Topics

1

General Discussion / Anyone setup NextDNS?

« on: November 25, 2021, 05:21:55 pm »

Hello,

I had my OPNsense firewall at home running nicely until we had a power cut and the M2 drive failed.  I replaced this and installed the lasted OPNsense and restored my config and was back online in no time really.
The only thing I can't remember how I get working is my NextDNS.

A rebuild would of lost my local changes.  In my notes I have this, are below.  Are they still the valid way to get this working again?

Created a file called nextdns.conf in /var/unbound/etc

server:
  tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#e6f5fx.dns1.nextdns.io
  forward-addr: 2a07:a8c0::#e6f5fx.dns1.nextdns.io
  forward-addr: 45.90.30.0#e6f5fx.dns2.nextdns.io
  forward-addr: 2a07:a8c1::#e6f5fx.dns2.nextdns.io

Make sure the file owner is unbound and same rights as other files.

chown unbound nextdns.conf

2

General Discussion / Power cut at home OPNsense now says "Can't load from Kernel"

« on: November 20, 2021, 07:04:37 pm »

Hello,

We had a power cut and my OPNsense server now boots up with a "Can't load from Kernel".

Is this a reinstall job?

I have a backup of the config too, so is it a reinstall, then somehow get config onto it via the GUI?

I'm using a HP T730.  It has a SanDisk 32GB M.2 flash drive.

Photo

https://i.imgur.com/gaCdsES.jpg

3

General Discussion / Is it possible to send flows such as Top Talkers to Elastiflow?

« on: September 23, 2021, 07:12:25 pm »

Hello,

Does anyone know if OPNsense can sent network flows to Elastiflow please such as Top Talkers?

Thanks

4

General Discussion / Strict NAT Gaming - Enable UPNP plugin the way to go?

« on: April 11, 2021, 06:35:28 pm »

Hello,

I managed to get my sons Xbox using Open NAT using - https://ultramookie.com/2020/05/opnsense-xbox-live/

Xbox uses UDP/TCP 3074 so I guess this is easy.

My other son users a PC and when he plays GTA5 and Modern Warfare Warzone he gets a message he is using Strict NAT, so I'm not sure I can use this method and I'm not sure of the ports.

I read that some enable the UPNP plugin and let OPNsense dynamically open the ports like a regular home router?

Thanks

5

General Discussion / Can't get DNS over TTL working

« on: April 01, 2021, 08:32:19 pm »

Hello,

I'm following this guide:
https://sahlitech.com/opnsense-setup-unbound-dns/

I have a a few VLANs so I thought I'd setup it up on my guest WiFi VLAN, but when I connect to that SSID it can ping Internet IP's like 1.1.1.1 but can't resolve DNS names.

My settings:

https://imgur.com/wDh2n9v

Guest DHCP scope I remove any DNS IP

https://imgur.com/LZTmf8J

Using these settings:

Code: [Select]

server:
tls-cert-bundle: "/etc/ssl/cert.pem"

forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns9.quad9.net
forward-addr: 149.112.112.9@853#dns9.quad9.net
See anything wrong?

Thanks

6

Zenarmor (Sensei) / Sensei any good for home?

« on: March 30, 2021, 01:57:35 pm »

Hello,

I have a simple home network that I’ve rebuilt.

Firewall - OPNsense (was pfSense) on a HP 730 with Quad Nic, 8Gb mem, 32GB SSD, Quad COre 2.7GHz CPU.
Hypervisor - Single ESXi 7 host
24 port switch with various VLANs

I used pfBlocker at home to stop certain categories and it was very nice to be honest.

I'm now looking at a simple Ad blocker and category blocker for home, is Sensei the way to go?

If not are there any other recommendations?

I don't really want to add to much load to my OPNsense firewall so I can use a VM.

Thanks

7

General Discussion / Recommendations to setting up DNS over TTL - Unbound with CLoudfare/NextDNS any

« on: March 30, 2021, 01:53:35 pm »

Hello,

I have a simple home network that I’ve rebuilt.

Firewall - OPNsense (was pfSense) on a HP 730 with Quad Nic, 8Gb mem, 32GB SSD, Quad COre 2.7GHz CPU.
Hypervisor - Single ESXi 7 host
24 port switch with various VLANs

I use to use Pi Hole and pfBlocker but have removed all this.

Now I want to setup DNS over TLS and or DNS over HTTPS. I’m not sure if I can use OPNsense for this or a remove service and wonder what you guys use?

For my DNS I use Cloudfare family at them moment which blocks certain categories.

I prefer OPNsense to not be overwhelmed by services.

Thanks

8

General Discussion / Anyone using DoT or recommend added security for my new OPNsense install?

« on: March 29, 2021, 12:53:34 pm »

Hello,

I've finally moved over from pfSense to OPNsense and it's all working nice at home.

I used pfBlocker and Suricata and I also had Pi Hole on my single ESXi host.

I've now had a clear out and what to start again with security.

I don't have any VMs now at home apart from Grafana for my nice Dashboard for OPNsense.

My DNS is setup to point to Cloudfare's 1.1.1.3 for their family DNS (blocks certain categories) and I use 1.1.1.1 for my guest network where isn't not blocked.

3 areas I'd like to sortout is:

1.) Have control over what categories I block.
2.) Have some sort of monitoring/stats
3.) Security - I love to encrypt our DNS with DoT.

What options do I have for the above?  What do you use?

My home hardware is:

HP T730 with Intel quad card for OPNsense
Intel NUC - 32GB mem with 1TB SSD for ESXi 7 host for VMs
24 port Mikrotik switch
2 x Cisco 3700 APs with a few SSIDs on separate VLANs

Thanks

9

21.1 Legacy Series / Monitor gateway returning nothing

« on: March 29, 2021, 12:43:30 pm »

Hello,

On my Lobby I like to show the Gateway health, I did this in pfSense (moved over this weekend).

Here you can see I can ping my gateway via the CLI, but the GUI doesn't like it:

https://imgur.com/zMyURAQ


My settings

https://imgur.com/aofCwfI

Any idea what I'm doing wrong?

Thanks

10

21.1 Legacy Series / New setup - normal to have no WAN rules?

« on: March 26, 2021, 12:03:34 pm »

Hello,

I'm about to swap out my pfSense VM with a hardware based OPNsense FW, is it normal to have no rules in the WAN rule section, does it just auto NAT LAN to WAN so I should get on the Internet?

I've got the WAN port set to DHCP and will connect my Virgin Broadband router in modem mode soon.

Thanks

11

21.1 Legacy Series / How to I create a network group/alias for rfc1918 subnets?

« on: March 26, 2021, 11:55:31 am »

Hello,
I'm coming over from pfSense and I am trying to create a rfc1918 group to block local private subnets for my guest network.

In pfSense I just create a new alias and add the name and subnets, what am I doing wrong here as I don't get the option to add the local subnets?

https://imgur.com/MjXYB21


Thanks

12

21.1 Legacy Series / Open NAT possible for Xbox gamers?

« on: March 25, 2021, 11:11:31 pm »

Hello,

I use pfSense and am looking at coming over to OPNsense, but it's important I can get Open Nat working for my sons Xbox's which I have in pfSense.

I used this, but looking at the comments it looks like I can't use this approach? It uses Pure NAT

https://www.youtube.com/watch?v=whGPRC9rQYw&ab_channel=SpaceinvaderOne

What do you think?

Thanks