Messages

Hi!
I tried the WireGuard Peer generator once again after a long time because when the generator was introduced in opnsense I got errors.
Still getting an error after scanning the QR code with the iOS WireGuard app.

The message is:

Invalid QR Code
The scanned QR code is not a valid WireGuard configuration

It is a little bit odd because when I save the Config in a file and use Create from file or archive in the iOS WireGuard app it works perfectly.
No problem for me, I just import the config into the app but it is rather disappointing the QR generator still is disfunctional.

Thank you all for the pointers, I will keep an eye on my logs!

For this moment I can say that the external IPv6 address belongs to a company SolarEdge, a producer of PV panels, I have SolarEdge PV panels on my roof connected to an inverter. I don't understand why they initiate a connection to my solarenergy inverter. That should not happen in my view.

@pfry
The detailed rule info does not give anymore info. See screenshot

@nero355
Maybe, but how if I disabled the logging of matched default block rules?

Hi,
I see a block action on my WAN interface in the firewall live view without a label which I didn't setup myself.
I don't have any rules in the firewall to block on the WAN interface, just the default.

Firewall settings are setup to only log packets blocked by Bogons and Private Networks.

So my confusion is: where does this block come from?

Hi!

Will do, thanks!

Good evening,

I did not notice exactly when this started but at least from version 24.7 I started to see errors in ISC DHCPv4.
I have a couple of static mappings and they are shown as static on the leases page.

Still OPNsense errors and see them both as static and as dynamic if I read the log correctly.
See attachements.

Nothing changed in that regard since 24.1 but is it something I have to adjust?
Any help appreciated!

@franco, any idea?

Hi,

I have a question to @franco:

Is there a reasoning behind the choices of the type of DNSBL in Unbound?
Lately the OISD blocklists are added to the lists.

I, and maybe more users, would welcome the lists of Hagezi (https://github.com/hagezi/dns-blocklists).
He has all kind of lists, from adblock to wildcard lists, from mild filtering to aggressive.

Just food for thought, maybe now would be a good moment for inclusion of these lists.

Hi!
Is it possible to reload Unbound DNS without resetting statistics and without losing the cache?
If so, what is the correct command through ssh?

If not, is it impossible to achieve or something else?

Hi!
Just curious if someone happens to know if blocking with Unbound with the methods below has any advantage over the other (faster or more efficient or anything else):

- RPZ, flexible rules to block and/or passthrough or redirect, but often times two rules, one for hostname, one for domain to hostname (ymo.co.za CNAME . and *.ymo.co.za CNAME . for instance)

- conf file, rules like, local-zone: "000.pe." always_nxdomain

I am just looking for advantages of one or the other.