Messages

1

23.1 Legacy Series / Re: Unbound DNS - Forward clients IP to ADGuard home

« on: July 18, 2023, 10:06:24 pm »

hmm seems not possible to do this with unbound...

it need to manually compaile it:

https://discourse.pi-hole.net/t/unbound-with-ecs-and-dnssec/56682

I compiled unbound manually, with the --enable-subnet flag, to enable ECS support. Here is the relevant part of the config (the other 2 files are for DNSSEC, and the one from the pihole docs/guides)

Seems opnsense version not contain ECS support.

edit:

ahhhh... it never working with ADGuard home... this feaure is not implemented yet...

https://github.com/AdguardTeam/AdGuardHome/issues/1727

sad news...

2

23.1 Legacy Series / Re: Unbound DNS - Forward clients IP to ADGuard home

« on: July 18, 2023, 05:26:57 pm »

Yeah, your sollution is that revert the direction. it is that others say.

But, my idea is that configure opnsense to a DNS server (unbound or dnsmasq), and  forward DNS query to ADguard Home and also information to client IP. (it is the EDNS setting, you able to do this unbound and dnsmasq)

If i use pihole (and dnsmasq on opnsense side) it works as expected. opnsense accept dns query and forward it to pihole (pi hole is the DNS server that i set it on opnsense general setting)

It need to add this to opnsense dnsmasq setting:

Code: [Select]

add-mac
add-subnet=32,128

If i do same with onbound (it is the code that need to add it)

Code: [Select]

server:
  client-subnet-always-forward: yes
  send-client-subnet: 0.0.0.0/0
  send-client-subnet: ::0/0
not working... also pihole and ADGoard home. (AdGuard also not work with dnsmasq)

It also really important, that if use pihole need to add this settings to pihole dns server (it use dnsmasq)

Code: [Select]

strip-subnet
strip-mac
because if we not to do this, pihole forward this data to setting up DNS Server... (google or any that you set it...)

See this pull req:

https://github.com/pi-hole/FTL/pull/1240

3

23.1 Legacy Series / Re: AdGuard running and performing correctly, but only shows 1 host ever.

« on: July 18, 2023, 05:25:10 pm »

.

4

23.1 Legacy Series / Re: Unbound DNS - Forward clients IP to ADGuard home

« on: July 18, 2023, 02:25:54 pm »

I also disabled dnsmasq and enable Unbound.

I already add custom config to unboud. This one

Code: [Select]

server:
  client-subnet-always-forward: yes
  send-client-subnet: 0.0.0.0/0
  send-client-subnet: ::0/0
But not help at all.

5

23.1 Legacy Series / Re: Unbound DNS - Forward clients IP to ADGuard home

« on: July 18, 2023, 02:08:00 pm »

It is a "labor test" i try to do a same result with adguard+unbound like pihole and dnsmasq

If i follow this article, it work like a charm...

https://pi-hole.net/blog/2021/09/30/pi-hole-and-opnsense/#page-content

But if i try to "translate" it with ADguard+Unbound, no success....

6

23.1 Legacy Series / Re: Unbound DNS - Forward clients IP to ADGuard home

« on: July 18, 2023, 01:57:10 pm »

Not firewall rules, i forward it with unbound.

Yes, it easier, but i try to do this way

7

23.1 Legacy Series / Unbound DNS - Forward clients IP to ADGuard home

« on: July 18, 2023, 09:15:29 am »

Hello there,

I install ADGuard home a different server and now i forward all DNS request to him. The problem is that now ADGuard only show opnsense IP address and hard to filter the clients.

I read that unbound able to send client IP addresses to upstream DNS server (EDNS settings) but not found any documentation how to handle it in opnsense.

(side note, no not want to install ADGuard home direct to opnsense and also dont want to reverse the direction )

8

22.1 Legacy Series / Wireguard - What the necessary packages now? (22.1)

« on: February 10, 2022, 11:13:25 pm »

Hello there,

Now this packages installed my firewall (22.1)



I would like to use built-in kernel version.

"kmod" and "go" packages still need? what the correct way to uninstall it? (i not found it in plugins, only the "os-wireguard ")

9

22.1 Legacy Series / py37-markupsafe still exist after 22.1 update

« on: February 09, 2022, 01:56:27 am »

Hello there, after the update, if i test health check, i get this:

Code: [Select]

py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
python 3.8 version is also exist:

10

21.7 Legacy Series / 21.7.5 - FreeDNS not update

« on: November 13, 2021, 12:00:50 pm »

Hello there,

After i update 21.7.5 , FreeDNS not update it..

Code: [Select]

2021-11-13T11:48:12 php-cgi[11951] /services_dyndns_edit.php: Dynamic DNS (**********.ignorelist.com): (Unknown Response)
2021-11-13T11:48:12 php-cgi[11951]
2021-11-13T11:48:12 php-cgi[11951] /services_dyndns_edit.php: Dynamic DNS (**********.ignorelist.com): PAYLOAD: ERROR: Invalid update URL (2)
2021-11-13T11:48:12 php-cgi[11951] /services_dyndns_edit.php: Dynamic DNS (**********.ignorelist.com): Current Service: freedns
2021-11-13T11:48:12 php-cgi[11951] /services_dyndns_edit.php: Dynamic DNS (**********.ignorelist.com): _checkStatus() starting.

11

21.1 Legacy Series / Re: Freedns Updates now fail after update

« on: June 10, 2021, 01:44:23 pm »

For anyone coming here looking for the same question;
just replace the password (your old token, which is stated if you use 'full help' within OPNsense) with the new randomized token (after you've enabled v2) from the corresponding DynDNS in your account - https://freedns.afraid.org/dynamic/v2/

and leave the "username" field blank

12

21.1 Legacy Series / Re: Freedns Updates now fail after update

« on: June 09, 2021, 08:16:46 pm »

@GerdLogan

Working well thx!!!

13

21.1 Legacy Series / Re: Freedns Updates now fail after update

« on: June 09, 2021, 12:12:05 pm »

Same problem... Any idea?

14

Hardware and Performance / Re: [Work In Progress] OPNsense Ported into ARM Devices

« on: September 18, 2020, 02:59:31 pm »

It possible to port it this board?

https://www.asiarf.com/shop/wifi-wlan/wifi_ap_router/wifi-router-board-mtk-mt7621a-mt7615n-2-giga-ethernets-ap7621-il1/

It use MT7621A, that support hardware offload.(hwnat)

15

General Discussion / WireGuard patchset for OpenBSD

« on: May 12, 2020, 10:50:49 am »

Source: https://marc.info/?l=openbsd-tech&m=158926407905492&w=2

Cross the fingers....