Messages

1

24.1 Legacy Series / Re: Unable to block traffic IN to LAN

« on: May 30, 2024, 04:02:56 pm »

It's still not very clear what you're trying to accomplish. Post a screenshot of all rules (excluding the auto ones) on your LAN interface. Just showing the one rule isn't relevant because the order of the rules matters.

2

24.1 Legacy Series / Re: Unable to block traffic IN to LAN

« on: May 24, 2024, 04:40:09 pm »

It looks like you're trying to block LAN clients from reaching a particular Adguard DNS server? From your 1st screenshot, it appears you put the rule after the "allow all" rules. That's not going to work since the "allow all" rule will be matched first and all following rules ignored. Once you fix that, the 2nd rule you posted is not needed.

3

General Discussion / Re: Port forwarding

« on: April 29, 2024, 09:36:10 pm »

* Port forward incoming TCP on port 2222 to port 22 on server on LAN - FAILURE!!!

- Forwarding to : Single server <IP of LAN server>
- port: 2222

Based on your requirement, you should change to the following:

- Forwarding to : Single server <IP of LAN server>
- port: 22

4

General Discussion / Re: Help needed for Firewall Rules

« on: March 26, 2024, 06:21:41 pm »

...that will allow a computer (IP address 192.168.100.2/24)...

Just a heads up. For a single host, you want 192.168.100.2/32. If you express your rule as 192.168.100.2/24, then you'll be allowing the entire range of IPs from 192.168.100.0 thru 192.168.100.255 to pass.

5

24.1 Legacy Series / Re: Automatically generated rules - allow any to any?

« on: March 25, 2024, 05:34:02 pm »

What exactly is concerning you about those rules? I believe it's required for NAT functionality. Also, did you happen to notice the rule direction?

6

24.1 Legacy Series / Re: Backup/Restore config.xml file using command line

« on: March 21, 2024, 01:12:30 pm »

You can copy the latest configuration from /conf/config.xml or locate a prior one in /conf/backups if available.

To restore a config, select option 13 from the CLI menu as root.

7

24.1 Legacy Series / Re: Unable to access resources on the LAN

« on: March 04, 2024, 08:42:32 pm »

I believe the source will be the IP of the client on the remote network. Try changing the source to "any".

8

24.1 Legacy Series / Re: Remote Desktop doesn't works anymore after update to 24.1.2

« on: February 26, 2024, 03:47:20 pm »

I would confirm that OPNsense is actually the reason. If you log the rule(s) that would normally allow the traffic to pass between the LAN and VLAN, then you can check your logs to confirm whether or not it's being passed. Could it be a coincidence related to an update on the VM? Try using nmap to confirm that the VM is actually listening on the RDP port. Also, check the logs on the VM and see if there are authentication errors or anything similar which would indicate that the traffic is actually getting through.

9

24.1 Legacy Series / Re: Remote Desktop doesn't works anymore after update to 24.1.2

« on: February 26, 2024, 02:19:36 pm »

Kind of hard to help out with this little detail. Are you trying to RDP out of your network? In? Across VLANs?

10

24.1 Legacy Series / Re: Dashboard Not Loading After Update

« on: February 25, 2024, 05:12:21 am »

Did you still have the legacy dynamic DNS widget loaded? If so, go to System > Firmware > Plugins and look for plugin "os-dyndns" and delete it.

11

24.1 Legacy Series / Re: Stuck on upgrade screen

« on: February 15, 2024, 02:58:20 pm »

After 3.5 hours it finally gave ".................. failed, signature invalid".

Can anyone suggest a way to manually do the upgrade?

Thanks.

I would suggest booting the appropriate install media and restoring your config when prompted. That way you can test the upgrade in a live environment. If all is working well, then you can proceed to fresh install with your config by logging in as: user: installer / password: [root password]. I do all upgrades this way now.

12

24.1 Legacy Series / Re: Google Drive backups no longer function

« on: February 02, 2024, 09:40:57 pm »

Will there be a future patch/update that will be deployed to address this issue for those of us that do not want to manually modify the file referenced above?

You don't have to manually edit the file. You can just apply the commit from github yourself.

opnsense-patch d8ba131

Or you can wait until the next OPNsense update.

13

General Discussion / Re: DNS over TLS - Different server for specific VLAN(s)

« on: May 11, 2023, 03:02:30 pm »

Hi everybody, I just configured my DNS over TLS using Cloudflare servers.
1.1.1.2 that is correctly working on all VLANs.

My question is I want that a specific VLAN or group of them utilize another server, for example I want that the KIDS Vlan is using 1.1.1.3.
I cannot find a way in the DNS over TLS configuration.
I tried to put this server on the DHCP section, losing the TLS functionality.

Is there a way to use DNS over TLS with different servers based on VLAN ?

Thanks

This can be easily achieved if you're willing to use the Adguard Home plugin. In the AGH settings, you can define a client group by CIDR range and then apply custom upstream DNS entries to just that group.

14

23.1 Legacy Series / Re: DNS resolves firewall for wrong subnet

« on: May 08, 2023, 03:15:25 pm »

Go to Unbound DNS > General settings and look for the option "Do not register system A/AAAA records". Enable that and then set up a manual override for how you want the desired hostname to resolve.

15

23.1 Legacy Series / Re: OPNsense Handing Out System DNS Servers, Not Interface IPs

« on: May 08, 2023, 01:03:54 am »

Is it because I use Unbound on a port other than 53?

Yes, that is the reason. See this thread: https://forum.opnsense.org/index.php?topic=33661.0

Most of the discussion in that thread is around Adguard Home but it's still based on the idea that Unbound is running on a non-standard port.