1
Zenarmor (Sensei) / Elastic search won't start on 22.1
« on: January 27, 2022, 08:14:14 pm »
Just upgraded to Opnsense 22.1, then upgraded Zenarmor. Now Elasticsearch won't start. Packet engine and cloud agent are running. Ideas?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
General Discussion / Re: Blocking DNS over HTTP
« on: December 17, 2021, 06:02:46 pm »
Thanks for the tip! Is this port forward rule what you had in mind? My OpenSense IP is 10.13.2.1 and it's forwarding to NextDNS for filtering.
3
Zenarmor (Sensei) / Zenarmor no longer blocking?
« on: November 20, 2021, 07:49:44 pm »
I've been using Sensei/Zenarmor for months, and whenever I went to the Blocks report or Blocks real time view it always had data to show me. However, I hadn't checked blocks in a while so I went in today and the entire blocks dashboard is empty and the live blocks session view has no entries. I find that hard to believe, as I have a number of security policies enabled.
All services appear to be running so I can't see an obvious reason why Zenarmor is not blocking anything. Ideas?
All services appear to be running so I can't see an obvious reason why Zenarmor is not blocking anything. Ideas?
4
21.1 Legacy Series / Re: Multiple Subnets Behind L3 switch
« on: April 30, 2021, 06:35:48 pm »
I have a similar setup, with a layer3 Mikrotik router on the LAN side of my home network. In order to get those subnets internet access I:
-Created a Firewall alias for the lab network
-Added an outbound NAT rule for the lab network alias to allow WAN access
After I did that, the lab network VMs could route to and from the internet.
-Created a Firewall alias for the lab network
-Added an outbound NAT rule for the lab network alias to allow WAN access
After I did that, the lab network VMs could route to and from the internet.
5
General Discussion / Re: Serial console on Protectli FW6D?
« on: April 28, 2021, 01:41:48 am »
I opened a support ticket with Protectli, and they came back with a solution. I now get the 'ssh' console menu via the built-in serial port. However, I still get the "validate_packet got 22" constantly on that screen. The proper console config screenshot is attached to this message.
6
General Discussion / Re: NextDNS
« on: April 27, 2021, 07:36:54 pm »
Here's a blog on setting up OPNsense + NextDNS: https://www.derekseaman.com/2021/04/how-to-nextdns-opnsense-firewall.html
That bypasses unbound, so DNS queries go directly from client -> OPNsense gateway -> NextDNS. This allows NextDNS to show client/device info, if that's something you are interested in.
That bypasses unbound, so DNS queries go directly from client -> OPNsense gateway -> NextDNS. This allows NextDNS to show client/device info, if that's something you are interested in.
7
21.1 Legacy Series / Re: Unbound DNS, PiHole vs. AdGuard Home
« on: April 22, 2021, 11:22:09 pm »
Have you considered NextDNS? I used to run Pi-Hole + Wireguard, but recently dumped Pi-Hole. NextDNS is very much like Pi-Hole in terms of block lists, but I think is a better solution. I haven't used AdGuard home before, so I can't compare NextDNS to that. But I'm exceptionally happy with NextDNS + OPNsense. I followed this guide:
https://www.derekseaman.com/2021/04/how-to-nextdns-opnsense-firewall.html
https://www.derekseaman.com/2021/04/how-to-nextdns-opnsense-firewall.html
8
General Discussion / Serial console on Protectli FW6D?
« on: April 21, 2021, 06:29:44 pm »
I installed OPNsense on my Protectli FW6D, which has a built in serial console port. However, I thought I could get the OPNsense console menu over said console port, but I'm not having any luck. All I get when connected to the console port at 115200 is validate_packet got 22 over and over.
I've fiddled with the Settings/Administration/Console settings to no avail. Is what I'm trying to do possible? Basically get the same OPNsense menu over the serial port as you get when you SSH in.
I should add when I reboot OPNsense that over the console port I do see all the boot messages. But can't access the 'ssh' OPNsense menu.
I've fiddled with the Settings/Administration/Console settings to no avail. Is what I'm trying to do possible? Basically get the same OPNsense menu over the serial port as you get when you SSH in.
I should add when I reboot OPNsense that over the console port I do see all the boot messages. But can't access the 'ssh' OPNsense menu.
9
21.1 Legacy Series / Re: DNSCrypt-proxy acting weird with OPNSense
« on: April 16, 2021, 11:46:00 pm »
Since I was using DNSCrypt to forward queries to NextDNS, I fixed this problem via a config change. I directly installed NextDNS CLI on OPNsense and have it listening on port 53. Clients then point to OPNsense for DNS, and all queries are directed to NextDNS, bypassing the need for DNSCrypt.
10
General Discussion / Re: [Solved] Anyone use Wireguard + NextDNS CLI and have DNS working?
« on: April 16, 2021, 11:40:28 pm »
For the a step by step walk-through of the configuration, there's this blog post:
https://www.derekseaman.com/2021/04/how-to-nextdns-opnsense-firewall.html
https://www.derekseaman.com/2021/04/how-to-nextdns-opnsense-firewall.html
11
General Discussion / Re: Anyone use Wireguard + NextDNS CLI and have DNS working?
« on: April 16, 2021, 04:18:22 pm »
Thanks for the reply, much appreciated! So I found a solution to my problem. I had to disable route mode on the NextDNS client:
setup-router false
Then I configured NextDNS to listen on my LAN IP and loopback:
listen 10.13.2.1:53
listen localhost:53
Restarted the NextDNS service, and now WireGuard clients can resolve via NextDNS.
setup-router false
Then I configured NextDNS to listen on my LAN IP and loopback:
listen 10.13.2.1:53
listen localhost:53
Restarted the NextDNS service, and now WireGuard clients can resolve via NextDNS.
12
General Discussion / [Solved] Anyone use Wireguard + NextDNS CLI and have DNS working?
« on: April 16, 2021, 05:42:36 am »
I'm in a bit of a pickle, trying to get WireGuard (kernel module) on OPNSense working + NextDNS CLI playing well together. As far as I can tell, WireGuard itself is working perfectly as I can ping LAN/WAN/Internet addresses all day long without issue.
Problem: If I point my wireguard clients to the OPNSense LAN IP (10.13.2.1) for DNS (in the WireGuard client), they are unable to resolve DNS queries. I have NextDNS CLI running on OPNSense, and my DHCP clients use 10.13.2.1 as the DNS resolver without issue.
I have a legacy RasperryPi running Pi-hole, and if I point the Wireguard client to that IP (10.13.2.200), then DNS resolution works just fine.
From the WG client I can ping 10.13.2.1, no problem. I also ran a portscan from my WG client (iphone) and the port scan shows port 53 listening on 10.13.2.1. But DNS resolution from the WG network when pointed to the OPNSense LAN IP just won't work and I can't figure out why.
Any ideas?
Problem: If I point my wireguard clients to the OPNSense LAN IP (10.13.2.1) for DNS (in the WireGuard client), they are unable to resolve DNS queries. I have NextDNS CLI running on OPNSense, and my DHCP clients use 10.13.2.1 as the DNS resolver without issue.
I have a legacy RasperryPi running Pi-hole, and if I point the Wireguard client to that IP (10.13.2.200), then DNS resolution works just fine.
From the WG client I can ping 10.13.2.1, no problem. I also ran a portscan from my WG client (iphone) and the port scan shows port 53 listening on 10.13.2.1. But DNS resolution from the WG network when pointed to the OPNSense LAN IP just won't work and I can't figure out why.
Any ideas?
13
21.1 Legacy Series / Re: DNSCrypt-proxy acting weird with OPNSense
« on: April 15, 2021, 05:43:38 am »
Any ideas here? I'm kind of at a loss on what's going on with DNScrypt.
14
General Discussion / Re: Intra Fw connection drop after 30 sec
« on: April 14, 2021, 05:49:29 am »
Yes that did the trick, thanks!
15
21.1 Legacy Series / Re: Static route with OPNsense results in intermittent RDP sessions
« on: April 14, 2021, 03:06:20 am »
I found the solution here:
https://forum.opnsense.org/index.php?topic=16994.0
Basically I had to go into Firewall:Settings:Advanced and check the box:
Bypass firewall rules for traffic on the same interface
The rebooted the firewall, and now RDP sessions are stable.
https://forum.opnsense.org/index.php?topic=16994.0
Basically I had to go into Firewall:Settings:Advanced and check the box:
Bypass firewall rules for traffic on the same interface
The rebooted the firewall, and now RDP sessions are stable.
Pages: [1] 2