"Quote from: Patrick M. Hausen on December 12, 2024, 05:11:29 PMP.S. Also disable that global "anti-lockout" thing.Is it the checkbox Disable anti-lockout in Firewall -> Settings -> Advanced ?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#16
General Discussion / Re: Limiting the access to the gui
December 16, 2024, 05:15:27 PM #17
General Discussion / Re: Worth enabling DNS over TLS
December 14, 2024, 02:51:00 PMQuote from: Patrick M. Hausen on December 14, 2024, 02:29:39 PMMy ISP is German Telekom, bound by EU customer protection and privacy legislation including GDPR so why should I hand my DNS requests to a US based company on a silver platter?Then Quad9 should be fine as they are based in Switzerland.
#18
General Discussion / Re: Worth enabling DNS over TLS
December 14, 2024, 02:16:20 PM
It's a tricky one, I read many users saying they are happy for Unbound to do the job as they don't care whether or not their ISP can see the DNS queries, but personally I do use DoT with Quad9.
Have a look at the official guide here: https://docs.opnsense.org/manual/unbound.html#dns-over-tls
I suggest do a lot of research before making up your mind.
Have a look at the official guide here: https://docs.opnsense.org/manual/unbound.html#dns-over-tls
I suggest do a lot of research before making up your mind.
#19
General Discussion / Limiting the access to the gui
December 12, 2024, 05:05:56 PM
I'd want to allow only two devices within the LAN to access the OPNsense gui (and ssh too), can someone explain to me how do I do that?
Tia.
Tia.
#20
24.7, 24.10 Legacy Series / Re: Queries for DNS, not sure what they are for
November 27, 2024, 06:56:26 PM
So, yes, there was 'something else' and that was the PS5 ::) I forgot I manually configured the DNS with Quad9
As soon as I turn it off, all that 'noise' stops ;D
Thank you all.
As soon as I turn it off, all that 'noise' stops ;D
Thank you all.
#21
24.7, 24.10 Legacy Series / Re: Queries for DNS, not sure what they are for
November 24, 2024, 10:17:00 PMQuote from: chemlud on November 24, 2024, 09:48:51 PMSorry, I don't understand what you mean...
Or maybe
System -> Settings -> General -> Networking -> DNS
127.0.0.1
As I said, the section System -> Settings -> General -> Networking is all blank/unchecked
I really would like to understand if there is anything to be concerned, e.g. something to change in my config...
Also, if I click on info box information, it brings up a pop up window (Detailed rule info) with reference to the "Disable force gateway" option in the Firewall -> Settings -> Advanced section
#22
24.7, 24.10 Legacy Series / Re: Queries for DNS, not sure what they are for
November 24, 2024, 09:45:58 PMQuote from: dseven on November 24, 2024, 09:38:52 PMYes, I can confirm nothing has been checked/selected on that networking section...
There are some "ifs, ands and buts" around how the OPNsense host itself resolves DNS, primarily controlled via System -> Settings -> General -> Networking options. If you want to use Unbound for everything, you probably want that entire section to be blank (i.e. no DNS servers specified, and all options unchecked).
#23
24.7, 24.10 Legacy Series / Re: Question about Kea DHCP
November 24, 2024, 09:13:19 PM
Thank you both!
#24
24.7, 24.10 Legacy Series / Re: Question about Kea DHCP
November 24, 2024, 09:06:40 PMQuote from: dseven on November 24, 2024, 08:56:24 PMDoes it mean that every 24 hrs the Kea DHCP server releases the IP address and then reassigns that same IP address to the same very host? :o
A reservation just means that the IP address is reserved for a given client - the client still needs to use DHCP to get a lease, renew it, etc.
With ISC DHCPv4 if I assign a static IP address to a device then job done, right?
#25
24.7, 24.10 Legacy Series / Queries for DNS, not sure what they are for
November 24, 2024, 09:00:34 PM
I've configured Unbound with DoT and Quad9 servers (9.9.9.9 & 149.112.112.112), and looking at the firewall live view on the WAN interface, I see continual calls to those servers on port 53 (and not 853) where the source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"
Similarly, if I filter port 853, i see the same type of output, i.e. source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"
I'd want to know if that's normal beavhiour or there is something wrong in my configuration.
Tia.
Similarly, if I filter port 853, i see the same type of output, i.e. source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"
I'd want to know if that's normal beavhiour or there is something wrong in my configuration.
Tia.
#26
24.7, 24.10 Legacy Series / Question about Kea DHCP
November 24, 2024, 08:49:54 PM
I've decided to test the (new) Kea DHCP service and I've added 10 hosts an in the 'Reservations' section, so far so good.
What I don't understand is that if I click on 'Leases DHCPv4' menu, I see all those hosts with a Lifetime of 86400 (which is the default value for hosts with no reservation), and they actually expire within 24 hrs, hence I'm confused, why is that?
Tia.
What I don't understand is that if I click on 'Leases DHCPv4' menu, I see all those hosts with a Lifetime of 86400 (which is the default value for hosts with no reservation), and they actually expire within 24 hrs, hence I'm confused, why is that?
Tia.
#27
General Discussion / Re: Nominate OPNsense and FreeBSD Foundation for Proton's Fundraiser (Big Reward)!!
November 07, 2024, 07:17:12 PM
+1
#28
Documentation and Translation / Re: 2 Wireguard document questions
October 30, 2024, 11:13:08 AMQuote from: trevs on October 30, 2024, 12:09:09 AMI can confirm that the option to add a DNS server is on the instance configuration instead, they should amend that typo...
In https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html#
Under Step 1 there is a paragraph:
"On Peers tab create a new Peer, give it a Name, set 0.0.0.0/0 in Allowed IPs and set the DNS to 193.138.218.74. This is the one MulladVPN provides for privacy."
However in Peers in Opnsense there is not place to set DNS address...
Also, the DNS IP address 193.138.218.74 has been decommissioned a while ago, have a look here for the list of actual Mullvad DNS servers: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
#29
General Discussion / Re: Unbound dns through wireguard VPN
October 29, 2024, 11:13:41 AMQuote from: FredFresh on October 29, 2024, 11:08:33 AMI believe so
That settings only specify the external dns ip...isn't it?
#30
General Discussion / Re: Unbound dns through wireguard VPN
October 29, 2024, 10:46:27 AMQuote from: FredFresh on October 26, 2024, 04:34:25 PMJust go to Services -> ISC DHCPv4 -> LAN and either select a single host or the entire LAN and type your preferred DNS servers IP addresses in the option DNS servers
Someone could kindly explain to me what steps should I implement to do this:
Assuming you have configured DHCP static mappings in OPNsense for the hosts using the tunnel, specify in that configuration either the DNS servers supplied by your VPN provider (see note below), or public DNS servers. This will override the network-wide DNS settings for those hosts
Configure public DNS servers for your whole local network, rather than local DNS servers
taken from https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html (steps 3 and 4 to avoid dns leak)
thanks
