Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - mchampion

Pages1
#1
General Discussion / Why can't I keep DNS queries from going through my PiHole?
December 26, 2023, 08:56:18 PM
I've been using PiHole with OPNsense for a long time, but decided to switch to AdGuard home running on the OPNsense box so I can retire the Pi. After trying to make the switch following various guides online, I can't seem to get it to work as everything keeps routing through the PiHole no matter what I do, and I can't figure out why. To try to figure this out, I've removed AdGuard for now and tried to revert everything to using default DNS services without the PiHole by removing all the settings that pointed DNS at the PiHole, but I keep getting new queries in the PiHole query log even after doing so.

OPNsense 23.7.10 at 192.168.0.1
System > Settings > General > DNS servers empty, "Allow DNS server list to be overridden by DHCP/PPP on WAN" unchecked, "Do not use local DNS service as a nameserver for this system" unchecked
3 LAN interfaces: 192.168.0.1/24 [LAN], 192.168.10.1/24 [IoTVLAN], 192.168.20.1/24 [GuestVLAN]
Firewall > Rules > [Interface] > Disabled any rules that related to DNS routing (on all 3 interfaces)
Services > DHCPv4 > [Interface] > DNS servers empty (for all 3 interfaces above)
Services > Unbound DNS > Enabled, port 53, nothing listed under overrides, access lists, blocklists, query forwarding, or DNS over TLS

After making the above changes and restarting OPNsense to renew the DHCP leases, I'm still getting queries in the PiHole query log (coming from devices on all of the above listed VLANS). I'm sure there's some setting that I'm missing in the configuration somewhere, but what is it?
#2
Virtual private networks / Cannot connect to LAN addresses through VPN road warrior
December 23, 2022, 10:09:19 PM
I have set up both WireGuard and OpenVPN to use to connect to my home network while off site. There are no issues with either with regard to internet access and ad blocking through pi hole, but I can't access any LAN IP other than the router itself. I presume this is a firewall permission issue since the same problem occurs with either WG or OpenVPN.

Here's the details of my WG setup since it's the one I primarily use.

Router IP: 192.168.0.1
LAN IP: 192.168.0.0/16

VPN > WireGuard > Local
Name: <WG name>
Interface: wg0
Tunnel address: 10.0.1.1/24
Port: 51899
Endpoints: 10.0.1.2/32 (phone) and 10.0.1.3/32 (laptop)

Interfaces > <WG interface name>
Enabled
Device: wg0

Firewall > Rules > <WG interface name>
Action: Pass
Interface: <WG interface name>
Direction: In
TCP/IP Version: IPv4+IPv6
Protocol: Any
Source: Any
Destination: Any

I also have a "WireGuard (Group)" entry under Firewall > Rules, though I'm not sure where that came from. I duplicated the same firewall rule as above for this group, but it didn't fix it.

It seems like these firewall rules should allow me to access anything on my LAN, but it just times out for anything but the router IP.
Any suggestions about what I'm doing wrong? It's probably something super easy and obvious but I'm kinda dumb when it comes to this stuff.
Pages1