Messages

1

General Discussion / Re: Can't connect to Discord through OPNSense

« on: May 18, 2022, 12:36:16 am »

[img][file:///home/dave/Screenshot_20220517_171123-1.png/img]

This is the problem that I'm having also.  As there were no definitive answers here, I thought I'd add a little more information from my perspective.

In the picture:
The left Konsole is a direct ssh into my router box.  It can ping discord.com with no problem.
The right Konsole is my desktop...and you can see the results.
Additionally, if I force my smartphone to use 'provider' data, I can access discord.  If I enable wifi on my smartphone, through my LAN, it will NOT connect to discord.
'DPSHomeNet' is for wired devices and 'DPSIoTNet' is for wireless devices.
The ONLY fire-wall rules I have, for the subnets, are what is included with opnSense

Extra credit: I have similar results if I try to access 'frame.work.'  It works fine if I access it from my cell provider but, if FAILS if I try to access it through my LAN...

2

21.1 Legacy Series / Re: SOLVED! WHAT am I missing?!? (Adding a subnet)

« on: March 04, 2021, 10:28:55 am »

First of all, thanks for the responses!   

As to the cause of my troubles?
An FSCK'd patch cable! 

I've been fighting with this thing for a week now!   
The IoT subnet port is connected to an 8 port unmanaged switch.  I put the switch in-line for any hardwired IoT devices I may acquire AND I'm using an old WRT54-G (running DD-WRT), that will be placed on the main floor of the house, to provide WiFi for my security devices.  The WRT54-G was used in my old security system (LOCAL access only) so I had to reset it for use with the new subnet.  That was an (relatively) easy fix.  Finally, after reading your responses, and trying everything I could think of, and failing...I plugged the laptop (wired connection, that I used to reset the WRT54-G) directly into the IoT subnet port and viola!  Everything works as it should.

A few months ago; in preparation for this change, and to clean up my networking rats' nest, I bought a 10-pack of 3' CAT6 patch cables from Amazon.  This is the SECOND one that's been bad!

Thanks again, folks!

3

21.1 Legacy Series / SOLVED! WHAT am I missing?!? (Adding a subnet)

« on: March 03, 2021, 03:56:46 pm »

I have 21.1.2-amd64 in the ProtectLi minicomputer.

For about 1 year now I've been running OPNsense, with a single LAN, connect to my ISP (Comcast).  It worked just fine.  However; my homebuilt security system is NOT working how I anticipated (or wanted) so I decided to replace my homebuilt system with commercial, cloud-based hardware.  To accommodate the new hardware, I wanted to add a new LAN (subnet?) to my OPNsense router. 

My goal was to isolate these new IoT devices (on the new LAN) from the hard-wired and WiFi desktops, laptops, and cell phones on my 'home' network.  To that end: I added em2, gave em2 a static address, and enabled em2.  After a LOT of fiddling around, I have managed to get hardware on em2 to communicate within the em2 LAN, but I have NO internet connectivity!

WHAT AM I MISSING?!? 
I checked all of the 'pre-configured' firewall rules for my WAN/Home networks, tried to copy/paste seemingly appropriate rules to my IoT network, but none of them worked!  I also tried adding rules from FAQs, that I found on the interwebz, for both pfSense and OPNsense, but none of THEM worked either...

Help?!?

4

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: September 24, 2019, 03:06:55 pm »

Dnscrypt depends on Go language and Go is not compatible to i386 Sorry Dude ...

It's compatible, but we keep the i386 version light so that it keeps building faster. Please also note that OPNsense 20.1 (January 2020) will remove i386 altogether as planned a long time ago.

Cheers,
Franco

Well then...I guess that's a good excuse to upgrade the motherboard!      The board in that machine IS about 15 years old!

In the mean time: I have a FreeBSD 13.0-Current install running in Virtualbox so I can get some education on *BSD.  If I understand the *BSD system correctly, this would be the equivalent of the 'testing' branch in Linux. 

I learn best by doing, which is why I chose Gentoo when I converted to Linux.   To this day, I run ' ~AMD64' (testing branch) on MY machine.  Periodically, I run into problems but, fixing those problems is the best way, IMHO to learn more about the system!  So, by installing a 'testing' branch, I will learn more about how *BSD works! 

Thanks franco, and mimugmail, for your responses! 

5

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: September 23, 2019, 04:58:51 pm »

HELP!?!

I've googled around, hunted high and low, and STILL haven't found an answer...I'm not sure that this is the right forum for this question, BUT it concerns the topic of what I'm trying to do.  If I'm in the wrong place, feel free to move me!

First off, I'm new to both OPNSense and *BSD.  I found my way here via the 'Security Now' podcast.  Steve Gibson mentioned pfSense in a recent podcast; he was talking about his SG1100 router equipped with pfSense and also mentioned that pfSense could be installed on a router or spare PC - the spare PC caught my attention!    After investigating, I ruled out pfSense because the machine that I intended to use is an OLD, Intel P4 system - pfSense seems to have deprecated support for 32bit machines.  After more googling, I discovered that OPNSense was another fork of the old mOnOwall firewall AND it still supports 32bit machines. 

The reason that 'spare PC' caught my attention: I started dual booting WindowsXP and Gentoo Linux back in the early 2000s.  When XP hit its' expiration date, I moved completely over to Gentoo Linux.  That old P4 has been gathering dust and I decided I wanted to turn it into a firewall/router box.  I had the router side working, more or less, when other things came up.  So I never finished it.  When I discovered OPNSense, and realized it did EVERYTHING that I wanted, out-of-the-box, I decided to have at it.

So; 3 weeks later, after much fiddling (and googling) around, I have a working system!  Getting my primary and secondary wireless network up and running was a P.I.T.A!!!  (I have a Netgear WNR3500 and a Linksys WRT-54G, both running DD-WRT variants, that provide my primary and secondary WiFi networks.)  So, that brings me to my question...

I want to use DNSCrypt-Proxy on my OPNSense box.  EVERYTHING I've found says: go to System->Firmware->Plugins and install DNSCrypt-Proxy.  It DOES NOT exist on my box!!!  I tried changing 'repository' locations and updating, but NO DNSCrypt-Proxy in 'Plugins'!  Eventually, after reading through these forums, I found a post that helped me bring 'ports' into that box.  In turn, I was able to intall DNSCrypt-Proxy2.  HOWEVER, that's all CLI stuff.  It's installed as a 'package' on my machine and doesn't show up in the 'Services' menu.  Being a Gentoo Linux user, I'm not adverse to fiddling around with config files but, as the OP said, I REALLY don't want to mix config file setup with GUI configurations...  So, the question is: why is this NOT showing up as a plugin in System->Firmware->Plugins and, where can I go to make this happen?  If I CAN'T make this happen, is there a preferred 'how-to tutorial' site that I can go to, to configure this manually?

This is what's in the box:

Code: [Select]

OPNsense 19.7.4_1-i386
FreeBSD 11.2-RELEASE-p14-HBSD
OpenSSL 1.0.2s 28 May 2019and the initial install was: OPNsense-19.7-OpenSSL-vga-i386.img (downloaded form OPNSense website), installed on a bootable USB drive.

TIA!!!