Messages

76

Dutch - Nederlands / Re: upstream wan webinterface vanaf lan niet bereikbaar

« on: October 20, 2022, 07:24:30 pm »

Beetje dubbelpost zo: https://forum.opnsense.org/index.php?topic=30711.0
Weet niet of ze dit hier toestaan.

77

General Discussion / Re: upstream wan webinterface not reachable from lan network

« on: October 20, 2022, 07:14:56 pm »

Another useful guides
https://homenetworkguy.com/how-to/use-opnsense-router-behind-another-router/
https://homenetworkguy.com/how-to/use-static-routing-to-second-opnsense-router-with-nat-disabled-for-homelab/

78

Hardware and Performance / Re: OpnSense in Synology VirtualManager VM does not shut down VM properly

« on: October 01, 2022, 10:00:53 am »

Does Synology has some ACPI options to enable?

79

Web Proxy Filtering and Caching / Re: Web content filtering based on keyword

« on: September 24, 2022, 06:42:50 pm »

That is difficult. Most website are encrypted (HTTPS). This is invisible to the router. To inspect traffic you need to decrypt it, meaning MitM capturing. This also means that users are getting untrusted ssl warnings and you have to install self singned certificates on all clients (browsers).
I is just not worth is....

Blocking DNS resolving using DNSBL is the most feasible way to try to block stuff. But this works on domain names. Thus you block "Amazon" completely in that instance.

That said. Why try to block if someone is really looking specifically for adult content?

80

General Discussion / Re: Simple Web App To Toggle Unbound DNS Blocklist

« on: September 24, 2022, 11:09:30 am »

Maybe "adblock" is not completely the correct technical name? You are dns-sinkholing domains. But to be fair, mostly used to block pesky advertising domains 

81

Intrusion Detection and Prevention / Re: Suricata GUI feature requests

« on: September 14, 2022, 08:44:27 pm »

You can create bug/feature tickets: https://github.com/opnsense/core/issues

82

Tutorials and FAQs / Re: Best Practice for Changing Physical Interfaces

« on: September 14, 2022, 07:35:47 pm »

Not sure if it works, but if you export the config file, rename/delete stuff in the xml and import the new one?

83

Dutch - Nederlands / Re: Hoe kan ik devices van WAN naar VLANs krijgen

« on: September 08, 2022, 06:59:56 pm »

En voor het geld hoe je het niet te laten. Ik gebruik een GS108Ev3 van 30 tientjes ofzo.

300 euro, Daar kan ik er ongeveer 10 van kopen 
(https://tweakers.net/pricewatch/424304/netgear-prosafe-gigabit-plus-gs108ev3.html)

Dan had ik een hele dure winkel te pakken helaas....
Maargoed, stomme typo dus. Benieuwd naar hoe onze TS ervoor staat.

84

Dutch - Nederlands / Re: Hoe kan ik devices van WAN naar VLANs krijgen

« on: September 05, 2022, 12:21:39 pm »

Je maakt het behoorlijk complex zo. Veel lastiger dan nodig. Je werkt toe naar double-NAT'ten wat je eigenlijk niet moet willen. Kan die hele Ziggo box er niet tussenuit? Of minimaal in bridge mode.

Met OPNsense in een VM introduceer je ook nog extra problemen met de Host die een IP moet hebben. Proxmox herstarten zorgt dat je router onderuit gaat. Ook daarvoor valt wat te zeggen om op een dedicated host te draaien.

Daarbij geef je aan dat je geen Managed Switch wil kopen. Geen expert maar volgens mij niet mogelijk (of je moet allemaal fysieke kabels trekken). En voor het geld hoe je het niet te laten. Ik gebruik een GS108Ev3 van 30 tientjes ofzo.

"Lawrence Systems" op Youtube heeft een aantal goeie filmpjes over VLAN setup. Welliswaar voor pfsense maar komen prima overeen.

85

General Discussion / Why did OPNsense swap the default interface order (WAN/LAN)?

« on: September 05, 2022, 11:02:13 am »

As a former PFsense user i like to know why OPNsense switched this default order?
The PFsense order feels quite natural (dangerous internet -> lan -> all other internal networks). So the most-left interface is "internet".

Swapping LAN/WAN seems really strange to me. It also makes a migration for users complicated. Lots of guides/tutorials also note this choice.

I assume a reason is behind this change?

86

General Discussion / Re: I can't figure out how to do this to save my life...

« on: September 05, 2022, 10:52:58 am »

not sure if i understand.

You are running your router in a VM. Your host (proxmox) will boot first and needs a network too. But your router is not available at this (boot) moment. AFAIK proxmox force a hard IP at installation time. Make sure this IP is outside of your DHCP range but IN the correct network.

Network is a integral important part of your infrastructure. Personally i would just use some dedicated mini computer for it.

87

22.1 Legacy Series / Re: Networking step by step (beginner level).

« on: June 06, 2022, 06:40:56 pm »

Get rid of the router provided by the ISP.  Get decent network cards for your computer and forget about USB.  Get a switch that can be managed; unmanaged ones are for special cases only and are of very limited use.

You can skip 2.5Gbit and better either stick with 100MB (which is plenty for learning and inexpensive) or 1GB (which is fine for anything but special cases).  Then if you really do need more bandwidth, go straight for 10Gbit.  (What's the point of 2.5?  If you have that much data to transfer and if your hardware is fast enough for it, then 2.5 is a bottleneck and you want 10Gbit.  2.5 is merely a bad joke.)

What exactly are you trying to accomplish?

Although you have some valid points. I think the topic starter  first needs to address (learn) the problem. Basically you are saying: "throw everything in the bin. What are your needs and requirements?".

Sure crappy (usb) NICs can cause problems but is this the case? (i doubt it). We do not know.

If the topicstarter cant make this double NATted network work, how will a managed switch fix this?

88

General Discussion / Re: Challenges of a Beginner/Hobbyist/Home User

« on: June 06, 2022, 05:31:32 pm »

I see you seem to have a focus on VLAN's. Why? My HW has a WAN port and a LAN port, OPT1 and OPT2 so I had enough ports for subnets for a home network. All my HW ports are being used so if I need more subnets I will have to start using VLAN's. But is there another advantage I am missing?

Sure, if you have enough interfaces AND wires in your house you do not have to use vlans to segment devices. In most cases people only have 1 cable to (for example) the second floor. If you want to separate wired devices you can use vlans to accomplish this.

Most devices however are wireless. You can use vlans with different SSIDs for all networks (guest, iot, wlan, media). But you need a professional wifi AP (or flash your router with something like openWrt)

I have a router with 8 interfaces and i use only 2 (WAN and 1 to the switch).

89

22.1 Legacy Series / Re: Networking step by step (beginner level).

« on: June 06, 2022, 02:54:09 pm »

routing can only between different networksegments, so do not use 192.168.0.2/24 and 192.168.0.3/24 on your opnsense router. But rather use 192.168.1.1/24 (for example) for the  LAN part.

I think this is a nice starting guide: https://homenetworkguy.com/how-to/use-opnsense-router-behind-another-router/

90

General Discussion / Re: Challenges of a Beginner/Hobbyist/Home User

« on: June 06, 2022, 02:48:26 pm »

I really do not want to discourage you to write documentation. I wrote my own notes while creating my setup. Mainly containing the network layout and VLAN planning.

There are some guides for the basic setup. I think even for OpnSense. Meaning a normal DHCP WAN ISP, 2 interfaces router and en basic switch at the second port.

Lots of people afterwards will just google/youtube (and use pfsense tutorials) to accomplish tasks. (vlan, dns redirection, blocklists, dhcp reservation, etc.).

People really need to have some basic knowledge to succeed those quests. You get really basis questions like: "i use a switch but i do not see the traffic between two systems" (on the same network). They do not understand network masks.