Topics

1

24.7 Production Series / Queries for DNS, not sure what they are for

« on: November 24, 2024, 09:00:34 pm »

I've configured Unbound with DoT and Quad9 servers (9.9.9.9 & 149.112.112.112), and looking at the firewall live view on the WAN interface, I see continual calls to those servers on port 53 (and not 853) where the source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

Similarly, if I filter port 853, i see the same type of output, i.e. source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

I'd want to know if that's normal beavhiour or there is something wrong in my configuration.

Tia.

2

24.7 Production Series / Question about Kea DHCP

« on: November 24, 2024, 08:49:54 pm »

I've decided to test the (new) Kea DHCP service and I've added 10 hosts an in the 'Reservations' section, so far so good.

What I don't understand is that if I click on 'Leases DHCPv4' menu, I see all those hosts with a Lifetime of 86400 (which is the default value for hosts with no reservation), and they actually expire within 24 hrs, hence I'm confused, why is that?

Tia.

3

Virtual private networks / Dynamic gateway policy should or shouldn't be ticked for WG?

« on: October 24, 2024, 03:36:26 pm »

While configuring a WG interface, I'd like to understand whther or not we should enable the feature Dynamic gateway policy.

Tia.

4

Hardware and Performance / About performance

« on: October 24, 2024, 02:55:39 pm »

While reading the document https://docs.opnsense.org/troubleshooting/performance.html I decided to enable RSS (my appliance has got 4x i225 ports and a Celeron J4125, 4 cores) and after reboot I've noticed that the value of net.inet.rss.bits is set to 3: just courious to understand why consdering that before enabling RSS the value was correctly set to 2... 

Also, I read in the guide that if RSS is enabled with the ‘enabled’ sysctl, the packet dispatching policy will move from ‘direct’ to ‘hybrid’. But not for me as even after rebooting, the dispatching policy is still 'direct', and should I set a tuneable to change that to 'hybrid'? Or would it be better to change that to 'deferred' considering my connection is PPPoE?

Tia.

5

Virtual private networks / How to configure DNS in WG?

« on: October 24, 2024, 01:00:37 pm »

Still a lot to learn, so please educate me: by reading the official document WireGuard Selective Routing to External VPN Endpoint it seems there is no need to create a firewall rule for the DNS, and the only mention is at the very end of the document but just relating to DNS leaks (so I read it as optional):

1) why is there no need for firewall DNS rule?

2) as for the very last paragraph/note, I was expecting also the need to specify the destination port range i.e. DNS/DNS, but why is it not the case?

On a separate note, in the instance WG configuration there is a DNS servers setting, but it's not mentioned on any documentation, so what is that for?

6

Virtual private networks / Help on DNS config

« on: September 10, 2024, 12:00:22 pm »

I'm testing protonVPN which has been configured for LAN2 of my appliance (all the devices connected to LAN2 will go through the VPN) and I have still doubts how to best configure DNS: I have attached both the port forward and the LAN2 firewall rules, could someone kindly let me know if I've done it correctly?

Also, the first rule of the firewall rules (the DNS one), is it necessary or it's redundant?

Tia.

7

Virtual private networks / What is an rdr rule?

« on: July 31, 2024, 06:18:53 pm »

I have configured my LAN2 interface with Wireguard (testing ProtonVPN) and looking at the firewall -> log files -> live view I've noticed a few rdr rule entries, could someone please explain what is an rdr rule?

Tia.

8

Virtual private networks / Some clarification on DNS via VPN

« on: May 07, 2024, 10:18:01 pm »

I have configured one of my appliance ports to use ProtonVPN and I followed the official instructions including this: https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html#protonvpn-dns-leaks

I have only a smart TV connected to that port (LAN2), with a static IP address of 192.168.10.16 (for ProtonVPN is then 10.2.0.2).
Using the embedded browser, I've checked any potential DNS leaks browsing to www.dnsleaktest.com website, and no leaks occur (it only detects the ProtonVPN server).

In ISC DHCPv4 for LAN2, I have included the DNS server as the Proton one - 10.2.0.1

Now, if I look at the Firewall -> Live View of both the above IP addresses + port=53, I see the smart tv querying not just the ProtonVPN IP address (10.2.0.1) but also Google DNS servers, how is that possible?

Any suggestions would be much appreciated.

Tia.

9

General Discussion / htpasswd on OPNsense

« on: April 10, 2024, 08:20:45 pm »

I tried to install htpasswd but I got the message that's not been found in the repositories, is there a workaround to get it installed?

Tia.

10

General Discussion / One SSD has failed: what's next?

« on: February 26, 2024, 07:02:22 pm »

I'm running 23.7.12_5 installed on two Transcend SSD 128GB (ZFS), one 2.5" SATA and one mSATA, and looking at my dashboard (SMART Status), I've noticed one SSD has disappeared, and I suppose it means one drive has failed, am I correct?

How do I understand which one has failed?

Tia.

11

Zenarmor (Sensei) / os-sunnyvalley missing

« on: November 18, 2023, 09:31:45 pm »

Decided to uninstall Zenarmor and after rebooting OPNsense 23.7.8_1 I saw a plugin missing notification, how so?

Tia.

12

General Discussion / Understanding Virtual IPs

« on: October 21, 2023, 10:11:16 pm »

I've created a VIP (see picture) on a different subnet than my LAN net (192.168.0.1/24), and I can't understand how to make that IP visible (the modem I need to reach is on 192.168.2.1) e.g. pingable from a device within my LAN: could someone  please guide me?

I believe I have to create an NAT outbound rule, what exactly?

Tia.

13

23.7 Legacy Series / What is Backup Count ?

« on: October 14, 2023, 10:10:10 pm »

I wasn't able to find an explanation of what that option in System -> Configurations -> Backups exactly does: could someone shed some light?

Tia.

14

23.7 Legacy Series / [SOLVED] How to reset theme from CLI?

« on: October 12, 2023, 08:55:37 pm »

As per subject, is that possible? After the upgrade to 23.7.6, the cicada theme has lots of displaying issue and I can't even change to the default theme from GUI (all the drop-down menus don't work), hence I'm hoping I can do that from CLI.

Tia.

15

Virtual private networks / Trying to set up two Wireguard tunnels and load balancing

« on: October 09, 2023, 09:51:51 pm »

I've created two WG tunnels (Mullvad) and created a gateway group with both tunnels on tier 1 to use load balancing, so in the firewall -> LAN rule I've selected that gateway group.

But when I look at the firewall -> live view of both wireguard interfaces, I see traffic on one WG interface only and on the other one it's just every now and then some ICMP and that's all, what am I missing?

Tia.