OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of dwasifar »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - dwasifar

Pages: [1] 2 3 ... 5
1
24.7 Production Series / Re: 24.7.1 update killed my UniFi internet connectivity
« on: August 23, 2024, 07:41:49 pm »
An update: I had reverted to 24.7 to solve the issue.  When I saw 24.7.2 was available, I upgraded directly to that from 24.7 with no problems.

So I guess I will never know why 24.7.1 didn't work for me, but .2 seems okay.

2
24.7 Production Series / Re: 24.7.1 update killed my UniFi internet connectivity
« on: August 09, 2024, 06:11:36 pm »
Quote from: RedVortex on August 09, 2024, 05:26:11 pm

Like I said... Could be related or not to your issue but this is my case since the last few updates and I thought I could share in case it helps.

Appreciated, thanks!  I will look there first.

3
24.7 Production Series / Re: 24.7.1 update killed my UniFi internet connectivity
« on: August 09, 2024, 05:08:14 pm »
I feel like this time it has less to do with the VLAN and more with the firewall.  Wi-fi devices get a local IP on the correct subnet, but can't reach internet.

4
24.7 Production Series / 24.7.1 update killed my UniFi internet connectivity
« on: August 09, 2024, 04:39:45 pm »
I have two networks defined in the UniFi controller, one for the main subnet and another for a VLAN subnet (to isolate IOT devices).

After the 24.7.1 upgrade, nothing on either wi-fi network can reach the internet.  Wired connections are fine.

I can't spare the network downtime to troubleshoot it right now, so I reverted to 24.7 and reloaded the same configuration, and everything works again.  If anyone has any thoughts, it'd be welcome for when I can look at it. 

5
General Discussion / Re: Here is dnsmasq xml to block ads on Roku
« on: August 07, 2024, 07:25:24 pm »
> Also, there's a lot more logs hosts than just cooper.

Didn't scroll down, did ya?  :)

6
24.7 Production Series / PSA: How I migrated my DHCP reservations to Kea
« on: August 01, 2024, 04:47:35 am »
First I manually set up one Kea reservation to serve as an example. Then I saved my config, and in a text editor I copied all the old <static> blocks and used find and replace to update their xml tags to Kea values. I deleted <cid> tags, and server tags <dnsserver/>, <winserver/>, and <ntpserver/>.

Each Kea reservation has its own uuid, so for each reservation I incremented the example value by 1, figuring it didn't matter if they were consecutive as long as they were unique. I added the subnet tag to each with cut and paste, saved all the reservation blocks into the Kea section of the config, and loaded the config back into OPNSense.

Worked perfectly and saved me a lot of setup time.

7
24.7 Production Series / Issues with 24.7 upgrade, and solution. Upgrade bug?
« on: August 01, 2024, 04:20:07 am »
After upgrading to 24.7, half my network didn't work. So the last few days have been back and forth between my backup opnsense box and the production box, trying different things as time allowed.

I tried a clean install of 24.7 and applied backup config. No help. Then I remembered the upgrade notes mentioned some function had been removed from old DCHP for backward compatibility with Kea. So I switched to Kea on my 24.7 install. No help there. I migrated the same Kea setup back to 24.1.10. That worked.

Some more investigating and I determined all the problem devices were trying to connect through a VLAN interface I have set up to keep IOT devices isolated. I tried connecting to that network with my phone and it failed, telling me it couldn't get an IP. So I still thought it was a DCHP issue, but I decided to check the VLAN setup anyway, and in the Interfaces summary page, the parent interface was unpopulated. I opened the edit popup, and the parent WAS populated there. Saved it, and the summary page then showed that field populated, and everything started working normally.

So maybe this is an upgrade bug. The upgrade killed my VLAN but resaving its configuration fixed it.


8
24.1 Legacy Series / Re: All inbound connections blocked after 24.1.10_x upgrade [SOLVED]
« on: July 17, 2024, 03:34:53 pm »
Quote from: franco on July 17, 2024, 07:40:45 am
There were bugs in the One-to-one rewrite in 24.1.9 preventing the rules from being properly translated. 1) was one of them and they were subsequently hotfixed. 2) is an imprecise question but my guess is you were on 24.1.8 upgraded to a bad early 24.1.9 and didn't change the system (like reboot) so it keep working until 24.1.10 came along and you did a reboot for unrelated reasons which is when the bad one-to-one kicked in.

Thanks for the reply!  Yes, I believe your guess about point 2 is exactly what happened.

9
24.1 Legacy Series / Re: All inbound connections blocked after 24.1.10_x upgrade [SOLVED]
« on: July 17, 2024, 06:05:48 am »
Well, I figured it out, but it leads to a different mystery.

I have one server open on a different IP, and I found that connections to that server were getting through.  I didn't realize it before, because everything important to the primary server was being blocked.  So I went poking around and discovered that the one-to-one NAT rule between that server and its external static IP was missing.  I manually restored the rule, and hey presto, all is working.

But this opens two more questions:
  • What happened to the rule?  It was there in my backups from February but not in the configs I reloaded when testing.  I am 100% sure I did not delete it.
  • Why did it work at all without the rule before 24.1.10?

Glad to have it fixed but still scratching my head.

10
24.1 Legacy Series / All inbound connections blocked after 24.1.10_x upgrade [SOLVED]
« on: July 15, 2024, 08:51:06 pm »
After upgrading to 24.1.10_2, OPNSense started rejecting all inbound traffic. Every incoming connection is blocked by Default deny / State violation rule. The version is 24.1.10_2-amd64.  ISP is Comcast Business USA.

I reverted to 24.1 with a fresh install (from a fresh download), loaded the same config from a backup, and everything worked again with the same config. Because I am apparently a glutton for punishment, I upgraded the new installation to 24.1.10_2 to see if it would break. Result: it broke. All inbound connections were again blocked with Default deny / State violation rule.  So I rebuilt again with 24.1, reloaded the same config (again), and that works (again).

Not sure where to look to figure out what's going on.  Right now I'm running 24.1 because the update process would take me right to 24.1.10_2 again.

11
24.1 Legacy Series / Re: IPv6 connectivity loss on 24.1.10
« on: July 14, 2024, 05:29:24 pm »
I'm not sure this is related, but after the upgrade, OPNSense started rejecting all inbound traffic. I haven't done any research yet, just switched over to my backup machine running an older version, but the log errors were mentioning something about default blocking due to state.  Will post the exact error when I get back to that machine.

EDIT: The error is Default deny / State violation rule, and the version is 24.1.10_2-amd64.  ISP is Comcast Business USA.  Is this related, do you think?

EDIT EDIT: I reverted to 24.1 with a fresh install, and everything is working again with the same config.  I'll pass on 24.1.10_x and wait for next update in hope it will settle down.

EDIT³ - Because I am apparently a glutton for punishment, I upgraded the new working installation to 24.1.10_2 to see what would happen. Result: the same thing. All inbound connections blocked with Default deny / State violation rule.

The more I think about it, the more I conclude this is an unrelated issue, so I'm starting a separate thread for the question.

12
23.7 Legacy Series / Interface settings mystery
« on: January 26, 2024, 05:58:59 pm »
Recently I switched to an Awow AZ51 micro PC for OPNSense.  This device has two 2.5Gb ports, and most users report having to change settings to get full throughput.  When I set it up initially, I got limited throughput, and found I needed to set the Speed and Duplex setting for each interface to 1000BaseT, and got full speed.

Today, to troubleshoot a different issue, I had to revert to an older saved configuration, which did not have the Speed and Duplex setting.  After a reboot, imagine my surprise when I got full speed without changing the Speed and Duplex setting from "Default."

I'm happy about it, but I don't understand it.  Could the hardware interface have remembered the setting?

13
23.7 Legacy Series / Re: [SOLVED] Need some help and direction
« on: January 18, 2024, 03:57:54 pm »
This solved the same issue for me.  Thanks.

14
General Discussion / Here is dnsmasq xml to block ads on Roku
« on: November 03, 2023, 06:14:15 pm »
If you use a Roku, and you have dnsmasq enabled on your OPNsense box, you can add the following hosts and aliases to the dnsmasq hosts section of your xml configuration to block the annoying Roku ads.

Code: [Select]
    <hosts>
      <host>zp.ads.roku.com</host>
      <domain>zp.ads.roku.com</domain>
      <ip>127.0.0.1</ip>
      <descr>Block Roku ads</descr>
      <aliases>
        <item>
          <description>Block Roku ads</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>bif.sr.roku.com</domain>
          <host>bif.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>traces.sr.roku.com</domain>
          <host>traces.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>cloudservices.roku.com</domain>
          <host>cloudservices.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>d2n3pv3l9r5wp5.cloudfront.net</domain>
          <host>d2n3pv3l9r5wp5.cloudfront.net</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amarillo.sb.roku.com</domain>
          <host>amarillo.sb.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>p.ads.roku.com</domain>
          <host>p.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>ads.roku.com</domain>
          <host>ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amarillo.logs.roku.com</domain>
          <host>amarillo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amoeba-plus.web.roku.com</domain>
          <host>amoeba-plus.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>austin.logs.roku.com</domain>
          <host>austin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>bryan.logs.roku.com</domain>
          <host>bryan.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>camden.logs.roku.com</domain>
          <host>camden.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>cloudservices.roku.com</domain>
          <host>cloudservices.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>customer-feedbacks.web.roku.com</domain>
          <host>customer-feedbacks.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>digdug-g2.logs.roku.com</domain>
          <host>digdug-g2.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>digdug.logs.roku.com</domain>
          <host>digdug.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>display.ravm.tv</domain>
          <host>display.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>esp.logs.roku.com</domain>
          <host>esp.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>giga.logs.roku.com</domain>
          <host>giga.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>gilbert.logs.roku.com</domain>
          <host>gilbert.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>griffin.logs.roku.com</domain>
          <host>griffin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>hereford.logs.roku.com</domain>
          <host>hereford.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>i.ads.roku.com</domain>
          <host>i.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>identity-dev.ads.roku.com</domain>
          <host>identity-dev.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>identity.ads.roku.com</domain>
          <host>identity.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>lagrange.logs.roku.com</domain>
          <host>lagrange.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>liberty.logs.roku.com</domain>
          <host>liberty.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>littlefield.logs.roku.com</domain>
          <host>littlefield.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>logs.roku.com</domain>
          <host>logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>longview.logs.roku.com</domain>
          <host>longview.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>midland.logs.roku.com</domain>
          <host>midland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>mobile.logs.roku.com</domain>
          <host>mobile.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>p.ads.roku.com</domain>
          <host>p.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>paolo.logs.roku.com</domain>
          <host>paolo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>raps-perf.ravm.tv</domain>
          <host>raps-perf.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>raps.ravm.tv</domain>
          <host>raps.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>ravm.tv</domain>
          <host>ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>richmond.logs.roku.com</domain>
          <host>richmond.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>rollingwood.logs.roku.com</domain>
          <host>rollingwood.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>rxr.ravm.tv</domain>
          <host>rxr.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>samples.voice.cti.roku.com</domain>
          <host>samples.voice.cti.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>sugarland.logs.roku.com</domain>
          <host>sugarland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>traces.sr.roku.com</domain>
          <host>traces.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>track.sr.roku.com</domain>
          <host>track.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>tyler.logs.roku.com</domain>
          <host>tyler.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>victoria.logs.roku.com</domain>
          <host>victoria.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>windsor.logs.roku.com</domain>
          <host>windsor.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>wwwimg.roku.com</domain>
          <host>wwwimg.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</domain>
          <host>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>d2n3pv3l9r5wp5.cloudfront.net</domain>
          <host>d2n3pv3l9r5wp5.cloudfront.net</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>dc7eeru7ckgwe.cloudfront.net</domain>
          <host>dc7eeru7ckgwe.cloudfront.net</host>
        </item>
      </aliases>
    </hosts>
    <hosts>
      <host>zz.cooper.logs.roku.com</host>
      <domain>zz.cooper.logs.roku.com</domain>
      <ip>0:0:0:0:0:0:0:1</ip>
      <descr>Block Roku IPV6</descr>
      <aliases>
        <item>
          <description>Block Roku IPV6</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>amarillo.logs.roku.com</domain>
          <host>amarillo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>amoeba-plus.web.roku.com</domain>
          <host>amoeba-plus.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>austin.logs.roku.com</domain>
          <host>austin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>bryan.logs.roku.com</domain>
          <host>bryan.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>camden.logs.roku.com</domain>
          <host>camden.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>cloudservices.roku.com</domain>
          <host>cloudservices.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>customer-feedbacks.web.roku.com</domain>
          <host>customer-feedbacks.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>digdug-g2.logs.roku.com</domain>
          <host>digdug-g2.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>digdug.logs.roku.com</domain>
          <host>digdug.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>display.ravm.tv</domain>
          <host>display.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>esp.logs.roku.com</domain>
          <host>esp.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>giga.logs.roku.com</domain>
          <host>giga.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>gilbert.logs.roku.com</domain>
          <host>gilbert.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>griffin.logs.roku.com</domain>
          <host>griffin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>hereford.logs.roku.com</domain>
          <host>hereford.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>i.ads.roku.com</domain>
          <host>i.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>identity-dev.ads.roku.com</domain>
          <host>identity-dev.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>identity.ads.roku.com</domain>
          <host>identity.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>lagrange.logs.roku.com</domain>
          <host>lagrange.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>liberty.logs.roku.com</domain>
          <host>liberty.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>littlefield.logs.roku.com</domain>
          <host>littlefield.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>logs.roku.com</domain>
          <host>logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>longview.logs.roku.com</domain>
          <host>longview.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>midland.logs.roku.com</domain>
          <host>midland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>mobile.logs.roku.com</domain>
          <host>mobile.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>p.ads.roku.com</domain>
          <host>p.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>paolo.logs.roku.com</domain>
          <host>paolo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>raps-perf.ravm.tv</domain>
          <host>raps-perf.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>raps.ravm.tv</domain>
          <host>raps.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>ravm.tv</domain>
          <host>ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>richmond.logs.roku.com</domain>
          <host>richmond.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>rollingwood.logs.roku.com</domain>
          <host>rollingwood.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>rxr.ravm.tv</domain>
          <host>rxr.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>samples.voice.cti.roku.com</domain>
          <host>samples.voice.cti.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>sugarland.logs.roku.com</domain>
          <host>sugarland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>traces.sr.roku.com</domain>
          <host>traces.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>track.sr.roku.com</domain>
          <host>track.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>tyler.logs.roku.com</domain>
          <host>tyler.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>victoria.logs.roku.com</domain>
          <host>victoria.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>windsor.logs.roku.com</domain>
          <host>windsor.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>wwwimg.roku.com</domain>
          <host>wwwimg.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</domain>
          <host>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>d2n3pv3l9r5wp5.cloudfront.net</domain>
          <host>d2n3pv3l9r5wp5.cloudfront.net</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>dc7eeru7ckgwe.cloudfront.net</domain>
          <host>dc7eeru7ckgwe.cloudfront.net</host>
        </item>
      </aliases>
    </hosts>

15
Intrusion Detection and Prevention / Re: Intrusion detection is blocking some traffic for no visible reason
« on: October 12, 2021, 08:35:01 pm »
I discovered Unbound is playing a role in this too.  Not sure what the interaction is between Unbound and intrusion detection, but I did eventually figure out a few things.

First, those sites that were having problems had unusual dig results:

Code: [Select]
jon@Oberon:~$ dig A www.nerdwallet.com

; <<>> DiG 9.16.1-Ubuntu <<>> A www.nerdwallet.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2362
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.nerdwallet.com. IN A

;; ANSWER SECTION:
www.nerdwallet.com. 40 IN CNAME www.nerdwallet.com.cdn.cloudflare.net.
www.nerdwallet.com.cdn.cloudflare.net. 102 IN A 104.18.22.225
www.nerdwallet.com.cdn.cloudflare.net. 102 IN A 104.18.23.225

;; Query time: 59 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Oct 12 13:28:12 CDT 2021
;; MSG SIZE  rcvd: 130
linode.com also resolves to a CNAME for Cloudflare.

Second, I remembered that on my mobile device, I have a VPN-based ad blocker which redirects DNS directly to Cloudflare, so a DNS caching problem at the OPNsense gateway would not affect it, and that's why the mobile device worked.

I disabled Unbound and activated dnsmasq in its place, and everything immediately went to normal.

So I'm still not sure what the actual issue was, but it looks like it was primarily Unbound and not intrusion detection. 

Pages: [1] 2 3 ... 5
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2