Messages

You could start by structuring your post in a way it is actually readable. You know, sentences, punctuation, paragraphs ...

I am not able to parse this wall of text, sorry.

There, is this better?

I had to switch from Windows 7 to W10 recently because my new printer didn't come with drivers for W7.  I stayed on W7 because W8-W11 is known to be pulling data off your computer and sending it to Redmond.  I put Opnsense on an older dell I had and started fighting W10 telemetry by monitoring what was going out of my computer with WireShark, LiveTcpUdpWatch, and Zenarmor Live Sessions.  I was able to track down and block 58 IPs going back to Microsoft and an additional 250 IPs going to other various companies (google, amazon, etc).  Most of the tracking caught was during evening hours just after a reboot with no programs running other than WireShark and LiveTcpUdpWatch.  All the captured IPs are now being blocked by Opnsense.

However, there were some W10 programs and a couple of other softwares that were unnecessarily connecting to their companies.  They were automatically connecting through my VPN by way of using my Network Settings, so I had to set my W10 'Proxy Access to the Internet' to 'No Proxy'.  By doing this I apparently am now blocking my browsers from DNS, they can't interpret any domain names now.  They can go to a hard IP address however.

My main problem is that I am trying to setup Unbound to try to use it for DNS, but when I try to change Unbound's port from 5353 to 53, Opnsense says that Adguard has port 53.  I don't know if there is a way to change W10's DNS port to 5353.  Can anyone see anything I can do to make W10 use Unbound?

Thanks

I had to switch from Windows 7 to W10 recently because my new printer didn't come with drivers for W7.  I stayed on W7 because W8-W11 is known to be pulling data off your computer and sending it to Redmond.  I put Opnsense on an older dell I had and started fighting W10 telemetry by monitoring what was going out of my computer with WireShark, LiveTcpUdpWatch, and Zenarmor Live Sessions.  I was able to track down and block 58 IPs going back to Microsoft and an additional 250 IPs going to other various companies (google, amazon, etc).  Most of the tracking caught was during evening hours just after a reboot with no programs running other than WireShark and LiveTcpUdpWatch.  All the captured IPs are now being blocked by Opnsense.
However, there were some W10 programs and a couple of other softwares that were unnecessarily connecting to their companies.  They were automatically connecting through my VPN by way of using my Network Settings, so I had to set my W10 'Proxy Access to the Internet' to 'No Proxy'.  By doing this I apparently am now blocking my browsers from DNS, they can't interpret any domain names now.  They can go to a hard IP address however.

My main problem is that I am trying to setup Unbound to try to use it for DNS, but when I try to change Unbound's port from 5353 to 53, Opnsense says that Adguard has port 53.  I don't know if there is a way to change W10's DNS port to 5353.  Can anyone see anything I can do to make W10 use Unbound?

Thanks

Message after updating, there is always this message in System / System: Firmware / Plugins:
os-sunnyvalley (misconfigured)   1.4_3   2.44KiB   N/A   OPNsense   Vendor Repository for Zenarmor (a.k.a Sensei, Next Generation Firewall Extensions)

Does anyone know how to fix this?  Not an expert here.

This was my problem.  I forgot and went through a VPN through the firewall.  But for some reason, I can't login into AgGuard anymore - 192.168.2.1:3000.

I have successfully installed AdGuard, but I don't know how to get my W10 computer to use the AdGuard DNS.  This is what my W10 is using now:
IP address:  192.168.2.50
Subnet mask:  255.255.255.0
Default
Gateway:  192.168.2.1
Obtain DNS server address automatically
Use the following DNS server addresses:
Preferred DNS server:  1001
Alternative DNS server:  1111

Can someone tell me how to point W10 to the AdGuard DNS?

Thanks

Canceled

I have played with this for several hours and it doesn't stop from getting to this site;
c:\>ping -n 3 144.76.???.???

Pinging 144.76.???.??? with 32 bytes of data:
Reply from 144.76.???.???: bytes=32 time=150ms TTL=47
Reply from 144.76.???.???: bytes=32 time=149ms TTL=47
Reply from 144.76.???.???: bytes=32 time=150ms TTL=47

I have tried several times in the past also without success.

I am very weak on network and firewall knowledge, but think that I may not have the MSTelemetryBlockList LAN rule in proper order.  In the attachment, should the MSTelemetryBlockList be above the two Default IPv4 and IPv6 rules?  I think that I put it at the bottom because I managed to lock myself out of Opnsense once and had to reinstall.

Well, I have decided to uninstall ClamAV.  There were no instructions beyond just installing it.  Not in the mood to break any horses trying to get ClamAV to do something.  I have never run an AV on any of my computers anyway and have never had any infections.  Thanks

Some guru on youtube suggested you install ClamAV.  I have installed it and loaded in the DB.  The load instruction line and Load button have gone away.  I got this warning message in the log:
2025-01-05T06:04:22-06:00   Warning   freshclam   Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory

I don't think it is anything to worry about, but do I need to do anything about it?
Also, should there be anything listed in to Signatures page?  There is nothing there.

Thanks.  I looked up how to use Vim and found that it is quite easy to use.  What always aggravated me was that I couldn't ever remember how to get out of Vim whenever I accidentally started it.  I am going to install nano anyway, now that I know how and that it is available in Opnsense.

I tried to install nano using pkg_add in the terminal, but pkg_add is apparently not installed.  I can't find nano in the package area of Opnsense.  I know that Vim is installed, but I don't understand it and don't use it.

Try creating a repository with your IPs in github.com.
(Note: Disregard the typo github.<net> in the first png below.  It should be github.com.).

I am using the VnStat plugin

I am not finding that in System:Firmware/Plugins.  Can it be loaded from somewhere else?

I am using the VnStat plugin

That looks good, but I am running Windows 7.