Messages

@nero355 I don't want to pay for a second service.
I ordered a phone line, it was installed, I asked during
the orer process if the line would be able to handle internet
when I would research the best provider in my area and was told yes.
I ordered interent, a month later no box from the provider arrived,
I asked them why, and was old my line needed upgraded.

I cancelled my contract with the phone company as they would not upgrade it,
they said they made a mistake when they said it was fine for internet useage.
It quite clearly was not, it was an old line from when the property was built
40 years ago, they should have known fine will it was long overdue an upgrade.

So, am stuck with a mobile phone for internet, which is fine as am the only user
and have unlimitd data plan.

I have also connected a USB to WiFi adapter to my phone and connected
the ethernet end of the adapter to the WAN

Are you sure, you have connected it to the correct network port?

Which hardware did you install OPNsense on?

In nterfaces: Assignments open the drop-down next to WAN and check if the plug symbol is green.

If you want to use the USB adapter on OPNsense, you have to change the network device here to ue1 or alike and save the setting.

Hi, yes I used the default port layout during install, the first port is igc0 which is LAN,
igc1 is my WAN port where I plug in my hotspot which is bridged to my phone.

I have actually got my USB to RJ45 adapter to work from the OPNsense WAN port.
I  am using a Mini PC with 4 2.5Gig ports, it is base on an intel N100, with 16Gb Memory
and 128Gb SSD.
Where is this setting you mention / If you want to use the USB adapter on OPNsense, you have to change the network device here to ue1 or alike and save the setting, Thanks.

I have not had time to try my hotspot in that port, that hot spot is bridged to
my phone for internet access and works fine when connected to a switch or computer directly.
The usb to RJ4 adapter I use has an AX88179A chipset, it is no longer available on Amazon
but therre is still one model that does have this same chipset listed.

My issues now is that I have set up secure dns in unbound settings, and I see the dns server
address being accessed under the traffic tab, but my browsers is not using secure dns when I
use online tools to check what dns am using.
There is one tick at the top of the unbound page where I entered the secure dns servers,
I am not sure if it needs ticked or left unticked, it states from memory, use system dns
servers, I am not sure what system dns servers refferes to, is it the servers I just set
up under unbound secure dns, or the servers one can set up during OPNsense install, I actually
did not install and dns servers during OPNsense install.
Either way any advise on how to ensure my secure dns servers under unbound are in fact used
would be appreciated.
If I recall/ am not at my home now, but there is a setting somewhere else that states something
like, allow dns to be over ridden by service providers dns, if so, then should this unticked in
order to force the use of my unbound secure dns server entries.

Thanks to all

Hello once again, I am making no progress in regard to connecting my OPNsense
router/firewall to the internet.

I have tried to get my OPNsense box to connect to the internet via my hotspot
which is bridged to my mobile phone, and had no success at all.

I have also connected a USB to WiFi adapter to my phone and connected
the ethernet end of the adapter to the WAN port on my OPNsense box and
have failed to make an internet connection using this method either.

I can connect the hotspot which is bridged to my mobile directly to a
computer and that computer can access the internet.
I can also connect the USB to WiFi adapter to my computer and also
rech out to the internet.

I truly have no idea why neither device when connected to my OPNsense
box's WAN port will not work.

There are so many settings under >Interfaces >WAN that I do not know wher to
start filling in the required details, or even what details are reauired.

Could someone please help me get this to work.

I connected both my USB to WiFi adapter and my Hotspot to my switch
and both allowed the devices connected to the switch to access the
internet, but this is not good as they do not go through the OPNsense
router/firewall.
But even this approach seems to only work sometimes.

I have no wired internet provider where I live, so am stuck with using
a mobile phone bridged to a hotspot which I can plug in via ethernet
cable to the OPNsense box, or similar setup using USB to WiFi adapter.
I  attach the switch to the lan port on the OPNsense box and the other
devices am trying to access the internt with to the WAN port, I assume
this is the correct approach, did I at least get this right.

Thanks in advance to anyone who is able to help.

Hi everyone.
I installed OPNsense and changed the IP from the default to 192.168.1.50
Is there anything else I need to change.
When I look at my DHCP LAN settings
I see the available range is from 192.168.1.1-192.168.1.254
yet the line below this shows from 192.168.1.100 to 192.168.1.199
I find this confusing and do not know how if I need to change anything
given I changed the IP I log into OPNsense on from the default to 192.168.1.50.

Can anyone explain what these IP's above relate to and if they are ok.

Thanks to anyone who can help
I will add a screen shot of what the above settings reffer to on my system.

Major version upgrades are always just a couple of clicks in the UI on a live system. Disregarding possible bugs or other failures you bever need to reinstall.

Best install with ZFS so you can use the snapshot feature before any update. Also always keep a current backup of your configuration. Just in case.

Thank you. I did see the feature to take a snapshot, I must investigate if these can be saved to a usb drive for restoration in the event of trouble.
I will leave updating to the latest version for a while so any bugs will be hopefully solved.
Am pleased to hear it should be just a matter of using the update feature under the GUI.

Thanks for posting.

Well if you waited so long you can certainly wait a week longer to get on 25.1, no need to take risks when you're relatively new and unfamiliar with a platform.

And as a general rule, OPNsense has security and reliability updates every two to three weeks, waiting for months between upgrades is not particularly secure.

I have been updating all along, I said I updated again yesterday, meaning there were previous updates.

My worry is do people on 24.7 need to do a fresh install or will simply clicking
check for updates and updating work for 25.1, or is a fresh install required between
major version updates.

Hi,am new to OPNsense

I installed OPNsense a few months ago and updated it again yesterday.

I am wondering if I will be able to update to the upcoming 25.1.RC1
version from the GUI or will going from 24 to 25 require a fresh install.

Thank to all.

You're almost two major versions behind. 25.1.RC1 lands next week and on the 29th 25.1 will be generally available.
If that FW is directly on the internet worrying about secure DNS wouldn't be the first thing to be concerned about - when every two-three weeks new security and / or reliability updates are available yet you don't deem important enough to install.

A fully patched OPNsense with the default configuration will always be more secure than a 7+ months old one with a random hardening thing applied here or there.

I am new to OPNsense and have a question regarding updating. I read above there is a new 25.1.RC1 coming soon, will I be able to upgrade to this using the update feature from the gui, or does going from 24 to 25 require a complete re install. I ask as am going to be making some changes and I don't want to have to do them all over again if I have to do a new install. Thanks, and I do not mean to derail this thread, its just I see the new update mentioned above.

How can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting the
NVR in the mail, and can not find any information regarding whether it has a fixed IP
or a dynamic one.

I would expect it will allow you to either configure a fixed IP address or use DHCP. If you choose DHCP (or if there's no option), you could create a reservation in OPNsense's DHCP server to assign it a specific IP address of your choosing (which should be outside the pool for dynamic addresses).

Looking online I  see these NVR's have two IP settings, one for the Switch that provides POE connectivity and one for the internal NIC that connects to your network.
The IP for the switch can be changed, but I read it is better to allow the NVR to assign one via its own DHCP and then to remove the tick and this will make it static.
Saying this, this is not the IP required to access the NVR, it has to be left alone as it is a static IP that the NVR uses to talk to the switch, and changing it am told results in the connected cameras being unable to communicate with the switch in the NVR.

I will see how it goes, and ask again when I get stuck.

One thing though, how does one create a reservation in OPNsense's DHCP server.
Am beyond new to all this network stuff, I hear of subnets and this is even more cconfusing,
as is different ip ranges, all greek to me.

You could assign igc3 as another interface, and give it its own subnet (not overlapping with your existing LAN), and create firewall rules to explicitly allow whatever communication you deem appropriate...

... or you could put the NVR on your LAN and block it from accessing the internet... but it would still be able to talk to other hosts on your LAN without going through the firewall - that may or may not be a concern, depending on how much you distrust the NVR...

Thank you for commenting.
How can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting the
NVR in the mail, and can not find any information regarding whether it has a fixed IP
or a dynamic one.

Thank you for posting.
You bring up some good points, regarding trusting I am unsure but in general I do
not trust anything and thus my blocking idea.
I am awaiting the NVR in the post, and as of yet do not know whether it has a static
or dynamic IP, I am only assuming a static IP could be blocked easier than a dynamic one.

I have what I think is an odd setup, I only have mobile internet access.
I set up OPNsense and use a portable router connected by cable to the OPNsense WAN port and
set to bridge mode.
This portable router bridges to my phone to provide my entire wired network with internet access.
This also means I can leave my phone in the same room as the routers and connect via Ethernet
to my network in another part of the house and use apps on my laptop rather than the apps on the
phone, open source apps that is, I have zero trust in my phone not to be listening in and sending big
brother info from any app I would use on that device, so I use computers instead to communicate.

Now, I have decided to add some IP cameras, and am quite lost, I went the NVR route as in
testing it would take a very fast computer to record my 8mp cameras and display them, I tried
with zoneminder, memory was ate up until the system frooze every time a camera was triggered
it would record so much then freeze the computer, so I will now use an NVR which must use
a GPU to do its work, the chips inside these things are rarely marked so its a guessing game.

You could assign igc3 as another interface, and give it its own subnet (not overlapping with your existing LAN), and create firewall rules to explicitly allow whatever communication you deem appropriate...

... or you could put the NVR on your LAN and block it from accessing the internet... but it would still be able to talk to other hosts on your LAN without going through the firewall - that may or may not be a concern, depending on how much you distrust the NVR...

Thank you for commenting.
How can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting the
NVR in the mail, and can not find any information regarding whether it has a fixed IP
or a dynamic one.

Hi everyone.
I am putting together an ip camera system that connects to an NVR.
I want to put the NVR in a safe place and access it over my network.

My router runs OPNsense, it has four ports, it is in default configuration
with nothing set up yet, igc1 is the Wan port and igc0 is the lan port.

That leaves two more ports on the router, igc3 and igc4.
Is there a way I can set one of these ports / igc3 for example, so that I can connect my NVR
to it and access it over the lan / igc1 port, but make sure the NVR connected
to igc3 in this example can not access the WAN / internet.

I am completely new to OPNsense, networking and ip cameras, so a simple
solution is what am after.

Thanks to all.

Thanks, I have secure boot off, will leave fast boot alone seeing as it is no security threat.

https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

Are you sure you want to bridge the lan and wan, seems very odd thing to do.

Hi everyone, my first post.
Should I disable secure boot and fast boot in the BIOS.
I want to take it one step at a time and I usually disable these settings when I install Linux.

Is there any security benefit to be had by leaving both of these settings enabled.

Thanks to all.