Messages

1

Virtual private networks / Re: TOR Plugin questions

« on: Today at 09:35:52 am »

It's a case of whom you trust:

- I trust my ISP, which means I only need a VPN for remote access (inbound)
- I trust my VPN provider, which means I use their VPN to hide my traffic from my ISP
- I trust nobody, so I use TOR to hide my traffic from everybody outside my house

Needless to say, performance gets worse down that list as well.

For me, commercial VPN providers are only an answer to geo-blocking.

Bart...

2

General Discussion / Re: My VM's traffic not passing thur OPNsense

« on: Today at 09:31:40 am »

Change the default gateway of the VM' s to OPNsense LAN IP address, same as (presumably) your DHCP clients are set to.

3

24.7 Production Series / Re: No reboot when updating to OPNsense 24.10.1

« on: Today at 09:30:07 am »

Yeah, it used to be that crowdsec was bad for that. Uninstall plugin, update, reboot, install plugin.

That's fixed now. You may get away with stopping monitrc before updating.

4

24.7 Production Series / Re: Is my WAN IPv6 different from my /48 fixed prefix?

« on: Today at 08:56:50 am »

fe80 are link local addresses https://en.wikipedia.org/wiki/Link-local_address

IPv6 hosts can have many IP addresses. After all, saying that there are plenty available is an understatement. Many hosts do pick a random one for privacy. The servers they connect to won't then be able to track them by their client IP (they dump a wheelbarrow of cookies on you instead).

The WAN side can be completely different again. Your ISP will route your delegation to the internet and back. No guarantees that any of the hops along the way will be addresses you recognise. My WAN interface only has an fe80 address, and yet the little guy dances for me at https://www.kame.net/

Bart...

5

24.7 Production Series / Re: Can you run a bluetooth keyboard in OPNsense?

« on: November 30, 2024, 08:32:44 am »

What about a KVM?

https://pikvm.org/
https://jetkvm.com/
https://github.com/sipeed/NanoKVM

A relay can also remotely control the power. I use this one for a bunch of NUCs
https://thepihut.com/products/8-relay-card-v2-for-raspberry-pi

In spite of all that, OPNsense shouldn't hang that often. Check RAM, cooling, etc. and postmortem your logs.

Bart...

6

24.7 Production Series / Re: Opening 993 and 25 for Email Ports

« on: November 25, 2024, 07:46:06 am »

Would this be for a self-hosted email server? I would urge caution with these if you want to use this as more than a learning opportunity. If you use it in anger it will become a lesson in frustration.

So many recipients are behind overzealous spam filters that the presence of a home range IP address alone is enough to sink your messages without trace.

If you do want to host a mail server, I would start with setting up a VPN. OpenVPN, Wireguard, Tailscale, Zerotier will all give you more benefit than email alone and will simplify your networking and security no end.

I moved to Proton mail for my domain and never looked back. (other vendors are available)

Bart...

7

24.7 Production Series / Re: [Resolved]Wifi vlan 30 can't acces the internet

« on: November 23, 2024, 09:43:05 am »

Good outcome from a security perspective as well. As dseven mentioned, having your policy enforced on only one device makes for easier management.

Hang around on this forum if you want to hone your networking skills 

8

24.7 Production Series / Re: Wifi vlan 30 can't acces the internet

« on: November 22, 2024, 08:18:50 am »

How do your two routers (Cisco and OPNsense) exchange routing tables?

9

General Discussion / Re: moving ISP need to know WAN details

« on: November 22, 2024, 08:17:02 am »

Yes it was for me. The option 61 stuff works as well but it is not necessary.

Note that I had no use for IPv6 or port forwarding (everybody connects over Tailscale).

10

General Discussion / Re: moving ISP need to know WAN details

« on: November 21, 2024, 07:35:56 pm »

Hi Rob, I set one up a few weeks ago and it turned out to be much simpler than outlined in that link.

Bog standard DHCP did the trick, without any options (61 or otherwise).

Bart...

11

General Discussion / Re: Restore a backup after LAN Port failure

« on: November 20, 2024, 08:35:38 am »

Sounds plausible. What happens when you try? 

If you're worried about making irreversible changes, boot Clonezilla and image your boot drive through a working NIC or onto USB connecteded storage.

You'll likely have some wriggle room with versions.

12

General Discussion / Re: [SOLVED] I can't access WEB GUI from a local PC

« on: November 20, 2024, 08:19:55 am »

Set all the internal MTU to 1500. Jumbo frames are best for dedicated storage networks/VLANs.

13

General Discussion / Re: [SOLVED] I can't access WEB GUI from a local PC

« on: November 19, 2024, 06:22:45 pm »

There may be a discrepancy in the MTU at layer-2. Check for switches or network cards that are set to different values.

14

General Discussion / Re: I can't access WEB GUI from a local PC

« on: November 19, 2024, 12:53:45 pm »

Can you access the firewall with SSH?

15

General Discussion / Re: I can't access WEB GUI from a local PC

« on: November 19, 2024, 12:40:36 pm »

System: Settings: Administration

Is the Web GUI listening on all interfaces?