Messages

1

24.7 Production Series / DNSSEC Support

« on: November 09, 2024, 04:36:04 pm »

Hi,

This is my setup:
OPNsense 24.7.8-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

I'm using Unbound DNS and by accident I found a problem. I could not resolve one domain, dhl.com. All other domains as far as I can tell work fine.

When I uncheck  Enable DNSSEC Support the site from DHL is back.

What should be the cause ?

Thanks.

2

23.1 Legacy Series / Re: Unable to resolve local IP

« on: July 28, 2023, 06:11:21 pm »

Turns out this has nothing to do with OPNsense. Sorry.

3

23.1 Legacy Series / Re: Unable to resolve local IP

« on: July 28, 2023, 12:36:56 pm »

Now this is strange.
Even with unbound turned off I can't reach the DNS server to resolve private addresses.
I have to look somewhere else for the cause.

4

23.1 Legacy Series / Re: Unable to resolve local IP

« on: July 28, 2023, 12:21:46 pm »

Thanks.

No idea why it suddenly stopt working. I guess after the latest OPNsense update.

5

23.1 Legacy Series / Re: Unable to resolve local IP

« on: July 28, 2023, 08:00:35 am »

Sorry, indeed private addresses. I've been doing it that way for years. Why is this a security risk?

Always willing to learn, what should be best practice?

6

23.1 Legacy Series / Re: Unable to resolve local IP

« on: July 27, 2023, 11:36:50 pm »

/etc/resolv.conf on the firewall?

The local DNS records are configured with the control panel from my registrar. Like firewall, NAS, etc

7

23.1 Legacy Series / Unable to resolve local IP

« on: July 27, 2023, 03:44:35 pm »

Hi all,

Setup:
OPNsense 23.1.11-amd64
FreeBSD 13.1-RELEASE-p8
OpenSSL 1.1.1u 30 May 2023

I setup some DNS records on my registrar pointing to local IP's.
After the latest update from OPNsense it looks like I'm unable to resolve local IP's,

Like this:
$ dig A www.google.com
;; ANSWER SECTION:
www.google.com.      98   IN   A   142.250.179.164

$ dig A some local domain name
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> A
;; global options: +cmd
;; no servers could be reached

$ ping 127.0.0.53
PING 127.0.0.53 (127.0.0.53) 56(84) bytes of data.
64 bytes from 127.0.0.53: icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from 127.0.0.53: icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from 127.0.0.53: icmp_seq=3 ttl=64 time=0.057 ms

What am I doing wrong?

8

23.1 Legacy Series / Re: OpenVPN and TAP

« on: July 09, 2023, 05:26:48 pm »

Finally fixed:

Interfaces - TAP: enable
Interfaces - Other Types: add bridge and add to Member interfaces LAN and VPN TAP

Easy but I couldn't find this in any manual nor is this set automatically when setting up the VPN with TAP.

9

23.1 Legacy Series / OpenVPN and TAP

« on: July 04, 2023, 08:22:51 pm »

Hi,

I have a working VPN connection with TUN interface.
I'm trying to setup the same VPN connection but now with a TAP interface.

DHCP is working. I get an IP. Status sais OK.
But that's it. I can't ping the gateway, can't ping any device on the LAN. And of course no ping outside the LAN.

I guess it has something to do with the routing table?

Any suggestions to fix this?

Thanks.

10

22.7 Legacy Series / Re: Port Forwad fails

« on: May 31, 2023, 09:32:37 pm »

Fixed. Don't ask me how.

First I changed the source by any. Works.
Next I changed source by network. Still working.
Narrowed it down to one IP. The settings I started with. Still working.

I don't get it. 

11

22.7 Legacy Series / Re: Port Forwad fails

« on: May 30, 2023, 10:22:02 pm »

I already tried this.
Also allow any on that port. No succes.

12

22.7 Legacy Series / Re: Port Forwad fails

« on: May 30, 2023, 09:59:48 pm »

What I don't understand is there are more forward rules. All working well. Only that single rule, where the external IP changed, refuse to work.

13

22.7 Legacy Series / Re: Port Forwad fails

« on: May 30, 2023, 09:31:08 pm »

The network behind the modem is 192.168.1.x/24.
I setup a DMZ to 192.168.1.2, which is the WAN port of the OPNSense Box.

There is nothing else on the 192.168.1.x network.

14

22.7 Legacy Series / Re: Port Forwad fails

« on: May 30, 2023, 09:22:58 pm »

This is the info from live view.
No idea what's wrong.

15

22.7 Legacy Series / Re: Port Forwad fails

« on: May 30, 2023, 08:52:07 pm »

Where do I find the defaul deny rule entry?