Messages

No manpower and frequently lack of vendor documentation/cooperation for the AP side of things.

Yes, I see that, many opensource drivers are reverse engineering .

From what I understand the driver is ok for client access but not as point access.

If I don't find another solution, I'll actually use an dedicated access point.

Hello.

first of all, thank you team. I've been using OPNSense for some time now and even the major updates have gone smoothly. So thank you for that.

My current problem is with the wifi.
I've just updated to 24.7, but I don't think it's related.
I've always had problems connecting my other machines to my OPNSense wireless networks,  I'm a bit confused.

So

Code Select Expand


root@onpsense:~ # usbconfig list
ugen0.1: <Intel XHCI root HUB> at usbus0, cfg=0 md=HOST spd=SUPER (5.0Gbps) pwr=SAVE (0mA)
ugen0.2: <RTL8811AU 802.11a/b/g/n/ac WLAN Adapter Realtek Semiconductor Corp.> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA)
root@onpsense:~ # sysctl -n net.wlan.devices
rtwn0

ok, we have my usb wifi card.
And I have :

• Interfaces > Wireless -> rtwn0_wlan1
• Interfaces > Assignement -> rtwn0_wlan1 = Wifi, (identifier : opt8)
• Interfaces > [Wifi] ->
  
  • Enable: checked
  • Identifier opt8
  • Device  rtwn0_wlan1
  • IPv4 Configuration Type: static IPV4
  • IPv4 address: 192.168.60.1
  • Standard: it worked with 802.11ng, but it doesn't work. I tried again with 802.11g or 802.11a, same result KO
  • 802.11g OFDM Protection Mode: Protection mode off
  • Transmit power: default
  • channel: auto
  • Regulatory settings: ETSI; FR ETSI; Indoor
  • Mode: Access Point (Note: when I use Infrastructure, I see other  wirless ssid on Interfaces > Wireless -> Wifi status)
  • Minimum standard: Any
  • Enable Hide SSID: UNchecked
  • WPA: Enable
  • WPA Mode: WPA2
  • WPA Key Management Mode: Pre-Shared Key
  • Access Point Authentication: Shared Key Authentication
  • WPA Pairwise: AES
  • Key Rotation: 60
  • Master Key Regeneration: 3600

But my others devices, can't see my SSID.  :o

But:

Code Select Expand


root@onpsense:~ # dmesg | grep -A5 -B5 rtwn0
ig4iic3: <Intel Gemini Lake I2C Controller-7> mem 0xa171a000-0xa171afff,0xa1719000-0xa1719fff irq 34 at device 23.3 on pci0
ig4iic3: Using MSI
iicbus3: <Philips I2C bus (ACPI-hinted)> on ig4iic3
ichsmb0: <Intel Gemini Lake SMBus controller> port 0xf040-0xf05f mem 0xa1716000-0xa17160ff at device 31.1 on pci0
smbus0: <System Management Bus> on ichsmb0
rtwn0 on uhub0
rtwn0: <Realtek 802.11ac WLAN Adapter, class 0/0, rev 2.10/2.00, addr 1> on usbus0
rtwn0: MAC/BB RTL8821AU, RF 6052 1T1R
lo0: link state changed to UP
pflog0: permanently promiscuous mode enabled
re1: link state changed to UP
vlan0: changing name to 'vlan01'
vlan1: changing name to 'vlan02'
--
re0: link state changed to UP
re4: link state changed to UP
nd6_dad_timer: called with non-tentative address fe80:6::21e:6ff:fe45:487f(re5)
wg0: link state changed to UP
wlan0: Ethernet address: 20:0d:b0:46:68:02
wlan0: changing name to 'rtwn0_wlan1'
nd6_dad_timer: called with non-tentative address fe80:d::21e:6ff:fe45:5c5e(vlan03)
rtwn0: rtwn_tx_beacon_check: cannot push beacon into chip, error 60!
rtwn0: unable to push beacon into the chip, error 60
rtwn0: rtwn_newstate: could not move to RUN state


I don't understand, if I can see other networks ... then the driver is loaded and working, right?
I don't see RTL8811AU on https://www.freebsd.org/releases/14.1R/hardware/, but but it was the same for the previous version.

What did I do wrong?  :-\

holy s****
I feel really stupid right now  :(

The following example from https://blog.ktz.me/configure-unbound-dns-for-openshift-4/ misled me

Verify with dig:

[alex@ktzTP redhat]$ dig *.apps.ocp4.ktz.lan +short
192.168.1.160

Thank you

PS:

Code Select Expand


> $ dig test.apps.okd.my-domain.lan +short
10.100.0.0
> $ dig foo.apps.okd.my-domain.lan +short
10.100.0.0

;)

Hello,

I would like to install okd/openshift on my HomeLab.
For this, I need to have a DNS entry like this

*.apps.<cluster_name>.<base_domain>.

A wildcard DNS A/AAAA or CNAME record that refers to the application ingress load balancer. [...]

https://docs.openshift.com/container-platform/4.10/installing/installing_platform_agnostic/installing-platform-agnostic.html#installation-dns-user-infra_installing-platform-agnostic

It's a "advanced-configurations", so I am referring to https://docs.opnsense.org/manual/unbound.html#advanced-configurations

I have create a file  /usr/local/etc/unbound.opnsense.d/okd.conf with the following content:

Code Select Expand


server:
local-data: "_etcd-server-ssl._tcp.okd.my-domain.lan 180 IN SRV 0 10 2380 etcd-0.okd.my-domain.lan."
local-data: "_etcd-server-ssl._tcp.okd.my-domain.lan 180 IN SRV 0 10 2380 etcd-1.okd.my-domain.lan."
local-data: "_etcd-server-ssl._tcp.okd.my-domain.lan 180 IN SRV 0 10 2380 etcd-2.okd.my-domain.lan."
local-zone: "apps.okd.my-domain.lan" redirect
local-data: "apps.okd.my-domain.lan 86400 IN A 10.100.0.0"
local-data-ptr: "10.100.0.1 etcd-0.okd.my-domain.lan"
local-data-ptr: "10.100.0.2 etcd-1.okd.my-domain.lan"
local-data-ptr: "10.100.0.3 etcd-2.okd.my-domain.lan"


It's ok for SRV, but for local and data zone I have:

Code Select Expand

> $ dig *.apps.okd.my-domain.lan +short
zsh: no matches found: *.apps.okd.my-domain.lan

> $ dig apps.okd.my-domain.lan +short
10.100.0.0

the expected result is nominally the following, right ?

Code Select Expand

> $ dig *.apps.okd.my-domain.lan +short
10.100.0.0

I don't understand where I made a mistake.

Thanks for the help.

PS: okd vlan : 10.100.0.0/24

"Services: Unbound DNS: Overrides->Domain" sert à transférer une zone DNS / un domaine vers un autre serveur. Ce n'est donc pas cela qu'il faut utiliser mais "Services: Unbound DNS: Overrides->Host", ne pas renseigner de host, juste le domaine et l'ip.

So it was pretty simple.
Thank you.

Hello,

I configured ubound with DNSSEC and Blacklist.
Everything works and for exemple:

Code Select Expand

$ dig mydomain.tld
mydomaine.tld  3600 IN A <publicIP>


1)
But now I would like that in my LAN, mydomain.tld = <private ip> and not <public ip> ( I host my "cloud").
In "Services: Unbound DNS: Overrides: Domain Overrides" I put Domain = mydomain.tld and IP = <private ip>.
But now when I test "dig mydomain.tld" I have a timeout ...

Do you know where this problem comes from?
I have probably activated something too much or I forgot to activate something, but I do not see what !

Salut,

Je viens de finir la config de l'IPv6 sur mon installation OPNsense-Proxmox. Par contre c'est de l'autohebergement physique (un odroid H2 pour OPNsense + srv maison proxmox) et je n'ai donc pas eu besoin de iptables!
Donc pour iptables, je suis pas sure de pouvoir aider mais pour opnsense ca devrait aller ... sauf que je vois pas  qu'elle IPv6 publique (avec son masque) t'a été attribuée:

PublicIP6="2a00:c70:1:xxx:xxx:xxx:xxx:1"

/? 64 ?

Bonjour,

J'ai réussi à configurer mon Unbound pour qu'il soit un DNS menteur (comme pihole par exemple).
Maintenant je cherche à faire 2 choses:

1) Je m'autoheberge et j'aimerais que quand je renseigne mon nom de domaine dans un navigateur web par exemple, la réponse fournis par Unbound soit l'adresse privée (v4 ou v6) de la ma VM est non pas les publiques.

Je pensais que cela devait se faire via "Services: Unbound DNS: Overrides" mais lorsque je teste (dig mondomaine.tld) aucune réponse pour mon nom de domaine ne m'est fournis (dig opnsense.org fonctionne toujours).
La solution doit être toute bête, il doit me manquer un truc à cocher quelque part, mais je vois pas.

2) Dans la continuité de ma précedente question, j'ai réussi à créer des enregistrements pour des machines interne à mon lan.
Concrètement:

Code Select Expand

$ dig host1.lan.mondomaine.tld
host1.lan.mondomaine.tld  3600 IN A 192.168.1.10

Mais y a t il une possibilité pour avoir la même chose sans nom de domaine ?

Code Select Expand

$ dig host1
host1  3600 IN A 192.168.1.10


Merci par avance pour les réponses!