Messages

Hi,

This is my setup:
OPNsense 24.7.8-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

I'm using Unbound DNS and by accident I found a problem. I could not resolve one domain, dhl.com. All other domains as far as I can tell work fine.

When I uncheck  Enable DNSSEC Support the site from DHL is back.

What should be the cause ?

Thanks.

Turns out this has nothing to do with OPNsense. Sorry.

Now this is strange.
Even with unbound turned off I can't reach the DNS server to resolve private addresses.
I have to look somewhere else for the cause.

Thanks.

No idea why it suddenly stopt working. I guess after the latest OPNsense update.

Sorry, indeed private addresses. I've been doing it that way for years. Why is this a security risk?

Always willing to learn, what should be best practice?

/etc/resolv.conf on the firewall?

The local DNS records are configured with the control panel from my registrar. Like firewall, NAS, etc

Hi all,

Setup:
OPNsense 23.1.11-amd64
FreeBSD 13.1-RELEASE-p8
OpenSSL 1.1.1u 30 May 2023

I setup some DNS records on my registrar pointing to local IP's.
After the latest update from OPNsense it looks like I'm unable to resolve local IP's,

Like this:
$ dig A www.google.com
;; ANSWER SECTION:
www.google.com.      98   IN   A   142.250.179.164

$ dig A some local domain name
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> A
;; global options: +cmd
;; no servers could be reached

$ ping 127.0.0.53
PING 127.0.0.53 (127.0.0.53) 56(84) bytes of data.
64 bytes from 127.0.0.53: icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from 127.0.0.53: icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from 127.0.0.53: icmp_seq=3 ttl=64 time=0.057 ms

What am I doing wrong?

Finally fixed:

Interfaces - TAP: enable
Interfaces - Other Types: add bridge and add to Member interfaces LAN and VPN TAP

Easy but I couldn't find this in any manual nor is this set automatically when setting up the VPN with TAP.

Hi,

I have a working VPN connection with TUN interface.
I'm trying to setup the same VPN connection but now with a TAP interface.

DHCP is working. I get an IP. Status sais OK.
But that's it. I can't ping the gateway, can't ping any device on the LAN. And of course no ping outside the LAN.

I guess it has something to do with the routing table?

Any suggestions to fix this?

Thanks.

Fixed. Don't ask me how.

First I changed the source by any. Works.
Next I changed source by network. Still working.
Narrowed it down to one IP. The settings I started with. Still working.

I don't get it.  ::)

I already tried this.
Also allow any on that port. No succes.

What I don't understand is there are more forward rules. All working well. Only that single rule, where the external IP changed, refuse to work.

The network behind the modem is 192.168.1.x/24.
I setup a DMZ to 192.168.1.2, which is the WAN port of the OPNSense Box.

There is nothing else on the 192.168.1.x network.

This is the info from live view.
No idea what's wrong.

Where do I find the defaul deny rule entry?