OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of cynicalApples7 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - cynicalApples7

Pages: [1] 2
1
General Discussion / Re: [Request] NAT Setup guide for console (Xbox/PlayStation)
« on: April 18, 2023, 07:24:26 pm »
Yes I had something like that setup, and it resulted in "Moderate NAT".
I tried this guide https://niallbest.com/achieve-full-open-nat-with-port-forwarding-for-xbox-live-via-opnsense that I had bookmarked months ago again, and it seems to have worked after a few restarts and toggling QoS DSCP tagging on and off on the console. I now have NAT type: Open.

I did add additional ports in "Xbox Live TCP/UDP port Alias" to include:
Port 88 (UDP)
Port 3074 (UDP and TCP)
Port 53 (UDP and TCP)
Port 80 (TCP)
Port 500 (UDP)
Port 3544 (UDP)
Port 4500 (UDP)

https://support.xbox.com/en-US/help/hardware-network/connect-network/network-ports-used-xbox-live

2
General Discussion / [Request] NAT Setup guide for console (Xbox/PlayStation)
« on: April 18, 2023, 04:12:23 pm »
I would really appreciate if there was a Setup guide in the documentation on how to correctly setup NAT, port forwarding or UPnP for gaming consoles like Xbox or PlayStation, etc. I've been struggling with this for a long time, and I can't get my Xbox NAT type to be open, it is also Moderate.

I know it is on me. But still I don't think I am the only struggling with this.

Thanks.

3
General Discussion / Re: Public RSS feed for releases or announcements?
« on: January 14, 2023, 12:29:01 pm »
Thanks ;D

4
General Discussion / Public RSS feed for releases or announcements?
« on: January 13, 2023, 05:16:19 pm »
I can't find an rss feed only for releases. The rss feeds listed in footer of this forum is for the general discussions.
Where can I get that?

Code: [Select]
<?xml version="1.0" encoding="UTF-8"?>
<rss version="0.92" xml:lang="en-US">
<channel>
<title>OPNsense Forum</title>
<link>https://forum.opnsense.org/index.php</link>
<description><![CDATA[Live information from OPNsense Forum]]></description>
<item>
<title>Re: WAN Interfaces MAC Address is 00:00:00:00:00:00.</title>
<link>https://forum.opnsense.org/index.php?topic=31867.msg153966#msg153966</link>
<description>
<![CDATA[It&#39;s not the VLAN. It&#39;s the PPPoE device which doesn&#39;t have a MAC.<br /><br /><br />Cheers,<br />Franco]]>
</description>
<category>General Discussion</category>
<comments>https://forum.opnsense.org/index.php?action=post;topic=31867.0</comments>
<pubDate>Fri, 13 Jan 2023 16:05:37 GMT</pubDate>
<guid>https://forum.opnsense.org/index.php?topic=31867.msg153966#msg153966</guid>
</item>
<item>
<title>Re: 23.1-RC1 aka 23.1.b_151 - Gateway Monitor and route to other end of VTI Failing</title>
<link>https://forum.opnsense.org/index.php?topic=31866.msg153965#msg153965</link>
<description>
<![CDATA[Hi and thanks for your report!<br /><br />23.1.b_151 isn&#39;t what you are looking for, see <a href="https://forum.opnsense.org/index.php?topic=31861.msg153964#msg153964" class="bbc_link" target="_blank" rel="noopener noreferrer">https://forum.opnsense.org/index.php?topic=31861.msg153964#msg153964</a> for preliminary upgrade instructions.<br /><br />Though this might be part of the swanctl.conf changes carried out t...]]>
</description>
<category>23.1 Development Series</category>
<comments>https://forum.opnsense.org/index.php?action=post;topic=31866.0</comments>
<pubDate>Fri, 13 Jan 2023 15:59:04 GMT</pubDate>
<guid>https://forum.opnsense.org/index.php?topic=31866.msg153965#msg153965</guid>
</item>
<item>
<title>Re: 23.1r1 - version displayed in UI?</title>
<link>https://forum.opnsense.org/index.php?topic=31861.msg153964#msg153964</link>
<description>
<![CDATA[Other than wait for 22.7.11 for upgrade paths to be included I suppose you could run:<br /><br /># opnsense-update -ur 23.1.r1<br /><br />That works from both the development and community version. I strongly recommend updating to 22.7.10 before attempting this.<br /><br /><br />Cheers,<br />Fra...]]>
</description>
<category>23.1 Development Series</category>
<comments>https://forum.opnsense.org/index.php?action=post;topic=31861.0</comments>
<pubDate>Fri, 13 Jan 2023 15:57:07 GMT</pubDate>
<guid>https://forum.opnsense.org/index.php?topic=31861.msg153964#msg153964</guid>
</item>
<item>
<title>Re: OpnSense Lan In Wlan Out</title>
<link>https://forum.opnsense.org/index.php?topic=31843.msg153963#msg153963</link>
<description>
<![CDATA[Vielen dank, nun geht alles für einen ersten test.<br />Sense bekommt via Ethernet Internet und gibt es via WLAN auch wieder aus.<br /><br />Nun kann ich erste tests machen <img src="https://forum.opnsense.org/Smileys/default/smiley.gif" alt="&#58;&#41;" title="Smiley" class="smiley" /> <br /><br />Ich bin Fachinformatiker für Anwendungsentwicklung, aber von Netzwerken habe ich mich bishe...]]>
</description>
<category>German - Deutsch</category>
<comments>https://forum.opnsense.org/index.php?action=post;topic=31843.0</comments>
<pubDate>Fri, 13 Jan 2023 15:49:08 GMT</pubDate>
<guid>https://forum.opnsense.org/index.php?topic=31843.msg153963#msg153963</guid>
</item>
<item>
<title>WAN Interfaces MAC Address is 00:00:00:00:00:00.</title>
<link>https://forum.opnsense.org/index.php?topic=31867.msg153962#msg153962</link>
<description><![CDATA[My WAN Connection needs to be on VLAN ID 7. When creating that interface I left the MAC address field empty thinking it would just inherit the MAC from its parent interface. But looking at Interfaces &gt; Overview &gt; WAN interface it shows 00:00:00:00:00:0...]]></description>
<category>General Discussion</category>
<comments>https://forum.opnsense.org/index.php?action=post;topic=31867.0</comments>
<pubDate>Fri, 13 Jan 2023 15:48:09 GMT</pubDate>
<guid>https://forum.opnsense.org/index.php?topic=31867.msg153962#msg153962</guid>
</item>
</channel>
</rss>

5
General Discussion / Re: [Unbound DNS] Tips on why a domain won't resolve
« on: January 12, 2023, 10:03:38 pm »
Today it works. I have done nothing the setup. Confusing.

6
General Discussion / [Unbound DNS] Tips on why a domain won't resolve
« on: January 11, 2023, 10:42:13 pm »

I am hoping someone could spare some tips on how to troubleshoot or fix
why this one specific domain wont resolve. This is the only domain that
I have come across that is not in my block-lists that wont resolve.

https://www.llthw.common-lisp.dev

------------------------------------------------------------------------
If I run a dig from my laptop
$ dig llthw.common-lisp.dev
; <<>> DiG 9.10.6 <<>> llthw.common-lisp.dev
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12308
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;llthw.common-lisp.dev.      IN   A

;; AUTHORITY SECTION:
dev.         4   IN   SOA   ns-tld1.charlestonroadregistry.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300

;; Query time: 45 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Jan 11 22:33:29 CET 2023
;; MSG SIZE  rcvd: 148

------------------------------------------------------------------------
If I try to ping
$ ping llthw.common-lisp.dev
ping: cannot resolve llthw.common-lisp.dev: Unknown host

------------------------------------------------------------------------
Interfaces > Diagnostics > DNS Lookup
And if I run a DNS lookup from my OPNsense box not surprisingly returns
nothing

------------------------------------------------------------------------
System > Settings > General
No DNS entered and these are all unchecked:
- Allow DNS server list to be overridden by DHCP/PPP on WAN
- Do not use the local DNS service as a nameserver for this system
- Allow default gateway switching

Services > Unbound DNS General:
Pretty much out of the box setup.
√ Enable DNSSEC Support
√ Flush DNS cache during reload

DNS over TLS:
 HOST                          IP  PORT  VERIFY SN         
------------------------------------------------------------
 Cloudflare               1.1.1.1   853  cloudflare-dns.com
                          1.0.0.1                           
             2606:4700:4700::1111                           
             2606:4700:4700::1001                           

Blocklist:
√ enabled
Whitelist Domains
- www.llthw.common-lisp.dev

------------------------------------------------------------------------
Log file:
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving get-bx.g.aaplimg.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: 192.168.1.106 get-bx.g.aaplimg.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: query response was ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: response for gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: Verified that unsigned response is INSECURE
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: NSEC3s for the referral proved no DS.
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was nodata ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for aaplimg.com. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: response for gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving aaplimg.com. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: Verified that unsigned response is INSECURE
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: NSEC3s for the referral proved no DS.
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was nodata ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for akadns.net. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving akadns.net. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: validated DNSKEY net. DNSKEY IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving net. DNSKEY IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: validated DS net. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: Verified that unsigned response is INSECURE
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: NSEC3s for the referral proved no DS.
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was nodata ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for apple.com. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving apple.com. DS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was nodata ANSWER
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: query response was CNAME
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: response for gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: resolving gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: resolving gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:21   Informational   unbound    [74389:1] info: 192.168.1.106 gsp-ssl.ls.apple.com. A IN
2023-01-11T23:38:21   Informational   unbound    [74389:0] info: 192.168.1.106 gsp-ssl.ls.apple.com. HTTPS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: Could not establish a chain of trust to keys for resolver.arpa. DNSKEY IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: reply from <.> 1.1.1.1#853
2023-01-11T23:38:12   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: validation success llthw.common-lisp.dev. A IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: validate(nxdomain): sec_status_secure
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: validated DNSKEY dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: query response was ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: response for dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: validation success llthw.common-lisp.dev. HTTPS IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: validate(nxdomain): sec_status_secure
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: validated DNSKEY dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: query response was ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: response for dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: resolving dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: validated DS dev. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: NSEC3s for the referral did not prove no DS.
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: response for llthw.common-lisp.dev. A IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: response for resolver.arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: resolving dev. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: validated DS dev. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: query response was NXDOMAIN ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: response for llthw.common-lisp.dev. HTTPS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: resolving resolver.arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: validated DNSKEY arpa. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: resolving arpa. DNSKEY IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: validated DS arpa. DS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: query response was ANSWER
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: reply from <.> 1.0.0.1#853
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: response for _dns.resolver.arpa. SVCB IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: resolving llthw.common-lisp.dev. A IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: resolving _dns.resolver.arpa. SVCB IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: resolving llthw.common-lisp.dev. HTTPS IN
2023-01-11T23:38:11   Informational   unbound    [74389:2] info: 192.168.1.11 _dns.resolver.arpa. SVCB IN
2023-01-11T23:38:11   Informational   unbound    [74389:0] info: 192.168.1.11 llthw.common-lisp.dev. A IN
2023-01-11T23:38:11   Informational   unbound    [74389:3] info: 192.168.1.11 llthw.common-lisp.dev. HTTPS IN

7
General Discussion / Re: All meta sites are blocked?!
« on: January 11, 2023, 09:45:53 pm »
No idea, except check that "Blocklist.site Facebook" in Services > Unbound DNS >Blocklist isn't selected.

8
Virtual private networks / Re: wireguard-kmod not working in 22.7
« on: December 12, 2022, 10:32:44 pm »
Is this version old wireguard-kmod: 0.0.20220615? I believe it should at 1.0 release.

9
Virtual private networks / Re: Mullvad WG issue, Local Configuration DNS server doesn't resolve
« on: December 07, 2022, 04:59:21 am »
Yes good idea. That might work since 10.64.0.1 is Mullvad default gateway

10
Virtual private networks / Re: Mullvad WG issue, Local Configuration DNS server doesn't resolve
« on: December 06, 2022, 04:34:37 pm »
I had a screenshot of my Outbound NAT, but I couldn't post more than 4 :D
I guess I would try a sett up a gateway.

11
Virtual private networks / Mullvad WG issue, Local Configuration DNS server doesn't resolve
« on: December 03, 2022, 09:50:39 pm »
I am hoping that someone can explain to me why the following DNS issue is happening. I cannot figure it out. I used this guide as a... guide https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html

I download a Linux .conf file from mullvad.net.
[Interface]
PrivateKey = *******************************************
Address = 10.64.30.159/32,fc00:bbbb:bbbb:bb01::1:1e9e/128
DNS = 10.64.0.1

[Peer]
PublicKey = egl+0TkpFU39F5O6r6+hIBMPQLOa8/t5CymOZV6CC3Y=
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = 45.129.56.67:51820

I plug this into WireGuard
Interface > Local
Peer > Endpoints
and those the Local and those the Endpoint as Peer.





Connect, no errors:
interface: wg2
  public key: PkALQNDZXNxK43Fd079oAdTT2MLLQERTl2Zx6SkFfBQ=
  private key: (hidden)
  listening port: 51820

peer: R5LUBgM/1UjeAR4lt+L/yA30Gee6/VqVZ9eAB3ZTajs=
  endpoint: 45.129.56.68:51820
  allowed ips: ::/0, 0.0.0.0/0
  latest handshake: 35 seconds ago
  transfer: 676.02 MiB received, 23.65 MiB sent
  persistent keepalive: every 30 seconds

I can connect to mullvad.net and see that i am connected and have no DNS leaks. But I cannot resolve any DNS queries.

I am guessing it is a mistake in my Unbound DNS configuration.

Services: Unbound DNS: General


Here is just some general settings.

System: Settings: General


I have tried to add 10.64.0.1 as a DNS server to "System: Settings: General", that didn't work either. There are two ways in which I have gotten around this, but none of them are really optimal.

1. Is to set 10.64.0.1 on the Services: DHCPv4: [LAN]. That works, but it bypassed the Unbound DNS blocklist.

2. The second option is slighty better, is too use Mullvad DoT/DoH DNS servers, whereby the DNS blocklist still works, but it is slower.

Can someone spot  my mistake. Where am I gonna since I cannot just have the DNS server from the WireGuard configuration work?

I have out of curioisty subscribed to ProtonVPN and I did the same simple setup just adding the Interface and Peer entries from a .conf file. And that worked.

It appears to be an issues between my setup and Mullvad. I just do not know why or how.

12
Tutorials and FAQs / Re: Redirection Page For Unbound Blocklist?
« on: September 02, 2022, 08:18:58 pm »
any tutorial on how to do this?

13
General Discussion / Re: Unbound DNS Blocklist and DNS over TLS - Blocklist doesn't seem to work
« on: August 29, 2022, 10:33:54 pm »
Quote from: Spoonman2002 on August 29, 2022, 02:06:23 pm
did you UNcheck: Do not use the local DNS service as a nameserver for this system (System:Settings:General)

Yes :)

14
General Discussion / Re: Unbound DNS Blocklist and DNS over TLS - Blocklist doesn't seem to work
« on: August 29, 2022, 06:50:24 am »
Quote from: Spoonman2002 on August 28, 2022, 10:33:17 pm
Linux client: dig pagead2.googlesyndication.com
Windows client: nslookup pagead2.googlesyndication.com
 :) :)

Code: [Select]
; <<>> DiG 9.10.6 <<>> pagead2.googlesyndication.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63011
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pagead2.googlesyndication.com. IN A

;; ANSWER SECTION:
pagead2.googlesyndication.com. 3600 IN A 0.0.0.0

;; Query time: 84 msec
;; SERVER: 192.168.2.10#53(192.168.2.10)
;; WHEN: Mon Aug 29 06:48:13 CEST 2022
;; MSG SIZE  rcvd: 74

15
General Discussion / Re: Unbound DNS Blocklist and DNS over TLS - Blocklist doesn't seem to work
« on: August 29, 2022, 06:47:51 am »
Quote from: Spoonman2002 on August 28, 2022, 10:08:19 pm
What port did you use in Listen Port (Unbound DNS: General) ?
And did you select the correct Network Interface?

The Listen Port is 53. Should it be 853?
I use the All Interfaces (recommended)

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2