Topics

I did a reboot and I lost Internet connectivity, no idea what happened: can someone kindly guide me how to troubleshoot it?

Please be patient with me as I'm not a techie  ::)

Tia.

I was searching for an IP address in Diagnostics/Aliases tab of the Firewall and I've got the attached error, any idea of what it is?

Tia.

Does anybody know what those errors are?

Tia.

[any]

I'm reading two articles regarding how to configure for internal DNS only: the first on Zenarmor website and the second one from the Home Network Guy here

There are a couple of differences:

1) for the allow ineternal DNS rule, in the first case the source address is any and in the second example is XXXnet

2) for the blocking external DNS rule, in the first case the source address is any and in the second example is XXXnet

Anyone who could explain to me the logic behind?

Tia.

I found this guide here and I'm not sure which benefit stubby brings, can someone elaborate in 'plain english' ? ::)

Also, why using port 8053 ?

What about DNSCrypt?

I'm trying to learn the differnet options for DNS servers encryption.

Tia.

Briefly, my device has got 3 ports, WAN, LAN1 and LAN2, and each time I reboot the RB Pi 4 (which is connected to LAN2) all my devices (which are connected to a WAP on LAN1) lose Internet for about 2 minutes: why is that ?

Tia.

While I'll be away, I'd like to being able to remotely connect to my OPNsense with my Android phone: can someone point me to a dumb-proof guide on how to do that ?

Tia.

It seems one of the blocking lists in Unbound is blocking github.com, so I've added that domain on the whitelist, but it's still blocked, how come?

Of course, I've restarted Unbound a few times, but still no luck !

Is there any manual change I can make to overcome this issue?

Tia.

I have a pretty simple config, i.e. WAN + LAN + LAN2 with

   1) LAN =   192.168.0.1/24
   2) LAN2 = 192.168.10.1/24

I cannot access/ping the device on LAN2 - can someone please advise which rules on LAN2 I have to setup to accomplish that?

Tia.

[additional]

I'm trying to understand the level of additional protection that the free version (and the free version only) would provide to OPNsense and I'd appreciate anyone input.

Not talking about the reporting capabilities, for instance, if I look at the security policies, I can enable the block for sites that are responsible for malware, phishing, etc - am I right to say that what Sensei does here is to block access to/from a list of malicious IPs, that is the same I can configure with the blocklist feature in Unbound ?

Or adding rules as for this article https://docs.opnsense.org/manual/how-tos/edrop.html

Tia.

Eventually I was able to do fresh install of 21.7 on my APU2 (WAN + 2 LAN ports), but I can't access Internet from the 2nd LAN port: how do I troubleshoot this?

Tia.

Trying to add a cron job to update the Unbound blocklists in System-->Settings-->Cron but it's not in the drop-down menu, how possible?

Tia.

Just complete a fresh install and the WAN doesn't pick up an IP address, never happen before, any suggestions?

Username and password checked, and my spare router connects immediately...

Tia.

My ISP provide dynamic IP address, so every now and then my IP address changes, and as per post subject, how easy is to set that alert up?

Tia.

Since I don't use IDS/IPS, would I gain any boost performance by enabling the hardware offload settings on my APU2E4?

Tia.

I found the following details on how to install Speedtest on FreeBSD, is there a way to install it on OPNsense?

Code Select Expand

$ sudo pkg update && sudo pkg install -g libidn2 ca_root_nss
$ sudo pkg add "https://bintray.com/ookla/download/download_file?file_path=ookla-speedtest-1.0.0-freebsd.pkg"

https://www.speedtest.net/apps/cli

Tia.

I've got 2x LAN ports and 1x WAN port and I'd want to create firewall rules to 'isolate' LAN2 (which is on a differnet subnet than LAN1) in order to allow only Internet access and no access to LAN1, any advice, please?

Tia.

If two or more lists have same domains, is Unbound 'smart' to not include duplicates in the dnsbl.conf file?

Tia?

I read an interesting article here and my current configuration is pretty similar with the one in the article is "example 2", i.e. DoT, recursive caching DNS, TCP port 853 and DNSSEC.

There is an "example 3" (Authoritative, validating, recursive caching DNS) and I've noticed a few differences. i.e. there are no upstream servers, the listening interface/address is only 127.0.0.1, there is no DoT - I'm trying to understand if there is a real benefit in using this third configuration...

How do you configure Unbound ? Keen to hear (and learn) from the experts of this subject, thanks.

After a sudden outage, I've run the command fsck:

Code Select Expand

root@hush:/ # fsck
** /dev/gpt/rootfs (NO WRITE)
** Last Mounted on /mnt
** Root file system
** Phase 1 - Check Blocks and Sizes
INCORRECT BLOCK COUNT I=2006612 (20672 should be 20608)
CORRECT? no

** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
UNREF FILE  I=2007178  OWNER=root MODE=100644
SIZE=197 MTIME=Mar 20 12:22 2021
RECONNECT? no


CLEAR? no

** Phase 5 - Check Cyl groups
FREE BLK COUNT(S) WRONG IN SUPERBLK
SALVAGE? no

SUMMARY INFORMATION BAD
SALVAGE? no

BLK(S) MISSING IN BIT MAPS
SALVAGE? no

71680 files, 1015643 used, 26972945 free (4945 frags, 3371000 blocks, 0.0% fragmentation)
root@hush:/ #

Is there anything to worry about? How to correct the block count error?

Tia.