Messages

Thank you for you input. As a non-professional, I'm always appreciative of the advice that community members provide!

Thank you.

I should have mentioned, I do own croapino. In the past I was trying to do a setup to avoid the web self-signed certificate thing but that got messy (some lack of knowledge) so I did away with that remedy but held on to croapino.

Does this paint a clearer picture and does it change your perspective of my setup? Do you see any gaps and/or should I revert OPNsense (in Settings > General) to local.internal?


Best

I appreciate your response.

The domain search seems to be happening as a result of what you said and maybe because of the AdGuard Home (running in OPNsense) setting:

Enable private reverse resolving of clients' IP addresses.


The dig I did on alb.reddit.croapino.com returned an authorative answer from Cloudflare:

;; AUTHORITY SECTION:
croapino.com.      1800   IN   SOA   rosa.ns.cloudflare.com. dns.cloudflare.com. 2372814465 10000 2400 604800 1800

;; Query time: 35 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Tue May 20 09:57:17 EDT 2025
;; MSG SIZE  rcvd: 115
 

My big question is, does this mean that these second DNS (domain) queries are slipping by my router? Basically rendering the AdGuard DNS filter useless in this case?

Hello OPNsense Community,

Is this not right?
It looks like AdGuard blocks a rule here:
You cannot view this attachment.


And then passes the same rule here:
You cannot view this attachment.


AdGuard setup is listening on port 53 and forwarding to unbound to port 8953.


Can someone please offer advice?



OPNsense 25.1.6_4-amd64
AdGuard Version: v0.107.61

Can Monit be configured to alert when an IDS rule is triggered - drop or alert?

If so which log file is it in /var/log?

Many of the lists I have posted block most of Google's telemetry and spying but not all of it. More can be done.

Adguard - Filters - Custom filtering rules - add:

||dnsotls-ds.metric.gstatic.com^ 
||encrypted-tbn0.gstatic.com^
||encrypted-tbn2.gstatic.com^
||mtalk.google.com^
||metric.gstatic.com^
||chart.apis.google.com^
||cse.google.com^
||encrypted-tbn1.gstatic.com^
||www.gstatic.com^
||fonts.gstatic.com^
||ogs.google.com^
||ssl.gstatic.com^
||aa.google.com^
||encrypted-tbn3.gstatic.com^
||pki-goog.l.google.com^
||signaler-pa.clients6.google.com^
||addons-pa.clients6.google.com^
||apis.google.com^
||0.client-channel.google.com^
||clients2.google.com^

Result after applying the rules:

- Google searches: OK

- Gmail: OK

- Youtube: OK

- Instagram: OK

- Android: OK

- Playstore: OK

I had to omit some of these from my custom filter rules because they messed up my daughter's Google Classroom:

||www.gstatic.com^
||fonts.gstatic.com^
||ogs.google.com^
||ssl.gstatic.com^
||pki-goog.l.google.com^
||signaler-pa.clients6.google.com^
||apis.google.com^

Please update this list or indicate this.

Shot in the dark here, but this happened with my iPhone a year ago, now my wife's, and I can't figure why old to new iPhone data transfers won't work on my network.

I don't see Adguard blocking anything Apple, nor the firewall except for the occasional WAN incoming. Everything else on my network works fine.

Anybody care to take a stab in the dark as to why this Apple function won't work on my network?

Thanks

Basically, I want this rule to stop all traffic to an iPad completely, but it's hit-or-miss on iMessages:


1. I have a rule to block an iPad to *Any which works for most apps and internet,  but iMessages still goes through.

2. I next check the states for the iPad, delete them, iMessages then stops transmitting... cool.

3. I turn off the rule, everything transmits again.

4. I reactivate the block rule, back to step 1  :-[.

5. I deactivate the iPads WiFi, then reactivate it. The rule works  -  iMessage is blocked   :-\.


But why are the states getting locked in when the rule is deactivated then  reactivated?

Hi,

Any workaround for the improbability of Alias implements in Shaper rules?

I just want to throttle back traffic to two ASN's. But since I can't put the alias for those in Shaper rules, I can't figure out if there's something else that I can do. Any suggestions?


Thanks

Thanks for the reply iMx. That is what I suspected. Maybe I'll briefly run Puppy on the appliance so that I can run ethtool -T.

Hello all,

I need to know if my NIC's support PTP hardware time stamping and a clock but it does not look like there's a PTPd.

Is there a freebsd equivalent of ethtool -T em0 ?

Ultimately this is to see if I can use OPNsense for long distance transmission of precision-clocked multichannel audio.


Thank you

Works now after checking out the above link. Thank you!

Regardless of how long I leave Inspect active, all of my active evals, states, packets and bytes just show N/A.

I don't see some new setting, so, is this a bug?

After the upgrade to 23.7.8...     Firewall > Rules:  Hitting "Inspect" while on any interface now only shows N/A on all rule stats - homemade and auto-generated. I used to get counters.

Searched with no luck. What could it be?

Update:

After the recent update to OPNsense 23.7.2 and Zenarmor 1.14.4, the traffic graph in the Zenarmor Dashboard shows active Wireguard traffic but selecting the wg0 interface in Live Sessions or Reports shows nothing.

Thank you to the Devs thus far.