OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of RFGuy_KCCO »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - RFGuy_KCCO

Pages: [1]
1
20.7 Legacy Series / Re: VnStat and Traffic Graphs stopped working with 20.7
« on: October 25, 2020, 02:55:56 pm »
It looks like this issue also impacts interfaces using the ix driver. I have two different boxes running OPNsense (both 20.7.4), neither using Sensei or Suricata, and on the one using the em driver, VnStat works fine. On the one using the ix driver, VnStat does not work at all, no matter what I have tried to do to fix it.

2
20.7 Legacy Series / Re: Opnsense + Pihole Host Name Query?
« on: October 25, 2020, 04:05:10 am »
Yes, just turn on DHCP Registration as stated above (also DHCP Static Mappings if you use them). In Pi-Hole, turn on Conditional Forwarding under Settings --> DNS and set it up per your network configuration.

You can also add the line "NAMES_FROM_NETDB=true" (without quotes) to the /etc/pihole/pihole-FTL.conf file. See here for an explanation of this setting: https://docs.pi-hole.net/ftldns/configfile/

3
20.7 Legacy Series / Re: How to use DNS over TLS in 20.7.3
« on: September 29, 2020, 02:16:27 pm »
Quote from: Mks on September 28, 2020, 09:01:20 pm
Hi, sorry my fault, I misunderstand the question.

One question, is certificate verification, e.g 185.95.218.42@853#dns.digitale-gesellschaft.ch supported?

br

Yes, this works if you use the custom options. Frankly, there is no point in doing DoT if you aren't also validating the certs. I am back to using Unbound as a recursive server, so I am no longer doing DoT, but this was my working config before I switched. Just choose which DNS provider you want to use and delete the rest.

Quote
tls-cert-bundle: "/etc/ssl/cert.pem"
forward-zone:
  name: "."
  forward-tls-upstream: yes
 
# Quad9 - No EDNS
  forward-addr: 2620:fe::fe@853#dns.quad9.net
  forward-addr: 2620:fe::9@853#dns.quad9.net
  forward-addr: 9.9.9.9@853#dns.quad9.net
  forward-addr: 149.112.112.112@853#dns.quad9.net
# Quad9 - EDNS
  forward-addr: 2620:fe::11@853#dns.quad9.net
  forward-addr: 2620:fe::fe:11@853#dns.quad9.net
  forward-addr: 9.9.9.11@853#dns.quad9.net
  forward-addr: 149.112.112.11@853#dns.quad9.net
# Cloudflare DNS
  forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
  forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
  forward-addr: 1.1.1.1@853#cloudflare-dns.com
  forward-addr: 1.0.0.1@853#cloudflare-dns.com
# Comcast
  forward-addr:  2001:558:fe21:6b:96:113:151:145@853#dot.xfinity.com
  forward-addr:  96.113.151.145@853#dot.xfinity.com
# Google
  forward-addr: 2001:4860:4860::8888@853#dns.google
  forward-addr: 2001:4860:4860::8844@853#dns.google
  forward-addr: 8.8.8.8@853#dns.google
  forward-addr: 8.8.4.4@853#dns.google

4
20.7 Legacy Series / Re: Unbound forwarding mode
« on: September 19, 2020, 12:56:31 am »
Pretty sure it is a random selection, although I believe I have read that Unbound learns the fastest servers and uses those more often. However, I am not sure that is actually true.

In any case, it definitely doesn't send out to all at once, as DNSMasq does by default. I have not found a parameter that would change this behavior in Unbound.

5
20.7 Legacy Series / Re: AT&T WiFi calling on iOS drops outbound audio
« on: September 02, 2020, 04:14:33 pm »
I'm on 20.7 and using Wi-Fi Calling on AT&T with an iPhone XS Max and it is working great, with no issues and no special rules set up at all. However, I am using Comcast for internet, not AT&T.

6
20.1 Legacy Series / Re: Unbound DoT - still recursive?
« on: June 24, 2020, 03:34:11 pm »
No, it is simply a Forwarder if you a forwarding all your DNS queries to a DoT provider.

7
Development and Code Review / Re: DNSBL and additional features Plugin for Unbound
« on: May 05, 2020, 02:56:20 pm »
Quote from: mrancier on May 05, 2020, 02:47:56 pm
Quote from: pkernstock on May 04, 2020, 03:52:06 pm
The funny thing is, I sent the exact the same feedback to @mimugmail via Twitter. As the form doesn't accept "#" or hostnames into the field.

At the moment I've workedaround it by modifying the config file directly: (to be honest I don't know if that's persistent across reboots)
Code: [Select]
# cat /var/unbound/etc/dot.conf
server:
  tls-cert-bundle: /etc/ssl/cert.pem
forward-zone:
  name: "."
  forward-tls-upstream: yes
  forward-addr: 45.90.28.0#xx.dns1.nextdns.io
  forward-addr: 2a07:a8c0::#xx.dns1.nextdns.io
  forward-addr: 45.90.30.0#xx.dns2.nextdns.io
  forward-addr: 2a07:a8c1::#xx.dns2.nextdns.io

Soooo....yeah, it does not survive a reboot...oh well.

If you place those lines in Unbound DNS --> General --> Custom Options, it will survive a reboot.

8
18.7 Legacy Series / Re: Query Intel NIC driver version
« on: August 07, 2018, 04:24:32 pm »
Not sure how to query driver version on a running system, but you can look in Syslog at the driver versions loaded during startup.

9
General Discussion / Re: Nut not loading
« on: July 05, 2018, 03:19:08 pm »
I started with the Dev version.

10
General Discussion / Re: Nut not loading
« on: July 04, 2018, 07:23:09 pm »
One thing that tripped me up when I first used Nut was that I had spaces in the UPS name, which I learned doesn’t work. Do you happen to have any spaces in your UPS name?

11
18.1 Legacy Series / Re: IPv6 routing/forwarding (?) Issues
« on: April 18, 2018, 06:27:09 pm »
I had to create a WAN firewall rule to allow ICMPV6 in order to enable my clients to send and receive pings. Try that and see if it fixes your issue.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2