Messages

Sure I can do that, but what would I then need to do in the OPNsense GUI to use this?

Something like this https://docs.opnsense.org/manual/how-tos/maxmind_geo_ip.html

Hello,

My friend has bought the Ubiquity Dream Hub for his router/firewall, yeah it's very nice.  He's blocking traffic from China/Russia etc and I'd like to do the same with my OPNsense firewall.  How are you doing this on yours?

I use Grafana a lot and I'd love to plot the geo locations on there too, has anyone done this too?

Thanks

Hello,

I had my OPNsense firewall at home running nicely until we had a power cut and the M2 drive failed.  I replaced this and installed the lasted OPNsense and restored my config and was back online in no time really.
The only thing I can't remember how I get working is my NextDNS.

A rebuild would of lost my local changes.  In my notes I have this, are below.  Are they still the valid way to get this working again?

Created a file called nextdns.conf in /var/unbound/etc

server:
  tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#e6f5fx.dns1.nextdns.io
  forward-addr: 2a07:a8c0::#e6f5fx.dns1.nextdns.io
  forward-addr: 45.90.30.0#e6f5fx.dns2.nextdns.io
  forward-addr: 2a07:a8c1::#e6f5fx.dns2.nextdns.io

Make sure the file owner is unbound and same rights as other files.

chown unbound nextdns.conf

Just reinstalled and I'm getting this, what should I do or is it a new M.2 drive?

https://i.imgur.com/pIHH2Lu.jpg

https://i.imgur.com/sJV9yjK.jpg

Hello,

We had a power cut and my OPNsense server now boots up with a "Can't load from Kernel".

Is this a reinstall job?

I have a backup of the config too, so is it a reinstall, then somehow get config onto it via the GUI?

I'm using a HP T730.  It has a SanDisk 32GB M.2 flash drive.

Photo

https://i.imgur.com/gaCdsES.jpg

Hello,

Does anyone know if OPNsense can sent network flows to Elastiflow please such as Top Talkers?

Thanks

Hello,

I managed to get my sons Xbox using Open NAT using - https://ultramookie.com/2020/05/opnsense-xbox-live/

Xbox uses UDP/TCP 3074 so I guess this is easy.

My other son users a PC and when he plays GTA5 and Modern Warfare Warzone he gets a message he is using Strict NAT, so I'm not sure I can use this method and I'm not sure of the ports.

I read that some enable the UPNP plugin and let OPNsense dynamically open the ports like a regular home router?

Thanks

That's what I'm trying to do with Cloudfare.

Did you add the above to Custom options with your gateway ID?

Under Miscellaneous do you have anything under DNS over TLS Servers?

Do you have DoT setup (https://1.1.1.1/help)?

Hello,

I'm following this guide:
https://sahlitech.com/opnsense-setup-unbound-dns/

I have a a few VLANs so I thought I'd setup it up on my guest WiFi VLAN, but when I connect to that SSID it can ping Internet IP's like 1.1.1.1 but can't resolve DNS names.

My settings:

https://imgur.com/wDh2n9v

Guest DHCP scope I remove any DNS IP

https://imgur.com/LZTmf8J

Using these settings:

Code Select Expand

server:
tls-cert-bundle: "/etc/ssl/cert.pem"

forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns9.quad9.net
forward-addr: 149.112.112.9@853#dns9.quad9.net

See anything wrong?

Thanks

Thanks, I'll try this today.

Seems many miss off the cert section.

Whoops, I did on my phone and thought it didn't send, so did on my PC instead.  Can't seem to remove this one.

Hello,

I have a simple home network that I've rebuilt.

Firewall - OPNsense (was pfSense) on a HP 730 with Quad Nic, 8Gb mem, 32GB SSD, Quad COre 2.7GHz CPU.
Hypervisor - Single ESXi 7 host
24 port switch with various VLANs

I used pfBlocker at home to stop certain categories and it was very nice to be honest.

I'm now looking at a simple Ad blocker and category blocker for home, is Sensei the way to go?

If not are there any other recommendations?

I don't really want to add to much load to my OPNsense firewall so I can use a VM.

Thanks

Hello,

I have a simple home network that I've rebuilt.

Firewall - OPNsense (was pfSense) on a HP 730 with Quad Nic, 8Gb mem, 32GB SSD, Quad COre 2.7GHz CPU.
Hypervisor - Single ESXi 7 host
24 port switch with various VLANs

I use to use Pi Hole and pfBlocker but have removed all this.

Now I want to setup DNS over TLS and or DNS over HTTPS. I'm not sure if I can use OPNsense for this or a remove service and wonder what you guys use?

For my DNS I use Cloudfare family at them moment which blocks certain categories.

I prefer OPNsense to not be overwhelmed by services.

Thanks

Thanks, I'm not sure that link enables DoT though, unless I'm wrong?

I'm blind, I didn't see that "disable" option.

What is strange it I can ping my WAN gateway, but it will show as offline.  I've add 1.1.1.1 instead and that worked.

Thanks.