1
General Discussion / Re: What is wrong with my settings? (Dual VPN client)
« on: November 30, 2019, 11:37:50 am »
More firewall rules and nat
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
'Hi. OpenDNS might be quite alright to use, but it does Hi-jack your DNS queries to display adpages on domains not resolvable, so i have stopped recommend OpenDNS just because of this.
Hi Gargamel, when is the last time you've experienced the ads please? OpenDNS claims not to have done so for quite some years: https://umbrella.cisco.com/blog/2014/05/29/no-more-ads/ Just wondering if they have started doing this again.
Thanks,
Bart...
You can use OpenDNS for DNS with an account for your network to block the social media categoryHi. OpenDNS might be quite alright to use, but it does Hi-jack your DNS queries to display adpages on domains not resolvable, so i have stopped recommend OpenDNS just because of this.
Bart...
This has been going on for some while, and with no response from OVPN that is my provider for this I'll hope some ppl on the forum can sort this out...
It all ends up with err_connection_refused in Chrome for some sites, and even thou I have wiped the cache it still throws a err_connection_refused UNTIL i restart the OpenVPN service in OPNsense!
Server mode: peer to peer SSL/TLS
Protocol: UDP
Device Mode: tun
Interface: wan
remote server: vpn04.prd.kista.ovpn.com
retry dns resolution: checked infinitely resolve remote server
TLS auth: OpenVPN static key V1 from ovpn
Peer certificate authority: the ovpn provided cert
Client certificate: none (username password required)
encryption algorith: AES-256-GSM (256 bit key, 128 bit lock, TLS client/server)
auth digest algorithm: SHA1 (160-bit)
Hardware crypto: no hardware crypto acceleration
compression: enabled with adaptive compression
disable IPv6: checked
Advanced: persist-key
persist-tun
remote-cert-tls server
key-direction 1
reneg-sec 432000
Greetings everyone,
I am using the following functionality with my current firewall but i am looking for something new and i was wondering, can opnsense do this too?
Asn ip blocking (alias from whois)
Dns black holes (using common host files)
Geo-ip blocking (alias from geo-ip)
All logging can be disabled
Also, is opnsense using a rolling release model? Or will it be rolling once all big feature changes are complete? How long are old versions supported if its not rolling?
Thank you so much
J
Entry on the screenshot.
You can choose a nameserver for the domain which does not need to exist
you can override the full domain too.How?
Host Overrides
Host Domain Type Value Description
aftonbladet.se A 0.0.0.0 aftonbladet.se
expressen.se A 0.0.0.0 expressen.se
www aftonbladet.se A 0.0.0.0
www expressen.se A 0.0.0.0 expressen.se