Messages

Hello,

I had my OPNsense firewall at home running nicely until we had a power cut and the M2 drive failed.  I replaced this and installed the lasted OPNsense and restored my config and was back online in no time really.
The only thing I can't remember how I get working is my NextDNS.

A rebuild would of lost my local changes.  In my notes I have this, are below.  Are they still the valid way to get this working again?

Created a file called nextdns.conf in /var/unbound/etc

server:
  tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#e6f5fx.dns1.nextdns.io
  forward-addr: 2a07:a8c0::#e6f5fx.dns1.nextdns.io
  forward-addr: 45.90.30.0#e6f5fx.dns2.nextdns.io
  forward-addr: 2a07:a8c1::#e6f5fx.dns2.nextdns.io

Make sure the file owner is unbound and same rights as other files.

chown unbound nextdns.conf

Just reinstalled and I'm getting this, what should I do or is it a new M.2 drive?

https://i.imgur.com/pIHH2Lu.jpg

https://i.imgur.com/sJV9yjK.jpg

Hello,

We had a power cut and my OPNsense server now boots up with a "Can't load from Kernel".

Is this a reinstall job?

I have a backup of the config too, so is it a reinstall, then somehow get config onto it via the GUI?

I'm using a HP T730.  It has a SanDisk 32GB M.2 flash drive.

Photo

https://i.imgur.com/gaCdsES.jpg

Hello,

Does anyone know if OPNsense can sent network flows to Elastiflow please such as Top Talkers?

Thanks

Hello,

I managed to get my sons Xbox using Open NAT using - https://ultramookie.com/2020/05/opnsense-xbox-live/

Xbox uses UDP/TCP 3074 so I guess this is easy.

My other son users a PC and when he plays GTA5 and Modern Warfare Warzone he gets a message he is using Strict NAT, so I'm not sure I can use this method and I'm not sure of the ports.

I read that some enable the UPNP plugin and let OPNsense dynamically open the ports like a regular home router?

Thanks

That's what I'm trying to do with Cloudfare.

Did you add the above to Custom options with your gateway ID?

Under Miscellaneous do you have anything under DNS over TLS Servers?

Do you have DoT setup (https://1.1.1.1/help)?

Hello,

I'm following this guide:
https://sahlitech.com/opnsense-setup-unbound-dns/

I have a a few VLANs so I thought I'd setup it up on my guest WiFi VLAN, but when I connect to that SSID it can ping Internet IP's like 1.1.1.1 but can't resolve DNS names.

My settings:

https://imgur.com/wDh2n9v

Guest DHCP scope I remove any DNS IP

https://imgur.com/LZTmf8J

Using these settings:

Code Select Expand

server:
tls-cert-bundle: "/etc/ssl/cert.pem"

forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns9.quad9.net
forward-addr: 149.112.112.9@853#dns9.quad9.net

See anything wrong?

Thanks

Thanks, I'll try this today.

Seems many miss off the cert section.

Whoops, I did on my phone and thought it didn't send, so did on my PC instead.  Can't seem to remove this one.

Hello,

I have a simple home network that I've rebuilt.

Firewall - OPNsense (was pfSense) on a HP 730 with Quad Nic, 8Gb mem, 32GB SSD, Quad COre 2.7GHz CPU.
Hypervisor - Single ESXi 7 host
24 port switch with various VLANs

I used pfBlocker at home to stop certain categories and it was very nice to be honest.

I'm now looking at a simple Ad blocker and category blocker for home, is Sensei the way to go?

If not are there any other recommendations?

I don't really want to add to much load to my OPNsense firewall so I can use a VM.

Thanks

Hello,

I have a simple home network that I've rebuilt.

Firewall - OPNsense (was pfSense) on a HP 730 with Quad Nic, 8Gb mem, 32GB SSD, Quad COre 2.7GHz CPU.
Hypervisor - Single ESXi 7 host
24 port switch with various VLANs

I use to use Pi Hole and pfBlocker but have removed all this.

Now I want to setup DNS over TLS and or DNS over HTTPS. I'm not sure if I can use OPNsense for this or a remove service and wonder what you guys use?

For my DNS I use Cloudfare family at them moment which blocks certain categories.

I prefer OPNsense to not be overwhelmed by services.

Thanks

Thanks, I'm not sure that link enables DoT though, unless I'm wrong?

I'm blind, I didn't see that "disable" option.

What is strange it I can ping my WAN gateway, but it will show as offline.  I've add 1.1.1.1 instead and that worked.

Thanks.

Hello,

I've finally moved over from pfSense to OPNsense and it's all working nice at home.

I used pfBlocker and Suricata and I also had Pi Hole on my single ESXi host.

I've now had a clear out and what to start again with security.

I don't have any VMs now at home apart from Grafana for my nice Dashboard for OPNsense.

My DNS is setup to point to Cloudfare's 1.1.1.3 for their family DNS (blocks certain categories) and I use 1.1.1.1 for my guest network where isn't not blocked.

3 areas I'd like to sortout is:

1.) Have control over what categories I block.
2.) Have some sort of monitoring/stats
3.) Security - I love to encrypt our DNS with DoT.

What options do I have for the above?  What do you use?

My home hardware is:

HP T730 with Intel quad card for OPNsense
Intel NUC - 32GB mem with 1TB SSD for ESXi 7 host for VMs
24 port Mikrotik switch
2 x Cisco 3700 APs with a few SSIDs on separate VLANs

Thanks

Hello,

On my Lobby I like to show the Gateway health, I did this in pfSense (moved over this weekend).

Here you can see I can ping my gateway via the CLI, but the GUI doesn't like it:

https://imgur.com/zMyURAQ


My settings

https://imgur.com/aofCwfI

Any idea what I'm doing wrong?

Thanks