Messages

1

24.1 Legacy Series / Re: Confused about DNS and how to change settings

« on: March 18, 2024, 02:05:41 am »

https://forum.opnsense.org/index.php?topic=13287.msg61064#msg61064

This response by Mimugmail worked instantly. Since I don't truly understand Opnsense and networking yet - can someone explain to me in laymans terms what this is doing, please?

2

24.1 Legacy Series / Re: Confused about DNS and how to change settings

« on: March 17, 2024, 11:33:25 pm »

you could try this link https://homenetworkguy.com/how-to/configure-wireguard-opnsense/

I already have LAN access in general from wireguard. I either need to find out where I can set the Wireguard interface gateway (10.10.10.1) to direct it's DNS to the pihole, or do I need to set a rule that lets the LAN talk to the WG subnet?

E: Apparently I can ping the WG subnet from LAN already. My phone seems to think it's on the LAN subnet of 192.168.1.101, but pihole when seeing it (despite not returning the DNS results) sees it as 10.10.10.2.

'If you are using alternate DNS server(s) such as Pi-hole, you will need to specify those DNS servers by clicking the “advanced mode” and entering the DNS server IP address in the “DNS Server” box. You will need to have a firewall rule to allow access to the alternate DNS server(s) (unless you have an “allow all” rule for your WireGuard clients, which is not the best security practice).'

I definitely don't have this set up, so I'll try it when I get home I suppose.

3

24.1 Legacy Series / Confused about DNS and how to change settings

« on: March 17, 2024, 11:12:29 pm »

I'll say immediately since I've seen some stuff about wireguard overriding the resolv.conf file - I am using wireguard.

How am I supposed to be changing/setting the main DNS server, or utilizing unbound settings? I was trying to change the server to my pihole in system-> settings -> general and adding the IP to DNS servers, but when I refresh and renew the IP, I am still having the IP set to my gateway, 192.168.1.1 instead of the pihole, .4. I notice on the GUI, no new requests are getting forward to it, either. I can get it to change when I set the DNS through Services -> IPv4 DHCP -> DNS servers.

However, on my wireguard client for my Pixel, if I set the DNS to 192.168.1.4, I see new requests in the GUI, but DNS doesn't work on the phone regardless. I am maybe assuming my firewall isn't set up to pass requests from the wireguard subnet (10.10.10.1/24) to the LAN subnet the pihole is on, or at least back from it?

I am very new to OPNsense and networking in general is not my forte. Happy to provide more info and screenshots of my config if needed. I am aware I could always consider moving to adguard/simply using unbound DNS to block things, but that still leaves the problem of making sure wireguard is utilizing those as well, especially considering how ad-ridden the internet is on a phone.