Messages

I had a similar experience, but with Unbound and OpenVPN. I lost DNS resolution on the OpenVPN-client. Network Interfaces -> LAN, Localhost, OpenVPN-Server. When I switched to All, the DNS resolution resumed. Still, I went back to the old regime with "Network Interfaces -> LAN, Localhost, OpenVPN-Server".

Could perhaps the dot-zero IP-address (66.88.99.0) be the culprit?

https://labs.ripe.net/Members/stephane_bortzmeyer/all-ip-addresses-are-equal-dot-zero-addresses-are-less-equal

This helped me speed up DNS resolution.

Finally, Under Services, DHCP Server, set your DNS Server to your pfSense's LAN IP.  As your DHCP clients renew their lease they'll start using pfSense for DNS.

As far as performance if you have low latency to your ISPs DNS you probably won't notice anything.  But if you're on a high latency connection  with 70ms pings like I am, this makes a big difference.

https://b3n.org/hijacked-slow-dns-unbound-pfsense/

I have experienced the same issue. I'd like to point out that I use dns-over-tls.

Changing the interfaces from the selected few to all (default), makes Unbound stop dead. I'm running 18.1.10 with LibreSSL and with Unbound 1.73 test version.

https://forum.opnsense.org/index.php?topic=8943.0

Upgrading to 18.1.10 I stayed with the OpenSSL version for a few hours, my default. I had no issues. It was a plain upgrade from 18.1.9 without any changes to the configuration. I then switched to the LibreSSL version (I did not forget the compulsory upgrade) and for the first time, dns-over-tls worked equally well as with OpenSSL. At least as far as I can assess. It's been close to 24 h since I made the switch.

I'm also interested in an answer to this question. However, I'm no proficient enough to wrap my head around it, but I found an interesting Cisco-post where at least a related issue was discussed.

https://learningnetwork.cisco.com/thread/28157

Does anyone have experience with the Ubiquiti AirCube ISP and/or AC? The AirCube is a consumer grade WiFi access point. The "ISP" version is 2.4 Ghz only device, whereas the "AC" version supports both 2.4 and 5 GHz mode. The May 7th firmware changelog (the latest) contains a comprehensive description of features.

https://www.ubnt.com/accessories/aircube/

https://www.ubnt.com/downloads/firmwares/airCube/v2.2.0/changelog.txt

https://community.ubnt.com/t5/airCube/bd-p/airCube

https://www.youtube.com/watch?v=UnYRT7wI-Vs

A few points of sale in the EU.

https://www.amazon.co.uk/
https://www.amazon.de/
https://www.eurodk.com/
https://www.irishwireless.net/

Switching from LibreSSL to OpenSSL and DNS-over-TLS (Quad9 and Cloudflare) has been working for 48 h straight. Few and expected entries in the Unbound log during that time frame. I'm still on 18.1.7_1

For me it works for an hour or two, then it stops. The Unbound log is swamped with these. I'm on 18.1.7_1, LibreSSL flavour.

There is an updated version of unbound available - 1.7.0

Amongst the features:

"Accept tls-upstream in unbound.conf, the ssl-upstream keyword is also recognized and means the same. Also for tls-port, tls-service-key, tls-service-pem, stub-tls-upstream and forward-tls-upstream."

http://www.unbound.net/download.html

Thank you for straightening this out. I'm however convinced that this is not the last take on this issue.  :)



Regards,


Miroco

In view of the upcoming speculative execution kernel patch för amd64, planned for 18.1.5 and the APU2C4 board.

https://forum.opnsense.org/index.php?topic=7595.0

PC Engines - about Spectre and Meltdown vulnerabilities

http://pcengines.ch/spectre.htm

On one hand a microcode update seems to be necessary in part to mitigate the effects of the Spectre vulnerability. On the other hand it seems that PC Engines standpoint is that "the vulnerability must be handled at the OS level". That's consistent with the upcoming patch, but not a word about a microcode update?

Is there a discrepancy, or have I misunderstood the complexity of the problem?


Regards,


Miroco

Hi think24,


If I got you right, you can do that under VPN -> OpenVPN -> Client Export -> Host Name Resolution - > Dynamic DNS: YourDynamicDns.com

Then you export your client (.ovpn) file.


miroco

Give Etcher a try.

https://etcher.io

It writes images to both SD cards and USB drives.


Windows x86/x64

macOS x64

Linux x86/x64

I wonder if the "port-share" option in OpenVPN server could be of help?

https://www.bestvpn.com/how-to-hide-openvpn-traffic-an-introduction/

Look for "Sinister Brain" in the comments section.


Regards,


Miroco