1
21.7 Production Series / Re: Unbound DNS BL
« on: Today at 05:05:03 pm »
It's in there after you install this additional repo: https://www.routerperformance.net/opnsense-repo/
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
General Discussion / Re: opnsense on microtik?
« on: September 23, 2021, 07:18:08 pm »
The MikroTik CCR2004-1G-12S+2XS is based on ARM architecture, hence is not supported as OPNsense can be currently installed on x86-64 hardware only.
Have a look here https://forum.opnsense.org/index.php?topic=12186.0
Have a look here https://forum.opnsense.org/index.php?topic=12186.0
3
General Discussion / Re: Poor video conferencing performance
« on: September 22, 2021, 10:32:39 am »
Would someone explain what FQ-CoDel Quantum is and how to determine the best value ?
Tia.
Tia.
4
General Discussion / Re: Poor video conferencing performance
« on: September 21, 2021, 07:15:40 pm »
Same here, no improvement, before and after the Shaper (guide no. 2) bufferbloat always at B
5
General Discussion / Re: Block IP address from local LAN network
« on: September 20, 2021, 06:52:08 pm »
Create a firewall rule in the interface, i.e. this is how I block the PS4 
6
21.7 Production Series / Re: Unbound with DNS-Over-TLS
« on: September 01, 2021, 09:05:23 pm »
@OnTheGrind
It looks good to me (I've also attached my 'Advanced' and 'DoT' config.
@muchacha_grande
That's a previous OPNsense release and the Unbound settings have now slightly changed
It looks good to me (I've also attached my 'Advanced' and 'DoT' config.
@muchacha_grande
That's a previous OPNsense release and the Unbound settings have now slightly changed
7
Sensei / Re: Is the free version really worth it ?
« on: August 28, 2021, 09:34:35 pm »Unbound block list only works for DNS calls. Sensei does not care about DNS (you may even use DoT or DoH), but it actually inspects the connections to see where they go.So, if it's checking the potential malicious IP addresses, this is can be done by creating alias(es) and rules as per that article I've mentioned https://docs.opnsense.org/manual/how-tos/edrop.html ?
8
Hardware and Performance / Re: Ten64 NXP CPU
« on: August 20, 2021, 04:41:50 pm »
You can't run OPNsense on ARM, can you ?
9
Sensei / Re: Device count
« on: August 15, 2021, 01:40:54 pm »If you can, use an elasticsearch instance separated from your firewall;I noticed there is an Elasticsearch plugin provided by mimugmail: would this work with Sensei ?
Tia.
10
21.7 Production Series / Re: How to use setting under Unbound:"Verfiy if CN in certficate matches"
« on: August 14, 2021, 09:49:19 pm »
1.1.1.1 / 1.0.0.1 <--> cloudflare-dns.com
Block malware:
1.1.1.2 / 1.0.0.2 <--> security.cloudflare-dns.com
Block malware and adult content:
1.1.1.3 / 1.0.0.3 <--> security.cloudflare-dns.com
Block malware:
1.1.1.2 / 1.0.0.2 <--> security.cloudflare-dns.com
Block malware and adult content:
1.1.1.3 / 1.0.0.3 <--> security.cloudflare-dns.com
11
Sensei / Re: Is the free version really worth it ?
« on: August 12, 2021, 12:48:53 pm »
Yes, I'm aware of the features of the different versions...
Can you answer my question ?
Can you answer my question ?
Quote
If I look at the security policies, I can enable the block for sites that are responsible for malware, phishing, etc - am I right to say that what Sensei does here is to block access to/from a list of malicious IPs, that is the same I can configure with the blocklist feature in Unbound ?
Or adding rules as for this article https://docs.opnsense.org/manual/how-tos/edrop.html
12
Sensei / Is the free version really worth it ?
« on: August 12, 2021, 12:23:58 pm »
I'm trying to understand the level of additional protection that the free version (and the free version only) would provide to OPNsense and I'd appreciate anyone input.
Not talking about the reporting capabilities, for instance, if I look at the security policies, I can enable the block for sites that are responsible for malware, phishing, etc - am I right to say that what Sensei does here is to block access to/from a list of malicious IPs, that is the same I can configure with the blocklist feature in Unbound ?
Or adding rules as for this article https://docs.opnsense.org/manual/how-tos/edrop.html
Tia.
Not talking about the reporting capabilities, for instance, if I look at the security policies, I can enable the block for sites that are responsible for malware, phishing, etc - am I right to say that what Sensei does here is to block access to/from a list of malicious IPs, that is the same I can configure with the blocklist feature in Unbound ?
Or adding rules as for this article https://docs.opnsense.org/manual/how-tos/edrop.html
Tia.
13
Sensei / Re: Trick: Sensei on low end hardware, MongoDB tuning for low memory footprint
« on: August 12, 2021, 08:38:40 am »
Thanks Fabiano, very helpful tweak.
I also run an APU2 with 4GB, but just 20 devices, and the memory allocation is between 75% and 80% without your tweak, why would that be a problem?
Tia.
I also run an APU2 with 4GB, but just 20 devices, and the memory allocation is between 75% and 80% without your tweak, why would that be a problem?
Tia.
14
Tutorials and FAQs / Re: Blocking malicious IPs with OPNsense and blacklists
« on: August 12, 2021, 08:25:07 am »
Thanks binaryanomaly for the explanation, and I think it's better to have just one set of those rules rather than duplicate them in both LAN and WAN as I did following this article: https://docs.opnsense.org/manual/how-tos/edrop.html
I wonder why the official documentation doesn't mention this other option too...
I wonder why the official documentation doesn't mention this other option too...
15
General Discussion / Re: Trying to access modem GUI through WAN port
« on: August 08, 2021, 04:41:32 pm »
I've found the culprit I've changed the IP address of the OPT2 (WAN) interface from 192.168.2.10/32 to 192.168.2.10/24 and now it works !
I've changed the IP address of the OPT2 (WAN) interface from 192.168.2.10/32 to 192.168.2.10/24 and now it works !