Topics

I want to configure OPNsense to update my Let's Encrypt certificate and to serve as a reverse proxy for the web server inside my firewall.  What's the recommended way for the web server to use the same Let's Encrypt certificate when computers inside the firewall talk to it?

I can think of a few answers to my question:

• make the computers inside the firewall use the same reverse proxy as those outside of it.
• periodically curl/wget/scp the certificate from the firewall to the web server

The network inside the firewall (2.5GBE) is faster than the NIC in the firewall (1GBE), so #1 isn't my preferred solution.

Open to suggestions and pointers to tutorials.

[Unbound DNS won't resolve a name when the DNS query comes from a host without a name.]

Please help me fix this problem: Unbound DNS won't resolve a name when the DNS query comes from a host without a name.

Unbound DNS works just fine when a DNS query comes from a host with a name.

All hosts on my network get an IP address from ISC DHCPv4, which is configured to not deny unknown hosts. ISC DHCPv4 gives each known host the same name each time they ask for a lease.  It recognizes a host by its MAC address.

Here's an example of dig's output on a host with no name:

Code Select Expand


talmage@otis:~$ !dig
dig www.onespeeddave.com
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out

; <<>> DiG 9.18.28-0ubuntu0.24.04.1-Ubuntu <<>> www.onespeeddave.com
;; global options: +cmd
;; no servers could be reached


Here's an example of dig's output for the same query on a host with a name:

Code Select Expand


talmage@minerva:~$ dig www.onespeeddave.com

; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> www.onespeeddave.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47178
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.onespeeddave.com.          IN      A

;; ANSWER SECTION:
www.onespeeddave.com.   2002    IN      A       192.168.1.99

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Aug 15 13:21:35 EDT 2024
;; MSG SIZE  rcvd: 65


Here is an example of the logging output of ISC DHCPv4 when a host without a name makes a DNS query:

Code Select Expand


2024-08-15T13:27:05-04:00 Notice unbound [34306:0] notice: remote address is ip4 192.168.1.205 port 56220 (len 16)
2024-08-15T13:27:05-04:00 Notice unbound [34306:0] notice: sendmsg failed: Invalid argument
2024-08-15T13:27:05-04:00 Notice unbound [34306:3] notice: remote address is ip4 192.168.1.205 port 53927 (len 16)
2024-08-15T13:27:05-04:00 Informational unbound [34306:0] info: send_udp over interface: 192.168.1.1
2024-08-15T13:27:05-04:00 Notice unbound [34306:3] notice: sendmsg failed: Invalid argument
2024-08-15T13:27:05-04:00 Informational unbound [34306:0] info: 192.168.1.205 www.onespeeddave.com. AAAA IN NOERROR 0.000000 1 38



I'm running OPNsense 24.1.5_3-amd64.

What's the way to add another host to isc-dhcp using the CLI?

My guess is that I can add a <staticmap> stanza for the new host to the <lan> section of <dhcp> in /conf/config.xml .

How do I tell Opnsense to re-read /conf/config.xml and reconfigure dhcpd?

Is this the right way?  Is there a better way via the CLI?

I'm looking for simple examples for configuring igmpproxy.  I can't find any that I understand.

The specific example I want is how to enable a DLNA media renderer on one network to discover a DLNA media server on another network.  But feel free to post other examples here.

Given:
LAN1, 192.168.1.0/24
OPT1, 192.168.2.0/24

a DLNA media server on 192.168.1.10 sending SSDP messages on 239.255.255.250
a Roku4 media renderer on 192.168.2.102

What configuration for igmpproxy will let the Roku4 discover the DLNA media server?

Please help me make my DLNA media server visible on both subnets in my network.  Someone asked for this information in the 16.7 Production Series forum (https://forum.opnsense.org/index.php?topic=3681.msg12592#msg12592) and received no answers.  I hope there is an answer for 17.1.

My DLNA media server is on the 192.168.1.0/24 subnet.  Media players on my 192.168.2.0/24 subnet can't see it.  Why is that?