Messages

1

21.1 Legacy Series / Re: NTP not working after update to OPNsense 21.1.2-amd64

« on: February 24, 2021, 06:36:59 pm »

Try changing your ntp servers.

Pick one from here: https://www.ntppool.org/en/

Change that... restart the service and try ntptime via commandline and see if it returns something sensible.

2

20.7 Legacy Series / Re: What is the easiest way to power down an OPNsense router from another system?

« on: January 11, 2021, 07:08:44 am »

ssh into your opnsense router and run shutdown -p now?

3

20.7 Legacy Series / Re: Velop mesh network behind opnsense

« on: November 23, 2020, 07:03:53 am »

Turn Velop to Bridge mode. It will essentially turn it into just an AP.

4

Intrusion Detection and Prevention / Re: What's Blocking my Programs' Access to the Internet?

« on: November 06, 2020, 11:31:19 pm »

There are a lot of variables.. what blocking lists have you installed? Unbound? Suricata / Snort? Unfortunately it is one of those open ended, no right answer type questions.

Best way is probably to disable all the blacklists and enable them one by one.

A systematic way is to run Wireshark for the app in question and see what goes through / not by seeing if the sites in question is sending back ACK.

5

20.7 Legacy Series / Re: Install GUI?

« on: October 30, 2020, 08:11:38 am »

Opnsense is just a hardenedbsd variant.. if you really want.. install xorg, then install xfce (or any windows manager that you want).. to start just startx

Just remember to check which video card you have, as the list of supported cards is limited unless you can live with 1024x768 or lower.

6

20.7 Legacy Series / Re: make kernel error

« on: October 26, 2020, 01:36:35 pm »

Os build from source takes a long time (also depending on your computer hardware).. make sure you do make clean between your runs especially if you had kill the process manually.

7

20.7 Legacy Series / Re: Segmentation fault (core dumped)

« on: October 26, 2020, 01:34:55 pm »

You would likely to have better luck trying with pfsense (which is FreeBSD based) and parent fork of Opensense vs Opnsense.

Or just do debugging on a linux firewall instead of a FreeBSD one.

8

20.7 Legacy Series / Re: pkg install vim error: no address record

« on: October 26, 2020, 05:51:13 am »

First your opnsense is not resolving DNS correctly. (hence no address record error)

so make sure /etc/resolv.conf has something like name server entry like Quad9 or Cloudflare in there.

Second it is vim-console for vim, also make sure to use sudo if you are not root.

9

20.7 Legacy Series / Re: l2tp server

« on: October 23, 2020, 04:18:43 am »

Any chance of manually installing it?

You can always install ipsec-tools via commandline to setup the server, just like any BSD system.

10

20.7 Legacy Series / Re: Safe to delete?

« on: October 23, 2020, 04:16:14 am »

It is safe to delete "if it is no longer needed".

11

20.7 Legacy Series / Re: Unbound - DNSBL exclusions for DNS over TLS Servers

« on: October 14, 2020, 02:15:03 am »

If you want to keep using DNSBL then you have to use unencrypted DNS, unbound can't read encrypted requests.

You can setup your outbound to be full recursive to there is no need to use other forwarders?

Whitelisting on the Blacklist Section.

OK. Now we are talking about two different things. I was not talking about the DNSBL function of the unbund plugin. My issue is related to to another server using DNBS and as DNS server my opnsense box with unbound plugin and DoT to a big anycast resolver.

My question is if I can define expeditions for unbound not to use the DoT connection for certain addresses and resolve these addressed by its own.

12

20.7 Legacy Series / Re: Opnsense 20.7.3 and PIA VPN

« on: October 10, 2020, 08:02:54 pm »

Port 500 is usually for IPSEC.. if you are using OpenVPN you shouldn't need it.

Not sure what the the one rule to port 500 does, but yes looks correct (I have set it other way around; specific IPs go to WAN, others to VPN). I would maybe specific LAN to go to WAN_DHCP, not to * - but I just like to keep things tidy.

13

20.7 Legacy Series / Re: Unbound blacklist: can I use https://oisd.nl/?

« on: October 10, 2020, 08:00:21 pm »

It depends on your router's CPU and how much RAM it has. But since DNS requests are usually small, it shouldn't have too big of an impact in speed.

14

20.7 Legacy Series / Re: 20.7 Install Won't Boot

« on: October 10, 2020, 07:09:46 pm »

Chances are it is booting just not in the console mode you want / can see.

When the Opnsense logo comes up.. press 3 for boot loader options..
then type
set kern.vty="vt"
boot

and see if it helps. You should only need to do this once.

15

20.7 Legacy Series / Re: Unbound DNS will not start after upgrade this morning

« on: October 09, 2020, 09:45:59 pm »

Here is an explanation of the message. https://lists.nlnetlabs.nl/pipermail/unbound-users/2018-March/005110.html

Have you tried starting unbound via command line to see what kind of error it returns?

Unbound Services log has following : [29349:1] info: generate keytag query _ta-4f66. NULL IN

Nothing in general log.

Note: above entry from Sep 25 when upgraded, no other logs and unbound refuses to start no matter how configured.