Messages

OK, figured it out. I am posting this for others, in case they have the same issue, or if someone from OPNsense or NLnet is monitoring these.

there is an issue with DNS64, the sythesized response is not getting accepted by my phone, latest iPhone, or Echo 4th gen. the reason that othe Alexa devices in my network did not have any problem, is probably because they are old and don't do v6. I turned off the DNS64 conversion and everything started to work.

I am assuming, perhaps erroneously, that because it is Apple and Amazon, the issue is likely in the Unbound. But would not be surprized if both companies mis-implemented their IPv6 stack.

Anyways, I hope this helps someone.

Hi Everyone, I have a strange situation where Unbounds works perfectly, except when it comes to Nest website and *one* of my Amazon echos.

Background: I have OPNsense with Zenarmor, DHCPv4 and v6, and Unbound activated. My provider is Comcast. Every website and app works perfectly except for two. I cannot get my Nest app to connect to outside and my echo 4th gen would not connect either. If I disable Unbound, everything works just fine. I have NO rules, no blacklists, and nothing fancy going on with Unbound. Just a simple redirect to Comcast's DNS servers.

I have 5 amazon echos in my environment. Four are echo dots, and they work perfectly. The issue is only with this one echo 4th gen.

How do I troubleshoot this? I looked at the log files for Unbound and there is nothing there. Appreciate any insight here.
thanks

why would anyone want to run an IDS on the WAN interface? beside for documenting who wanted to get into your network.
the reason for having a FW is to stop attacks and for IDS/IPS to tell you who made it through so you can do something about it. I have no doubt that there are 1000s of 1000s of attach on the other side of the fw. if you ran an IDS on the WAN side you would be overwhelmed by alerts.

my 2 cents.

I might have figured it out. I am running Zenarmor which binds to the same interface. I "believe" that Zenarmor is receiving the packets and does not forward it to the next module, Suricata. I suspect that if I uninstall Zenarmor then Suricata would start working. I say suspect, because I decided I rather keep Zenarmor and use that and did not want to go through uninstalling it to test the hypothesis. So, if you have other solutions that bid to your interface, try removing them and see if Suricata can work as a standalone module that has control of the interface.
good luck.

I have reviewed all the materials that I could find and all the related how-to videos and still can't get this to work properly. I used to have this working under pfSense but once I moved to OPNsense nothing seems to be working!! This is a clean install, but an export/import.

I have enabled the IDS mode only, have over 220k rules enabled (soI know something gotta match), have set myself in Promiscuous mode, defined my home network, set my interface to LAN, have disabled all hardware offloading (which should not have an impact since I only alert and don't use the IPS mode), and yet my Alerts tab is completely empty.

I am using a Protectli 6 port firewall, if that makes a difference.

what am I missing here? thanks