/><figcaption id=\"caption-attachment-2365\" class=\"wp-caption-text\">High Availability &#8211; Select options to sync<\/figcaption><\/figure>\n<p>Aqui ser\u00e3o selecionadas as op\u00e7\u00f5es que ser\u00e3o sincronizadas, selecione todas as que se apliquem e clique em <em>Save<\/em>.<\/p>\n<p>Agora \u00e9 preciso criar os Virtual IPs, que ser\u00e3o partilhados entre os dois firewalls.<\/p>\n<figure id=\"attachment_2367\" aria-describedby=\"caption-attachment-2367\" style=\"width: 1352px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2367\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/379-Firewall-Virtual-IPs.png\" alt=\"Firewall - Virtual IPs\" width=\"1352\" height=\"588\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/379-Firewall-Virtual-IPs.png 1352w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/379-Firewall-Virtual-IPs-512x223.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/379-Firewall-Virtual-IPs-768x334.png 768w\" sizes=\"auto, (max-width: 1352px) 100vw, 1352px\" \/><figcaption id=\"caption-attachment-2367\" class=\"wp-caption-text\">Firewall &#8211; Virtual IPs<\/figcaption><\/figure>\n<p>Clique em <strong>Firewall -&gt; Virtual IPs<\/strong>.<\/p>\n<figure id=\"attachment_2368\" aria-describedby=\"caption-attachment-2368\" style=\"width: 1150px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2368\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/380-Virtual-IPs.png\" alt=\"Virtual IPs\" width=\"1150\" height=\"507\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/380-Virtual-IPs.png 1150w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/380-Virtual-IPs-512x226.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/380-Virtual-IPs-768x339.png 768w\" sizes=\"auto, (max-width: 1150px) 100vw, 1150px\" \/><figcaption id=\"caption-attachment-2368\" class=\"wp-caption-text\">Virtual IPs<\/figcaption><\/figure>\n<p>Para criar um novo Virtual IP clique em <em>Add<\/em>.<\/p>\n<figure id=\"attachment_2369\" aria-describedby=\"caption-attachment-2369\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2369\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/381-WAN-CARP-VIP.png\" alt=\"WAN CARP VIP\" width=\"1243\" height=\"946\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/381-WAN-CARP-VIP.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/381-WAN-CARP-VIP-512x390.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/381-WAN-CARP-VIP-768x584.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2369\" class=\"wp-caption-text\">WAN CARP VIP<\/figcaption><\/figure>\n<p>Vamos come\u00e7ar pelo VIP da interface WAN.<\/p>\n<p>Em <em>Type<\/em> selecione <em>CARP<\/em>, em <em>Interface<\/em> selecione <em>WAN<\/em>.<\/p>\n<p><em>Address type<\/em> fica como <em>Single address<\/em>, e em <em>Address(es)<\/em> coloque o IP que deseja, que nesse caso ser\u00e1 o IP que a interface WAN desse firewall usava anteriormente.<\/p>\n<p>Em <em>Virtual IP Password<\/em> coloque uma senha e a confirme.<\/p>\n<p><em>VHID Group<\/em> geralmente \u00e9 configurado como o \u00faltimo octeto do endere\u00e7o de IP, por isso fica como <span style=\"font-family: andale mono, monospace;\">10<\/span> nesse caso.<\/p>\n<p>Em <em>Description<\/em> coloque uma descri\u00e7\u00e3o adequada para esse VIP e clique em <em>Save<\/em>.<\/p>\n<p>Repita os passos para o resto das interfaces, colocando os endere\u00e7os apropriados.<\/p>\n<figure id=\"attachment_2370\" aria-describedby=\"caption-attachment-2370\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2370\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/382-CARP-Virtual-IPs-para-as-interfaces.png\" alt=\"CARP Virtual IPs para as interfaces\" width=\"1243\" height=\"523\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/382-CARP-Virtual-IPs-para-as-interfaces.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/382-CARP-Virtual-IPs-para-as-interfaces-512x215.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/382-CARP-Virtual-IPs-para-as-interfaces-768x323.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2370\" class=\"wp-caption-text\">CARP Virtual IPs para as interfaces<\/figcaption><\/figure>\n<p>Com a cria\u00e7\u00e3o dos VIPs terminadas podemos ir para o pr\u00f3ximo passo, NAT.<\/p>\n<figure id=\"attachment_2371\" aria-describedby=\"caption-attachment-2371\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2371\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/383-Firewall-NAT-Outbound.png\" alt=\"Firewall - NAT - Outbound\" width=\"1243\" height=\"551\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/383-Firewall-NAT-Outbound.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/383-Firewall-NAT-Outbound-512x227.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/383-Firewall-NAT-Outbound-768x340.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2371\" class=\"wp-caption-text\">Firewall &#8211; NAT &#8211; Outbound<\/figcaption><\/figure>\n<p>Clique em <strong>Firewall -&gt; NAT<\/strong> e depois na aba <em>Outbound<\/em>.<\/p>\n<p>Selecione a op\u00e7\u00e3o <em>Manual Outbound NAT rule generation<\/em> e clique em <em>Save<\/em>.<\/p>\n<figure id=\"attachment_2372\" aria-describedby=\"caption-attachment-2372\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2372\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/384-NAT-Mappings.png\" alt=\"NAT Mappings\" width=\"1243\" height=\"622\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/384-NAT-Mappings.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/384-NAT-Mappings-512x256.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/384-NAT-Mappings-768x384.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2372\" class=\"wp-caption-text\">NAT Mappings<\/figcaption><\/figure>\n<p>Aqui podemos ver todas as regras que foram geradas automaticamente, ser\u00e1 preciso alterar todas elas.<\/p>\n<p>Para isso clique no \u00edcone do l\u00e1pis \u270f do lado direito para as editar.<\/p>\n<figure id=\"attachment_2373\" aria-describedby=\"caption-attachment-2373\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2373\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/385-Alterar-Translation-Address-para-WAN-CARP-VIP.png\" alt=\"Alterar Translation Address para WAN CARP VIP\" width=\"1243\" height=\"390\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/385-Alterar-Translation-Address-para-WAN-CARP-VIP.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/385-Alterar-Translation-Address-para-WAN-CARP-VIP-512x161.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/385-Alterar-Translation-Address-para-WAN-CARP-VIP-768x241.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2373\" class=\"wp-caption-text\">Alterar Translation Address para WAN CARP VIP<\/figcaption><\/figure>\n<p>Em <em>Translation &#8211; Address<\/em>, altere de <em>Interface Address<\/em> para o VIP da interface WAN, depois clique em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2374\" aria-describedby=\"caption-attachment-2374\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2374\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/386-Primeira-regra-alterada.png\" alt=\"Primeira regra alterada\" width=\"1243\" height=\"388\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/386-Primeira-regra-alterada.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/386-Primeira-regra-alterada-512x160.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/386-Primeira-regra-alterada-768x240.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2374\" class=\"wp-caption-text\">Primeira regra alterada<\/figcaption><\/figure>\n<p>Com isso j\u00e1 temos a primeira regra alterada, repita esses passos para o resto das regras.<\/p>\n<figure id=\"attachment_2375\" aria-describedby=\"caption-attachment-2375\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2375\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/387-Resto-das-regras-alteradas.png\" alt=\"Resto das regras alteradas\" width=\"1243\" height=\"656\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/387-Resto-das-regras-alteradas.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/387-Resto-das-regras-alteradas-512x270.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/387-Resto-das-regras-alteradas-768x405.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2375\" class=\"wp-caption-text\">Resto das regras alteradas<\/figcaption><\/figure>\n<p>Com as regras alteradas podemos continuar o processo.<\/p>\n<figure id=\"attachment_2376\" aria-describedby=\"caption-attachment-2376\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2376\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/388-Status-CARP-ballaPR.png\" alt=\"Status CARP ballaPR\" width=\"1243\" height=\"795\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/388-Status-CARP-ballaPR.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/388-Status-CARP-ballaPR-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/388-Status-CARP-ballaPR-768x491.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2376\" class=\"wp-caption-text\">Status CARP ballaPR<\/figcaption><\/figure>\n<p>Se clicar em <strong>Status -&gt; CARP (failover)<\/strong> poder\u00e1 ver o estado do servi\u00e7o.<\/p>\n<p>Aqui vemos que o primeiro firewall, ballaPR, est\u00e1 como MASTER.<\/p>\n<figure id=\"attachment_2377\" aria-describedby=\"caption-attachment-2377\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2377\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/389-Status-CARP-zidPR.png\" alt=\"Status CARP zidPR\" width=\"1243\" height=\"795\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/389-Status-CARP-zidPR.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/389-Status-CARP-zidPR-512x327.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/389-Status-CARP-zidPR-768x491.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2377\" class=\"wp-caption-text\">Status CARP zidPR<\/figcaption><\/figure>\n<p>E o segundo como BACKUP.<\/p>\n<p>A maioria das configura\u00e7\u00f5es est\u00e3o sendo replicadas automaticamente com essas configura\u00e7\u00f5es, mas ainda \u00e9 preciso fazer algumas altera\u00e7\u00f5es em alguns servi\u00e7os.<\/p>\n<figure id=\"attachment_2378\" aria-describedby=\"caption-attachment-2378\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2378\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/390-Reconfigurar-o-IP-do-Gateway-no-servidor-DHCP.png\" alt=\"Reconfigurar o IP do Gateway no servidor DHCP\" width=\"1243\" height=\"262\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/390-Reconfigurar-o-IP-do-Gateway-no-servidor-DHCP.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/390-Reconfigurar-o-IP-do-Gateway-no-servidor-DHCP-512x108.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/390-Reconfigurar-o-IP-do-Gateway-no-servidor-DHCP-768x162.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2378\" class=\"wp-caption-text\">Reconfigurar o IP do Gateway no servidor DHCP<\/figcaption><\/figure>\n<p>No caso do servidor DHCP \u00e9 preciso recondigurar o IP do Gateway para o VIP da interface.<\/p>\n<figure id=\"attachment_2379\" aria-describedby=\"caption-attachment-2379\" style=\"width: 1243px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2379\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/391-Squid-Proxy-CARP-Status-VIP.png\" alt=\"Squid Proxy - CARP Status VIP\" width=\"1243\" height=\"631\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/391-Squid-Proxy-CARP-Status-VIP.png 1243w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/391-Squid-Proxy-CARP-Status-VIP-512x260.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/391-Squid-Proxy-CARP-Status-VIP-768x390.png 768w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><figcaption id=\"caption-attachment-2379\" class=\"wp-caption-text\">Squid Proxy &#8211; CARP Status VIP<\/figcaption><\/figure>\n<p>No Squid Proxy \u00e9 preciso ativar a sincroniza\u00e7\u00e3o, para isso, em <em>CARP Status VIP<\/em> selecione o VIP de alguma das interfaces que est\u00e1 configurada para utilizar o proxy, nesse caso \u00e9 o VIP da interface Green, repita esses passos nos dois firewalls.<\/p>\n<p>Clique em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2380\" aria-describedby=\"caption-attachment-2380\" style=\"width: 1227px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2380 size-full\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/392-Squid-Proxy-Sync-1.png\" alt=\"Squid Proxy - Sync\" width=\"1227\" height=\"786\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/392-Squid-Proxy-Sync-1.png 1227w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/392-Squid-Proxy-Sync-1-512x328.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/392-Squid-Proxy-Sync-1-768x492.png 768w\" sizes=\"auto, (max-width: 1227px) 100vw, 1227px\" \/><figcaption id=\"caption-attachment-2380\" class=\"wp-caption-text\">Squid Proxy &#8211; Sync<\/figcaption><\/figure>\n<p>No firewall principal, na aba <em>Sync<\/em> do Squid Proxy, em <em>Enable Sync<\/em> selecione a op\u00e7\u00e3o <em>Sync to host(s) defined below<\/em>.<\/p>\n<p>Habilite a op\u00e7\u00e3o <em>Replication Targets<\/em> e a configure com o protocolo que esteja utilizando na interface web, HTTPS, nesse caso, o IP deve ser o queo firewall est\u00e1 utilizando naquela interface, nesse caso \u00e9 o IP <span style=\"font-family: andale mono, monospace;\">172.29.170.3<\/span> na interface Green, mesma coisa para a porta, as credenciais s\u00e3o as utilizadas para acessar a interface web.<\/p>\n<p>Essa configura\u00e7\u00e3o s\u00f3 \u00e9 feita no firewall principal.<\/p>\n<p>Essa configura\u00e7\u00e3o precisa ser repetida para o SquidGuard, e \u00e9 feita na aba <em>XMLRPC Sync<\/em>.<\/p>\n<p>Agora \u00e9 preciso atualizar as configura\u00e7\u00f5es das VPNs.<\/p>\n<figure id=\"attachment_2382\" aria-describedby=\"caption-attachment-2382\" style=\"width: 1117px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2382\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/393-OpenVPN-Server-Endpoint-Configuration-Interface.png\" alt=\"OpenVPN Server - Endpoint Configuration - Interface\" width=\"1117\" height=\"293\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/393-OpenVPN-Server-Endpoint-Configuration-Interface.png 1117w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/393-OpenVPN-Server-Endpoint-Configuration-Interface-512x134.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/393-OpenVPN-Server-Endpoint-Configuration-Interface-768x201.png 768w\" sizes=\"auto, (max-width: 1117px) 100vw, 1117px\" \/><figcaption id=\"caption-attachment-2382\" class=\"wp-caption-text\">OpenVPN Server &#8211; Endpoint Configuration &#8211; Interface<\/figcaption><\/figure>\n<p>No servidor OpenVPN, em <em>Endpoint Configuration<\/em>, altere a <em>Interface<\/em> para o VIP da WAN e salve.<\/p>\n<figure id=\"attachment_2383\" aria-describedby=\"caption-attachment-2383\" style=\"width: 952px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2383\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/394-IPsec-IKE-Endpoint-Configuration-Interface.png\" alt=\"IPsec - IKE Endpoint Configuration - Interface\" width=\"952\" height=\"432\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/394-IPsec-IKE-Endpoint-Configuration-Interface.png 952w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/394-IPsec-IKE-Endpoint-Configuration-Interface-512x232.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/394-IPsec-IKE-Endpoint-Configuration-Interface-768x349.png 768w\" sizes=\"auto, (max-width: 952px) 100vw, 952px\" \/><figcaption id=\"caption-attachment-2383\" class=\"wp-caption-text\">IPsec &#8211; IKE Endpoint Configuration &#8211; Interface<\/figcaption><\/figure>\n<p>O mesmo deve ser feito para a VPN IPsec, em <em>IKE Endpoint Configuration<\/em>, altere a\u00a0<em>Interface<\/em> para o VIP da WAN e salve.<\/p>\n<p>Agora ser\u00e1 preciso alterar as regras no firewall na interface WAN referentes ao servidor OpenVPN, que no momento est\u00e3o configuradas para o IP da interface WAN, mas precisam ser configuradas para o VIP da WAN.<\/p>\n<figure id=\"attachment_2384\" aria-describedby=\"caption-attachment-2384\" style=\"width: 1335px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2384\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/395-Regras-do-firewall-para-OpenVPN.png\" alt=\"Regras do firewall para OpenVPN\" width=\"1335\" height=\"703\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/395-Regras-do-firewall-para-OpenVPN.png 1335w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/395-Regras-do-firewall-para-OpenVPN-512x270.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/395-Regras-do-firewall-para-OpenVPN-768x404.png 768w\" sizes=\"auto, (max-width: 1335px) 100vw, 1335px\" \/><figcaption id=\"caption-attachment-2384\" class=\"wp-caption-text\">Regras do firewall para OpenVPN<\/figcaption><\/figure>\n<p>Com isso os clientes remotos poder\u00e3o se conectar.<\/p>\n<figure id=\"attachment_2385\" aria-describedby=\"caption-attachment-2385\" style=\"width: 1335px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2385\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/396-Cliente-remoto-ligado-atraves-do-servidor-OpenVPN-atraves-do-firewall-principal.png\" alt=\"Cliente remoto ligado atrav\u00e9s do servidor OpenVPN atrav\u00e9s do firewall principal\" width=\"1335\" height=\"493\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/396-Cliente-remoto-ligado-atraves-do-servidor-OpenVPN-atraves-do-firewall-principal.png 1335w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/396-Cliente-remoto-ligado-atraves-do-servidor-OpenVPN-atraves-do-firewall-principal-512x189.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/396-Cliente-remoto-ligado-atraves-do-servidor-OpenVPN-atraves-do-firewall-principal-768x284.png 768w\" sizes=\"auto, (max-width: 1335px) 100vw, 1335px\" \/><figcaption id=\"caption-attachment-2385\" class=\"wp-caption-text\">Cliente remoto ligado atrav\u00e9s do servidor OpenVPN atrav\u00e9s do firewall principal<\/figcaption><\/figure>\n<p>Acima temos um cliente remoto ligado ao servidor OpenVPN que est\u00e1 ativo no firewall principal.<\/p>\n<figure id=\"attachment_2386\" aria-describedby=\"caption-attachment-2386\" style=\"width: 1335px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2386\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/397-Nenhum-cliente-no-firewall-secundario.png\" alt=\"Nenhum cliente no firewall secund\u00e1rio\" width=\"1335\" height=\"493\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/397-Nenhum-cliente-no-firewall-secundario.png 1335w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/397-Nenhum-cliente-no-firewall-secundario-512x189.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/397-Nenhum-cliente-no-firewall-secundario-768x284.png 768w\" sizes=\"auto, (max-width: 1335px) 100vw, 1335px\" \/><figcaption id=\"caption-attachment-2386\" class=\"wp-caption-text\">Nenhum cliente no firewall secund\u00e1rio<\/figcaption><\/figure>\n<p>E nenhum no secund\u00e1rio.<\/p>\n<figure id=\"attachment_2387\" aria-describedby=\"caption-attachment-2387\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2387\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/398-Cliente-ligado-com-sucesso-atraves-da-VPN-OpenVPN.png\" alt=\"Cliente ligado com sucesso atrav\u00e9s da VPN OpenVPN\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/398-Cliente-ligado-com-sucesso-atraves-da-VPN-OpenVPN.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/398-Cliente-ligado-com-sucesso-atraves-da-VPN-OpenVPN-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/398-Cliente-ligado-com-sucesso-atraves-da-VPN-OpenVPN-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/398-Cliente-ligado-com-sucesso-atraves-da-VPN-OpenVPN-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2387\" class=\"wp-caption-text\">Cliente ligado com sucesso atrav\u00e9s da VPN OpenVPN<\/figcaption><\/figure>\n<p>O cliente se conectou com sucesso atrav\u00e9s do VIP da WAN.<\/p>\n<figure id=\"attachment_2388\" aria-describedby=\"caption-attachment-2388\" style=\"width: 1335px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2388\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/399-Firewall-principal-desconectado.png\" alt=\"Firewall principal desconectado\" width=\"1335\" height=\"573\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/399-Firewall-principal-desconectado.png 1335w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/399-Firewall-principal-desconectado-512x220.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/399-Firewall-principal-desconectado-768x330.png 768w\" sizes=\"auto, (max-width: 1335px) 100vw, 1335px\" \/><figcaption id=\"caption-attachment-2388\" class=\"wp-caption-text\">Firewall principal desconectado<\/figcaption><\/figure>\n<p>Com o firewall principal desconectado de todas as redes podemos testar se a liga\u00e7\u00e3o passa automaticamente para o firewall secund\u00e1rio.<\/p>\n<figure id=\"attachment_2389\" aria-describedby=\"caption-attachment-2389\" style=\"width: 1335px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2389\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/400-Cliente-passou-a-se-conectar-ao-firewall-secundario.png\" alt=\"Cliente passou a se conectar ao firewall secund\u00e1rio\" width=\"1335\" height=\"573\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/400-Cliente-passou-a-se-conectar-ao-firewall-secundario.png 1335w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/400-Cliente-passou-a-se-conectar-ao-firewall-secundario-512x220.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/400-Cliente-passou-a-se-conectar-ao-firewall-secundario-768x330.png 768w\" sizes=\"auto, (max-width: 1335px) 100vw, 1335px\" \/><figcaption id=\"caption-attachment-2389\" class=\"wp-caption-text\">Cliente passou a se conectar ao firewall secund\u00e1rio<\/figcaption><\/figure>\n<p>A liga\u00e7\u00e3o foi automaticamente reestabelecida no firewall secund\u00e1rio.<\/p>\n<figure id=\"attachment_2390\" aria-describedby=\"caption-attachment-2390\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2390\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/401-Ligacao-ativa-no-cliente.png\" alt=\"Liga\u00e7\u00e3o ativa no cliente\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/401-Ligacao-ativa-no-cliente.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/401-Ligacao-ativa-no-cliente-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/401-Ligacao-ativa-no-cliente-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/401-Ligacao-ativa-no-cliente-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2390\" class=\"wp-caption-text\">Liga\u00e7\u00e3o ativa no cliente<\/figcaption><\/figure>\n<p>O cliente continua tendo acesso \u00e0 rede.<\/p>\n<figure id=\"attachment_2393\" aria-describedby=\"caption-attachment-2393\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2393\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/402-Ativar-Keep-Alive-na-segunda-fase.png\" alt=\"Ativar Keep Alive na segunda fase\" width=\"1200\" height=\"362\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/402-Ativar-Keep-Alive-na-segunda-fase.png 1200w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/402-Ativar-Keep-Alive-na-segunda-fase-512x154.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/402-Ativar-Keep-Alive-na-segunda-fase-768x232.png 768w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-2393\" class=\"wp-caption-text\">Ativar Keep Alive na segunda fase<\/figcaption><\/figure>\n<p>Na segunda fase (Phase 2) da liga\u00e7\u00e3o, ative a op\u00e7\u00e3o <em>Keep Alive<\/em> e coloque um IP da rede remota, para permitir a conex\u00e3o autom\u00e1tica do t\u00fanel.<\/p>\n<p>Ao contr\u00e1rio do t\u00fanel OpenVPN, o t\u00fanel IPsec pode demorar algum tempo at\u00e9 ter sua liga\u00e7\u00e3o reestabelecida depois da mudan\u00e7a de estado dos firewalls.<\/p>\n<figure id=\"attachment_2394\" aria-describedby=\"caption-attachment-2394\" style=\"width: 1256px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2394\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/403-Tunel-IPsec-ativo-no-firewall-secundario.png\" alt=\"T\u00fanel IPsec ativo no firewall secund\u00e1rio\" width=\"1256\" height=\"566\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/403-Tunel-IPsec-ativo-no-firewall-secundario.png 1256w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/403-Tunel-IPsec-ativo-no-firewall-secundario-512x231.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/403-Tunel-IPsec-ativo-no-firewall-secundario-768x346.png 768w\" sizes=\"auto, (max-width: 1256px) 100vw, 1256px\" \/><figcaption id=\"caption-attachment-2394\" class=\"wp-caption-text\">T\u00fanel IPsec ativo no firewall secund\u00e1rio<\/figcaption><\/figure>\n<p>T\u00fanel IPsec ativo atrav\u00e9s do segundo firewall, com a liga\u00e7\u00e3o estabelecida automaticamente ap\u00f3s assumir o papel de MASTER.<\/p>\n<figure id=\"attachment_2395\" aria-describedby=\"caption-attachment-2395\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2395\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/404-Cliente-com-acesso-a-rede-remota.png\" alt=\"Cliente com acesso \u00e0 rede remota\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/404-Cliente-com-acesso-a-rede-remota.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/404-Cliente-com-acesso-a-rede-remota-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/404-Cliente-com-acesso-a-rede-remota-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/404-Cliente-com-acesso-a-rede-remota-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2395\" class=\"wp-caption-text\">Cliente com acesso \u00e0 rede remota<\/figcaption><\/figure>\n<p>Cliente remoto com acesso \u00e0 rede.<\/p>\n<h3>High Availability no OPNsense<\/h3>\n<p>O mesmo processo de configura\u00e7\u00e3o de um segundo firewall para alta disponibilidade ser\u00e1 feito OPNsense, seguindo os mesmos princ\u00edpios que foram mostrados no pfSense.<\/p>\n<p>Os IPs ser\u00e3o alterados para o pr\u00f3ximo endere\u00e7o dispon\u00edvel e o CIDR da rede WAN passar\u00e1 de <span style=\"font-family: andale mono, monospace;\">\/30<\/span> para <span style=\"font-family: andale mono, monospace;\">\/29<\/span>.<\/p>\n<p><span style=\"font-family: andale mono, monospace;\">WAN: 10.155.170.2\/30 -&gt; 10.155.170.3\/29<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">Green: 10.53.170.1 -&gt; 10.53.170.2<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">Blue: 10.120.170.1 -&gt; 10.120.170.2<\/span><\/p>\n<p>As interfaces Host e Sync continuar\u00e3o com os mesmos endere\u00e7os, j\u00e1 que n\u00e3o precisar\u00e3o de Virtual IP.<\/p>\n<p>A inst\u00e2ncia tabakPR ficar\u00e1 com os seguintes IPs:<\/p>\n<p><span style=\"font-family: andale mono, monospace;\">WAN: 10.155.170.2<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">Green: 10.53.170.1<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">Blue: 10.120.170.1<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">Host: 10.10.10.23<\/span><br \/>\n<span style=\"font-family: andale mono, monospace;\">Sync: 192.168.255.254<\/span><\/p>\n<p>E os Virtual IPs nas duas inst\u00e2ncias ficar\u00e3o com os endere\u00e7os originais da inst\u00e2ncia tellisPR.<\/p>\n<figure id=\"attachment_2396\" aria-describedby=\"caption-attachment-2396\" style=\"width: 1553px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2396\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/405-Regra-permitindo-trafego-na-interface-Sync-no-OPNsense.png\" alt=\"Regra permitindo tr\u00e1fego na interface Sync no OPNsense\" width=\"1553\" height=\"597\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/405-Regra-permitindo-trafego-na-interface-Sync-no-OPNsense.png 1553w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/405-Regra-permitindo-trafego-na-interface-Sync-no-OPNsense-512x197.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/405-Regra-permitindo-trafego-na-interface-Sync-no-OPNsense-768x295.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/405-Regra-permitindo-trafego-na-interface-Sync-no-OPNsense-1536x590.png 1536w\" sizes=\"auto, (max-width: 1553px) 100vw, 1553px\" \/><figcaption id=\"caption-attachment-2396\" class=\"wp-caption-text\">Regra permitindo tr\u00e1fego na interface Sync no OPNsense<\/figcaption><\/figure>\n<p>Como foi feito no pfSense, \u00e9 preciso criar regras permitindo o tr\u00e1fego na interface Sync.<\/p>\n<figure id=\"attachment_2397\" aria-describedby=\"caption-attachment-2397\" style=\"width: 1421px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2397\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/406-Virtual-IP-no-OPNsense.png\" alt=\"Virtual IP no OPNsense\" width=\"1421\" height=\"1067\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/406-Virtual-IP-no-OPNsense.png 1421w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/406-Virtual-IP-no-OPNsense-512x384.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/406-Virtual-IP-no-OPNsense-768x577.png 768w\" sizes=\"auto, (max-width: 1421px) 100vw, 1421px\" \/><figcaption id=\"caption-attachment-2397\" class=\"wp-caption-text\">Virtual IP no OPNsense<\/figcaption><\/figure>\n<p>O mesmo processo para cria\u00e7\u00e3o dos VIPs.<\/p>\n<figure id=\"attachment_2398\" aria-describedby=\"caption-attachment-2398\" style=\"width: 935px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2398\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/407-Virtual-IPs-configurados.png\" alt=\"Virtual IPs configurados\" width=\"935\" height=\"467\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/407-Virtual-IPs-configurados.png 935w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/407-Virtual-IPs-configurados-512x256.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/407-Virtual-IPs-configurados-768x384.png 768w\" sizes=\"auto, (max-width: 935px) 100vw, 935px\" \/><figcaption id=\"caption-attachment-2398\" class=\"wp-caption-text\">Virtual IPs configurados<\/figcaption><\/figure>\n<p>Acima temos todos os VIPs configurados no OPNsense, eles ser\u00e3o sincronizados automaticamente quando o processo de configura\u00e7\u00e3o do CARP for terminado.<\/p>\n<figure id=\"attachment_2399\" aria-describedby=\"caption-attachment-2399\" style=\"width: 817px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2399\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/408-Gateway-do-servidor-DHCP-na-interface-Green.png\" alt=\"Gateway do servidor DHCP na interface Green\" width=\"817\" height=\"387\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/408-Gateway-do-servidor-DHCP-na-interface-Green.png 817w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/408-Gateway-do-servidor-DHCP-na-interface-Green-512x243.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/408-Gateway-do-servidor-DHCP-na-interface-Green-768x364.png 768w\" sizes=\"auto, (max-width: 817px) 100vw, 817px\" \/><figcaption id=\"caption-attachment-2399\" class=\"wp-caption-text\">Gateway do servidor DHCP na interface Green<\/figcaption><\/figure>\n<p>Como foi preciso fazer no pfSense, \u00e9 necess\u00e1rio reconfigurar o Gateway no servidor DHCP.<\/p>\n<figure id=\"attachment_2400\" aria-describedby=\"caption-attachment-2400\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2400\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/409-Firewall-NAT-Outbound.png\" alt=\"Firewall - NAT - Outbound\" width=\"900\" height=\"537\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/409-Firewall-NAT-Outbound.png 900w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/409-Firewall-NAT-Outbound-512x305.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/409-Firewall-NAT-Outbound-768x458.png 768w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><figcaption id=\"caption-attachment-2400\" class=\"wp-caption-text\">Firewall &#8211; NAT &#8211; Outbound<\/figcaption><\/figure>\n<p>A mesma coisa para as regras NAT.<\/p>\n<figure id=\"attachment_2401\" aria-describedby=\"caption-attachment-2401\" style=\"width: 1615px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2401\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/410-High-Availability-General-settings.png\" alt=\"High Availability - General settings\" width=\"1615\" height=\"1130\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/410-High-Availability-General-settings.png 1615w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/410-High-Availability-General-settings-512x358.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/410-High-Availability-General-settings-768x537.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/410-High-Availability-General-settings-1536x1075.png 1536w\" sizes=\"auto, (max-width: 1615px) 100vw, 1615px\" \/><figcaption id=\"caption-attachment-2401\" class=\"wp-caption-text\">High Availability &#8211; General settings<\/figcaption><\/figure>\n<p>V\u00e0 em <strong>System -&gt; High Availability -&gt; Settings<\/strong> para configurar a alta disponibilidade.<\/p>\n<p>Selecione a op\u00e7\u00e3o <em>Synchronize States<\/em> para habilitar a sincroniza\u00e7\u00e3o das configura\u00e7\u00f5es desse firewall para o secund\u00e1rio.<\/p>\n<p>Em <em>Synchronize Interface<\/em> selecione a interface de sincroniza\u00e7\u00e3o, nesse caso \u00e9 a interface Sync, e em <em>Synchronize Peer IP<\/em> coloque o IP do firewall secund\u00e1rio.<\/p>\n<figure id=\"attachment_2402\" aria-describedby=\"caption-attachment-2402\" style=\"width: 1615px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2402\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/411-High-Availability-Configuration-Synchronization-Settings.png\" alt=\"High Availability - Configuration Synchronization Settings\" width=\"1615\" height=\"835\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/411-High-Availability-Configuration-Synchronization-Settings.png 1615w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/411-High-Availability-Configuration-Synchronization-Settings-512x265.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/411-High-Availability-Configuration-Synchronization-Settings-768x397.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/411-High-Availability-Configuration-Synchronization-Settings-1536x794.png 1536w\" sizes=\"auto, (max-width: 1615px) 100vw, 1615px\" \/><figcaption id=\"caption-attachment-2402\" class=\"wp-caption-text\">High Availability &#8211; Configuration Synchronization Settings<\/figcaption><\/figure>\n<p>Em <em>Synchronize Config to IP<\/em> coloque novamente o IP do firewall secund\u00e1rio, para que essa inst\u00e2ncia replique suas configura\u00e7\u00f5es para o secund\u00e1rio.<\/p>\n<p>Em <em>Remote System Username<\/em> e <em>Remote System Password<\/em> coloque as credenciais da conta de administrador.<\/p>\n<figure id=\"attachment_2403\" aria-describedby=\"caption-attachment-2403\" style=\"width: 1397px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2403\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/412-High-Availability-Configuracoes-a-sincronizar.png\" alt=\"High Availability - Configura\u00e7\u00f5es a sincronizar\" width=\"1397\" height=\"622\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/412-High-Availability-Configuracoes-a-sincronizar.png 1397w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/412-High-Availability-Configuracoes-a-sincronizar-512x228.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/412-High-Availability-Configuracoes-a-sincronizar-768x342.png 768w\" sizes=\"auto, (max-width: 1397px) 100vw, 1397px\" \/><figcaption id=\"caption-attachment-2403\" class=\"wp-caption-text\">High Availability &#8211; Configura\u00e7\u00f5es a sincronizar<\/figcaption><\/figure>\n<p>Como foi feito no pfSense, selecione todas as op\u00e7\u00f5es que deseja sincronizar e depois clique em <em>Save<\/em> no final da p\u00e1gina.<\/p>\n<figure id=\"attachment_2404\" aria-describedby=\"caption-attachment-2404\" style=\"width: 1162px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2404\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/413-High-Availability-no-firewall-secundario.png\" alt=\"High Availability no firewall secund\u00e1rio\" width=\"1162\" height=\"646\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/413-High-Availability-no-firewall-secundario.png 1162w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/413-High-Availability-no-firewall-secundario-512x285.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/413-High-Availability-no-firewall-secundario-768x427.png 768w\" sizes=\"auto, (max-width: 1162px) 100vw, 1162px\" \/><figcaption id=\"caption-attachment-2404\" class=\"wp-caption-text\">High Availability no firewall secund\u00e1rio<\/figcaption><\/figure>\n<p>No firewall secund\u00e1rio \u00e9 preciso apenas habilitar o servi\u00e7o, selecionar a interface correta e colocar o IP do firewall prim\u00e1rio, n\u00e3o \u00e9 preciso fazer mais nenhuma configura\u00e7\u00e3o, j\u00e1 que esse firewall ir\u00e1 receber as configura\u00e7\u00f5es do firewall prim\u00e1rio.<\/p>\n<figure id=\"attachment_2405\" aria-describedby=\"caption-attachment-2405\" style=\"width: 1510px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2405\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/414-IPsec-Interface-WAN-CARP-VIP.png\" alt=\"IPsec Interface - WAN CARP VIP\" width=\"1510\" height=\"707\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/414-IPsec-Interface-WAN-CARP-VIP.png 1510w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/414-IPsec-Interface-WAN-CARP-VIP-512x240.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/414-IPsec-Interface-WAN-CARP-VIP-768x360.png 768w\" sizes=\"auto, (max-width: 1510px) 100vw, 1510px\" \/><figcaption id=\"caption-attachment-2405\" class=\"wp-caption-text\">IPsec Interface &#8211; WAN CARP VIP<\/figcaption><\/figure>\n<p>Como foi preciso fazer no pfSense, aqui tamb\u00e9m \u00e9 preciso atualizar as configura\u00e7\u00f5es das VPNs IPsec e OpenVPN, para utilizar o VIP da WAN.<\/p>\n<figure id=\"attachment_2406\" aria-describedby=\"caption-attachment-2406\" style=\"width: 1535px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2406\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/415-OpenVPN-Servers-Interface-WAN-CARP-VIP.png\" alt=\"OpenVPN Servers Interface - WAN CARP VIP\" width=\"1535\" height=\"651\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/415-OpenVPN-Servers-Interface-WAN-CARP-VIP.png 1535w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/415-OpenVPN-Servers-Interface-WAN-CARP-VIP-512x217.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/415-OpenVPN-Servers-Interface-WAN-CARP-VIP-768x326.png 768w\" sizes=\"auto, (max-width: 1535px) 100vw, 1535px\" \/><figcaption id=\"caption-attachment-2406\" class=\"wp-caption-text\">OpenVPN Servers Interface &#8211; WAN CARP VIP<\/figcaption><\/figure>\n<p>Depois de atualizar as interfaces das das VPNs \u00e9 preciso atualizar as regras do firewall, da mesma maneira que foi feita no pfSense.<\/p>\n<figure id=\"attachment_2407\" aria-describedby=\"caption-attachment-2407\" style=\"width: 1633px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2407\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/416-Atualizar-regras-no-firewall-para-os-servidores-OpenVPN.png\" alt=\"Atualizar regras no firewall para os servidores OpenVPN\" width=\"1633\" height=\"693\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/416-Atualizar-regras-no-firewall-para-os-servidores-OpenVPN.png 1633w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/416-Atualizar-regras-no-firewall-para-os-servidores-OpenVPN-512x217.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/416-Atualizar-regras-no-firewall-para-os-servidores-OpenVPN-768x326.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/416-Atualizar-regras-no-firewall-para-os-servidores-OpenVPN-1536x652.png 1536w\" sizes=\"auto, (max-width: 1633px) 100vw, 1633px\" \/><figcaption id=\"caption-attachment-2407\" class=\"wp-caption-text\">Atualizar regras no firewall para os servidores OpenVPN<\/figcaption><\/figure>\n<p>Com as regras atualizadas a configura\u00e7\u00e3o est\u00e1 completa, se desligar o firewall prim\u00e1rio, o secund\u00e1rio ir\u00e1 assumir as responsabilidades.<\/p>\n<figure id=\"attachment_2409\" aria-describedby=\"caption-attachment-2409\" style=\"width: 1417px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2409\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/417-VPN-IPsec-conectada-atraves-do-firewall-secundario.png\" alt=\"VPN IPsec conectada atrav\u00e9s do firewall secund\u00e1rio\" width=\"1417\" height=\"525\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/417-VPN-IPsec-conectada-atraves-do-firewall-secundario.png 1417w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/417-VPN-IPsec-conectada-atraves-do-firewall-secundario-512x190.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/417-VPN-IPsec-conectada-atraves-do-firewall-secundario-768x285.png 768w\" sizes=\"auto, (max-width: 1417px) 100vw, 1417px\" \/><figcaption id=\"caption-attachment-2409\" class=\"wp-caption-text\">VPN IPsec conectada atrav\u00e9s do firewall secund\u00e1rio<\/figcaption><\/figure>\n<figure id=\"attachment_2410\" aria-describedby=\"caption-attachment-2410\" style=\"width: 1680px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2410\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/418-Cliente-Windows-utilizando-Remote-Desktop-atraves-da-VPN-IPsec-atraves-do-firewall-secundario.png\" alt=\"Cliente Windows utilizando Remote Desktop atrav\u00e9s da VPN IPsec atrav\u00e9s do firewall secund\u00e1rio\" width=\"1680\" height=\"1050\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/418-Cliente-Windows-utilizando-Remote-Desktop-atraves-da-VPN-IPsec-atraves-do-firewall-secundario.png 1680w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/418-Cliente-Windows-utilizando-Remote-Desktop-atraves-da-VPN-IPsec-atraves-do-firewall-secundario-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/418-Cliente-Windows-utilizando-Remote-Desktop-atraves-da-VPN-IPsec-atraves-do-firewall-secundario-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/418-Cliente-Windows-utilizando-Remote-Desktop-atraves-da-VPN-IPsec-atraves-do-firewall-secundario-1536x960.png 1536w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/418-Cliente-Windows-utilizando-Remote-Desktop-atraves-da-VPN-IPsec-atraves-do-firewall-secundario-800x500.png 800w\" sizes=\"auto, (max-width: 1680px) 100vw, 1680px\" \/><figcaption id=\"caption-attachment-2410\" class=\"wp-caption-text\">Cliente Windows utilizando Remote Desktop atrav\u00e9s da VPN IPsec atrav\u00e9s do firewall secund\u00e1rio<\/figcaption><\/figure>\n<p>Nas imagens acima podemos ver o cliente por tr\u00e1s dos firewalls OPNsense (com o segundo em failover) se conectando \u00e0 rede do outro lado do pfSense.<\/p>\n<figure id=\"attachment_2412\" aria-describedby=\"caption-attachment-2412\" style=\"width: 1531px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2412\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/419-OpenVPN-em-failover.png\" alt=\"OpenVPN em failover\" width=\"1531\" height=\"617\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/419-OpenVPN-em-failover.png 1531w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/419-OpenVPN-em-failover-512x206.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/419-OpenVPN-em-failover-768x310.png 768w\" sizes=\"auto, (max-width: 1531px) 100vw, 1531px\" \/><figcaption id=\"caption-attachment-2412\" class=\"wp-caption-text\">OpenVPN em failover<\/figcaption><\/figure>\n<p>OpenVPN em failover no firewall secund\u00e1rio.<\/p>\n<figure id=\"attachment_2413\" aria-describedby=\"caption-attachment-2413\" style=\"width: 1680px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2413\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/420-Cliente-na-rede-Green-do-OPNsense-acessando-o-Windows-Server-atraves-da-VPN-OpenVPN-site-to-site.png\" alt=\"Cliente na rede Green do OPNsense acessando o Windows Server atrav\u00e9s da VPN OpenVPN site to site\" width=\"1680\" height=\"1050\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/420-Cliente-na-rede-Green-do-OPNsense-acessando-o-Windows-Server-atraves-da-VPN-OpenVPN-site-to-site.png 1680w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/420-Cliente-na-rede-Green-do-OPNsense-acessando-o-Windows-Server-atraves-da-VPN-OpenVPN-site-to-site-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/420-Cliente-na-rede-Green-do-OPNsense-acessando-o-Windows-Server-atraves-da-VPN-OpenVPN-site-to-site-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/420-Cliente-na-rede-Green-do-OPNsense-acessando-o-Windows-Server-atraves-da-VPN-OpenVPN-site-to-site-1536x960.png 1536w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/420-Cliente-na-rede-Green-do-OPNsense-acessando-o-Windows-Server-atraves-da-VPN-OpenVPN-site-to-site-800x500.png 800w\" sizes=\"auto, (max-width: 1680px) 100vw, 1680px\" \/><figcaption id=\"caption-attachment-2413\" class=\"wp-caption-text\">Cliente na rede Green do OPNsense acessando o Windows Server atrav\u00e9s da VPN OpenVPN site to site<\/figcaption><\/figure>\n<p>O cliente Windows 10 acessando o Windows Server atrav\u00e9s da VPN OpenVPN site to site em failover.<\/p>\n<figure id=\"attachment_2414\" aria-describedby=\"caption-attachment-2414\" style=\"width: 1347px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2414\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/421-Ligacao-de-cliente-remoto-ao-servidor-OpenVPN-no-firewall-secundario-em-failover.png\" alt=\"Liga\u00e7\u00e3o de cliente remoto ao servidor OpenVPN no firewall secund\u00e1rio em failover\" width=\"1347\" height=\"626\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/421-Ligacao-de-cliente-remoto-ao-servidor-OpenVPN-no-firewall-secundario-em-failover.png 1347w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/421-Ligacao-de-cliente-remoto-ao-servidor-OpenVPN-no-firewall-secundario-em-failover-512x238.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/421-Ligacao-de-cliente-remoto-ao-servidor-OpenVPN-no-firewall-secundario-em-failover-768x357.png 768w\" sizes=\"auto, (max-width: 1347px) 100vw, 1347px\" \/><figcaption id=\"caption-attachment-2414\" class=\"wp-caption-text\">Liga\u00e7\u00e3o de cliente remoto ao servidor OpenVPN no firewall secund\u00e1rio em failover<\/figcaption><\/figure>\n<p>Com o firewall em failover, um cliente remoto ligado ao servidor OpenVPN.<\/p>\n<figure id=\"attachment_2415\" aria-describedby=\"caption-attachment-2415\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2415\" src=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/422-Cliente-remoto-conectado-ao-firewall-secundario-em-failover-acessando-a-internet-atraves-da-VPN.png\" alt=\"Cliente remoto conectado ao firewall secund\u00e1rio em failover acessando a internet atrav\u00e9s da VPN\" width=\"1280\" height=\"800\" srcset=\"https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/422-Cliente-remoto-conectado-ao-firewall-secundario-em-failover-acessando-a-internet-atraves-da-VPN.png 1280w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/422-Cliente-remoto-conectado-ao-firewall-secundario-em-failover-acessando-a-internet-atraves-da-VPN-512x320.png 512w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/422-Cliente-remoto-conectado-ao-firewall-secundario-em-failover-acessando-a-internet-atraves-da-VPN-768x480.png 768w, https:\/\/wordpress.pedrorotoli.com\/wp-content\/uploads\/2022\/02\/422-Cliente-remoto-conectado-ao-firewall-secundario-em-failover-acessando-a-internet-atraves-da-VPN-800x500.png 800w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-2415\" class=\"wp-caption-text\">Cliente remoto conectado ao firewall secund\u00e1rio em failover acessando a internet atrav\u00e9s da VPN<\/figcaption><\/figure>\n<p>Windows 10 acessando a internet atrav\u00e9s da VPN no firewall secund\u00e1rio em failover.<\/p>\n<h3>Conclus\u00e3o<\/h3>\n<p>Nesse trabalho foram abordados in\u00fameros temas referentes a firewalls e VPNs.<\/p>\n<p>Existem diferentes maneiras de fazer a mesma coisa, \u00e9 importante avaliar as necessidades e recursos dispon\u00edveis para encontrar a melhor solu\u00e7\u00e3o.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00cdndice Vyos Instala\u00e7\u00e3o do pfSense Acesso Atrav\u00e9s da Interface Web Primeira Regra de Firewall Desativar DHCP na LAN\/Green Restringir Pedidos DNS Bloquear Tr\u00e1fego ICMP Proxy<\/p>\n","protected":false},"author":1,"featured_media":1792,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69,73,53,72,71,22],"tags":[75,74,49],"class_list":["post-1789","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory","category-firewall","category-network","category-opnsense","category-pfsense","category-windows","tag-opnsense","tag-pfsense","tag-vyos"],"_links":{"self":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts\/1789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1789"}],"version-history":[{"count":119,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts\/1789\/revisions"}],"predecessor-version":[{"id":2465,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/posts\/1789\/revisions\/2465"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=\/wp\/v2\/media\/1792"}],"wp:attachment":[{"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.pedrorotoli.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}