Messages

121

General Discussion / Re: How to setup DDNS?

« on: June 22, 2022, 03:31:38 pm »

Try disabeling "Force SSL". Some DDNS providers don't work if you have that enabled, if HTTPS is something you must have, then namecheap works just fine for it.

122

Zenarmor (Sensei) / Re: is there a live log?

« on: June 22, 2022, 03:20:00 pm »

And the refresh rate is by default none, so you have to select it.

Again see the picture

123

Zenarmor (Sensei) / Re: is there a live log?

« on: June 22, 2022, 03:18:34 pm »

There is live monitoring feature on each section.

See picture

124

22.1 Legacy Series / Re: use watchdog

« on: June 20, 2022, 05:32:42 pm »

Not that I know off.

Watchdog should work as long as you have watchdog supporting hardware. It is possible you need to add tunable for it, but not sure about that (mine doesn't have any tunable for watchdog, but then again I don't have hardware that supports it, so can't test it)

You can try if it works (there's no harm in it). If it does require tunable, then it's better to check that, since tunables are things you shouldn't touch if you don't know what you're doing

125

22.1 Legacy Series / Re: Traffic shaper broken (even just setting a pipe gets ignored)

« on: June 20, 2022, 04:28:29 pm »

Follow instructions on https://docs.opnsense.org/manual/how-tos/shaper_limit_per_user.html

When you are using ques, it means you are giving priority to IP based on priority vs total bandwidth going through the firewall (Your firewall is able to provide 100 mbps connection to both, you need to count total speed, not speed of your internet connection)

126

22.1 Legacy Series / Re: WAN IP Confusion

« on: June 18, 2022, 02:39:09 pm »

My parents have modem with coax and ethernet, so yes. Modems connect to internet via ethernet nowadays.

Think about it, if it's ethernet coming into the house, why would you need to MOdulate/DEModulate it???
Sorry but, no, there will never be a modem on an ethernet connection.

https://genexis.eu/content/uploads/2020/10/Pure-Ethernet-DSL-Series-Datasheet-V2.4-EN.pdf

Dual Band WiFi ADSL2+/VDSL2 -modem last time I checked, though not the one my parents have

So now you're making my point for me?

Again, there will never be a modem needed for an ethernet connection. That's a DSL modem, it can either take a DSL line or an ethernet line in. If it's an ethernet in, it doesn't use the modem.

Why would you need to MOdulate/DEModulate an ethernet connection??? Get it, mo-dem

Oh my bad. Yea you are right, it is DSL modem, got confused with the word modem since where I live (Finland) cable modems are pretty much extinct.

127

22.1 Legacy Series / Re: WAN IP Confusion

« on: June 18, 2022, 02:03:14 pm »

My parents have modem with coax and ethernet, so yes. Modems connect to internet via ethernet nowadays.

Think about it, if it's ethernet coming into the house, why would you need to MOdulate/DEModulate it???
Sorry but, no, there will never be a modem on an ethernet connection.

https://genexis.eu/content/uploads/2020/10/Pure-Ethernet-DSL-Series-Datasheet-V2.4-EN.pdf

Dual Band WiFi ADSL2+/VDSL2 -modem last time I checked, though not the one my parents have

128

22.1 Legacy Series / Re: WAN IP Confusion

« on: June 18, 2022, 01:33:16 pm »

My parents have modem with coax and ethernet, so yes. Modems connect to internet via ethernet nowadays.

129

22.1 Legacy Series / Re: WAN IP Confusion

« on: June 18, 2022, 06:06:46 am »

Also if your modem connects to internet using Ethernet cable, then you can just replace your modem with Opnsense. Only reason why you would have to connect opnsense to a modem, is because modem has right WAN port which is other than ethernet.

It doesn't matter if it's fiber or CAT 5,6 or 7, as long as internet is coming via Ethernet, you don't need cable modem

130

22.1 Legacy Series / Re: WAN IP Confusion

« on: June 17, 2022, 02:21:33 pm »

Basically there's a conflict. Your modem is confused with Opnsense or blocking traffic coming from it.

If your modem has bridge or AP mode, that could fix the issue as well

131

22.1 Legacy Series / Re: WAN IP Confusion

« on: June 17, 2022, 02:16:55 pm »

That's what I meant with routing.

It is possible that there is a conflict with cable modems DHCP or if you bought the modem and it has opnsense installed on it, then plug cables to different ports (mine firewall which I bought from Decisco had WAN on port 0 and LAN on port 1).

You can also try if changing the LAN IP and DHCP pool works. First setup your computers IP to 192.168.1.2, then go to opnsense webgui, go to services ---> DHCPV4 and uncheck the enabled box.

Then go to interfaces ---> LAN and under static Static IPv4 configuration, type 192.168.2.1 and check that box next to it shows 24. Then save changes. You should be blocked from Opnsense now.

Or if your modem supports it, disable firewall, NAT and DHCP on it (setting it to bridge or AP mode does that)

After that change your computers IP to 192.168.2.2 subnet to 255.255.255.0, gateway to 192.168.2.1 and primary dns server to 192.168.2.1, go to DHCPV4 and enable it, under pool section, slect range from 192.168.2.2 to 192.168.2.253 and save changes.

Next you can enable DHCP on your computer and see if you get an IP between 192.168.2.2 and 192.168.2.253 with subnet 255.255.255.0.

If internet doesn't work, you need to create a route from opnsense to your modem and from modem to your opnsense.

132

22.1 Legacy Series / Re: WAN IP Confusion

« on: June 17, 2022, 01:47:53 pm »

It is normal. It means your cable modem is able to directly connect devices to the internet and quite possibly has no NAT, firewall or DHCP

Opnsenses WAN port by default blocks Block private networks and should have public IP address.

You just need to assign one of the ports on opnsense for LAN (you should have at least 2, 1 for WAN and 1 for LAN), setup DHCP under services ---> DHCP IvP4 and that should be it.

Then you can connect a switch or your computer to that port and you have internet (as long as there is "Allow LAN to any default rule" in Firewall ---> Rules ---> LAN ( see picture)

If there is something that would possibly make things not work, it's routing. But most times you don't have to touch them when creating networks on physical ports.

133

Web Proxy Filtering and Caching / Re: Cache proxy server, blocks internet browsing when enabled

« on: June 17, 2022, 12:58:26 pm »

And whitelisting is extremely important. If you don't do that and one of the lists you chose doesn't contain Microsoft networks. Clients using your proxy won't be able to download Windows updates, use onedrive, Xbox LIVE, teams, Microsoft Offices online features, Microsoft store, msn mail or even logon to user accounts if they use online accounts instead of local accounts.

In short: EVERYTHING microsoft related will be blocked be it people using google accounts to connect to them or not.

Same goes for each service which isn't whitelisted. So Proxy is good when you need to forexample block access to netflix, steam etc. in school networks, but for home use, it is a way to make things like putting a gun in your mouth and pull the trigger quite attempting

134

Web Proxy Filtering and Caching / Re: Cache proxy server, blocks internet browsing when enabled

« on: June 17, 2022, 12:45:09 pm »

You need to follow instructions to the letter and change only local IPs if they are different from the instructions.

If you have done so.

1. Go to windows network settings and setup proxy there (Google and edge use windows proxy settings)

2. Make sure that culprit isn't DNS. Easiest way to check this, is to manually change DNS settings from your OS network settings, if it let's you access internet, then proxy isn't working as it should, if it doesn't then your browser is possibly trying to connect different DNS or doesn't have right certificate

3. Check that proxy uses HTTP AND Https, any site that uses SSL, won't work with HTTP proxies which is why you need to create certificate for proxy and add that certificate to browsers trusted certificates

4.  Add networks to whitelist (the lists which are available only contain networks for youtube, netflix and some others, but steam, Microsoft and such aren't included on those and you need to add their net blocks to whitelist manually)

Thing to keep in mind, make sure that proxy doesn't interfere with sites like banks and services, which do not support proxies (proxies use similar methods which man in the middle attacks do), for example Discord won't work in proxy networks. So you might not be able to use proxy with edge or google unless you can configure proxy settings on both of their settings.

Lastly if you want proxy to be used only by certain clients, then easiest way to do so, is to set it on separate physical or virtual network interface / VLAN, connect a switch to that and connect clients to that switch. It's also good idea to do this anyway, since if you do something very wrong, you will be locked out from management (including SSH) and only way you are able to undo it, is reseting firewall back to factory defaults or reverting to correct backup via console (opnsense does automatically backup 10 things you change by default)

Been a while since last time I played around with proxy on opnsense, but it is quite simple once you get hang of it.

135

Zenarmor (Sensei) / Re: Web Controls: Adult vs Pornography

« on: June 16, 2022, 09:59:17 pm »

To put short, just because you are sharing files using P2P program doesn't make it illegal, what makes it illegal is if the file in question is copyright protected and you don't have permission to share that file.

One good example of nerds showing how pointless it is to ban P2P, is Star Wreck VI: In the Pirkning, scenes where you see posters on the walls of multiverse human ship (https://youtube.com/clip/UgkxOShs8MNGVFfKLAPcxOfGBVqRrr7eHMgv for example), says "HOMO!!!! WAREZ IS A SIN!!!" in Finnish and makers of that movie actually shared it on piratebay before they started selling DVDs