Messages

1

24.7 Production Series / Re: Queries for DNS, not sure what they are for

« on: November 27, 2024, 06:56:26 pm »

So, yes, there was 'something else' and that was the PS5    I forgot I manually configured the DNS with Quad9

As soon as I turn it off, all that 'noise' stops 

Thank you all.

2

24.7 Production Series / Re: Queries for DNS, not sure what they are for

« on: November 24, 2024, 10:17:00 pm »

Or maybe

System -> Settings -> General -> Networking -> DNS

127.0.0.1

Sorry, I don't understand what you mean...

As I said, the section System -> Settings -> General -> Networking is all blank/unchecked

I really would like to understand if there is anything to be concerned, e.g. something to change in my config...

Also, if I click on info box information, it brings up a pop up window (Detailed rule info) with reference to the "Disable force gateway" option in the Firewall -> Settings -> Advanced section

3

24.7 Production Series / Re: Queries for DNS, not sure what they are for

« on: November 24, 2024, 09:45:58 pm »

There are some "ifs, ands and buts" around how the OPNsense host itself resolves DNS, primarily controlled via System -> Settings -> General -> Networking options. If you want to use Unbound for everything, you probably want that entire section to be blank (i.e. no DNS servers specified, and all options unchecked).

Yes, I can confirm nothing has been checked/selected on that networking section...

4

24.7 Production Series / Re: Question about Kea DHCP

« on: November 24, 2024, 09:13:19 pm »

Thank you both!

5

24.7 Production Series / Re: Question about Kea DHCP

« on: November 24, 2024, 09:06:40 pm »

A reservation just means that the IP address is reserved for a given client - the client still needs to use DHCP to get a lease, renew it, etc.

Does it mean that every 24 hrs the Kea DHCP server releases the IP address and then reassigns that same IP address to the same very host? 

With ISC DHCPv4 if I assign a static IP address to a device then job done, right?

6

24.7 Production Series / Queries for DNS, not sure what they are for

« on: November 24, 2024, 09:00:34 pm »

I've configured Unbound with DoT and Quad9 servers (9.9.9.9 & 149.112.112.112), and looking at the firewall live view on the WAN interface, I see continual calls to those servers on port 53 (and not 853) where the source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

Similarly, if I filter port 853, i see the same type of output, i.e. source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

I'd want to know if that's normal beavhiour or there is something wrong in my configuration.

Tia.

7

24.7 Production Series / Question about Kea DHCP

« on: November 24, 2024, 08:49:54 pm »

I've decided to test the (new) Kea DHCP service and I've added 10 hosts an in the 'Reservations' section, so far so good.

What I don't understand is that if I click on 'Leases DHCPv4' menu, I see all those hosts with a Lifetime of 86400 (which is the default value for hosts with no reservation), and they actually expire within 24 hrs, hence I'm confused, why is that?

Tia.

8

General Discussion / Re: Nominate OPNsense and FreeBSD Foundation for Proton's Fundraiser (Big Reward)!!

« on: November 07, 2024, 07:17:12 pm »

+1

9

Documentation and Translation / Re: 2 Wireguard document questions

« on: October 30, 2024, 11:13:08 am »

In https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html#
Under Step 1 there is a paragraph:
"On Peers tab create a new Peer, give it a Name, set 0.0.0.0/0 in Allowed IPs and set the DNS to 193.138.218.74. This is the one MulladVPN provides for privacy."
However in Peers in Opnsense there is not place to set DNS address...

I can confirm that the option to add a DNS server is on the instance configuration instead, they should amend that typo...
Also, the DNS IP address 193.138.218.74 has been decommissioned a while ago, have a look here for the list of actual Mullvad DNS servers: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls

10

General Discussion / Re: Unbound dns through wireguard VPN

« on: October 29, 2024, 11:13:41 am »

That settings only specify the external dns ip...isn't it?

I believe so

11

General Discussion / Re: Unbound dns through wireguard VPN

« on: October 29, 2024, 10:46:27 am »

Someone could kindly explain to me what steps should I implement to do this:

Assuming you have configured DHCP static mappings in OPNsense for the hosts using the tunnel, specify in that configuration either the DNS servers supplied by your VPN provider (see note below), or public DNS servers. This will override the network-wide DNS settings for those hosts

Configure public DNS servers for your whole local network, rather than local DNS servers

taken from https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html (steps 3 and 4 to avoid dns leak)

thanks

Just go to Services -> ISC DHCPv4 -> LAN and either select a single host or the entire LAN and type your preferred DNS servers IP addresses in the option DNS servers

12

Virtual private networks / Re: How to configure DNS in WG?

« on: October 28, 2024, 09:35:58 pm »

If you want to use it, I think you have to add the DNS ip provided by the dns provider to the wireguard/instances mask.

For me, with or without the Proton DNS server IP address 10.2.0.1 nothing really changes: as long as I keep the port forward rule (see screenshot), then DNS seems to work properly, and still I don't understand the purpose of the DNS servers setting in the WG instance configuration...

13

Hardware and Performance / Re: About performance

« on: October 28, 2024, 09:29:31 pm »

Great, thanks, and my netstat -Q output is exactly like yours, so I believe all sorted now.

14

Virtual private networks / Re: How to configure DNS in WG?

« on: October 24, 2024, 08:27:02 pm »

I think you should define if you are using the dns provided by the vpn provider or an external one, through local dns or unbound dns or other

I want to use dns provided by the vpn provider

15

Virtual private networks / Re: Monitor IP on wireguard

« on: October 24, 2024, 07:53:50 pm »

@hushcoden I found that my problem was related to the wrong choice of the monitoring IPs.
Chaging them to public IPs that I do not use otherise, everything is fine after almost a week. Hope this helps

Are you using IP addresses of public DNS servers or what?