Messages

1

23.1 Legacy Series / Re: Can't Install: bad dir ino: mangled entry

« on: May 12, 2023, 03:17:47 am »

Tried a different USB and it worked.  The other drive must be buggared.

2

23.1 Legacy Series / Can't Install: bad dir ino: mangled entry

« on: May 12, 2023, 02:33:47 am »

Keep getting error trying to install Opnsense on a new Alder Lake (intel 1265U) Firewall PC.

Downloaded the latest version (vga) and used Rufus to mount on USB.

Installing on a 58GB intel Optane drive.

3

General Discussion / Re: Microsoft Broken

« on: March 16, 2023, 09:28:43 pm »

How do I go about fixing these.

Sorry, no idea. I do not mess with Microsoft products talking to Microsoft, Apple products talking to Apple, etc. If I was concerned I would not be running Windows, plain and simple.

Keeping systems maintained and up to date is far more important from a security standpoint.

Kind regards
Patrick

This issue for me is with the Firewall rule that re-directs all DNS queries to Opnsense. Microsoft doesn't like this for some reason. Again, I think it can be fixed / configured under System-> Trust -> Authorities / Certificates but I'm still reading up on how to set this up for Microsoft.

In the meantime, I manually set my DNS on my computer and disabled the Firewall rule.

4

General Discussion / Re: Microsoft Broken

« on: March 06, 2023, 06:04:39 pm »

You will need to refresh the client's DHCP lease, so it picks up the new DNS settings. Also check your DHCP configuration for explicitly specified DNS servers. If you disable Unbound, it cannot serve clients.

Ahh, yeah I figured.

I'm just using the cloudflare DNS servers over TLS but I have a firewall rule to route all DNS queries to the firewall.  I think this is what broke MS downloads / MS sites.

How do I go about fixing these.  I saw a thread about adding MS certs to the Authorities but it wasn't clear and I don't want to bugger anything up without first getting more info.

5

General Discussion / Re: Microsoft Broken

« on: March 06, 2023, 08:29:43 am »

I disabled Unbound DNS and reconfigured OPNSENSE settings for the DNS server and nothing worked.  Had to re-enable Unbound DNS to get connection back.

So if I disable unboundDNS and disable the DNS over TLS, then manually put the DNS servers into System -> Settings -> General, I get not connection at all.

Did something get corrupted?

6

General Discussion / Re: Microsoft Broken

« on: March 05, 2023, 08:24:54 pm »

I disabled Unbound DNS and reconfigured OPNSENSE settings for the DNS server and nothing worked.  Had to re-enable Unbound DNS to get connection back.

7

General Discussion / Microsoft Broken

« on: March 04, 2023, 07:45:13 pm »

For some reason I can't connect with Microsoft sites any updates.  Answers.microsoft.com doesn't work and can't connect to Microsoft update servers. 

How do I troubleshoot this?

I disabled Suricata, ZenArmor, and Unbound DNS. 

Currently I have Unbound DNS connected to Cloudflare DNS over TLS.

I have a firewall rule to rout all DNS queries through OPNSENSE.  Until about a week ago, I didn't have any issues so maybe this is from a recent update?

8

General Discussion / DNS over TLS Setup help

« on: December 09, 2022, 12:48:16 am »

Trying to setup DNS over TLS with cloud flare but the unbound DNS service won't start.

Kids are doing a lot of school work online and I'm trying to setup parental controls (CloudFlare 1.0.0.3) and would appreciate the help

9

Zenarmor (Sensei) / Re: ZenAmor LAN port Policies in Bridged mode

« on: November 29, 2022, 04:47:37 pm »

Hi,

Are you planning to bridge interfaces in OPNsense first? You can only select 2 interfaces on Zenarmor GUi in bridge configuration.

Yes, I bridged three LAN ports.  Are you saying I can only apply a policy to two of these ports?

10

General Discussion / Re: Network Discovery across lan ports

« on: November 28, 2022, 02:37:34 pm »

I was thinking that. I'll try it tonight, thanks.

So I created two pipes, both at full bandwidth (300Mbps) and two queues; one with a weight of 100 and the other with the weight of 50. 

For rules, I made a rule for my PC IP address (for the 100 weight queue) and the second rule I used the inverted function "Not the PC IP".

Seems to be working.

11

General Discussion / Re: Network Discovery across lan ports

« on: November 24, 2022, 09:25:32 pm »

I was thinking that. I'll try it tonight, thanks.

12

General Discussion / Re: Network Discovery across lan ports

« on: November 24, 2022, 03:52:30 pm »

No. If you build a LAN bridge you have only a single LAN interface. You turn all ports that are memberd of the bridge into a switch. Switch is just a fancy word for bridge.

So you can either use static assignments  in your DHCP config and the IP addresses to identify clients or the clients' MAC addresses where possible. Firewall rules for example permit this.

Shaper rules don't have the ability to use MAC as destination or source.  I don't see how I can create a policy for just one PC.

13

General Discussion / Re: Network Discovery across lan ports

« on: November 24, 2022, 07:55:43 am »

Correct. You csn use MAC addresses to identify the clients.

Are you just mocking me now?

14

General Discussion / Re: Network Discovery across lan ports

« on: November 23, 2022, 07:52:00 pm »

Thinking out loud here...

In bridged mode, I can't assign an IP address to the individual LAN ports, correct?  So for flow control, I would have to set policies off the IP address of the client which would require static IP addresses.

15

Zenarmor (Sensei) / ZenAmor LAN port Policies in Bridged mode

« on: November 23, 2022, 06:23:51 pm »

Quick question:

I currently a filter policy for LAN Port 2 but I'm planning on bridging Lan Port 1, 2, and 3.

When I create the bridge, how do I create a Zenarmor policy for just Lan port 2?