Messages

1

19.1 Legacy Series / Re: DDNS error since 19.1.4

« on: March 19, 2019, 12:35:08 pm »

Ended up being able to post a message to the DNS-O-Matic community about this.. I'll update this if anyone responds over there.. DNS-O-Matic is working within OPNSense -- its just the Cloudflare service when updated through DNS-O-Matic is failing.. I have a couple other services in the DNS-O-Matic account that are updating properly (Tunnelbroker, DSLReports, Zoneedit)

2

19.1 Legacy Series / Re: Can anyone reach their cable modem through OpnSense?

« on: March 18, 2019, 10:58:11 pm »

Ive always been able to access my modem's 192.168.100.1 address from the LAN through my OPNSense box.. These have included Arris TM802, Arris TM1602, Motorola SB6183, and now Netgear CM600.. The "block private networks" thing I believe only blocks incoming connections from source addresses that are RFC1918 on the WAN interface.

I do have a default IPv4 LAN outgoing rule that allows anything from "LAN Net" to go to ANY..  Have you tried adding in a LAN rule that allows anything from "LAN Net" to go to 192.168.100.1 if you dont already have an allow all outgoing rule?

3

19.1 Legacy Series / Re: DDNS error since 19.1.4

« on: March 18, 2019, 10:47:33 pm »

I'm not sure what changed.. I disabled them in Dns-o-matic and just added them separately as Cloudflare services in OPNSense, and they update without issue.  From what I can tell, OpenDNS now requires a Cisco Umbrella account to post on their community pages, and it doesn't look like its seen much action lately.

4

19.1 Legacy Series / DDNS error since 19.1.4

« on: March 17, 2019, 11:01:58 am »

Hi all. I’ve had DDNS setup for quite some time to update Dnsomatic with Opnsense. I have several records in Dnsomatic that get updated, but ever since I updated from 19.1.3 to 19.1.4, I get an error from Cloudflare when Dnsomatic tries to update. This started with the first boot after the update where I immediately got an error. I have other services that update on the same Dnsomatic account, it just seems to be Cloudflare that complains. I get the error every 24 hours.
The error Cloudflare returns is “err A record with those settings already exists. (81058)”

Did something change with the DDNS client in 19.1.4?
Thanks
Rick

5

19.1 Legacy Series / Re: OPNsense 19.1 released update!

« on: January 31, 2019, 07:38:55 pm »

Do some mirrors take longer than others to update?  Just tried from LeaseWeb (Washington DC) and I'm still at 19.1.r2... Changed over to NYC and Im getting 19.1 now.

6

19.1 Legacy Series / 19.1.r2?

« on: January 25, 2019, 03:41:43 pm »

Earlier this morning, I changed from Prod to Devel and went from 18.7.10(3) to 19.1_r33.. I rebooted and changed my settings back to production and tried to use the unlock/upgrade button for 19.1.r1.. After two tries, those upgrades failed and it rolled back to 19.1_r33...  At some point, I think I tried "Update" instead of the "Unlock/Upgrade", and it pulled down this:

OPNsense 19.1.r2-amd64
FreeBSD 11.2-RELEASE-p7-HBSD
OpenSSL 1.0.2q 20 Nov 2018

Is this where I should be at this stage?  Is that RC2? 

Thanks,
Rick

7

Web Proxy Filtering and Caching / Remote Blacklist and Netflix

« on: September 30, 2018, 05:50:20 pm »

Just got transparent proxy going here for the primary purpose of getting HTTPS Everywhere installed.. I followed the procedure detailed here:  https://medium.com/@privb0x23/minimal-cache-proxy-configuring-an-https-everywhere-squid-plugin-on-opnsense-80af717d40ab

I am not proxying HTTPS.. Only HTTP.. I wanted to also add some basic blacklisting for malware, phishing, and cryptojacking sites -- But when I enable remote blacklisting with the UT1 blacklist and those categories selected, Netflix stops working throughout the house.. Specifically, the following shows up in the Squid logs:

Code: [Select]

TCP_DENIED/403 6108 POST http://api-global.netflix.com/nq/nrdjs/pbo_logblob/%5E1.0.0/router - HIER_NONE/- text/html
Came across similar issues when searching for a solution related to pfSense where the fix is to uncheck "Do not allow IP-Addresses in URL" in pfSense.. Can anyone tell me how to set this configuration option for squid in OPNSense?

Thanks,
Rick

8

18.7 Legacy Series / Re: How do I get to rc2 from r_127?

« on: July 21, 2018, 03:22:37 pm »

And additionally had to change from development back to production - and it picked up r2.

9

18.7 Legacy Series / Re: How do I get to rc2 from r_127?

« on: July 21, 2018, 03:10:12 pm »

Nevermind.. I think I got it..  Did upgrade from console and had to type 18.7.r1

10

18.7 Legacy Series / How do I get to rc2 from r_127?

« on: July 21, 2018, 02:57:45 pm »

I was on 18.1.. Changed my settings to development and updated. Now I’m at r127... How do I get to RC2 from here?

11

18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers

« on: June 12, 2018, 07:04:12 pm »

Ive been using this configuration for a while, but I started getting the following errors in my Unbound logs recently.. Anyone know what they mean?

Code: [Select]

Jun 12 12:45:34 unbound: [79836:1] info: generate keytag query _ta-4a5c-4f66. NULL IN
Thanks,
Rick

12

18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers

« on: April 09, 2018, 06:23:41 pm »

Does anyone else get occasional entries like below in their Unbound logs?

Code: [Select]

unbound: [49413:0] error: outgoing tcp: connect: Address already in use for 1.1.1.1

13

18.1 Legacy Series / tcptraceroute package?

« on: April 07, 2018, 03:26:42 pm »

Is it possible to make the tcptraceroute package available to install?

Thanks,
Rick

14

18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers

« on: April 06, 2018, 05:25:25 pm »

Does seem to be working once again with TLS for me as well.. Also not receiving the "error: outgoing tcp: connect: Address already in use for 1.1.1.1" messages in the log (so far)

15

18.1 Legacy Series / Re: CUPS print server for Opnsense

« on: April 05, 2018, 08:05:56 pm »

I have a Brother color laser printer that does not support iOS AirPrint.. I had looked into running a CUPS server on my OPNSense box.. I had also tried on an RPI3.. In the end, the RPI3 was not powerful enough to render the postscript necessary, and what I ended up doing was setting up a Debian VM on my Windows machine that is always powered on.  Takes up a tiny footprint, and worked great.