Messages

16

General Discussion / Re: Best way to learn and understand OPNsense?

« on: September 22, 2024, 12:47:01 am »

Thanks both.

Start with this - volume I is sufficient:

https://en.wikipedia.org/wiki/TCP/IP_Illustrated

Do you think by reading this it would make all of the features of the GUI make more sense and easier to configure?
Or would it just be lots of theory that wont specifically help with the OPNsense GUI options?

17

General Discussion / Best way to learn and understand OPNsense?

« on: September 21, 2024, 08:00:17 pm »

Hi All,

I've been using OPNsense for a while now, but haven't really got any proper understanding about how to configure it without reverting to watching VT video's. And most of those don't really explain the reasoning for doing things in a noob friendly format, and therefore it ends up being just information where not much understanding is gained.

Are there any structured training resources available to get a total noob like me to a point where I can be totally comfortable with the GUI and all of it's features? Is there some foundation knowledge required to get to this stage?
I want to understand it, but I don't want to have to do months of networking "training" to do so.

I was considering if it may be worth switching to something like DD-WRT which I believe is a little easier on the configuration front for new users, but I'm guessing I could still be in the same situation with that if I don't understand core networking principles.

Is OPNsense the right choice for someone like me?

Thanks,
P195

18

24.1 Legacy Series / Slow updates - advice on query forwarding when using unbound

« on: July 17, 2024, 07:17:32 pm »

Hi All,

I'm currently using Adguard home and unbound internal DNS as per this guide: https://windgate.net/setup-adguard-home-opnsense-adblocker/

I tried to run updates earlier which was being very slow and didn't seem to work, so I added a DNS under system > settings > general and ticked "Do not use the local DNS service as a nameserver for this system". Then when I tried to update it worked perfectly. I have now reverted those changes now that the firmware has been updated.

My question is, how should I set up OPNsense to update properly without having to change this setting each time I need to update, while still using the adguard > unbound > upstream DNS configuration detailed in the link?

*******

A follow on question is, what is the point / benefit in using unbound as well as adguard?

Thank You
P195

19

General Discussion / How to reinstall missing Adguard plugin / connectivity issues

« on: May 18, 2024, 03:31:29 pm »

Hi All,

- Original install had AdguardHome plugin installed
- Made a backup
- Updated to 24.1.7 (new install over old install) configured same interfaces and IP's
- Restored backup
- Couldn't load any websites
- Realised that os-adguardhome-maxit plugin is missing (shown in red)
- Went to Sevices > UnboundDNS > DNS over TLS and checked "Use System Nameservers"
- Went to System > Settings > General and added DNS Server 8.8.8.8 (use gateway = none)
- Can now load websites

I want to reinstall the AdguardHome plugin so my original configuration with AdgaurdHome resumes:

- Used Putty to SSH into OPNsense firewall
- using this guide: https://0x2142.com/how-to-set-up-adguard-on-opnsense/ typed the fetch command to install the adguard plugin and got these results:

fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
fetch: /usr/local/etc/pkg/repos/mimugmail.conf: open(): Permission denied                                                                                                                                                                                                             
pkg update
pkg: Insufficient privileges to update the repository catalogue.

- Went to System > Firmware > Status and ran connectivity audit and got these results:

--- 89.149.222.99 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 11.693/11.879/12.094/0.149 ms
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/24.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 841 packages processed.
All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:5300:a010:1::1
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/24.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/meta.txz: Non-recoverable resolver failure repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***

How I go about resolving the connectivity issues found during the audit?
How do I reinstall the missing Adguard plugin (and why I cant fetch the plugin config file?)

Many Thanks,
P195

20

General Discussion / Re: Block access to a specific file, folder or application on Windows?

« on: January 25, 2024, 12:46:27 pm »

Thank you for replying and confirming the answer to my question, I understand now that this would need to be done on the host machine itself.

If I use windows firewall to block the main .exe of a specific application, will that guarantee that the software will not be able to make any inbound or outbound connections from my network (via any file / location)?

Thanks for your help.
P195

21

General Discussion / Block access to a specific file, folder or application on Windows?

« on: January 25, 2024, 12:02:16 pm »

Hello,

I run OPNsense on my mini pc router.

Is there any way I can create a rule to block a specific file, folder, or application on my windows host machine from having network access either natively or via a plugin? If so, how do I go about it?

Or does this need to be done on the host itself?
If so, is the built in windows firewall able to block network access for specific files, applications or whole folders?
If not, do you have any recommendations for good alternatives that allow this functionality?

Many Thanks
P195

22

General Discussion / Re: Question about Adguard home > Unbound DNS configuration

« on: December 15, 2023, 06:46:52 pm »

Thanks to both of you for your input!



Sorry I'm a networking noob so not too familiar with all the terms yet.

With reference to the picture above, when you say "reverse" does that mean that the DNS is resolved locally by unbound rather than at cloudflare? I kind of assumed that because cloudflare was furthest right, that's where it was resolved.

So is it essentially Client > Adguard > Unbound > Cloudflare > Unbound ? I may be missing the point!

What is the benefit of resolving local hostnames in my internal network?

Rather than rambling on about what I don't understand much, I'll just ask what is the "best" configuration for my DNS to be as private and secure as possible both when I am connected to VPN and also when not?

With VPN:
Client > VPN (app using VPN's DNS servers)
Client > VPN (app - custom DNS pointing to my OPNsense) > Adguard > Unbound > Cloudflare (> unbound?)
Client > VPN (app - custom DNS pointing to my OPNsense) > Adguard > Unbound (?)
Client > VPN (app - custom DNS pointing to my OPNsense) > Adguard > Cloudflare

No VPN:
Client > OPNsense > Adguard > Unbound > Cloudflare (> unbound?)
Client > OPNsense > Adguard > Unbound (?)
Client > OPNsense > Adguard > Cloudflare

Any schooling would be appreciated / needed!

Cheers
P195

23

General Discussion / Re: Question about Adguard home > Unbound DNS configuration

« on: December 15, 2023, 05:54:30 pm »

Removed - double post. See below.

24

General Discussion / Question about Adguard home > Unbound DNS configuration

« on: December 15, 2023, 04:52:32 pm »

Hi All,

When using a local DNS filtering service such as Adguard home on OPNsense, why may you want to include unbound DNS before sending on to the upstream provider as explained in the following guide ?

https://windgate.net/setup-adguard-home-opnsense-adblocker/

From what I can tell, unbound is just forwarding the query to the external provider.
What benefits does including unbound DNS in the chain provide Vs just using Adguard > Cloudflare ?

Thanks

25

General Discussion / Automatic Backups - Help needed with script and cron job

« on: December 06, 2023, 06:28:46 pm »

Hi All,

I've been following this guide https://www.zenarmor.com/docs/network-security-tutorials/opnsense-security-and-hardening-best-practice-guide#how-to-backup-configuration-automatically

but I'm stuck on the last few steps (23 & 24)

I'm on windows so I've opened text editor and copied the code shown in and modified the fields with my API key and secret, my hostname and path to where I want to save the backups to.

What do I have to do next? I assume I need to save that text file somewhere on my PC (should it be a .txt or another extension?) and then I think I have to create a new cron job under System > Settings > Cron?

Any help would be much appreciated.
Thanks

26

General Discussion / Re: How to get internet access when connecting opnsense router to existing router?

« on: December 04, 2023, 01:06:25 pm »

I appreciate your support. I'll have another go at it tonight armed with this information.

Cheers

Update: it worked

27

General Discussion / Re: How to get internet access when connecting opnsense router to existing router?

« on: December 04, 2023, 12:11:10 pm »

Thanks.

So to clarify,

I need to setup the WAN interface to use DHCP, not static IPv4 as described in the linked guide?
I need to change the LAN address to something other than 192.168.1.XXX? something like 172.X.X.X or 10.X.X.X?
When you say reconfigure the DHCP server settings what do you mean? Like the IP range?

Sorry for the noobie questions!

28

General Discussion / Re: How to get internet access when connecting opnsense router to existing router?

« on: December 04, 2023, 11:50:29 am »

Thank you for your response.

I have already unchecked "block private networks" and "block bogon networks" under Interfaces > WAN.

I followed this guide https://homenetworkguy.com/how-to/use-opnsense-router-behind-another-router/ (but not the optional bits at the bottom) but I still wasn't able to get internet access.

I wondered if it was because I needed to do something either in the ISP router config GUI, or on the PC network card TCP/IPv4 setup? Also I'm unsure if I should I be using DHCP, Static IPv4 or PPPoE for the WAN interface?

My ISP router is reached on 192.168.1.254. My OPNsense router is currently setup as IP 192.168.1.1.
Do I need to change the subnet of the LAN interface so it is not 192.168.1.XXX? Should I set it as something like 10.0.0.1 ?

Many Thanks!

29

General Discussion / How to get internet access when connecting opnsense router to existing router?

« on: December 03, 2023, 11:34:50 pm »

Hi All,

I'm trying to connect my OPNsense router to my existing ISP router so I can use my local PC to learn and configure OPNsense while still allowing the rest of my family to use the wireless functionality of the ISP router.

I've connected one of the LAN ports of the the ISP router to the WAN port of the OPNsense router and am able to access the GUI on 192.168.1.1.

When I was using the ISP router in bridge mode before, I had to use PPPoE for the WAN and input my broadband credentials which enabled internet access. When trying to configure this as a router behind a router (which isn't in bridge mode), should I be using DHCP, PPPoE or static IP for the WAN?

Should my network card in my PC be set to obtain IP automatically or do I need to specify a specific IP/subnet mask/gateway ?

Is there anything that I would need to change (or information I would need to know) in the GUI for the ISP router?

I've spent all day today trying to get internet access but to no avail. I'd be very grateful for any advice on what I need to do to get internet access to work when using OPNsense behind my ISP router when not bridged.

Thanks
P195

30

General Discussion / Re: No internet access - not Getting IP for WAN via DHCP

« on: November 30, 2023, 12:55:24 pm »

I just found the following thread: https://community.plus.net/t5/My-Router/Hub-2-Bridging-Mode/td-p/1848842

I've currently got my WAN set as DHCP, the accepted fix in this thread suggests I need to use PPPoE for the WAN interface, and input my broadband login credentials so I'll give that a go this evening and hopefully that'll do the trick!