Messages

If you dont need automatic hostname registration you dont have to forward DNS from Unbound to DNSmasq.

Otherwise follow this guide:
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration

I assume you're referring to the hostnames for Interface 6 (VPN Devices) only right? If I don't care about those devices then does my method of using DHCP options for the DNS the "correct" way to do things?

I'm attempting to migrate my setup away from ISC DHCP on to DNSMasq but I'm not confident in one aspect of my setup.

The simplified overview of my current setup is:

Interfaces:
- Interface 1-5: Various VLANs that use my normal gateway and quad 9 DNS
- Interface 6: VPN VLAN that uses VPN gateway and VPN DNS

DHCP:
- All interfaces being served by ISC DHCPv4

DNS:
- Interface 1-5: Bound to Unbound DNS
- Interface 6: DNS overwritten by OPNSense (Via ISC DHCPv4 > Interface 6 > DNS Servers)

Firewall:
- Interface 1-5: Have regular rules
- Interface 6: Tags and forced all traffic through VPN gateway, and for RFC1918 it allows access to the regular gateway.


I'm attempting to set this up with Unbound DNS and DNSMasq, and I want to make sure I won't have any issues. My understanding is for overwriting the DNS for interface 6 I can just do the following:
- Keep DNSMasq DNS option disabled (Port set to 0)
- Tag the DHCP for Interface 6 with something like "VPN"
- Under DHCP Options: "Set" DNS servers for all "VPN" tagged DHCP to my VPN's DNS server.

Is that it? Am I over thinking it or is there a reason that I'm not understanding to have both Unbound and DNSMasq running with forwarding enabled for my setup?

I'm currently running into an issue and I'm not sure what the problem is (Perhaps it's my understanding of proxies).  This is my current setup:

1) Privoxy running in a Docker container in unraid: 10.0.0.133:8118
2) Lan Subnet: 10.0.0.1
2) Wifi Subnet: 10.0.32.1

Privoxy works great on the Unraid server, it even works great when setting it up on any browser on the LAN network but as soon as I have a device on the wifi subnet there is no connect. The issue is that I have in theory I have nothing blocking the access, the Wifi subnet has full access to the LAN subnet (and by extension the Privoxy instance). I can access Unraid, and all other docker webui ports via the wifi devices. In fact when I try to access the privoxy instance I even see in the firewall logs that it's being allowed through successfully, but for some reason I cannot connect. Anyone have any suggestions?

I'm attempting to setup a VPN based VLAN. Specifically a Wifi that is tagged, and any devices connecting to that Wifi should automatically be routed through my wireguard VPN. I've followed the "Wireguard Selective Routing to External VPN Endpoint" guide in the documents but I get confused about a few things after Step 6.

1) Since I want my entire VLAN to be routed through the VPN Gateway, what would the Firewall rule look like? Would it be as simple as "Pass VLAN net to Any" with the Gateway specified to be the VPN Gateway? Would the DNS server be the VPN provided DNS or the OPNSense DNS server?

2) How would I prevent DNS leaks if I'm setting up my network this way?

3) I don't quite understand how the Killswitch in the guide works when I'm routing my entire VLAN through the gateway?

Any guide on how to approach this would be appreciated.