Messages

1

24.1 Legacy Series / Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui

« on: April 24, 2024, 05:25:01 am »

Ah got it. I was using nginx for reverse proxy but then was having similar issues with timeout. Thought going this route for now seemed easier but something with my setup is causing the names to not resolve correctly

2

24.1 Legacy Series / Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui

« on: April 24, 2024, 03:04:15 am »

Ah I thought it might make sense to tie it to my domain as well since I will eventually be doing the same for local ssl in my dockers.

So I installed the cert and I'm still getting the same issue. Attachment is showing the cert in trusted root.

Is there something else to it? Do I have to access using "opnsense.localdomain"? That doesn't work either though.

3

24.1 Legacy Series / Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui

« on: April 23, 2024, 01:48:26 pm »

Hmm. Not the response I was expecting.

I think the point of it is to not see a page showing accessing the gui is not secure but you’re saying this is preferred behavior ?

4

24.1 Legacy Series / Re: SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui

« on: April 23, 2024, 05:53:05 am »

If I disable DNS rebind checks, it doesn't time out. Should this be disabled?

It still isn't able to do name resolution, though.

On adguard, I see it get processed...

Code: [Select]

Status
Processed
DNS server
192.168.1.1:65353
Served from cache
Elapsed
0.04 ms
Response code
NOERROR

but getting ...
"This site can’t be reached router.mydomain.com’s server IP address could not be found."
in Chrome

So failing at Unbound?

5

24.1 Legacy Series / SSL cert for Web gui - Lets Encrypt cert added but cannot access web gui

« on: April 23, 2024, 05:25:52 am »

So...

1. I've set up the ACME client to get and auto renew the Lets Encrypt cert
2. I changed in Admin settings to use the cert

I am unable to access the website by the name

1. I have Adguard setup which has Unbound DNS as the upstream server - meaning Adguard on port 53 and Unbound on port 65353. This is working without issue

2. I can add DNS rewrites in Adguard to opnsense web gui - that works

3. I can access the router via IP - all devices are on LAN interface as I haven't gotten around to playing with VLANs.

Not sure what could be the issue?

I followed this guide...

https://homenetworkguy.com/how-to/replace-opnsense-web-ui-self-signed-certificate-with-lets-encrypt/

 Which makes the process seem easy so not sure what could be going on. Guessing it has something to do with Adguard / Unbound setup but not 100% sure. I do know I have failed to do similarly via Traefik and nginx - always hit a timeout when trying to access by name.

6

24.1 Legacy Series / (now works / can ignore) nut plugin standalone mode

« on: April 20, 2024, 04:54:52 am »

The service is running...

Code: [Select]

admin@router:~ # upsc -l
cyberpower

And I have a port forward as shown below which was following this...

https://forum.opnsense.org/index.php?topic=19992.0

But still nothing is able to connect. Anyone know what might be going on? When I check the logs I don't see any errors.

7

Documentation and Translation / Re: AdGuard Home setup guide

« on: February 14, 2024, 07:57:22 pm »

@cookiemonster

I actually got it working last night!

A few things...

I deleted Adguard and added it back in case I had messed with anything. After doing that...

1. I had forgotten about the option to set Adguard as `Primary DNS server`. I enabled that. Not sure if that helps. Also not sure when that option was introduced but it was never mentioned in this thread so I didn't think to go back to the adguard page to enable it.
2. I noticed that the bind address in the Adguard yaml was set to 0.0.0.0. I previously had it as the router ip. Not sure why I changed it but left it as default. Port was always 53 though
3. I followed this guide instead which seemed more comprehensive in general...

https://windgate.net/setup-adguard-home-opnsense-adblocker/

I am not sure what any of the four was the reason but yeah finally working. I recommend the guide above to others that are looking to set Adguard to 53 and unbound another port.

8

Documentation and Translation / Re: AdGuard Home setup guide

« on: February 14, 2024, 04:21:30 am »

lol it seemed like it would be necessary to do so for some other change.

anyway, I cannot get this to work :/ Not sure what I'm missing but the logs aren't helpful (or if any).

I usually work on things remotely since i'm not always home - hard to tell right now if there is something off with vpn or home as well.

for wireguard vpn, it's just adding the dns ip of 10.10.10.1? I have that but still no luck. The only thing that works for me is having Unbound set to port 53 (and following the guide I linked to previously)

9

Documentation and Translation / Re: AdGuard Home setup guide

« on: February 12, 2024, 10:20:55 pm »

Hey @andyd, did you check that you can send DNS request to <opnsense_IP>:5353 ?

Something like "host example.com <opnsense_IP>:5353" from a linux box.

Does this work?

btw, I disagree a bit with @yeraycito's recommendation of using port 5353. It's the default port for mDNS, I see an unnecessary risk for conflict, I use 53530 for example.

I'm going to try again later in the week but I'll try again. I suspect that I need to restart the router for the changes to really apply as the lesson I learnt this morning when I was trying to revert back to what I had.

In regards to 5353, yep! I read elsewhere that the port shouldn't be used.

10

Documentation and Translation / Re: AdGuard Home setup guide

« on: February 12, 2024, 07:52:56 am »

Anyone know how I can check what is the issue with my setup?

I have followed yeraycito's post and DNS ceases to work. The only configuration that seems to work for me is...

https://0x2142.com/how-to-set-up-adguard-on-opnsense/

But I want AdGuard to be on 53 and Unbound on some other port.

If I test upstream server in Adguard, that works so I figure there is some communication happening between Adguard and Unbound.

But I don't understand why there is no DNS resolution. I can access internal services by IP no problem so it's just the DNS resolution that isn't working

11

Virtual private networks / adguard + vpn...

« on: February 12, 2024, 07:10:24 am »

Should I be seeing my laptop and mobile clients under listed clients?

It seems like DNS queries are going up as I am on VPN but it could just be dockers I have running on my server.

When I check the client list, I don't see any vpn IPs like 10.0.0.14 - just all 192.168.10.x which is my LAN range. What should I expect?

I saw this...
 https://forum.opnsense.org/index.php?topic=22409.0
And after following the steps I see no difference