Messages

1

General Discussion / Re: Is there a way to blacklist MAC addresses before they connect?

« on: March 02, 2022, 02:46:47 am »

Out of curiosity: why do you connect devices to the network that you don't want to talk to the network at all? E.g. I simply unplugged the Ethernet from my "smart" TV after I found out how crappy it was.

The latest crop of smart TVs are all wifi, otherwise I would just jam peanutbutter in the LAN port. In fact a smart TV is exactly one of the use cases - I can certainly never connect it myself, but I worry someone else in the household will try to "help" and end up bricking the damn thing with an automatic firmware update. Truly, smart tvs are the dumbest thing ever.

You can use 802.x and use the OPNSense Radius service to control the MAC, or just use a managed switch and put in the MAC address in the block list of the switch...

You know, you can change the MAC on any OS, right?

You can change/spoof the MAC of a PC but generelly not an embedded device such as a smart tv or wall plug. So for example I can read the MAC off the back of the smart tv and then blacklist the stupid thing before it ever gets power.

Anyway, I will check out my core switch for MAC ACLS.

Thanks!

2

General Discussion / Re: DHCP Reservations?

« on: March 01, 2022, 04:01:41 am »

In this case the lease was handed out by the previous router. The camera DOES have a management interface... in chinese. So I'm sure I never set it staticly. Unfortunately, neither camera has a reset switch. So, new plan: unplug camera, set computer on static IP on that address, plug camera back in thus forcing it to pick up a new IP. Will let you know.

3

General Discussion / Is there a way to blacklist MAC addresses before they connect?

« on: March 01, 2022, 01:40:31 am »

I have a couple of devices I don't want ever connecting to the network. Is there a way to tell the OPNsense device "If this tries to connect, do not give it an IP address"? To be clear, I don't want the devices to connect and THEN add them to some kind of list, I want to be able to enter a MAC before a device is turned on and prevent it ever talking to the network. I know this is possible on my wireless access point via an ACL rule, but there has to be an option at the router level.

4

General Discussion / Re: DHCP Reservations?

« on: February 26, 2022, 11:13:57 am »

Maybe a picture will help.

On the left, see the camera IPs. Notice how two of those IPs are 192.168.1.2 & 192.168.1.73:



On the right, see the list of DHCP leases currently listed in numeric order. Notice how none of the IPs listed are 192.168.1.2 & 192.168.1.73. These IPs belong to IP cameras that are online and passing traffic. Also notice the absence of 192.168.1.60, the IP of my NVR, which is online and receiving information from the cameras.

In total there are 8 live devices on my network that don't have leases on the OPNsense DHCP. A few of these are even "smart plugs" which are going out through The Internet. The big question is why are these devices which have good valid IPs failing to appear on the OPNsense lease table?

5

General Discussion / Re: DHCP Reservations?

« on: February 25, 2022, 07:55:15 pm »

Right, sorry, the range is 192.168.1.10 to 192.168.1.245. This might explain why the camera at .2 is having a problem.

What I normally do to avoid mac typos is in the "DHCP Static Mappings for this interface." list, I find the device, click on the pencil button that takes it to the "Static DHCP Mapping" and add the IP I want to give it there. The same can be done from the leases page. A powercycle of the client device (not opn) later and it gets the allocated ip.
If that doesn't work for these cameras, I'm out of ideas.

That's exactly what I've been doing - the issue is that two of the cameras and the NVR are not appearing on the lease map at all. Along with 5 other active devices. It's very strange.

Anyway I've got a maintenance window tomorrow where the router will be coming down. Going to reboot the NVR and cycle the last 2 cameras again. I'll figure it out eventually.

6

General Discussion / Re: DHCP Reservations?

« on: February 24, 2022, 11:34:21 pm »

My DHCP range is 192.168.1.1 - 192.168.1.254

There are six cameras total, four have been static-mapped to ​251-254, those are working fine. The last two cameras are on .2 and .73. While we're on he subject the NVR itself is on .60. All three of those fail to appear on the leases map.


Checking the  logs, this is probably unrelated but I am seeing a bunch of errors like:

uid lease 192.168.1.197 for client 74:ee:2a:fe:38:d2 is duplicate on 192.168.1.0/24


Not sure if that means anything.


So because it couldn't hurt, I just bounced power to the camera on .2, just unplugged the POE injector since it happens to be near my desk, waited until it stopped appearing on the NVR, then put it back.

Same as before, camera came right back up on the same IP and was immediately detected by the NVR. It did not generate any messages in the log file.

7

General Discussion / Re: DHCP Reservations?

« on: February 24, 2022, 09:24:05 pm »

Tried that - camera came right back up on its old IP address and still not detected on OPNsense. Very strange. There's probably a reset button on the camera I can try.

8

General Discussion / Re: DHCP Reservations?

« on: February 23, 2022, 08:44:33 pm »

Cameras are all wired(pro tip: do not use wifi cameras. They can be jammed with a $20 router some hacked russian firmware). But I will be rebooting the OPNsense this Saturday for some maintenance. We'll see if they show up then.

9

General Discussion / Re: DHCP Reservations?

« on: February 23, 2022, 01:27:06 am »

The devices in question are IP cameras, currently streaming a live image to my NVR. They are definitely active. They also show as active according to an IP scanner. I'm sure they'll show up eventually but it is odd that the router says there are 42 active leases but the scanner is finding 50.

10

General Discussion / Re: DHCP Reservations?

« on: February 22, 2022, 09:53:03 pm »

That did the trick! Thanks!

Now to figure out why a few of my devices are not appearing on the OPNsense lease table...

11

General Discussion / DHCP Reservations?

« on: February 22, 2022, 03:54:16 am »

Hey folks,

I've been scouring the documentation and settings, but for the life of me I can't figure out how to set up DHCP reservations. Is it called something different on OPNsense?

12

General Discussion / Re: Not getting internet, what am I missing?

« on: February 20, 2022, 07:21:44 am »

DHCP. That was all it really took. Factory default settings, DHCP, and a software update.

Now to figure out how to configure DHCP MAC reservations on the internal LAN, and the long task of configuring my network can begin...

13

General Discussion / Re: Not getting internet, what am I missing?

« on: February 19, 2022, 04:12:49 am »

Success, in case anyone cares.

I did observe some very bizarre behavior - upon the second factory reset the OPNsense was able to get online and download updates but still wasn't serving out internet - upon completion of the update it worked perfectly. Took some additional fiddling to actually integrate it but that was all cabling hassles. I am entering this message from my new working firewall!

14

General Discussion / Re: Not getting internet, what am I missing?

« on: February 16, 2022, 07:31:05 pm »

What is a 'spectrum router' ?

I think refers to the router issued by the spectrum internet service provider.

Yes. It even says "Spectrum" on the side. Spectrum is my ISP. I'm sure the the actual OEM is different but they've got the thing so locked down I'll never know.

15

General Discussion / Re: Not getting internet, what am I missing?

« on: February 14, 2022, 07:06:38 pm »

Unfortunately I won't be able to try again until Friday evening. I'm going to do another factory reset on the OPNsense and see where we go.

On the off chance this doesn't work, what else can I look into? I'd like to get as many proverbial ducks in a row before I actually try to get this to work again.