Messages

511

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: July 28, 2021, 04:18:41 pm »

Thanks for the link, but Owh, messing around with the console doesn't sound very promising....
Should we better switch from DoH to DoT than? Since that is more straight forward?
As I just read here: https://homenetworkguy.com/how-to/configure-dns-over-tls-unbound-opnsense/

I thought that DoH was the " better" solution over DoT ?

512

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: July 28, 2021, 04:05:44 pm »

Dear @p1n0ck10 and others,

Does this DOH still work on opnsense 21.7 ?
Since unbound dns - custom options is removed (?)
I followed your guide and have this in the custom options added:
server:
do-not-query-localhost: no

forward-zone:
   name: "."
   forward-addr: 127.0.0.1@5353
   forward-addr: ::1@5353

Can I upgrade to opnsense 21.7 or what should we alter where in the opnsense gui to keep DoH running like it should???

513

General Discussion / Re: Problem with randomized MAC address on cellphone

« on: July 27, 2021, 07:54:43 am »

Dear PankaJ,

I have noticed this also! I have opnsense configured with:
Deny unknown clients - on
Ignore Client UIDs - on
Static ARP - on

All devices are in the "DHCP Static Mappings for this interface."  list.

When my devices update, like iPhone, appletv, MacBook, iot, etc, all keeps working fine BUT when my son updates his e.g. his iPhone to a beta version of iOS that iPhone connects to wifi but gets no data/internet.
I have to delete his iPhone and connect it again with static ip. It looks like the same problem you are experiencing. Is this a bug in opnsense or in my understanding how my "closed network settings" work?

514

21.1 Legacy Series / Re: email smtp port 25 and 587 firewall rule/port forward protection

« on: July 25, 2021, 09:51:40 pm »

Ah great! Now I Understand. Thanks for that. Learned something again today.
And problem solved :-)

515

21.1 Legacy Series / Re: email smtp port 25 and 587 firewall rule/port forward protection

« on: July 25, 2021, 06:48:02 pm »

somehow the LAN addresses used above did not work for my iPhone on 4g (with vpn to opnsense).
Than I thought, when I make an alias with the ip-range from LAN and VPN and use that as source ip....
changed it, and this works!

I do not understand what is different from the LAN address with this alias, but that has to do with my learning of how opnsense / firewall works. Or should Source IP - lan address also have worked? What did I do wrong than?

516

21.1 Legacy Series / Re: email smtp port 25 and 587 firewall rule/port forward protection

« on: July 25, 2021, 12:23:07 pm »

@Fabian, thank you for your reply.
So I change this in the NAT portforward so it get changed also in the firewall-rules-wan?

See attached pictures? Or should I Leave the Nat port forward untouched and only change firewall-rules-wan?

517

21.1 Legacy Series / Re: email smtp port 25 and 587 firewall rule/port forward protection

« on: July 25, 2021, 11:45:14 am »

@Fabian

I changed port 587 in the firewall on the mailserver to only allow internally.

In opnsense I still have :

Firewall->NAT->Port Forward-> rule:
Interface (WAN) - protocol (TCP) - Source Adress (*) - Ports (*) - Destination Address (WAN address) - Ports (587) - NAT IP (local IP mailserver) - Ports (587)

and the auto added rule Firewall->Rules->Wan-> rule:
Protocol (IPv4 TCP) - Source (*) Port (*) -  Destination (local IP mailserver) - Port (587) - Gateway (*) - Schedule (*)

How to change this for the "open port 587 only internally?

Thanks in advance for your explanation!

518

21.1 Legacy Series / Re: email smtp port 25 and 587 firewall rule/port forward protection

« on: July 25, 2021, 09:17:48 am »

Thanks Fabian,

I will change this right away!

519

21.1 Legacy Series / email smtp port 25 and 587 firewall rule/port forward protection

« on: July 24, 2021, 09:14:53 am »

Dear community,

I have a mailserver running behind opnsense. The mailserver is working and have the port forward rules for ports used 25, 587, etc

Now I was thinking, Is there a way to configure opnsense so to protect the mailserver that only the local IPrange and vpn range can log in into the mail server and being able to sent email? Using an alias?
but so that the mailserver can receive emails being sent to it from anybody?

Sounds like a solid option, but I don't know if this is possible while the mailserver must being able to communicatie with the world?

Hope my question makes sense and somebody with knowledge of running mailservers and opnsense have a best practise for how to set secure port forwards/alias etc.

520

Virtual private networks / Re: OpenVPN to access mi Home Network from Internet

« on: June 10, 2021, 09:44:14 pm »

maybe those instructions help you (they helped me back than :-) )

https://forum.opnsense.org/index.php?topic=13465.0

https://homenetworkguy.com/how-to/configure-openvpn-opnsense/

521

General Discussion / Re: Question on where to buy

« on: June 10, 2021, 09:24:39 pm »

As stated above. Opnsense -> Deciso has its own hardware shop. But there are others too.
See for instance: https://teklager.se/en/

522

Virtual private networks / Re: OpenVPN connect/visible to LAN subnet

« on: May 31, 2021, 07:23:33 pm »

I have read over there someone setting up ZeroTier VPN and got it working.
So I will be looking for a good Opnsense - ZeroTier Brigdge guide and try that out. Sounds better than a openvpn TAP mode (?)

523

Virtual private networks / Re: OpenVPN connect/visible to LAN subnet

« on: May 30, 2021, 08:02:34 pm »

thanks for your help and pointing me to the Roon thread... I will take a look over there to find some more info....
hope I get it to work in some way.

524

Virtual private networks / OpenVPN connect/visible to LAN subnet

« on: May 30, 2021, 12:44:31 pm »

Hi community,

I have OpenVPN (ovpns2) running on Opnsense with IPv4 Tunnel Network 10.8.0.0/24, using Redirect Gateway and DNS Servers 192.168.1.1 (OpnSense)

My LAN (igb1) subnet 192.168.1.0 and subnetmask 255.255.255.0

VPN is running, I can see the LAN devices and other network items only available on local Lan.
I am using and running Roon Core/server on my Synology NAS. When I am outside and connected to VPN on my Opnsense I can start Roon on my iPhone and I can also see my local LAN endpoints to play music to. Only problem is that I can not see my iPhone as endpoint while on vpn. When I am at home on wifi, I can see my iPhone as endpoint in Roon.

I think it has to do with ROON detecting endpoints on the same subnet as LAN. How can I connect my VPN to the same subnet, or make my vpn connections visible to ROON LAN/subnet 192.168.1.0 / 255.255.255.0 ?

thank you very much for your help in advance!

525

Web Proxy Filtering and Caching / Re: redis - wordpress

« on: May 20, 2021, 08:28:11 am »

Hi Patrick,

Thnx for explaining. I had tried the ip of Opnsense also, what resulted in timeout. But I follow your explanation and will go for trying to run it on Synology nas to see how that goes :-).
Keeping the firewall by its main and only task.