Messages

1

23.1 Production Series / Having problems understand/implementing LOCAL DNS.

« on: March 29, 2023, 03:05:11 am »

Hello!

So I have latest OPNSense, Aguard (plugin) and Unbound DNS all enabled and works like a charm.
What I am trying to set up though is LOCAL DNS.
When I was using PiHole +Swag, my LOCAL DNS would work fine, if the internet went down I could still connect (so I know it was working correctly) but I notice that ALL my SWAG .confs are available via Internet, so I wanted to REMOVE SWAG and just make my hosts available LOCALLY ONLY for when I connect through VPN (via Wireguard plugin).

I guess I am confused... The Adguard Plugin / page config... Would I do this via DNS REWRITE? Or would it be on Opnsense under Unbound DNS?
I did some on DNS REWRITE and it seemed to not work.... When I was using Pihole/SWAG I would have  x.duckdns.org to 192.168.5.181 and SWAG would Port redirect... Am I still needing SWAG? I mean, how would Adguard know what Port I wanted?
Sorry I know this sounds ignorant.. I really have been trying to google.

2

23.1 Production Series / Install OpnSense on a Cisco ASA-5508-X?

« on: March 26, 2023, 09:23:20 pm »

Hello

I have seen similar approaches to 5515,5506, 5516 so on and so forth, and I know more or less the MB and chipsets are the same, the only differences being the VPN throughput, ethernet ports etc, hardware differences. But I am a firm believer I am the 1% who always gets the thing no one else did, or can't be upgraded.

Like my Wifi Router... 300 bucks all excited, but IT was not able to be flashed.

So, anyone know of any success?

I am currently running OPnsense as a VM on a Proxmox system that runs 1250 Watts.. I turn all my servers off at night, but the internet, and wanted to move Opnsense to a more refined, less power consuming  device.

3

23.1 Production Series / Re: Using OPNsense as my Local DNS

« on: March 24, 2023, 09:50:35 pm »

Well, it seems it was my NordVPN.. I disabled the NordVPN Interface, and sure enough, I was able to access Port 3000.

4

23.1 Production Series / Re: Using OPNsense as my Local DNS

« on: March 24, 2023, 03:30:58 pm »

Could me running OpnVPN/NordVPN cause it [Adguard] to install but not access https://192.168.5.1:3000?

5

23.1 Production Series / Re: Using OPNsense as my Local DNS

« on: March 24, 2023, 03:13:47 pm »

2023/03/23 08:07:12.978151 [error] creating dhcpv4 srv: dhcpv4: <nil> is not an IP address

Hmm, strange. I couldn't find a solution for this problem. But maybe you could download the latest version of AGH from GitHub and replace the files in /usr/local/AdGuardHome/. Mind the permissions, group and owner of the files ofc.

Honestly, I do not know enough about the OPNSense OS platform to know the commands to download, extract and copy.
I also tried the link of the howto from prior poster, but I think my NordVPN OpenVPN using unbound is messing with it, cause when I did the how-to, I lost internet.

It's all a whole mess. I think I am gonna make start from scratch, or scratch it.

6

23.1 Production Series / Re: Using OPNsense as my Local DNS

« on: March 23, 2023, 04:39:49 pm »

So this, when I read it in a few, is a local alternative to Adguard?

7

23.1 Production Series / Re: Using OPNsense as my Local DNS

« on: March 23, 2023, 04:15:29 pm »

I verified all is up and running, though inaccessible. When I run the command you mention;

/usr/local/AdGuardHome/AdGuardHome
2023/03/23 08:07:12.977157 [info] AdGuard Home, version v0.107.15
2023/03/23 08:07:12.977277 [info] This is the first time AdGuard Home is launched
2023/03/23 08:07:12.977308 [info] Checking if AdGuard Home has necessary permissions
2023/03/23 08:07:12.977495 [info] AdGuard Home can bind to port 53
2023/03/23 08:07:12.978151 [error] creating dhcpv4 srv: dhcpv4: <nil> is not an IP address
2023/03/23 08:07:12.978284 [info] Initializing auth module: /usr/local/AdGuardHome/data/sessions.db

I am looking up the error code but nothing really seems to direct me what to do, and a lot are giving commands that the Opnsense shell does not know of.

8

23.1 Production Series / Re: Using OPNsense as my Local DNS

« on: March 23, 2023, 02:04:31 am »

Weird!

So, I followed guide https://0x2142.com/how-to-set-up-adguard-on-opnsense/ which is based off of mimugmail's repo. I see it in Plugins, I download and installed it with success. I see it under Services, I enable it.
I go to http://192.168.5.1:3000 (my Opnsense is 192.168.5.1) but it times out.
I will say, when I look in /usr/local/Adguardhome... There is no yaml. Could the download have been corrupt?

9

23.1 Production Series / Re: Using OPNsense as my Local DNS

« on: March 22, 2023, 11:19:03 pm »

Awesome!

I will go home and give this a try. I will probably stick to ADGUARD so I can have the blocklists as well. Thank you.

10

23.1 Production Series / Using OPNsense as my Local DNS

« on: March 22, 2023, 06:59:49 pm »

Hi! I have been using OPnsense at the DHCP server but referring to PiHole (192.168.5.47) as my DNS/Ad Block. I was wanting to eliminate Pihole, more so the idea of having another device to do DNS and maybe just having everything local, and maybe adding Adguard to it.

I am not exactly too sure what I would need for this, is this local DNS built in, or would it be a plugin?
In case I am talking stupid, I just wanna make, let's say, plex.x.duckdns.org resolve to 192.168.5.181, even if the Internet is down. So and and so forth for a good 15-20 dockers/hosts.

I don't necessarily need it written out for me, but just a little guidance to get me on my way.

11

Tutorials and FAQs / Re: NordVPN configuration

« on: March 16, 2023, 06:21:08 pm »

I think the op1 is more of a virtual network it creates. My server has 4 NIC's (proliant server) and I just followed the howto, and in the end it works flawlessly.
Not sure if the Unbound DNS is set for all LAN hosts to have a DNS to use (assuming nords) but I run a PiHole VM and just have that ip (192.168.5.46) be set as my LAN DHCP DNS server. All works fine.

12

Virtual private networks / Re: Am I able to "remove" certain IP's from OpenVPN Access?

« on: February 20, 2023, 03:36:06 pm »

I was saying it as a compliment and encouragement that you gave me to dig dig dig

13

Virtual private networks / Re: Am I able to "remove" certain IP's from OpenVPN Access?

« on: February 20, 2023, 03:20:08 am »

Well maybe there was a delay in what I did, because now all of a sudden I got like 50 test emails both to and from the email server, so it worked!

I bypassed the VPN using PBR. Thank you for that link, and your SILENCE ONLY MADE ME DIG DEEPER!!

Thank you.

14

Virtual private networks / Re: Am I able to "remove" certain IP's from OpenVPN Access?

« on: February 20, 2023, 02:42:43 am »

Ugh. I can not get it to work, or I have done something wrong!

NO VPN, All email incoming and outgoing. When I enable VPN and using SAME "LAN to WAN (Outbound Mail) Rule, I add in Gateway (and created a Gateway) and use that, it still does not send. Well, it tries to but fails;

Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta6.am0.yahoodns.net[67.195.228.110]:25: Connection refused
Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta6.am0.yahoodns.net[98.136.96.91]:25: Connection refused
Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta5.am0.yahoodns.net[98.136.96.91]:25: Connection refused
Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta6.am0.yahoodns.net[67.195.204.72]:25: Connection refused
Feb 20 01:30:10 mail postfix/smtp[11729]: connect to mta6.am0.yahoodns.net[98.136.96.75]:25: Connection refused

I do indeed have Port 25 open, and my ISP does not block Port 25.
I know this is not an OPNSense issue, but by enabling the VPN, it is getting blocked so my intent is if anyone has a solution regardless.?

15

Virtual private networks / Re: Am I able to "remove" certain IP's from OpenVPN Access?

« on: February 19, 2023, 08:44:32 pm »

Correct, I posted the main default page but I did and do see that.

I do not want it said for me, as clearly no one learns as such, but man alive I am looking at that and my jaw is dropping cause I simply am not seeing WHAT to do.

Am I correct in, I create a new rule (LAN Out, or Outbound NAT?) and then simply specify the Gateway, which enables the PBR?

Gateway
   

When a gateway is specified, packets will use policy based routing using the specified gateway or gateway group. Usually this option is set on the receiving interface (LAN for example), which then chooses the gateway specified here. (This ignores default routing rules). Only packets flowing in the same direction of the rule are affected by this parameter, the opposite direction (replies) are not affected by this option.