Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - g0nz0uk

Pages: [1] 2

General Discussion / Anyone setup NextDNS?

« on: November 25, 2021, 05:21:55 pm »

Hello,

I had my OPNsense firewall at home running nicely until we had a power cut and the M2 drive failed. I replaced this and installed the lasted OPNsense and restored my config and was back online in no time really.
The only thing I can't remember how I get working is my NextDNS.

A rebuild would of lost my local changes. In my notes I have this, are below. Are they still the valid way to get this working again?

Created a file called nextdns.conf in /var/unbound/etc

Quote

server:
tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 45.90.28.0#e6f5fx.dns1.nextdns.io
forward-addr: 2a07:a8c0::#e6f5fx.dns1.nextdns.io
forward-addr: 45.90.30.0#e6f5fx.dns2.nextdns.io
forward-addr: 2a07:a8c1::#e6f5fx.dns2.nextdns.io

Make sure the file owner is unbound and same rights as other files.

chown unbound nextdns.conf

General Discussion / Re: Power cut at home OPNsense now says "Can't load from Kernel"

« on: November 20, 2021, 07:43:32 pm »

Just reinstalled and I'm getting this, what should I do or is it a new M.2 drive?

https://i.imgur.com/pIHH2Lu.jpg

https://i.imgur.com/sJV9yjK.jpg

General Discussion / Power cut at home OPNsense now says "Can't load from Kernel"

« on: November 20, 2021, 07:04:37 pm »

Hello,

We had a power cut and my OPNsense server now boots up with a "Can't load from Kernel".

Is this a reinstall job?

I have a backup of the config too, so is it a reinstall, then somehow get config onto it via the GUI?

I'm using a HP T730. It has a SanDisk 32GB M.2 flash drive.

Photo

https://i.imgur.com/gaCdsES.jpg

General Discussion / Is it possible to send flows such as Top Talkers to Elastiflow?

« on: September 23, 2021, 07:12:25 pm »

Hello,

Does anyone know if OPNsense can sent network flows to Elastiflow please such as Top Talkers?

Thanks

General Discussion / Strict NAT Gaming - Enable UPNP plugin the way to go?

« on: April 11, 2021, 06:35:28 pm »

Hello,

I managed to get my sons Xbox using Open NAT using - https://ultramookie.com/2020/05/opnsense-xbox-live/

Xbox uses UDP/TCP 3074 so I guess this is easy.

My other son users a PC and when he plays GTA5 and Modern Warfare Warzone he gets a message he is using Strict NAT, so I'm not sure I can use this method and I'm not sure of the ports.

I read that some enable the UPNP plugin and let OPNsense dynamically open the ports like a regular home router?

Thanks

General Discussion / Re: Anyone using DoT or recommend added security for my new OPNsense install?

« on: April 03, 2021, 11:57:32 pm »

That's what I'm trying to do with Cloudfare.

Did you add the above to Custom options with your gateway ID?

Under Miscellaneous do you have anything under DNS over TLS Servers?

Do you have DoT setup (https://1.1.1.1/help)?

General Discussion / Can't get DNS over TTL working

« on: April 01, 2021, 08:32:19 pm »

Hello,

I'm following this guide:
https://sahlitech.com/opnsense-setup-unbound-dns/

I have a a few VLANs so I thought I'd setup it up on my guest WiFi VLAN, but when I connect to that SSID it can ping Internet IP's like 1.1.1.1 but can't resolve DNS names.

My settings:

https://imgur.com/wDh2n9v

Guest DHCP scope I remove any DNS IP

https://imgur.com/LZTmf8J

Using these settings:

Code: [Select]

server:
tls-cert-bundle: "/etc/ssl/cert.pem"

forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 9.9.9.9@853#dns9.quad9.net
forward-addr: 149.112.112.9@853#dns9.quad9.net

See anything wrong?

Thanks

General Discussion / Re: Anyone using DoT or recommend added security for my new OPNsense install?

« on: March 30, 2021, 04:44:18 pm »

Thanks, I'll try this today.

Seems many miss off the cert section.

General Discussion / Re: Recommendations to setting up DNS over TTL - Unbound with CLoudfare/NextDNS any

« on: March 30, 2021, 04:43:10 pm »

Whoops, I did on my phone and thought it didn't send, so did on my PC instead. Can't seem to remove this one.

Zenarmor (Sensei) / Sensei any good for home?

« on: March 30, 2021, 01:57:35 pm »

Hello,

I have a simple home network that I’ve rebuilt.

Firewall - OPNsense (was pfSense) on a HP 730 with Quad Nic, 8Gb mem, 32GB SSD, Quad COre 2.7GHz CPU.
Hypervisor - Single ESXi 7 host
24 port switch with various VLANs

I used pfBlocker at home to stop certain categories and it was very nice to be honest.

I'm now looking at a simple Ad blocker and category blocker for home, is Sensei the way to go?

If not are there any other recommendations?

I don't really want to add to much load to my OPNsense firewall so I can use a VM.

Thanks

General Discussion / Recommendations to setting up DNS over TTL - Unbound with CLoudfare/NextDNS any

« on: March 30, 2021, 01:53:35 pm »

Hello,

I have a simple home network that I’ve rebuilt.

Firewall - OPNsense (was pfSense) on a HP 730 with Quad Nic, 8Gb mem, 32GB SSD, Quad COre 2.7GHz CPU.
Hypervisor - Single ESXi 7 host
24 port switch with various VLANs

I use to use Pi Hole and pfBlocker but have removed all this.

Now I want to setup DNS over TLS and or DNS over HTTPS. I’m not sure if I can use OPNsense for this or a remove service and wonder what you guys use?

For my DNS I use Cloudfare family at them moment which blocks certain categories.

I prefer OPNsense to not be overwhelmed by services.

Thanks

General Discussion / Re: Anyone using DoT or recommend added security for my new OPNsense install?

« on: March 29, 2021, 10:13:59 pm »

Thanks, I'm not sure that link enables DoT though, unless I'm wrong?

21.1 Legacy Series / Re: Monitor gateway returning nothing

« on: March 29, 2021, 10:10:08 pm »

I'm blind, I didn't see that "disable" option.

What is strange it I can ping my WAN gateway, but it will show as offline. I've add 1.1.1.1 instead and that worked.

Thanks.

General Discussion / Anyone using DoT or recommend added security for my new OPNsense install?

« on: March 29, 2021, 12:53:34 pm »

Hello,

I've finally moved over from pfSense to OPNsense and it's all working nice at home.

I used pfBlocker and Suricata and I also had Pi Hole on my single ESXi host.

I've now had a clear out and what to start again with security.

I don't have any VMs now at home apart from Grafana for my nice Dashboard for OPNsense.

My DNS is setup to point to Cloudfare's 1.1.1.3 for their family DNS (blocks certain categories) and I use 1.1.1.1 for my guest network where isn't not blocked.

3 areas I'd like to sortout is:

1.) Have control over what categories I block.
2.) Have some sort of monitoring/stats
3.) Security - I love to encrypt our DNS with DoT.

What options do I have for the above? What do you use?

My home hardware is:

HP T730 with Intel quad card for OPNsense
Intel NUC - 32GB mem with 1TB SSD for ESXi 7 host for VMs
24 port Mikrotik switch
2 x Cisco 3700 APs with a few SSIDs on separate VLANs

Thanks

21.1 Legacy Series / Monitor gateway returning nothing

« on: March 29, 2021, 12:43:30 pm »

Hello,

On my Lobby I like to show the Gateway health, I did this in pfSense (moved over this weekend).

Here you can see I can ping my gateway via the CLI, but the GUI doesn't like it:

https://imgur.com/zMyURAQ

My settings

https://imgur.com/aofCwfI

Any idea what I'm doing wrong?

Thanks

Pages: [1] 2