Messages

1

Zenarmor (Sensei) / number of policies in home subscription

« on: August 11, 2023, 03:04:54 pm »

Can we only have two policies in addition to default in home subscription? I have default, vlan and vpn. If I try to add another I get a warning that I have exceeded my plan.

I guess it does not matter since I can't get the vpn interface detected.

2

Zenarmor (Sensei) / Re: route vpn through zenarmor

« on: August 11, 2023, 02:47:18 pm »

Device mode is TUN.

3

Zenarmor (Sensei) / Re: route vpn through zenarmor

« on: August 08, 2023, 04:51:34 pm »

Yes, I have the box checked on my openvpn server to redirect all client generated traffic through the tunnel. On my Zenarmor console I have the ovpns interface checked. But, no traffic shows on the live sessions for that interface. I do see "in" traffic on the dashboard traffic graph throughput. But no out traffic.

4

Zenarmor (Sensei) / route vpn through zenarmor

« on: August 08, 2023, 02:45:40 pm »

Is it possible to route my Openvpn traffic from my client (open vpn for android)?

If it's possible, how to configure it?

Thanks,
Terry

5

23.7 Legacy Series / Re: DHCP leases can't be deleted

« on: August 07, 2023, 03:28:46 pm »

I have leases marked abandoned that I can't delete. I don't know why. They are set to expire, so I believe they will go away then.

6

23.7 Legacy Series / Re: unbound ssl crypto error

« on: August 07, 2023, 03:24:40 pm »

A poor screenshot on my part. This is the complete screenshot.

7

23.7 Legacy Series / unbound ssl crypto error

« on: August 06, 2023, 11:12:52 pm »

I have OPNsense 23.7 running on a Dell Optiplex. Unbound is configured and working with DNS over TLS.




I am getting: error: remote control failed ssl crypto error:00000000:lib(0):func(0):reason(0)




Also, I have these DHCP errors, I don't know if they are related. Probably not:





My devices all connect without issue and DNS resolves. But I would like to correct the cause of these errors.

Any help would be appreciated

8

Zenarmor (Sensei) / Zenarmor database update schedule

« on: June 24, 2022, 05:57:18 pm »

I'm curious what the update schedule is for the free version of Zenarmor. My install has rules version 1.11.22050910, is this the latest?
Last update was June 3.
Thanks

9

General Discussion / redirect dns

« on: May 25, 2022, 04:17:07 pm »

I have a port forward redirect rule for DNS. I can see in the logs that the rule works. However, some DNS continues to go out from the WAN, to servers that are not what I have setup in Unbound.
I am referring to the 8.8.8.8 destination in the picture.
How do I set up OPNsense to only allow the DNS server I specify?

Edit: I noticed the packets I am seeing are ICMP packets, not DNS lookups. 

10

General Discussion / Re: unknown lan address in statistics

« on: May 07, 2022, 02:52:28 pm »

My closest neighbor is nearly 1,000 feet away so it's unlikely to be her. I believe when I use the app on my phone it is changing the connection on the Alexa Echo device. I'm not sure how that happens but it's the only thing I can figure out.
I'm going to not use the phone app and see if that stops the mystery connection.

11

General Discussion / Re: unknown lan address in statistics

« on: May 06, 2022, 08:02:05 pm »

I used a WiFi sniffer on my phone to discover the MAC address, which corresponded to the ip address of an Alexa. But, Alexa is on the IOT network, not the LAN.

12

General Discussion / Re: unknown lan address in statistics

« on: May 06, 2022, 07:51:40 pm »

Ping results in 100% packet loss. This address may be related to some virtual machines I setup on my Debian linux box. I bridged the ethernet adapter.
I will keep digging.

13

General Discussion / unknown lan address in statistics

« on: May 06, 2022, 07:04:56 pm »

When I view traffic in reporting I see 192.168.6.120 making a connection to Amazon.com among other sites. But, 192.168.6.120 is not listed as a lease in Unbound. So, where is this address assigned from and who is it?

14

General Discussion / Re: critique my setup

« on: April 29, 2022, 08:27:10 pm »

The printer has a static address assigned at the firewall. I manually configured my computer and cell phone with the address and I can print from the computer and cell phone. They can not detect the printer dynamically. Since I know I can set up the devices without the dynamic discovery I'm not going to pursue the issue.

I think you are correct about the diagnostic test on the firewall running "after" the interface firewall rule.

Thank you for your help!

15

General Discussion / Re: critique my setup

« on: April 29, 2022, 05:32:10 pm »

The problem with the printer is mDNS I suspect. I have not resolved this issue. The printer is a Brother MFC-J450DW.
It supports mDNS, IPP, LPD and LLMNR among other protocols.

I do have my LAN clients setup to print on the IOT printer by adding the printer address manually. I gave the printer a static address.

If I log onto my IOT and ping the LAN, no packets are allowed through. Good!

If I log onto my LAN and ping the IOT, all packets are allowed through. Good!

If I go use the OPNsense gui and go to "interfaces, diagnostics, ping" and select a LAN host and a IOT source address the packets are transmitted, no loss. I don't understand why that happens.