OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of JohnDoe17 »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - JohnDoe17

Pages: [1]
1
21.1 Production Series / Unbound views
« on: February 12, 2021, 09:10:16 pm »
Hello.

I am trying to resolve an issue that I am having with DNS resolution after I connect to the firewall via OpenVPN server:

OpenVPN server configuration:
  I supply a "DNS Default Domain" and "DNS Server," and have "Force DNS cache update" and "Prevent DNS leaks" selected.

After I successfully establish the VPN using the Viscosity client, when I try to connect to the firewall GUI using its DNS name, it stalls for a few seconds and then works for a few seconds.  After a few more seconds of working, it stalls again and then works again, and so on.

Wireshark shows me that my web browser's DNS query goes to the machine that I specified in my OpenVPN server "DNS Server" configuration (the firewall's own Unbound service), but the DNS response contains the entire list of IPs assigned to ALL of the interfaces on the firewall.  And, apparently?, depending on the order of the IP addresses in the response, the web browser tries to connect to TCP port 443 (the firewall GUI) using one of the IP addresses that is not authorized in the firewall rules associated with VPN interface.

Does that sound right?  I assumed Unbound would return the DNS response that corresponds to the interface from which the query came instead of every IP for every interface on the firewall.

Am I missing something in the current OPNsense GUI that would help me with this?

Otherwise, it sounds like Unbound supports something like this now called "views."  I don't think OPNsense supports these options in the current GUI.  Is that right?  If I want to purse this option, I guess I need to use the "Advanced" configurtation.

2
18.7 Legacy Series / 18.7.10 and Suricata
« on: January 21, 2019, 10:35:05 pm »
Hello.

Are there known issues with Suricata and OPNsense 18.7.10_3?  I just upgraded from 18.7.7, and Suricata doesn't seem like its working any more.  Before the upgrade I would see a fair number of alerts from day to day (mostly informational), but after the upgrade I haven't gotten any!  Seems hard to believe.

I have OPNsense configured to use it on a number of internal interfaces, but not WAN.  And I have chosen Hyperscan as the matching engine.  (I did try the default engine too, but that didn't seem to make a difference.)

I'm using http://testmyids.com to try to stimulate an alert.  This has worked in the past, but nothing happens after the upgrade.

Any ideas?

P.S.  I really love OPNsense.  I've been using it for a couple of years, and I recommend it to others.  Thanks for the great work!

3
17.7 Legacy Series / Meaning of letters in the Firewall Log Files "Proto" field
« on: September 26, 2017, 09:21:07 pm »
What does "TCP:SEC" mean in the Firewall Log Files "Proto" field?

I think the "S" means "Syn," but does "E" mean "ECE" and "C" mean "CWR"

OR

is it "S" and "EC" for "Syn" and "ECE"?

I have a lot of this kind of stuff in my Firewall Log files.  Is that normal?

[Edited to add]: Also, do I need to be creating rules to allow this type of traffic?  Or are simple rules to allow only "Syns" sufficient?

Thanks.

4
Documentation and Translation / Error in "Setup SSL VPN Road Warrior" How to?
« on: August 08, 2017, 08:31:23 pm »
I think there may be a typo in the "Setup SSL VPN Road Warrior" How to:

  • Go to the second picture under "Step 2 - Firewall Rules"
  • It shows "192.168.2.0/24" as the Source, but I think it should be "10.10.0.0/24" according to the network diagram at the beginning of the article

Either that or I completely don't understand the setup like I thought I did because I don't see "192.168.2.0/24" referenced anywhere else in the article.

Thank you for the write-up though!  I find the OPNsense How to's to be very high quality in general.

5
17.7 Legacy Series / Unbound vs. Dnsmasq
« on: August 02, 2017, 10:43:58 pm »
I noticed in the 17.7 release notes there is mention that Unbound is the new default DNS service.

I don't know enough about DNS or Unbound vs. Dnsmasq to understand the significance of that announcement.

Is Dnsmasq not as secure as Unbound?  Is it not as fully featured?  Does Unbound perform better?  Is Dnsmasq deprecated or scheduled for removal in the future?

If I'm using Dnsmasq now, should I switch?  Does the 17.1 -> 17.7 upgrade package do the switching for me?  Will it transfer my Dnsmasq configuration to Unbound?

Etc.

Thanks for the help!

6
16.7 Legacy Series / Which FW process is associated with which outbound connection
« on: March 14, 2017, 04:22:35 pm »
Does anyone know of a reason why the *FW* might be making connections to the following Twitter-controlled IPs:
104.244.42.194 and 104.244.42.2 on port 443?  It is happening pretty much constantly...

Is there a command I can run on the FW that will link those outbound connections to a process?  lsof doesn't seem to be present and I can't figure out the right netstat command to do it...

If the FW is somehow participating in a DDoS, I want to know!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2