Messages

1

General Discussion / Re: Forwarding IP address from Unbound to AdGuard

« on: December 14, 2023, 06:08:44 pm »

Oh, ok, thanks, I didn't consider that option.
Anyway that would mean that I have to set the DNS server for each interface?
I have 14 interfaces at the moment... So it is doable, but maybe not so maintainable (in case in future I need to change AdGuard IP address).

Anyway I will consider this option.
I am also considering to use Pi-Hole that if I am not wrong allows creating IP aliases/override.

2

General Discussion / Forwarding IP address from Unbound to AdGuard

« on: December 14, 2023, 04:59:23 pm »

Hi,

I know this question has been already asked, but I wasn't able to find a working solution.

I am using AdGuard (running on a docker container) and Unbound just because I like how it allows me to define DNS override and alias (AFAIK AdGuard doesn't have that feature) in order to reach my internal services using a nice name instead of IP address.

I've enabled "Services>Unbound>Query forwarding" in order to use AdGuard as DNS filtering, and it works perfectly.

There is anyway a little annoying thing, all DNS queries are in AdGuard are reported as made by the same IP address (that is the OPNSense interface).
Is there a way to solve this annoying thing?

Thanks

3

Virtual private networks / Re: Deleted Wireguard interface cannot be assigned anymore

« on: November 30, 2023, 05:50:01 pm »

I solved using a not so elegant workaround.
I uninstalled the wireguard-go plug-in and installed the official wireguard instead.
I was using the Go version since I read that it is compatible with Zenarmor, but I am not using that feature in my configuration at the moment.

4

Virtual private networks / [SOLVED] Deleted Wireguard interface cannot be assigned anymore

« on: November 30, 2023, 04:47:16 pm »

Hi,

I've deleted my Wireguard interface by mistake and now I can see in my list of unassigned interface with an exclamation mark reporting "administrative disabled", but I cannot assign it anymore.

I've already tried to uninstall Wireguard plug-in, reboot, and install it again, but it seems all the configurations were kept (so I couldn't re-insert the interface), so it didn't work.

How can I solve this problem?

Thanks

5

General Discussion / Re: Do I need a LAN interface once all my traffic is managed via VLAN?

« on: November 14, 2023, 02:25:03 pm »

Exactly (sorry if it was not clear) what I meant was if it is ok to remove all untagged interfaces, also the default one (called LAN) so you can access to the network only through a VLAN tag.

So it is anyway better to have at least one untagged network just in case, and maybe create some strict firewall rules in order to reduce vulnerabilities.

6

General Discussion / Do I need a LAN interface once all my traffic is managed via VLAN?

« on: November 14, 2023, 01:12:34 pm »

Hi,

I am wondering if I need a LAN interface (I mean the default LAN interface created by OPNSense) defined once all my traffic is managed using VLAN networks, so I guess/expect there should be no traffic going through this interface.

I can only see the LAN network could be useful in case something goes wrong and I need to connect directly to the firewall bypassing my switch, but I feel like I am missing a huge detail here! 

P.S.:
Actually I am thinking to use VLAN over LAGG, so default LAN interface seems to be even more useless, but again, I feel I am doing something wrong.