Topics

1

General Discussion / I Set Up A VLAN But Can't Ping Systems On It

« on: December 04, 2023, 08:12:54 pm »

I currently have 3 interfaces: LAN, WAN, and DEVICES.

DEVICES is a VLAN assigned to LAN. Both have DHCP enabled, and their subnets are:

LAN 10.0.0.0 DHCP range 10.0.0.50 - 10.0.0.254
DEVICES 10.0.1.0 DHCP range 10.0.1.50 - 10.0.1.254

I can't ping systems on DEVICES from LAN even after adding rules on DEVICES to allow any protocol from LAN net to DEVICES net, and I actually can't even ping systems on devices from OPNsense itself.

I'm not sure what I'm missing here. Help would be appreciated, thanks for taking the time to read this.

EDIT: I should also have mentioned I do have internet on systems on DEVICES, for example pinging google from a system on DEVICES succeeds.

2

General Discussion / I Switched My Network To IPV6 And Now Certain Domains Won't Resolve

« on: December 01, 2023, 02:11:43 am »

I currently have DHCPv4 and DHCPv6 enabled. If I disable DHCPv4, certain domains no longer resolve, some examples of such domains are:

openweathermap.org
discord.gg
forum.opnsense.org

However, others work just fine, like:

google.com
youtube.com
nextcloud.com

All of the sites that don't work give output like this when I run a command such as nslookup -query=AAAA openweathermap.com:

Non-authoritative answer:
*** Can't find openweathermap.com: No answer

The way I'm interpreting this is that these sites have no AAAA record and so I can't connect to them from my IPV6-only network. I'm wondering if there's some way to resolve this (no pun intended) by enabling some kind of IPV4 fallback on my network, or by some other means. Surely it's not right that switching to an IPV6-only setup makes large amounts of the internet inaccessible?

Thanks for your time.

3

General Discussion / How to Fix ERR_CERT_AUTHORITY_INVALID on GrapheneOS Device

« on: November 18, 2023, 05:20:50 pm »

I recently switched my phone to use the secure operating system GrapheneOS ( https://grapheneos.org/ ). However, now when I try to browse with my phone on my local network, I get ERR_CERT_AUTHORITY_INVALID (pictured). I have tried:

- restarting DHCP
- deleting the lease
- rebooting the phone
- clearing the browser cache

If someone could give me some tips to debug this, that would be much appreciated.

4

General Discussion / Cloudflare Is Being Blocked

« on: October 22, 2023, 12:00:04 am »

This topic has already been posted on at least once that I could find ( https://forum.opnsense.org/index.php?topic=33983.0 ). But the post was never replied to, so I figured I should probably post on the topic as well. I host a Nextcloud instance on my server, and before moving to Cloudflare, I was able to reach it without any trouble, so long as I turned on reflection for port forwards, reflection for 1:1, and automatic outbound NAT for reflection. However since switching to Cloudflare, I can no longer reach my Nextcloud instance, and I can see many lines of of default deny / state violation rule showing up in the logs. I am not sure how to resolve this, if someone could explain, that would be great. Thank you for reading.

5

Tutorials and FAQs / Can Not Access Web GUI

« on: October 15, 2023, 02:49:49 am »

Hello,

First time poster here, I think I have the right channel. Also first time setting up a proper firewall, so forgive my likely basic question. I have taken a good look around on the forum and more generally on the internet, to no avail.

I have successfully installed OPNsense on my HP ProLiant DL380 G7 (henceforth home-server-1), however the web GUI is not accessible at 192.168.1.1. I can not ping home-server-1 from other machines on my network, or ping other machines on my network from home-server-1 via the "Ping Host" option in the OPNsense menu. I have tried rebooting home-server-1, and rebooting the modem, neither have had any effect.

I am not sure what to do at this point, and suggestions would be very appreciated. Thank you for your time. I am happy to provide any further information needed or run any tests needed.