Topics

1

23.1 Production Series / Having problems understand/implementing LOCAL DNS.

« on: Today at 03:05:11 am »

Hello!

So I have latest OPNSense, Aguard (plugin) and Unbound DNS all enabled and works like a charm.
What I am trying to set up though is LOCAL DNS.
When I was using PiHole +Swag, my LOCAL DNS would work fine, if the internet went down I could still connect (so I know it was working correctly) but I notice that ALL my SWAG .confs are available via Internet, so I wanted to REMOVE SWAG and just make my hosts available LOCALLY ONLY for when I connect through VPN (via Wireguard plugin).

I guess I am confused... The Adguard Plugin / page config... Would I do this via DNS REWRITE? Or would it be on Opnsense under Unbound DNS?
I did some on DNS REWRITE and it seemed to not work.... When I was using Pihole/SWAG I would have  x.duckdns.org to 192.168.5.181 and SWAG would Port redirect... Am I still needing SWAG? I mean, how would Adguard know what Port I wanted?
Sorry I know this sounds ignorant.. I really have been trying to google.

2

23.1 Production Series / Install OpnSense on a Cisco ASA-5508-X?

« on: March 26, 2023, 09:23:20 pm »

Hello

I have seen similar approaches to 5515,5506, 5516 so on and so forth, and I know more or less the MB and chipsets are the same, the only differences being the VPN throughput, ethernet ports etc, hardware differences. But I am a firm believer I am the 1% who always gets the thing no one else did, or can't be upgraded.

Like my Wifi Router... 300 bucks all excited, but IT was not able to be flashed.

So, anyone know of any success?

I am currently running OPnsense as a VM on a Proxmox system that runs 1250 Watts.. I turn all my servers off at night, but the internet, and wanted to move Opnsense to a more refined, less power consuming  device.

3

23.1 Production Series / Using OPNsense as my Local DNS

« on: March 22, 2023, 06:59:49 pm »

Hi! I have been using OPnsense at the DHCP server but referring to PiHole (192.168.5.47) as my DNS/Ad Block. I was wanting to eliminate Pihole, more so the idea of having another device to do DNS and maybe just having everything local, and maybe adding Adguard to it.

I am not exactly too sure what I would need for this, is this local DNS built in, or would it be a plugin?
In case I am talking stupid, I just wanna make, let's say, plex.x.duckdns.org resolve to 192.168.5.181, even if the Internet is down. So and and so forth for a good 15-20 dockers/hosts.

I don't necessarily need it written out for me, but just a little guidance to get me on my way.

4

Virtual private networks / Am I able to "remove" certain IP's from OpenVPN Access?

« on: February 19, 2023, 03:43:51 pm »

Hello

I have a DHCP Server 192.168.5.2 - 192.168.5.177 to hand out IP's. I have an email server 192.168.5.180, 192.168.5.181 that need to have their legitimate WAN IP.
When I enable the OpenVPN (NordVPN) I see that my .180 and .181 WAN IP change to the NordVPN IP.... But oddly enough, incoming email still gets to them. The issue I have is that OUTGOING emails say "connection refused".
To verify it is not something else, when I disable the OpenVPN, email sends out like normal.
Unless this is an obvious thing to fix/modify, is there simply a way to remove specific IP's, or even 192.168.5.178 - 192.168.5.200 from the OpenVPN connectivity?

5

22.7 Legacy Series / Having trouble configuring Firewall to allow Mail Server Access

« on: February 19, 2023, 01:56:18 am »

Hello!

So, I have 8 STATIC IP's (6 usable).

I made Virtual IP's for each of the 6 IP's
I made NAT 1:1 from each Virtual IP to it's specific LAN IP.
I configure that specific IP 1 at a time on a host and verify it has correct WAN IP via "whatsmyip"

So, everything is set as it should be, I assume, as the IP's are correct to their destination.

I have an email server on WAN x.x.x.180 to LAN 192.168.5.180
The Ports that are on the .180 are 587 (SUBMISSION) 25 (SMTP) and 993 (IMAP/S).
The only things I have for firewall are;
PASS - WAN - IN -IPV4 - TCP -SOURCE (ANY)- SOURCE PORT (each one mentioned) - DESTINATION (192.168.5.180) - DESTINATION PORT (each one mentioned).

But, I am unable to connect! I have no other NAT or Port Forwarding set up, as I assume I would not need Port Forwarding because of the 1:1?

Any suggestions?

6

22.7 Legacy Series / Converting from Cisco FPR1010 to OPNSense.

« on: January 11, 2023, 08:18:58 pm »

Hello, I love my Cisco and have no issues with it but I like to explore and was curious about something.

Currently my DSL Router is in BRIDGE mode and my Cisco FPR does the PPPoE. I do have a Block of 8 static IP's (6 usable). My FPR1010 grabs the default IP x.x.x.182 which leaves x.x.x.177 to x.x.x.181.
Currently I have STATIC NAT's;

x.x.x.177 255.255.255.0 192.168.5.55
x.x.x.178 255.255.255.0 192.168.5.56
x.x.x.179 255.255.255.0 192.168.5.57
x.x.x.180 255.255.255.0 192.168.5.58
x.x.x.181 255.255.255.0 192.168.5.59

So naturally any host on the LAN that has those IP's have their specific WAN IP. Works fine
I also then of course of ACL's/firewall to allow ports on those hosts.

I will say that the Subnet/DHCP Server on the Cisco is 192.168.1.0. So, GE1/2 (192.168.1.1 (FPR)) connects to a L3 Cisco Switch. On the Switch, GE 1/1 is 192.168.1.2. I then have a PBR on the switch and a subnet 192.168.5.0. So, 192.168.5.0 has access to the Internet via GE 1/1 (192.168.1.2) which leads back to the Cisco FPR. Also, the FPR does have a route '192.168.5.0 255.255.255.0 192.168.1.1'.
Everything works as I want it.
I have a FPR subnet going to a different Subnet on the Switch because I do want my 192.168.1.0 (other IP's on that subnet) not part of the 192.168.5.0 subnet. I have various reasons why, thugh maybe not all legit..

Anywho; Is this same set up doable in OPNSense?
I COULD simplify it and just make the OPNsense LAN subnet 192.168.5.0 just to eliminate more code, but I'd rather have it this way.