Messages

1

23.1 Production Series / Re: DNS issues since 23.1.6

« on: April 24, 2023, 07:57:11 am »

All people having problems please just set the DNS server in the DHCP settings explicitly and report back. This should help at least for IPv4.

I updated last night and found my computers this morning without DNS servers. After manually adding DNS server in Windows I had working internet again. Then I found this thread!
I can understand OPNsense POV, so for now this is a working solution and I added DNS server on all my different subnets in DHCP configuration.

2

Virtual private networks / Re: Wireguard, ipv6, dynamic delegated prefix and possible solution

« on: November 13, 2022, 09:39:20 am »

Thank you for your answers, it seems to me that the consensus is that I do no harm and there will be peace in my mind

3

Virtual private networks / Wireguard, ipv6, dynamic delegated prefix and possible solution

« on: November 12, 2022, 09:52:12 pm »

If the delegated prefix changes then you have to change the static Wireguard addresses when you want ipv6 through the tunnel.
The approach from the OPNsense guide is to give an ULA address to peer and client, but then test at https://test-ipv6.com/ say that my browsers prefer an ipv4 connection.
Then I thought about giving random GUA addresses outside my delegated prefix to peer and client and make use of the outbound NAT.
This works well and the above test says 10/10 for ipv6.
Are there any gurus that say that this is bad practice and that there will be problems that I overlooked?

4

Documentation and Translation / Re: AdGuard Home setup guide

« on: January 24, 2022, 01:38:27 am »

When rebooting opnsense, adguard does not start automatically and I have to start it manually.

is this, see picture I found in a pfsense guide, something I/we should ad? or can this be added to the plugin?
And if added manually, how to do this in opnsense:

Step 6: Making AdGuard Home start on boot:​

Go to Services>shellcmd and click Add

Command: /usr/local/bin/screen -S AdGuardHome_screen -d -m /opt/AdGuardHome/AdGuardHome
Shellcmd Type: shellcmd
Description: AdGuard

as found here: https://broadbandforum.co/threads/installing-adguard-home-on-pfsense.205884/page-2

That is not how it should be done! Adguardhome should be installed as a plugin.
Look at this: https://www.routerperformance.net/opnsense-repo/

5

21.7 Legacy Series / Is routing with 2 stacked OPNsense routers broken?

« on: December 29, 2021, 09:02:26 pm »

I have router A connected to my dual stacked bridged cable modem.
Router B is connected to Hyper-V and is behind router A. Connected to router B is a virtual Ubuntu linux host.

Internet -- Router A -- Router B -- Linux host

I configured everything to my best knowledge and every machine is dual stacked with IPv4 and IPv6. I get a /56 prefix from my ISP and delegated a /62 to router B. This just a test setup.

Now here comes the problem, there is no IPv6 connection possible:

Ping6 to 2a00:1450:400e:80e::200e from Linux host behind router B give no reply. I see packets leaving on router B WAN interface and coming in on Router A LAN interface. But they don't leave Router A WAN!

Ping6 to 2a00:1450:400e:80e::200e from Router B leave WAN interface from router A and get a reply, but they don't leave LAN interface from Router A to WAN interface from Router B. End result is no reply.

It seems that packets get lost on Router A and I am breaking my head why.
The routing table on Router A seems ok, but I have read an old topic about some problems with downstream routers: https://forum.opnsense.org/index.php?topic=7719.0

6

20.7 Legacy Series / Re: ipv6 wan stops working after a while

« on: November 20, 2020, 11:30:02 am »

Restarting radvd didn't work for me. You can also try to restart DHCPv6 service, but this wasn't a very consistent solution for me. One time it did work and another time it didn't.
Going back to 20.1 made my system rock solid again.
As I understand it it is all still under investigation.

7

20.7 Legacy Series / Re: Slow IPV6 redetection after reconnect

« on: November 02, 2020, 10:07:30 am »

I had nothing but troubles keeping ipv6 alive with 20.7.
Then I switched back to 20.1 and everything is rock solid.
You have to wait for upstream fixes. I have no clue what is wrong.

8

20.7 Legacy Series / Re: Question about Upgrading to 20.7

« on: September 12, 2020, 12:31:23 am »

I had problems after upgrading with my ipv6 setup. But did a clean reinstall with configuration importer and all went well after that.
Only thing was that for the NTP time server I had to change the hwclock to HPET (was TSC-low) in tunables. I don't think these are in the configuration file, but please correct me if I am wrong.
I didn't investigate further 

9

20.1 Legacy Series / Re: dnscrypt-proxy standalone "bind: permission denied" for port 53

« on: February 05, 2020, 10:28:03 pm »

Thanks, of course I don't look that far 

10

20.1 Legacy Series / dnscrypt-proxy standalone "bind: permission denied" for port 53

« on: February 05, 2020, 08:53:06 pm »

I am trying to use dnscrypt-proxy as standalone with cloaking rules.
When I disable unbound and enter listen addresses of my interfaces and standard listen port 53 in dnscrypt-proxy I get this message: "[FATAL] listen udp :53: bind: permission denied"

Because it is a privileged port dnscrypt-proxy has a problem binding to it as it is not running with root privileges. How can I solve this without opening access for <1024 ports for non-root users?

11

19.7 Legacy Series / Re: 19.7 installation on Hyper-V hangs at the "Select Task" step.

« on: January 07, 2020, 02:03:15 am »

This is my first post as a new member coming from the "other" firewall.

To test OPNsense I recreated my network in Hyper-V on Windows 10 Pro. I was unable to install a Gen 2 VM because of installer hangs, so I created a Gen 1 instead.

After searching through the forums I saw someone posting a success by running the installer login from a SSH session instead of the console login, so I tried that and immediately the installer went on installing OPNsense on the virtual hard disk.

Good luck with that if you want to try it also.

I now have OPNsense in production and bought the book"Practical OPNsense" on Google Play store for 11 euro's to test the described network setup in Hyper-V.