"
Piholes are both coming off the same Mikrotic switch going to the OPNsense router. However the Mikrotic is segregated into two switches which are internally bridged, one side is Gbit and the other is just fast ethernet - the two piholes are on different sides of the switch so could be introducing latency.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
24.7, 24.10 Production Series / Re: Pi-hole running unbound cannot reach the internet. Plain pi-hole can.
December 30, 2024, 01:28:08 PM #2
24.7, 24.10 Production Series / Re: Pi-hole running unbound cannot reach the internet. Plain pi-hole can.
December 29, 2024, 05:02:19 PM
Going to report this as resolved, I went back to basics and checked my piholes to see if the unbound services were actually running. Turned out that the one on my NAS wasn't and needed a restart. Once I did that the Android phones started to connect to the internet fine. Still a bit weird that the laptop was using the working pihole unbound but the Android phone wasn't.
Still, lesson learned - check the basics.
Stephen
Still, lesson learned - check the basics.
Stephen
#3
24.7, 24.10 Production Series / Pi-hole running unbound cannot reach the internet. Plain pi-hole can.
December 29, 2024, 01:49:01 PM
Hi all,
I have just successfully setup a Fujitsu S920 as a OPNsense 24.7.11 firewall so far running a flat LAN network. I am doing some final basic settings.Traditionally I have always used pi-hole as my DNS server, I run two instances one on a my NAS and another on a dedicated pi2. I have them setup as unbound DNS servers, I have also setup some NAT rules as per this site https://labzilla.io/blog/force-dns-pihole to force all DNS traffic through the pihole. On the OPNsense firewall I have all DNS servers disabled and the general settings pointing to my two piholes.
The weird behaviour I am experiencing is that my laptop is happy with this arrangement and finds the internet if pihole(unbound) is the only DNS endpoint setup on the piholes at 127.0.0.1#5335. However my Android phone is not happy and won't talk to the internet with pi-hole(unbound) as the final endpoint. This took quite some time to discover but proves that the piholes are been used. However the Android phone is able to access gmail and Facebook with the pihole(unbound) as the sole endpoint, just no other services such as youtube.
If I switch from pihole(unbound)@127.0.0.1#5335 been the only allowed forwarder to Google at 8.8.8.8 then the Android phones start to be able to see the internet again.
I attempted to set the forwarder endpoint to the OPNsense instance of Unbound - but I get the same behaviour.
It seems that this question has been asked many times before - but the goalposts are moving so quickly with OPNsense development that none of the previous advice is very relevant to my current situation. I can live with having a internet DNS as my endpoint, but this is a regression in my functionality for my setup and I just want to understand why its not working, I suspect it has something to do with the use of the loopback interface on the pi. Plain vanilla pihole is fine but adding unbound just messes things up.
Any advice as to what sort of firewall rules might allow this to work, or a pointer to how unbound interacts with the firewall would be helpful.Bare in mind this is part of the steep learning curve I am on with regard to OPNsense firewall setup.
Stephen
I have just successfully setup a Fujitsu S920 as a OPNsense 24.7.11 firewall so far running a flat LAN network. I am doing some final basic settings.Traditionally I have always used pi-hole as my DNS server, I run two instances one on a my NAS and another on a dedicated pi2. I have them setup as unbound DNS servers, I have also setup some NAT rules as per this site https://labzilla.io/blog/force-dns-pihole to force all DNS traffic through the pihole. On the OPNsense firewall I have all DNS servers disabled and the general settings pointing to my two piholes.
The weird behaviour I am experiencing is that my laptop is happy with this arrangement and finds the internet if pihole(unbound) is the only DNS endpoint setup on the piholes at 127.0.0.1#5335. However my Android phone is not happy and won't talk to the internet with pi-hole(unbound) as the final endpoint. This took quite some time to discover but proves that the piholes are been used. However the Android phone is able to access gmail and Facebook with the pihole(unbound) as the sole endpoint, just no other services such as youtube.
If I switch from pihole(unbound)@127.0.0.1#5335 been the only allowed forwarder to Google at 8.8.8.8 then the Android phones start to be able to see the internet again.
I attempted to set the forwarder endpoint to the OPNsense instance of Unbound - but I get the same behaviour.
It seems that this question has been asked many times before - but the goalposts are moving so quickly with OPNsense development that none of the previous advice is very relevant to my current situation. I can live with having a internet DNS as my endpoint, but this is a regression in my functionality for my setup and I just want to understand why its not working, I suspect it has something to do with the use of the loopback interface on the pi. Plain vanilla pihole is fine but adding unbound just messes things up.
Any advice as to what sort of firewall rules might allow this to work, or a pointer to how unbound interacts with the firewall would be helpful.Bare in mind this is part of the steep learning curve I am on with regard to OPNsense firewall setup.
Stephen
#4
25.1 Development Series / Re: OPNsense not issuing IP to Homeassistant running on Odroid N2+
December 25, 2024, 09:37:07 PM
Not to sound dumb but can you point me to the specific document. I set one mandatory tunable when bridging the two NIC's onto the LAN.
A snippet of information - the issue is not with the Odroid N2+ because I just plugged in another N2+ running Coreelec directly into the OPNsense router and it was detected immediately.
UPDATE:
Thanks for the heads up, I had missed the removing NICs from filters step and I have just gone and checked that. The good news is that this resolved my issue and Homeassistant is now on the network.
A snippet of information - the issue is not with the Odroid N2+ because I just plugged in another N2+ running Coreelec directly into the OPNsense router and it was detected immediately.
UPDATE:
Thanks for the heads up, I had missed the removing NICs from filters step and I have just gone and checked that. The good news is that this resolved my issue and Homeassistant is now on the network.
#5
25.1 Development Series / OPNsense not issuing IP to Homeassistant running on Odroid N2+
December 25, 2024, 08:05:28 PM
Hi,
I have just been setting up OPNsense 24.1-amd64 on a Fujitsu S920 with a Broadcom dual NIC card.
Install went OK and I have so far managed to setup the WAN with VLAN tagging for the ISP. I software bridged the two NIC's on the broadcom card and applied the ACCEPT ALL firewall rules to the bridge. So far I have still to see any traffic into the internet, but thats an issue which I am sure is relatively easily resolved.
The main problem I have encountered so far is that my HomeAssistant instance which is running on a Odroid Hardkernel N2+ is simply not accepted by the OPNsense firewall. It recognises the that the N2+ is plugged, the NIC lights are correct and flashing so there is a connection. However the DHCP never issues an IP address. However if I set a static lease in the DHCPv4 service with the MAC address - it populates the MAC and fills out the N2+ identity - which proves that the firewall recognises the NIC at least. Checking all the logs I can find - there is no mention of the Odroid asking for an IP and no obvious signs of the firewall dropping packets. DHCP is definately working on the firewall - its as if the the Homeassistance instance is been blacklisted in some way with no traffic been allowed in or out of it. I tried pinging the static IP address which I set and nothing gets through. I even tried using a USB based NIC on the Homeassistance board to try to eliminate the onboard NIC as the source of the problem and the behaviour is the same. I also attempted to setup the Homeassistant integration within homeassistant instance - but not surprisingly with no path between it and OPNsense it wouldn't recognise the Router and so failed. I also attempted to connect the Homeassistant to the router by an intermediary Mikrotic switch but same result.
If I pull out the Odroid and present it back onto my ISP's router its recognised immediately and just starts working.
This is going to be a deal breaker for me as without the Homeassistant its not a functional setup for me. I have trawled the internet for answers and have come across a few instances where others experienced similar issues with Homeassistant and OPNsense and no one ever came up with a working solution. Any ideas and where to look to resolve this.
Stephen
I have just been setting up OPNsense 24.1-amd64 on a Fujitsu S920 with a Broadcom dual NIC card.
Install went OK and I have so far managed to setup the WAN with VLAN tagging for the ISP. I software bridged the two NIC's on the broadcom card and applied the ACCEPT ALL firewall rules to the bridge. So far I have still to see any traffic into the internet, but thats an issue which I am sure is relatively easily resolved.
The main problem I have encountered so far is that my HomeAssistant instance which is running on a Odroid Hardkernel N2+ is simply not accepted by the OPNsense firewall. It recognises the that the N2+ is plugged, the NIC lights are correct and flashing so there is a connection. However the DHCP never issues an IP address. However if I set a static lease in the DHCPv4 service with the MAC address - it populates the MAC and fills out the N2+ identity - which proves that the firewall recognises the NIC at least. Checking all the logs I can find - there is no mention of the Odroid asking for an IP and no obvious signs of the firewall dropping packets. DHCP is definately working on the firewall - its as if the the Homeassistance instance is been blacklisted in some way with no traffic been allowed in or out of it. I tried pinging the static IP address which I set and nothing gets through. I even tried using a USB based NIC on the Homeassistance board to try to eliminate the onboard NIC as the source of the problem and the behaviour is the same. I also attempted to setup the Homeassistant integration within homeassistant instance - but not surprisingly with no path between it and OPNsense it wouldn't recognise the Router and so failed. I also attempted to connect the Homeassistant to the router by an intermediary Mikrotic switch but same result.
If I pull out the Odroid and present it back onto my ISP's router its recognised immediately and just starts working.
This is going to be a deal breaker for me as without the Homeassistant its not a functional setup for me. I have trawled the internet for answers and have come across a few instances where others experienced similar issues with Homeassistant and OPNsense and no one ever came up with a working solution. Any ideas and where to look to resolve this.
Stephen
Pages1
