Topics

I had to switch from Windows 7 to W10 recently because my new printer didn't come with drivers for W7.  I stayed on W7 because W8-W11 is known to be pulling data off your computer and sending it to Redmond.  I put Opnsense on an older dell I had and started fighting W10 telemetry by monitoring what was going out of my computer with WireShark, LiveTcpUdpWatch, and Zenarmor Live Sessions.  I was able to track down and block 58 IPs going back to Microsoft and an additional 250 IPs going to other various companies (google, amazon, etc).  Most of the tracking caught was during evening hours just after a reboot with no programs running other than WireShark and LiveTcpUdpWatch.  All the captured IPs are now being blocked by Opnsense.
However, there were some W10 programs and a couple of other softwares that were unnecessarily connecting to their companies.  They were automatically connecting through my VPN by way of using my Network Settings, so I had to set my W10 'Proxy Access to the Internet' to 'No Proxy'.  By doing this I apparently am now blocking my browsers from DNS, they can't interpret any domain names now.  They can go to a hard IP address however.

My main problem is that I am trying to setup Unbound to try to use it for DNS, but when I try to change Unbound's port from 5353 to 53, Opnsense says that Adguard has port 53.  I don't know if there is a way to change W10's DNS port to 5353.  Can anyone see anything I can do to make W10 use Unbound?

Thanks

Message after updating, there is always this message in System / System: Firmware / Plugins:
os-sunnyvalley (misconfigured)   1.4_3   2.44KiB   N/A   OPNsense   Vendor Repository for Zenarmor (a.k.a Sensei, Next Generation Firewall Extensions)

Does anyone know how to fix this?  Not an expert here.

I have successfully installed AdGuard, but I don't know how to get my W10 computer to use the AdGuard DNS.  This is what my W10 is using now:
IP address:  192.168.2.50
Subnet mask:  255.255.255.0
Default
Gateway:  192.168.2.1
Obtain DNS server address automatically
Use the following DNS server addresses:
Preferred DNS server:  1001
Alternative DNS server:  1111

Can someone tell me how to point W10 to the AdGuard DNS?

Thanks

I have played with this for several hours and it doesn't stop from getting to this site;
c:\>ping -n 3 144.76.???.???

Pinging 144.76.???.??? with 32 bytes of data:
Reply from 144.76.???.???: bytes=32 time=150ms TTL=47
Reply from 144.76.???.???: bytes=32 time=149ms TTL=47
Reply from 144.76.???.???: bytes=32 time=150ms TTL=47

I have tried several times in the past also without success.

I am very weak on network and firewall knowledge, but think that I may not have the MSTelemetryBlockList LAN rule in proper order.  In the attachment, should the MSTelemetryBlockList be above the two Default IPv4 and IPv6 rules?  I think that I put it at the bottom because I managed to lock myself out of Opnsense once and had to reinstall.

Some guru on youtube suggested you install ClamAV.  I have installed it and loaded in the DB.  The load instruction line and Load button have gone away.  I got this warning message in the log:
2025-01-05T06:04:22-06:00   Warning   freshclam   Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory

I don't think it is anything to worry about, but do I need to do anything about it?
Also, should there be anything listed in to Signatures page?  There is nothing there.

I tried to install nano using pkg_add in the terminal, but pkg_add is apparently not installed.  I can't find nano in the package area of Opnsense.  I know that Vim is installed, but I don't understand it and don't use it.

I may have to go to a new ISP.  The one I have now is unlimited bandwidth.  If I move to another location, I may be limited to a certain amount of BW and need to chose the best ISP per price and bandwidth allowed.  I therefore need to see how much bandwidth I am using a month.  Is there any way I can monitor or log how much BW I am using daily/ weekly/monthly in OPNsense or Zenarmor?  Is there a plugin that might be used for that?

["When you use IPS & Zenarmor together, you can only use the WAN interface for SuricataIt looks like you also have Suricata configured to run on this interface. Please be noted that Zenarmor and Suricata cannot be run on the same ethernet interface at the same time."]

If I try to check both WAN and LAN boxes in settings, Zenarmor says that I can't run WAN on both Suracata and Zenarmor (see quote below).  So if I uncheck 'Enable' and 'IPS mode' and all other boxes on the Suracata  'Services: Intrusion Detection: Administration' page, Zenarmor will still not allow me to check the WAN box in Zenarmor/Settings.  There doesn't seem to be a way to only run Zenarmor.

"When you use IPS & Zenarmor together, you can only use the WAN interface for Suricata
It looks like you also have Suricata configured to run on this interface. Please be noted that Zenarmor and Suricata cannot be run on the same ethernet interface at the same time."

I upgraded today and after upgrading via the interface, I could no longer login to root with a browser.  I could no longer get through to web through OPNsense with my connecting computer.  OPNsense is installed on another Dell. I reinstalled to 24.7.  Rebooted everything.

I installed Zenarmor today and there is a conflict between both Zenarmor and Suricata with both trying to use the WAN.  Which system would by better to use?  Suricata on WAN or LAN, Zenarmor on the opposites, or Zenarmor (MngoDB) on both and disregard Suricata ?

The new Snapshot feature requires Opensense to be on the zfs file system.  My Opensense is on the other one.  The message that is given when your try to do a snapshot is:

"Snapshots are only available when a ZFS file system is used.
For more information on how to migrate to ZFS, please refer to our documentation or support resources."

I can't find any information on how to migrate to ZFS.  Can anyone point me to this information?
Thanks

When I click on the Schedule tab, it pops up an Edit Job box.  After you set up and save a time,  from that time onward you can't click the Schedule tab again to view to list of schedules because the Edit Job box always pops up and blocks the view. When you click Cancel on the Edit Job box, it closes out the Schedule tab by jumping to another tab so that you can't read or modify a check box in the list.

Can someone tell me what are some important Suricata modules to chose?  I actually downloaded and enabled all of them, but youtube would only play for about 15 seconds and then stop with an error message.

abuse.ch/Feodo Tracker
abuse.ch/SSL Fingerprint Blacklist
abuse.ch/SSL IP Blacklist
abuse.ch/ThreatFox
abuse.ch/URLhaus

ET open/botcc
ET open/botcc.portgrouped
ET open/ciarmy
ET open/compromised
ET open/drop
ET open/dshield
ET open/emerging-activex
ET open/emerging-adware_pup
ET open/emerging-attack_response
ET open/emerging-chat
ET open/emerging-coinminer
ET open/emerging-current_events
ET open/emerging-deleted
ET open/emerging-dns
ET open/emerging-dos
ET open/emerging-exploit
ET open/emerging-exploit_kit
ET open/emerging-ftp
ET open/emerging-games
ET open/emerging-hunting
ET open/emerging-icmp
ET open/emerging-icmp_info
ET open/emerging-imap
ET open/emerging-inappropriate
ET open/emerging-info
ET open/emerging-ja3
ET open/emerging-malware
ET open/emerging-misc
ET open/emerging-mobile_malware
ET open/emerging-netbios
ET open/emerging-p2p
ET open/emerging-phishing
ET open/emerging-policy
ET open/emerging-pop3
ET open/emerging-rpc
ET open/emerging-scada
ET open/emerging-scan
ET open/emerging-shellcode
ET open/emerging-smtp
ET open/emerging-snmp
ET open/emerging-sql
ET open/emerging-telnet
ET open/emerging-tftp
ET open/emerging-user_agents
ET open/emerging-voip
ET open/emerging-web_client
ET open/emerging-web_server
ET open/emerging-web_specific_apps
ET open/emerging-worm
ET open/tor

OPNsense-App-detect/file-transfer
OPNsense-App-detect/mail
OPNsense-App-detect/media-streaming
OPNsense-App-detect/messaging
OPNsense-App-detect/social-networking
OPNsense-App-detect/test
OPNsense-App-detect/uncategorized

Greetings:

I use to run my Dell computer through another Dell computer that I had installed Opensense on.  It worked great until my ISP's modem crashed.  I got a free replacement yesterday, but it is no longer just a modem, but is a router-modem.  I have tried to get my computer to connect to the web, but it refuses when I try to run it through the firewall now.  Directly to the router-modem, it connects ok.  I tried to change the Opensense LAN to a different address (192.168.30.1/24) but it still didn't allow a connection.

Here is my ipconfig when my computer is connected directly to the new router-modem:
C:\>ipconfig

Windows IP Configuration
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::6848:1ada:22cb:c4e1%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.112
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter isatap.{A4D5AD67-3E53-4BE6-9CD5-C30CFCEE7087}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
C:\>
------------------------------------------------------------

Here is what Opensense is showing for LAN and WAN:
LAN   (bge0)    --> v4: 192.168.1.100/24
WAN (re0)       --> v4/DHCP4: 192.168.1.222/24

------------------------------------------------------------

Here is my ipconfig when my computer is connected to my Opensense computer:
C:\>ipconfig

Windows IP Configuration
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::6848:1ada:22cb:c4e1%11
   Autoconfiguration IPv4 Address. . : 169.254.196.225
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
Tunnel adapter isatap.{A4D5AD67-3E53-4BE6-9CD5-C30CFCEE7087}:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
C:\>

------------------------------------------------------------

I am not really knowledgeable when it comes to networking.