1
24.7 Production Series / Re: "Health" graphics not working
« on: August 04, 2024, 10:00:33 am »
Looks similar for me on apu2. Lots of holes in the data. For all metrics. As if the gathering process pauses or something.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6
« on: October 30, 2023, 07:37:16 am »
I have a stupid question: if you want secure DNS queries, why not just use DNS over TCL?
3
23.7 Legacy Series / Re: 23.7.7_3 breaks Internet connection
« on: October 29, 2023, 11:47:11 pm »
I have the same setup as in OP … but without the issues. I also don’t have those gateway settings enabled.
4
German - Deutsch / Re: OS-Iperf startet nicht im GUI - Iperf
« on: October 25, 2023, 08:43:42 am »
Das plugin scheint kaputt zu sein. Funzt für mich auch nicht.
5
23.7 Legacy Series / Are the images updated when there is a maintenance release?
« on: October 23, 2023, 04:54:13 pm »
So is the 23.7 download a 23.7.6 ?
Or is the update applied early in the install process?
Or is the update applied early in the install process?
6
General Discussion / Re: IP random ID and streaming
« on: October 21, 2023, 07:54:50 pm »
So I tried to solve this again today, turning all the levers. Still on my dsl line.
After switching off all the hardware support under interfaces -> settings the issue is gone.
That is on OPNsense 23.7.6-amd64 running on an apu2d4.
After switching off all the hardware support under interfaces -> settings the issue is gone.
That is on OPNsense 23.7.6-amd64 running on an apu2d4.
7
General Discussion / Re: IP random ID and streaming
« on: October 05, 2023, 12:12:16 pm »
It still happens… 
I am switching my ISP…and while I am at it from VDSL to fiber.
That also means I can say bye to pppoe.
I will have 5x the upload and double the download for only 20 euro extra. Good deal.
I am switching my ISP…and while I am at it from VDSL to fiber.
That also means I can say bye to pppoe.
I will have 5x the upload and double the download for only 20 euro extra. Good deal.
8
General Discussion / Re: IP random ID and streaming
« on: October 01, 2023, 09:49:32 pm »
@CJ firewall - settings - normalisation
@newsense I will keep it off until I get another glitch!
@newsense I will keep it off until I get another glitch!
9
General Discussion / IP random ID and streaming
« on: October 01, 2023, 02:54:32 pm »
Using opnsense as my router and apple music on wired and wireless clients, I experienced annoying interruptions while streaming music. They appeared kind of random but consistently at any time of day…for months on all clients. Playback would pause, just to continue after some seconds, as if the buffer was empty. Also, the playback rarely had some timing issues. It sounded like all of a sudden 50ms of music were skipped, causing a small rhythmic annoyance.
So I have played around with the settings and it appears that, when I disable IP random ID the issue disappears. I am not 100% convinced though, since the issue appears randomly. Fingers crossed!? I can stream 4k videos fine (via amazon). I guess Apple Music is using a lot less buffering!?
RFC 1122: The IPv4 ID field MUST NOT be used for purposes other than fragmentation and reassembly.
So the question is probably something like: can the ip random id setting cause issues for packet fragmentation and reassembly? Under what circumstances? Is streaming affected? Should the setting be off by default?
So I have played around with the settings and it appears that, when I disable IP random ID the issue disappears. I am not 100% convinced though, since the issue appears randomly. Fingers crossed!? I can stream 4k videos fine (via amazon). I guess Apple Music is using a lot less buffering!?
RFC 1122: The IPv4 ID field MUST NOT be used for purposes other than fragmentation and reassembly.
So the question is probably something like: can the ip random id setting cause issues for packet fragmentation and reassembly? Under what circumstances? Is streaming affected? Should the setting be off by default?
10
23.7 Legacy Series / Re: Unbound DNS Blocklist reporting support for unbound rules
« on: September 04, 2023, 08:08:38 am »
Could those lists be candidates for the opnsense blocklist „preset list“?
11
Virtual private networks / Re: I would like to use opnsense as a proxy for mobile connections (done)
« on: July 04, 2023, 09:06:01 am »
I have read the wireguard technical whitepaper now (after installing it). I am no longer worried about having that listening on my wan. Pretty good read!
So far i didn’t notice any lag or issues. Everything just works as if I am at home connected to my wifi. I am limited to my upload bandwidth at home (10mbit) for download’s, but that’s more than enough. I have also disabled 5G on my phone. Who needs 5G anyway?
So far i didn’t notice any lag or issues. Everything just works as if I am at home connected to my wifi. I am limited to my upload bandwidth at home (10mbit) for download’s, but that’s more than enough. I have also disabled 5G on my phone. Who needs 5G anyway?
12
Virtual private networks / Re: I would like to use opnsense as a proxy for mobile connections
« on: July 02, 2023, 03:35:43 pm »
Alright, I was unsure if it will work. But with your confirmation I went ahead and installed os-wireguard, used the guide here https://docs.opnsense.org/manual/how-tos/wireguard-client.html to set it up and installed the wireguard app for iOS. The VPN will enable on-demand only for mobile networks. It works like a charm. All traffic is routed through the tunnel.
@CJRoss: I wanted to feel a little more secure on the go. Eg I wanted to benefit from my dns setup running in opnsense (unbound blackhole adblocker functionality and secure dns). My phone is fast enough to handle the processing overhead. I wonder if it will have a noticeable effect on battery life…or data usage. It should save a lot of unnecessary ad/tracker connections. Time will tell.
Now the world can connect to my wireguard port though. Are there ASN for ISP peer address ranges ? If so, I could at least limit access to peers of my mobile service provider…or should I use any of the more fancy filter options for that wireguard firewall rule on wan?
@CJRoss: I wanted to feel a little more secure on the go. Eg I wanted to benefit from my dns setup running in opnsense (unbound blackhole adblocker functionality and secure dns). My phone is fast enough to handle the processing overhead. I wonder if it will have a noticeable effect on battery life…or data usage. It should save a lot of unnecessary ad/tracker connections. Time will tell.
Now the world can connect to my wireguard port though. Are there ASN for ISP peer address ranges ? If so, I could at least limit access to peers of my mobile service provider…or should I use any of the more fancy filter options for that wireguard firewall rule on wan?
13
Virtual private networks / I would like to use opnsense as a proxy for mobile connections (done)
« on: July 02, 2023, 11:09:15 am »
Hello, I would like to connect to my home router (opnsense with internet connection) from my mobile device (LTE) so that the home router acts like a proxy for accessing the internet (dns and other requests from the mobile device should be done by opnsense). Is that possible? If so, what would be the basic setup? Thank you!
tldr; from my mobile I want to connect to the internet via opnsense (mobiles only „direct connection“ is a secure tunnel to opnsense). DNS requests from the mobile divice must be handled by opnsense (where unbound is running).
tldr; from my mobile I want to connect to the internet via opnsense (mobiles only „direct connection“ is a secure tunnel to opnsense). DNS requests from the mobile divice must be handled by opnsense (where unbound is running).
14
23.1 Legacy Series / Sections could use tabs for subsections
« on: April 03, 2023, 01:53:25 pm »
This is an UI improvement proposal.
In the firmware section we have tabs for all the subsections (status, settings, updates, …)
Proposal: have tabs for subsections in the other sections as well.
In the firmware section we have tabs for all the subsections (status, settings, updates, …)
Proposal: have tabs for subsections in the other sections as well.
15
23.1 Legacy Series / Re: The new unbound reporting is pretty cool
« on: January 28, 2023, 07:29:42 am »
Ah. It’s a feature borrowed from the pi-hole project. Could it somehow make sense that only the first query qualifies as blocked? It is certainly unintuitive but maybe cache hits do not show as blocked, even though localhost is returned!? I can see how this might be difficult to catch…