16
Tutorials and FAQs / Re: OPNSense SSHD + Active Directory or OpenLDAP
« on: April 06, 2018, 01:07:36 pm »
Very nice, well done!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
17
18.1 Legacy Series / Re: When is 18.1.6 going to be released?
« on: April 05, 2018, 08:45:06 pm »
Thanks Franco!
Nice list
Nice list
18
18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers
« on: April 05, 2018, 08:43:44 pm »
Thanks for the report!
19
18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers
« on: April 05, 2018, 06:28:43 pm »
They do.. for 2 minutes 
20
18.1 Legacy Series / Re: PPPoE reconnect loop
« on: April 05, 2018, 06:26:32 pm »
This never happened to me...
21
18.1 Legacy Series / Re: When is 18.1.6 going to be released?
« on: April 05, 2018, 08:51:02 am »
If we're at it and anybody knows this, yeah, 18.1.7 release date is also very good to know :p
22
18.1 Legacy Series / When is 18.1.6 going to be released?
« on: April 05, 2018, 07:19:07 am »
I need this info (if possible to disclose) because of some logistical decisions i need to make.
Thanks.
Thanks.
23
General Discussion / Re: Blocking incoming traffic at the LAN/OPT level instead of the WAN
« on: April 05, 2018, 06:55:23 am »
I have never done your setup. I'll start with saying that anything that needs to be blocked, should be blocked as fast as possible, any other design is risky and i will never recommend anything else.
Regarding your question, you should carefully follow all your fw rules, priorities and ordering. Something with higher priority is passing your packets, probably an "allow any to any" on some interfaces/vlans.
Welcome to OPNsense!
Regarding your question, you should carefully follow all your fw rules, priorities and ordering. Something with higher priority is passing your packets, probably an "allow any to any" on some interfaces/vlans.
Welcome to OPNsense!
24
18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers
« on: April 05, 2018, 06:28:58 am »
Cloudflare is some sorts of proxy for anything behind them, they intercept all queries before reaching the destination. Including encrypted communication. I didn't try, but without dnssec this may work with Cloudflare as well (although dnssec is not encrypted DNS communication, it is a signed response, with which Cloudflare may interfere).
25
18.1 Legacy Series / Re: Can't get Intrusion Detection working.
« on: April 05, 2018, 06:20:03 am »
Follow this tutorial and you will get your IDPS up and running:
https://forum.opnsense.org/index.php?topic=6893.0
It's not updated, but I hope you'll manage to find the options which were modified in the GUI.
https://forum.opnsense.org/index.php?topic=6893.0
It's not updated, but I hope you'll manage to find the options which were modified in the GUI.
26
18.1 Legacy Series / Re: Bug in DNS resolution?
« on: April 05, 2018, 06:04:15 am »
It works exactly as it should.
This is the help text under that option:
"By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on Localhost, so system can use the local DNS service to perform lookups. Checking this box omits localhost from the list of DNS servers."
This means your queries go directly to the configured DNS servers, and will not go through the DNS resolver (Unbound) or DNS forwarder (dnsmasq). But they are going out some way or another. There's no bug anywhere
This is the help text under that option:
"By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on Localhost, so system can use the local DNS service to perform lookups. Checking this box omits localhost from the list of DNS servers."
This means your queries go directly to the configured DNS servers, and will not go through the DNS resolver (Unbound) or DNS forwarder (dnsmasq). But they are going out some way or another. There's no bug anywhere
27
18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers
« on: April 04, 2018, 06:13:40 pm »Do I have to open any ports in NAT/Firewall to make this work?
No.
28
18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers
« on: April 04, 2018, 05:22:01 pm »
Much more to gain using Quad9 than Cloudflare anyway. Those 10-15 ms faster performance with Cloudflare is nothing compared to the security offered by Quad9. Regarding privacy.. that's something for you to decide.
29
18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers
« on: April 04, 2018, 04:41:27 pm »
Still going strong here... absolutely no issues...
30
18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers
« on: April 04, 2018, 10:59:08 am »
Hmm.. Maybe a packet capture can shed some light what on what is going on there.. have you tried that?