Messages

1

General Discussion / Re: Microsoft Broken

« on: May 24, 2023, 12:22:59 am »

Thank you for the suggestion. But, although I make damage in various ways, it wasn't because of that. This time :-)

It was blocked by one of the unboundDNS DNSBL blocklists. 

As I figured, I guess, it was mainly my understanding of the use of wildcards for the whitelist that was not in line of how opnsense understands it. And, there where 2 or 3 list items, I've added directly manualy from the block log (m.hotmail, outlook.office365 and officeclient.microsoft if I remember right).

n3

2

General Discussion / Re: Need help pls with a simple PASS-rule.... (Default deny / state violation rule)

« on: May 23, 2023, 10:23:32 pm »

and then again, it was something completely different.

I had to disable IGMP snooping on the bridge. See here: https://forum.proxmox.com/threads/multicast-bridge-problem.107410/

n3

3

General Discussion / Need help pls with a simple PASS-rule.... (Default deny / state violation rule)

« on: May 22, 2023, 09:49:19 pm »

Dear all

Sorry to ask a certainly very basic question but it drives me mad after an hour of trying... I don't get it to work.
May I ask for a helping hand?

I'd like to allow IGMP traffic that matches
- "LAN" interface,
- source "LAN net",
- protocol "IGMP"
- destination "any"
(I have played with a various combinations).

But the trafic gets blocked by the default deny rule (see screenshot).

Greetings
n3

4

General Discussion / Re: Bond/ Trunk no igmp?

« on: May 15, 2023, 08:03:42 pm »

Thank you for your help. However, the issue was on proxmox.

Solved:
I've figured it out on following one of my first guess' (always follow your first guess!).
On ProxMox, I had to change the hash policy to layer 2+3.

n3

5

General Discussion / Re: Bond/ Trunk no igmp?

« on: May 14, 2023, 09:59:41 pm »

Thank you. I'll give it a try.
In what file do I need to write that? /sys/class/net/vmbr0?

n3

6

General Discussion / Bond/ Trunk no igmp?

« on: May 12, 2023, 10:10:14 pm »

Dear all

I have recently exchanged my ethernet card with fiber network card with two ports.
This two ports are connected to an unifi switch in trunk mode (bond; bundle, you name it).

Problem:
Although nothing changed beside what's required to exchange the card, I have no longer multicast streams (INIT7 TV) in my network.Certainly, it was working previously swapping the cards.

Setup:
- OpenSense installed on a proxmox (virtual machine host)
- Proxmox configured network as
  - Linux Bond - "bond0", mode LACP (802.3ad), Slaves: both new ports
  - vmbr0 with bridge port "bond0"
  - OpenSense network device

Switch
Unifi Switches. I haven't changed the settings beside creating the trunk: Multicast DNS enabled, IGMP Snooping off.

Console (igmproxy -d -v config) shows at least some traffic

Code: [Select]

RECV Membership query from 192.168.3.11 to 224.0.0.1
REC V2 member report from 192.168.3.32 to 224.0.0.252
Undated route entry for 224.0.0.252 on VIF #1
Any ideas?

Kind regards
n3

7

General Discussion / Re: Microsoft Broken

« on: March 19, 2023, 09:21:19 pm »

ok.. I DID investigate. It was the blocklist.

8

General Discussion / Re: Microsoft Broken

« on: March 19, 2023, 08:06:43 pm »

I have the same issue here: a few Microsoft services to not work, if the opensense Unbound DNS server is used.

For now, I've added public DNS servers to the be distributed by DHCP (Services -> DCPv4 -> LAN -> DNS Servers) to the local clients which can therefore lookup directly.

I haven't investigated any further but I guess, it is an issue that Microsoft wants to connect through DNS 853 (SSL/TLS).