Messages

226

General Discussion / Re: Set local static IP for wan interface using PPPoE

« on: September 21, 2024, 11:49:12 am »

I can't see a VIP on the WAN interface working for this - the WAN interface is one end of a PPP tunnel. The other end od the PPP tunnel is not on the ONT - it's on some ISP-owned hardware in some location beyond the other end of the fibre. I would expect the ONT to be invisible from the PPP layer.

Assigning the underlying physical NIC and giving it a 192.168.x.x address seems like it should work (see @zan's editted response), but I don't have an easy way to test it. You would have to NAT it if you want to access the ONT from hosts on your LAN, unless there's a way to add static routes to the ONT (pointing back to you LAN through OPNsense).

227

General Discussion / Re: Connect my NVR device to noip endpoint

« on: September 21, 2024, 10:20:57 am »

I only have experience with my Android phone as a client - it's been working very well for me. I believe all of the major platforms are supported ... https://www.wireguard.com/install/

228

General Discussion / Re: Connect my NVR device to noip endpoint

« on: September 20, 2024, 10:44:11 pm »

There are a few different approaches here:

1) Use port-forwarding to expose your NVR to the internet - probably not recommended, since the NVR security may not be "internet grade"

2) Use a reverse-proxy, such as Caddy - provides somewhat better security, and authentication options

3) Setup a VPN server on OPNsense, probably WireGuard, which you can connect to with your own clients when away from home, and access anything on your LAN

Assuming NVR access is just for your own use, and you're not trying to make it available to the public, I'd lean towards option (3)

229

24.7 Production Series / Re: Public IP logged by default? Or easily added? Copyright strike claim rebuttal

« on: September 20, 2024, 02:59:12 pm »

If it's a CGNAT public address that the claim was being made against, it's nonsensical, as that address could be used by multiple customers simultaneously - that's kindof the point of CGNAT... (?). One might expect StarLink to understand that, but.......................

230

24.7 Production Series / Re: Public IP logged by default? Or easily added? Copyright strike claim rebuttal

« on: September 20, 2024, 02:54:31 pm »

If your OPNsense WAN interface is a DHCP client, it may be logging its addresses in the system log. I believe it keeps 31 days of those by default. From a shell, try:

grep -r "New IP Address" /var/log/system/

231

24.7 Production Series / Re: RA ISSUES WITH GATEWAY

« on: September 19, 2024, 10:48:10 pm »

The link local address should work fine as a default route ... so long as it is actually the LLA belonging to the OPNsense interface, of course! I think you have something else going on..........

232

General Discussion / Re: Speed limited when using 5G Modem as WAN

« on: September 19, 2024, 10:37:33 pm »

I suppose you could use `ifconfig` in a shell to verify that your WAN interface really is connected at 2500Base-T. Beyond that, I can't think of anything.....

233

General Discussion / Re: Unbound DNS returning DHCP4 host IP even with Override set

« on: September 19, 2024, 10:19:00 pm »

I'm a bit confused about your "DHCP static" and "DHCP4 Lease".... do you have static mappings for some server instances, but others getting DHCP addresses from a pool and specifying their own preferred hostname? or...?

What is your system Domain Name? (System -> Settings -> General -> Domain Name)

What is the Domain Name for the DHCP service? (Services -> ISC DHCPv4 -> [interface] -> Domain Name)

What is the Domain Name for the Static Mappings? (it's an optional setting for each one)

Figuring out why you're getting two answers for server.domain.net is probably the place to start...

234

General Discussion / Re: is this going to work? (Bridges with UniFi hardware)

« on: September 19, 2024, 06:02:39 pm »

If you're determined to use bridges, your MGMT network can't be untagged - you'll have to assign a VLAN ID (other than 1) to it, and tag it on the links to your UI switches, and make a bridge containing those VLAN interfaces.

235

General Discussion / Re: is this going to work? (Bridges with UniFi hardware)

« on: September 19, 2024, 04:15:17 pm »

I'm not sure if I'm understanding the problem description fully, but...

you cannot (on OPNsense) bridge multiple physical NICs and do VLANs on the bridge - you'd have to add the VLANs to each physical interface individually, then build bridges across the VLAN interfaces.

.... but I agree with @bimbar - get rid of the bridges, and your life will be simpler.....

236

General Discussion / Re: Unbound DNS not starting

« on: September 18, 2024, 02:03:40 pm »

Sounds like file corruption of some sort to me. If you can login, either on the console or with ssh, start a shell (option `8`) and run `cat /var/unbound/unbound_server.pem`, the result (contents) might reveal something.

I wonder if you might have a full filesystem or something....

237

General Discussion / Re: How can I keep my security camera setup off line and still acces it locally

« on: September 18, 2024, 10:16:13 am »

I would suggest not interfering with the internal network provided by the NVR (for communication with the cameras). It's the connection to your LAN that you're concerned about.

DHCP reservation setup is covered at https://docs.opnsense.org/manual/dhcp.html

You won't be able to actually do it until you have the NVR, as you'll needs its MAC address (basically a hardware identifier for its network interface).

238

General Discussion / Re: How can I keep my security camera setup off line and still acces it locally

« on: September 18, 2024, 12:30:20 am »

How can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting the
NVR in the mail, and can not find any information regarding whether it has a fixed IP
or a dynamic one.

I would expect it will allow you to either configure a fixed IP address or use DHCP. If you choose DHCP (or if there's no option), you could create a reservation in OPNsense's DHCP server to assign it a specific IP address of your choosing (which should be outside the pool for dynamic addresses).

239

General Discussion / Re: How can I keep my security camera setup off line and still acces it locally

« on: September 17, 2024, 10:24:49 pm »

You could assign igc3 as another interface, and give it its own subnet (not overlapping with your existing LAN), and create firewall rules to explicitly allow whatever communication you deem appropriate...

... or you could put the NVR on your LAN and block it from accessing the internet... but it would still be able to talk to other hosts on your LAN without going through the firewall - that may or may not be a concern, depending on how much you distrust the NVR...

240

24.7 Production Series / Re: KEA DHCP delete all reservations

« on: September 17, 2024, 10:45:24 am »

I would rather not try this as I have 30+ reservations

services > kea > reservations tab

change column view from 7 to all,  then top left to the left of subnet select all.   then click delete?

By "column view", I assume you actually mean the "number of items per page" option?

Where is "delete"? There is a Delete button (bin / trash can icon) on each row of the table, but that only applies to that one row (I did test it). There does not appear to be any "delete selected" button.....?