Messages

1

Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script

« on: July 24, 2022, 05:06:03 pm »

*facepalm*

All sorted... didn't scroll properly in the list of 'Effective Privileges'. Now found, added and all working.

2

Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script

« on: July 23, 2022, 03:13:02 pm »

Hi FingerlessGloves... thanks very much for your efforts on this.

I'm running into some issues getting this running... when I set up the user per your guide, there is no option to add 'Effective Privileges' (just edit, and only GUI based option available to select) [I'm running OPNSense 22.1.10]

I skipped ahead anyway... all good until I ran

Code: [Select]

/conf/PIAWireguard.py debug as which point i get the message

Code: [Select]

searchServer request failed non 200 status code - listing wireguard instances
I'm assuming this is why when I go to Interfaces: Assignments there is no wg0 option available.

I do note that I am successfully running Tailscale on my OPNSense (which is WireGuard based), I case this might cause issues.

Any suggestions?

3

22.1 Legacy Series / Re: Ad blocking with Unbound - what am I doing wrong?

« on: July 12, 2022, 02:01:57 am »

Keep in mind that you can add block lists in AdGuard Home in the UI quite easily. So if you are missing anything that does not come with the default installation, you can still enable whatever list you have come to prefer.

Thanks - I was aware (have already added the Scott Black and OISD lists).

4

22.1 Legacy Series / Re: Ad blocking with Unbound - what am I doing wrong?

« on: July 11, 2022, 02:56:26 am »

I'm back trying Adguard Home again (I had already added OISD when testing earlier)... I'm seeing it pick up on a lot of back-to-base calls (like Sensibo and Alexa), but not really anything much that looks like ads (and canyoublockit still displays ads).

Will keep playing!

5

22.1 Legacy Series / Re: Ad blocking with Unbound - what am I doing wrong?

« on: July 10, 2022, 01:46:23 am »

Thank you both...

Try AdGuardHome

https://forum.opnsense.org/index.php?topic=22162.0

As noted above... I did try Adguard Home (in still installed, just not enabled). It was blocking some things (but not ads). I actually used that tutorial (from, your link to set up), but saw no performance difference than just using the same blocklists in Unbound (i.e. blocked some banners ads in canyoublockit, but that's all).

Your devices may be using secure DNS (DNS over TLS (port 853) or DNS over HTTPS (port 443)), so filtering port 53 may not be of much use nowadays. I would suggest disabling DNS based filtering altogether and look into Sensei/Zenarmor instead. At least that's what works for me.

I'm seeing the same issues on my Windows 10 machine (pretty sure that's not using DoT) as on my mobile device (Android... it could be using DoT... but ads were much better blocked on my old browser by Diversion—which I believe uses DNSMasq and the Scott Black blocklist). So I don't think this is a DoT / port 853 issue—but Zenamour might be worth a look anyway (I did read up a little on it when I was planning my switch over to OPNSense on the HP T620+ device I'm using).

6

22.1 Legacy Series / Ad blocking with Unbound - what am I doing wrong?

« on: July 09, 2022, 02:18:42 pm »

Hi all - new to OPNSense, just getting everything set up. I'm transitioning across from running ASUS-Merlin on an RT-AC68U (running Diversion for adblocking).

Most things are working (Caddy2 port-forwarding, OpenVPN, Tailscale, fixed IPs etc), but adblocking has been a complete fail. Seemed easy to set up with blocklists in Unbound... but pretty much nothing was being blocked—very frustrating after very effective blocking on the old ASUS.

I worked through a range of guides and examples (even had a play with the community Adguard Home plug-in—decided I didn't need to see that level of detail for now). Noting seemed to be effective.

My current setup is as follows (what I've been led to believe is relevant):

• DNS servers set to Quad9 IPv4 and IPv6 servers under [System -> Settings -> General]
• Port forward rules to DNS to 127.0.0.1 (ordered before default allow rules)
• Unbound enabled
• Blocklists enabled and added (built in AdAway and AdGuard, plus the Steven Black list that is default from Diversion

I noticed how bad the blocking was on my phone (wifi at home—which is usually much better blocking than when out), but have been subsequently testing with https://canyoublockit.com/. I've been running DNS flushes as I've been testing (ipconfig /flushdns in Windows 10).

I did recently change internet providers (ISP).. could they be forcing a different DNS (would this matter re ads?)?

Does anyone have any suggestions / ideas/ other guides for me?

Thanks!