Messages

I make a wireguard restart cron on UI, but seems it not do anything...

I check that it include

Code Select Expand

/var/cron/tabs/nobody i see the command that need to run it. If i try to run it manually it also not work...

Code Select Expand

su -m nobody -c '/usr/local/sbin/configctl -d 'wireguard restart''
So seems not the cron the probem, but these fuction (wg restart) are broken...

I make a Wireguard Tunnel to Cloudflare WARP.  My problem is that tunnel sometime are lost the connection... It say that is up and no any error log, but it not access the remote gateway... The Only way to fix it, that i restart the WG interface. It happen once a week. Here my config:



You cannot view this attachment.

You cannot view this attachment.

Also try it, but not working... Seems it will be work a "normal" Exit-node, but not the Mullvad...

So far that i set it up:

Create a new Gateway (set the opnsense tailscale IP address)




Add these rule to LAN




Add these rule to Tailscale0




Add hybrid NAT: Outbound

Tailscale plugin latest release are support to use a other peer to exit-node. The release note say that not enought to enable it, it need some firewall / NAT settings. I try to configure it, but not Work... my goal to my full subnet use mullvad exit-node to access the internet.

My exit-node a mullvad Endpoint . (I bought the Tailscale mullvad plugin)

hmm seems not possible to do this with unbound...

it need to manually compaile it:

https://discourse.pi-hole.net/t/unbound-with-ecs-and-dnssec/56682

I compiled unbound manually, with the --enable-subnet flag, to enable ECS support. Here is the relevant part of the config (the other 2 files are for DNSSEC, and the one from the pihole docs/guides)

Seems opnsense version not contain ECS support.

edit:

ahhhh... it never working with ADGuard home... this feaure is not implemented yet...

https://github.com/AdguardTeam/AdGuardHome/issues/1727

sad news...

Yeah, your sollution is that revert the direction. it is that others say.

But, my idea is that configure opnsense to a DNS server (unbound or dnsmasq), and  forward DNS query to ADguard Home and also information to client IP. (it is the EDNS setting, you able to do this unbound and dnsmasq)

If i use pihole (and dnsmasq on opnsense side) it works as expected. opnsense accept dns query and forward it to pihole (pi hole is the DNS server that i set it on opnsense general setting)

It need to add this to opnsense dnsmasq setting:

Code Select Expand

add-mac
add-subnet=32,128


If i do same with onbound (it is the code that need to add it)

Code Select Expand

server:
  client-subnet-always-forward: yes
  send-client-subnet: 0.0.0.0/0
  send-client-subnet: ::0/0

not working... also pihole and ADGoard home. (AdGuard also not work with dnsmasq)

It also really important, that if use pihole need to add this settings to pihole dns server (it use dnsmasq)

Code Select Expand

strip-subnet
strip-mac

because if we not to do this, pihole forward this data to setting up DNS Server... (google or any that you set it...)

See this pull req:

https://github.com/pi-hole/FTL/pull/1240

.

I also disabled dnsmasq and enable Unbound.

I already add custom config to unboud. This one

Code Select Expand

server:
  client-subnet-always-forward: yes
  send-client-subnet: 0.0.0.0/0
  send-client-subnet: ::0/0

But not help at all.

It is a "labor test" i try to do a same result with adguard+unbound like pihole and dnsmasq

If i follow this article, it work like a charm...

https://pi-hole.net/blog/2021/09/30/pi-hole-and-opnsense/#page-content

But if i try to "translate" it with ADguard+Unbound, no success....

Not firewall rules, i forward it with unbound.

Yes, it easier, but i try to do this way

Hello there,

I install ADGuard home a different server and now i forward all DNS request to him. The problem is that now ADGuard only show opnsense IP address and hard to filter the clients.

I read that unbound able to send client IP addresses to upstream DNS server (EDNS settings) but not found any documentation how to handle it in opnsense.

(side note, no not want to install ADGuard home direct to opnsense and also dont want to reverse the direction :) )

Hello there,

Now this packages installed my firewall (22.1)



I would like to use built-in kernel version.

"kmod" and "go" packages still need? what the correct way to uninstall it? (i not found it in plugins, only the "os-wireguard ")

Hello there, after the update, if i test health check, i get this:

Code Select Expand

py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0

python 3.8 version is also exist:

Hello there,

After i update 21.7.5 , FreeDNS not update it..

Code Select Expand

2021-11-13T11:48:12 php-cgi[11951] /services_dyndns_edit.php: Dynamic DNS (**********.ignorelist.com): (Unknown Response)
2021-11-13T11:48:12 php-cgi[11951]
2021-11-13T11:48:12 php-cgi[11951] /services_dyndns_edit.php: Dynamic DNS (**********.ignorelist.com): PAYLOAD: ERROR: Invalid update URL (2)
2021-11-13T11:48:12 php-cgi[11951] /services_dyndns_edit.php: Dynamic DNS (**********.ignorelist.com): Current Service: freedns
2021-11-13T11:48:12 php-cgi[11951] /services_dyndns_edit.php: Dynamic DNS (**********.ignorelist.com): _checkStatus() starting.