Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - jerrac

#1
DigitalOcean is listed as a service type. But I can't seem to get it to work.

I made sure to run updates today, so I am on the latest stable version.

I've confirmed my domain is configured to use Digital Ocean's nameservers, and I've added the domain, with an A record, to my DO account. I also made sure to wait long enough for the TTL to rollover.

When configuring the domain, I use these settings:

* Enable: checked
* Service type: DigitalOcean
* Interface to monitor: WAN
* Hostname: tipperthecat.life
* MX: empty
* Wildcards: Unchecked
* Verbose Logging: Checked
* Username: My DO username.
* Password: The token I generated in DO today.
* Description: Empty.

When I click "Save and Force Update", I get this in the "General Log":

QuoteOct 27 14:23:48    opnsense: /services_dyndns_edit.php: Dynamic DNS Record ID (< DO Username >): UNKNOWN ERROR
Oct 27 14:23:48    opnsense: /services_dyndns_edit.php: Dynamic DNS Record ID (< DO Username >): PAYLOAD: {"id":"not_found","message":"The resource you were accessing could not be found."}
Oct 27 14:23:48    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life): Current Service: digitalocean
Oct 27 14:23:48    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life): _checkStatus() starting.
Oct 27 14:23:47    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life via DigitalOcean): _update() starting.
Oct 27 14:23:47    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life): running dyndns_failover_interface for wan. found em0
Oct 27 14:23:47    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life): 73.25.124.39 extracted
Oct 27 14:23:47    opnsense: /services_dyndns_edit.php: Dynamic DNS: updatedns() starting

Any ideas?

> Edit: Marking as solved.
#2
I want to access the web ui for my cable modem. It's documentation says the default ip is 192.168.100.1. Of course, since the modem is outside the firewall, that address just plain won't work for it.

I've googled around, as well as searched this form. So far the closest I've found to anything helpful is this: https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall

Unfortunately, that's for pfsense. The UI for OPNSense is not the same... And there's not enough background there, or in my own head, for me to figure out where in OPNSense I should make the changes.

So, can someone tell me how to access my modem's UI? Maybe translate the pfsense wiki page into something for OPNSense, or if that's not actually how I should do it, point me in the right direction?

Thanks!
#3
I have the Dynamic DNS configured to use CloudFlare.com. It is supposed to keep home.davidreagan.net pointed at my home IP address. When I click "Save and force update" the record on CloudFlare.com does not change to my new IP address.

It has the correct username and password for CloudFlare. I double checked that.

home.davidreagan.net is configured as an A record on CloudFlare's DNS page.

I enabled verbose logging, but I have not found where to view those logs yet.

Do you have any suggestions on how to troubleshoot this?
#4
I've generated a large list of ip addresses that I want blocked. I added them to a url table alias, hosting the text file on Dropbox. Then I configured the rules the same way https://docs.opnsense.org/manual/how-tos/edrop.html has you configure the spamhaus rules.

The ip addresses show up in the pftables list. That means everything is loaded correctly, right? Or just that the alias was loaded?

The issue is that I can still go to both the url and ip of a site I want blocked. I double checked that the ip I was testing was in the pftables list.

The pfsense wiki says that an aliases file can be a single ip per line. https://doc.pfsense.org/index.php/Aliases that's what I've generated. See: https://dl.dropboxusercontent.com/u/29137804/someonewhocares.txt, those are the ip's I found for the hosts listed here: http://someonewhocares.org/hosts/

Did I just miss a step?
#5
I haven't spent much time working with the network layer. So, I'm not really sure where to start figuring issues out... Any pointers would be appreciated.

The issue is that my opnsense firewall is causing packet loss. This shows itself by making me repeatably refresh pages to get the browser the correct dns response. When I restart the system, the issues go away for a while.

I have tested this by removing anything but ethernet cords between my computer, and the firewall. As well as going directly to the cable modem. Packet loss only occurs when the firewall is involved.

It also appears to only occur after the firewall has been on for a while. This last time was 6 days or so. Times before that varied, but I wasn't keeping track of what exactly happened.

I know it's packet loss because the dashboard on my firewall shows anywhere from 15-30+% loss when the issues occur. I also see packet loss when pinging 8.8.8.8.

I've googled some, but I didn't find anything that helped. Maybe because I'm not sure what the best search terms are...

My hardware should not be an issue. It's a 5 or so year old repurposed gateway tower with an i3 cpu, 16gb of ram, and an ssd. I'm using two Intel Gigabit CT PCI-E Network Adapter EXPI9301CTBLK nics for my LAN and WAN ports.

Any suggestions on what I can try?

Thanks!
#6
I was able to get OPNsense working on my wired network, but when I tried to add my router into the mix, I ran into lots of problems.

What I want to do is:

From outside my network, I want the connections to look like this: Cable Modem -> OPNsense firewall -> Unmanaged Switches. All my devices, including my wireless router should connect to the switches. So, wireless devices would look like:  Cable Modem -> OPNsense firewall -> Unmanaged Switch -> Wireless Router -> Device

Could anyone explain how to do that, or point me to some docs that would help? I did read through docs.opnsense.org. And the topics I found about wireless related issues on here, pertained to setting up wireless connections on the firewall, not dealing with a router.

I was able to get my wired devices to work with that set up.  I also tried modem -> firewall -> router -> switches.  I was able to get my router to create a wireless network. But none of my wireless devices could get through to the internet. Plus I had issues getting to the routers configuration page, since opnsense gave it a different ip than what it served the config site on... Thus, I had issues with DHCP server conflicts and mac address clone issues...

My router is a NETGEAR WNR3500L N300 running DD-WRT v3.0-r27520M (07/17/15) kong. And I'm using two TP-LINK TL-SG108 8-Port 10/100/1000Mbps Desktop Switch's.

Sorry for the lack of detail in what I tried, I was just trying random things without really thinking about it. Which is a really bad way to figure things out...  :-[

Thanks for any help in advance. :)
#7
With all the kefluffle Windows 10's invasive monitoring has caused, I've started wondering how I could both block known monitoring destinations, and monitor traffic for new destinations.

I don't trust anything that runs on the same OS that is doing the monitoring. So using a firewall on Windows 10, or some kind of app on Android, isn't what I'm looking for.

Which led me to a hardware firewall.

I'd put the firewall between my modem and my router, then I'd configure it to block any outgoing data to a list of urls/ip addresses that are known to be destinations for OS spying. I'd also configure it to monitor for suspicious destinations. Then I'd make sure my mobile devices only communicated over the net via my VPN. The end result should be that I keep my privacy, even if Microsoft or Google don't respect the privacy settings I select.

So, has anyone configured their firewall to do what I just described?

Can OPNsense block destination urls as well as ip addresses? Like what you can get when you Google "list of windows telemetry urls".

Can OPNsense monitor traffic in a manner that would help figure out when updates change where the data is being sent?