Topics

1

22.1 Production Series / Can't start AdGuard plug-in after opnsense upgrade

« on: February 07, 2022, 07:37:17 pm »

Is it just me or others can't start AdGuard after opnsense 22.1 upgrade too?
AdGuardHome (os-adguardhome-maxit) from https://www.routerperformance.net/opnsense-repo/ worked fine immediately after upgrade to Opnsense 22.1. But after a couple of hours, adguard crashed and I can't start it anymore.
ref: https://github.com/mimugmail/opn-repo/issues/93

2

General Discussion / How to forword DNS queris to external DNS server.

« on: May 15, 2021, 01:41:01 pm »

How to forward all internal DNS queries to a external DNS server without any internal caching by unbound or Dnsmasq?

3

21.1 Legacy Series / Unbound DNS: fatal error: Could not set up local zones

« on: May 15, 2021, 11:50:51 am »

My Unbound DNS was disabled for number of months.
I used DNSCrypt-Proxy.
Now every time I trying to enable Unbound it crashing with following entries in a log:

Code: [Select]

2021-05-15T02:18:51 unbound[31761] [31761:0] fatal error: Could not set up local zones
2021-05-15T02:18:51 unbound[31761] [31761:0] error: Bad local-data RR RedmiNote8Pro-Re?)i.localdomain IN A 192.168.10.104
2021-05-15T02:18:51 unbound[31761] [31761:0] error: error parsing local-data at 32 'RedmiNote8Pro-Re?)i.localdomain IN A 192.168.xxx.xxx': Syntax error, could not parse the RR's type
2021-05-15T02:18:50 unbound[58301] daemonize unbound dhcpd watcher.


Code: [Select]

# unbound-checkconf /var/unbound/unbound.conf
[1621072722] unbound-checkconf[33451:0] error: error parsing local-data at 32 'RedmiNote8Pro-Re?)i.localdomain IN A 192.168.10.104': Syntax error, could not parse the RR's type
[1621072722] unbound-checkconf[33451:0] error: Bad local-data RR RedmiNote8Pro-Re?)i.localdomain IN A 192.168.x.x
[1621072722] unbound-checkconf[33451:0] fatal error: failed local-zone, local-data configuration
How can I fix it?

4

21.1 Legacy Series / How to purge / reset to default Unbound DNS settings?

« on: May 15, 2021, 11:39:02 am »

How to completely purge or reset to default Unbound DNS settings?

5

General Discussion / NAT Slipstreaming 2.0 & ALG

« on: February 06, 2021, 03:18:54 pm »

How to verify that my opnsense setup not vulnerable to NAT Slipstreaming 2.0 attack?
Where are ALG settings?

6

General Discussion / How to read / analyze firewall plain text log?

« on: January 26, 2021, 07:06:00 pm »

How to read/analyze a firewall plain text log?
I am struggling to understand my firewall plain text log.
I didn't find any satisfying documentation as well.
Please help me understand the following example line:

Code: [Select]

2021-01-26T18:05:36    filterlog[89794]    16,,,0,pppoe0,match,block,in,4,0x40,,54,0,0,DF,17,udp,92,188.166.xxx.xxx,yyy.yyy.yyy.yyy,15585,29745,72

7

General Discussion / How to get list of connected devices?

« on: November 27, 2020, 09:54:41 pm »

How to get list of all devices using OPNsense as a gateway?

8

General Discussion / Source & destination network options of firewall rules

« on: August 25, 2020, 08:34:47 pm »

There are some network options available as a source or a destination while creating firewall rules:
Networks

• any
• This Firewall
• LANx address
• LANx net
• Loopback net

Thous terms may sound obvious for some people, but I am struggling to grasp their true meaning.
For example LANx address and LANx net networks sounds the same for me.
Can anyone point me to some documentation clearly explaining these options?

9

General Discussion / Ways to isolate LAN interfaces...

« on: August 23, 2020, 09:30:24 pm »

I am a complete newbie at Opnsense. It is my first post here.
I have a WAN and management LAN interface.

I need to create several additional LAN (opt1, opt2, optN) interfaces isolated from all others except for a WAN. In other words, I need several LAN interfaces that have internet access but can't access each other.
So far I came across the following solution: https://www.reddit.com/r/OPNsenseFirewall/comments/bm4b6w/outgoing_firewallrules/emweuyc?utm_source=share&utm_medium=web2x&context=3

Is it there any other good solutions for such a "challenge"?