Messages

Tried a different USB and it worked.  The other drive must be buggared.

Keep getting error trying to install Opnsense on a new Alder Lake (intel 1265U) Firewall PC.

Downloaded the latest version (vga) and used Rufus to mount on USB.

Installing on a 58GB intel Optane drive.

How do I go about fixing these.

Sorry, no idea. I do not mess with Microsoft products talking to Microsoft, Apple products talking to Apple, etc. If I was concerned I would not be running Windows, plain and simple.

Keeping systems maintained and up to date is far more important from a security standpoint.

Kind regards
Patrick

This issue for me is with the Firewall rule that re-directs all DNS queries to Opnsense. Microsoft doesn't like this for some reason. Again, I think it can be fixed / configured under System-> Trust -> Authorities / Certificates but I'm still reading up on how to set this up for Microsoft.

In the meantime, I manually set my DNS on my computer and disabled the Firewall rule.

You will need to refresh the client's DHCP lease, so it picks up the new DNS settings. Also check your DHCP configuration for explicitly specified DNS servers. If you disable Unbound, it cannot serve clients.

Ahh, yeah I figured.

I'm just using the cloudflare DNS servers over TLS but I have a firewall rule to route all DNS queries to the firewall.  I think this is what broke MS downloads / MS sites.

How do I go about fixing these.  I saw a thread about adding MS certs to the Authorities but it wasn't clear and I don't want to bugger anything up without first getting more info.

I disabled Unbound DNS and reconfigured OPNSENSE settings for the DNS server and nothing worked.  Had to re-enable Unbound DNS to get connection back.

So if I disable unboundDNS and disable the DNS over TLS, then manually put the DNS servers into System -> Settings -> General, I get not connection at all.

Did something get corrupted?

I disabled Unbound DNS and reconfigured OPNSENSE settings for the DNS server and nothing worked.  Had to re-enable Unbound DNS to get connection back.

For some reason I can't connect with Microsoft sites any updates.  Answers.microsoft.com doesn't work and can't connect to Microsoft update servers. 

How do I troubleshoot this?

I disabled Suricata, ZenArmor, and Unbound DNS. 

Currently I have Unbound DNS connected to Cloudflare DNS over TLS.

I have a firewall rule to rout all DNS queries through OPNSENSE.  Until about a week ago, I didn't have any issues so maybe this is from a recent update?

Trying to setup DNS over TLS with cloud flare but the unbound DNS service won't start.

Kids are doing a lot of school work online and I'm trying to setup parental controls (CloudFlare 1.0.0.3) and would appreciate the help

Hi,

Are you planning to bridge interfaces in OPNsense first? You can only select 2 interfaces on Zenarmor GUi in bridge configuration.

Yes, I bridged three LAN ports.  Are you saying I can only apply a policy to two of these ports?

I was thinking that. I'll try it tonight, thanks.

So I created two pipes, both at full bandwidth (300Mbps) and two queues; one with a weight of 100 and the other with the weight of 50. 

For rules, I made a rule for my PC IP address (for the 100 weight queue) and the second rule I used the inverted function "Not the PC IP".

Seems to be working.

I was thinking that. I'll try it tonight, thanks.

No. If you build a LAN bridge you have only a single LAN interface. You turn all ports that are memberd of the bridge into a switch. Switch is just a fancy word for bridge.

So you can either use static assignments  in your DHCP config and the IP addresses to identify clients or the clients' MAC addresses where possible. Firewall rules for example permit this.

Shaper rules don't have the ability to use MAC as destination or source.  I don't see how I can create a policy for just one PC.

Correct. You csn use MAC addresses to identify the clients.

Are you just mocking me now?

Thinking out loud here...

In bridged mode, I can't assign an IP address to the individual LAN ports, correct?  So for flow control, I would have to set policies off the IP address of the client which would require static IP addresses.

Quick question:

I currently a filter policy for LAN Port 2 but I'm planning on bridging Lan Port 1, 2, and 3.

When I create the bridge, how do I create a Zenarmor policy for just Lan port 2?