Messages

[echo y | pkg install cpu-microcode]

I've just installed that according to the guide, and if I understood correctly, it can be done in three steps:

1. From a shell: echo y | pkg install cpu-microcode

2. Use the web UI to create these two tuneables in /boot/loader.conf:

     cpu_microcode_load="YES"

     cpu_microcode_name="/boot/firmware/intel-ucode.bin"   -> for Intel CPUs

     or

     cpu_microcode_name="/boot/firmware/amd-ucode.bin"   -> for AMD CPUs

3. Reboot

Is that right?

Tia.

Tried to play around but I don't understand enough, it is what it is  :-\

Also, looking at the firewall live, I saw some rdr rules, can anyone let me know what those rules mean?

Tia.

Sounds like maybe your smart TV is somehow programmed to use a hardcoded DNS, and if that isn't reachable it just defaults to a network error? I don't know the first thing about smart TVs cause I never own(ed) one, but hardcoded DNS seems to be a common thing among IoT. You could try setting an override in your local DNS for whichever IP the TV wants to connect to for DNS. Say it's looking to connect to 1.1.1.1, so you set an override for 1.1.1.1 to go to e.g. 9.9.9.9. I'm not sure this would work, but might be worth a shot.

And how do I set that override?  ::)

This is to be expected, I believe, since in standard networks, the gateway often acts as a DNS server, too. Can other hosts in the 192.168.10.0/24 net resolve DNS queries (or rather, have them resolved by the DNS)? If not, then your DNS is likely the culprit.

Actually the smart TV is the only device attached to that port.

It's a shame if there is no way to make the smart TV properly working through a VPN...  :-\

Could you confirm the port forward is correct (see attachments in my previous post) ?

Alright, it seems is working good, and no DNS leaks, overall happy with this Smart TV  :)

Also :P  for some unknown (to me) reasons, some apps work such as browser, YouTube & Netflix whereas others don't, e.g. I cannot even try to update the TV OS or some of the installed apps as I get a network error (but everything works if there is no VPN).

The only difference I have noticed in the TV network settings is that with VPN the DNS IP address is the ProtonVPN one (10.2.0.1) and with no VPN the DNS IP address listed is the same as the gateway that is 192.168.10.1  ???  ::)

Any suggestions would be much appreciated.

Tia.

Thanks Brink7564 !

Do I have to port-forward the LAN2 interface or the ProtonVPN interface?

Also, will I just need the automated firewall rule created by the port forward?

I have attached the port forward and the firewall rules for LAN2.

Tia.

You need a rule for the TVs IP to force it using your DNS servers / disallow other DNS, but you set Protons DNS IP.

So, because I've set the Proton DNS IP address in the DHCP section then I don't have to add a firewall rule or anything else? Is there perhaps a better way to do this?

Setting your TVs IP here will cause that only your DNS are allowed and eg Google DNS is blocked.

When you say 'here' you mean where?

And are those two Firewall rules correct? As I said, I'm not sure about the first one related to DNS...

Hi,

do you mind to share a screenshot of both the NAT port forward rule and the the firewall -> LAN rule?

Tia.

Google DNS is very likely hardcoded or set somewhere, though not a DNS leak to detect with this test.

Should I use a port forward?

Is the TVs Proton IP 10.2.0.1 (used in rules) or 10.2.0.2 mentioned above?

10.2.0.1 is the IP address for Proton DNS server, and 10.2.0.2 is the Proton IP address of the TV

Question: in the mentioned guide where it states source, should I put the ProtonVPN DNS server IP address or Unbound/OPNsense IP address (in this case it would be 192.168.0.1) or the the LAN2 interface IP address (192.168.10.1)?

I've attached a screenshot of the live view for both the LAAN2 address and the Proton IP address.

Thanks.

I have configured one of my appliance ports to use ProtonVPN and I followed the official instructions including this: https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html#protonvpn-dns-leaks

I have only a smart TV connected to that port (LAN2), with a static IP address of 192.168.10.16 (for ProtonVPN is then 10.2.0.2).
Using the embedded browser, I've checked any potential DNS leaks browsing to www.dnsleaktest.com website, and no leaks occur (it only detects the ProtonVPN server).

In ISC DHCPv4 for LAN2, I have included the DNS server as the Proton one - 10.2.0.1

Now, if I look at the Firewall -> Live View of both the above IP addresses + port=53, I see the smart tv querying not just the ProtonVPN IP address (10.2.0.1) but also Google DNS servers, how is that possible?

Any suggestions would be much appreciated.

Tia.

Did you check if the CPU microcode is current or installed the CPU microcode packages (there is a howto in the tutorial section)?

is that the howto you're referring to: https://forum.opnsense.org/index.php?topic=36139.msg179435

My appliance has got 3x LAN ports with LAN1 (192.168.0.1) being the main one and with my laptop (IP address of 192.168.0.3) I'm able to ping the other two interfaces LAN2 and LAN3 (being on 192.168.10.1 and 192.168.20.1 respectively) regardless if I've got a device attached to them, e.g. I can ping LAN2 and LAN3 also if they are NOT up (i.e. no carrier / red cross icon).

I don't have the 'allow all' rule on any of the LAN interfaces, and for the ping I just added a rule in 'Floating' as

Code Select Expand

IPv4 ICMP * * * * * * 3 Allow ICMP echo request messages

Question from a newbie: is the ZFS's self healing enabled by defauld having installed OPNsense with two drives (mirror) ?

Tia.

[htpasswd]

I tried to install htpasswd but I got the message that's not been found in the repositories, is there a workaround to get it installed?

Tia.

Happy days, then, many thanks for your support !