Messages

There's a category for hide.me, what does Zenarmor log when you try to connect?
What did it log for the problematic services you described?
Did you file a ticket for your problem?

Mine is blocking DoH/DoT just fine, just verified with https://1.1.1.1/help

Code Select Expand

Block status,Start time,End time,Protocol,Source IP,Source hostname,Destination IP,Destination hostname,Destination port,Application category,Application,Application protocol,Security category,Packets Outbound,Packets Inbound,Bytes Outbound,Bytes Inbound,Interface,VLAN,Policy
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,1,0,583,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:50,2023-08-09 20:55:50,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:49,2023-08-09 20:55:49,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,1.1.1.1,1.1.1.1,443,Network Management,DNS over TLS,TCP,,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:48,2023-08-09 20:55:48,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,1,0,583,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,1,0,583,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:47,2023-08-09 20:55:47,TCP,192.168.201.100,192.168.201.100,162.159.61.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:46,2023-08-09 20:55:46,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:46,2023-08-09 20:55:46,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,0,Default
Blocked,2023-08-09 20:55:46,2023-08-09 20:55:46,TCP,192.168.201.100,192.168.201.100,172.64.41.3,chrome.cloudflare-dns.com,443,Network Management,DNS over HTTPS,HTTPS,Proxy,2,0,649,0,igc0,

Problem has been identified, fix will ship ASAP.  :)

Over the centuries Opnsense will be remembered as an excellent firewall capable of giving incredible control of local network devices with powerful add-ons such as Suricata, Adguard or Wireguard but it will never be remembered for Zenarmor unless we wanted to recommend it to our worst enemy.

I have to disagree there, Zenarmor works pretty well most of the time and protects my kids and guest network perfectly. A lot of stuff has been blocked in the past.
Suricata is old-fashioned IPS/IDS, definitely not the way to got to really protect anybody nowadays. Adguard only relies on DNS, and with DoH and DoT circumventing it, will be less useful in the future. I am blocking a lot of DoH/DoT ATM, without having it configured anywhere, the opposite is the case actually. Getting rid of it whereever I see it. But apps as well as macOS/iOS have it build in and will use it under certain circumstances.

Zenarmor's DPI is awesome, and does way more than just AD Blocking. E.g. it can block DoH/DoT which is very important to prohibit if you want to keep controling DNS. I have not cancelled my subscription yet BTW, Zenarmor support is looking into my problems ATM. They have great and very responsive support.

Awesome, thanks!

https://github.com/opnsense/core/commit/13389c823ec

# opnsense-patch 13389c823ec


Cheers,
Franco

The patch fixed it for me, thank you very much!

Awesome, thanks!

I just noticed that for my Home subscription, sub-categories were also reset. I only blocked DoT and DoH, now the complete parent category is blocked.
And on top of that, posted a separate topic here for this, that policy disabled itself. Twice now, after Zenarmor got updated I think.

Oh boy, I used to be a big fan of Zenarmor. Now I'm actually considering cancelling my subscription.

Resetting policies, partly or disabling subcategories, that cannot happen on a firewall software I pay for.

This is the second time this happened to me, so I filed a ticket but also thought I'd share.
Might be specific to my setup, but maybe others want check if their additional policies are enabled still.

In the past we used to have a clear distinction, when setting custom sub-categories. Now it just says "Allowed", which is wrong. I am only allowing 2 out of 24. See screenshot.
Please use a visual distinction again (different button color) and also a different wording, like "Custom" instead of "Allowed".

Any idea how to fix this?
My VLANs are vlan0.666 and vlan0.667

Code Select Expand

Configuring WAN2 interface.
..done.
Generating /etc/resolv.conf...eval: $(vlan0@....): Bad substitution export: vlan0.666 nameserver: bad variable name eval: ${vlan0@....}: Bad substitution export: vlan0.666_searchdomain: bad variable name
done.
Generating /etc/hosts...done.
Configuring firewall.
done.

If you are only looking for AD Block functionality, Zenarmor is a bit oversized.
You can simply put something like https://dbl.oisd.nl/ in the build in Unbound custom Block List feature and be done with it.

I've a opnsense installed on my home network.

I've tried to update zenarmor 1.14 and i've the same issue "Network Error".

I reach my opnsense device with https://opnsense.localdomain url (private one).

After updating zenarmor or try to reinstall it, the network connection come from the issue that zenarmor web ui try to fetch the js/css/img/html component from my WAN ip address and not the 192.168.1.1/opnsense.localdomain url ... + issue with CORS policy because of the mismatch of the 2 domains/ips

I think there is something wrong with the setup and the WAN address must nor be used to serve the web ui of zenarmor

Even the uninstall tab does not work with the same "Network Error", so i can not send a ticket to support directly :(

So for now, no more zenarmor on my system to protect my kids devices :( ... I'm in my trying period and was ready to buy a subscription, but with this faulty upgrade, i'm starting to look other products.

Odd, just checked my installation. According to the Safari Web Inspector, the menu is being pulled from my LAN IP. Only external content is some Google fonts stuff, which is not pulled by zenarmor but my theme. What happens if you access your device with it's internal IP?

Seems to be tied to me having a favourite that links to the older Zenarmor reports path. Updated the link and did not get a crash a login so far.

This happened twice on my test firewall now, submitting error to OPNsense.

Code Select Expand

[07-Aug-2023 08:16:53 Europe/Berlin] Phalcon\Mvc\Dispatcher\Exception: OPNsense\Sensei\ReportsController handler class cannot be loaded in /usr/local/opnsense/www/index.php:70
Stack trace:
#0 [internal function]: Phalcon\Mvc\Dispatcher->throwDispatchException('OPNsense\\Sensei...', 2)
#1 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->dispatch()
#2 /usr/local/opnsense/www/index.php(70): Phalcon\Mvc\Application->handle('/ui/sensei/repo...')
#3 {main}
[07-Aug-2023 08:16:53 Europe/Berlin] Phalcon\Mvc\Dispatcher\Exception: OPNsense\Sensei\ReportsController handler class cannot be loaded in /usr/local/opnsense/www/index.php:70
Stack trace:
#0 [internal function]: Phalcon\Mvc\Dispatcher->throwDispatchException('OPNsense\\Sensei...', 2)
#1 [internal function]: Phalcon\Dispatcher\AbstractDispatcher->dispatch()
#2 /usr/local/opnsense/www/index.php(70): Phalcon\Mvc\Application->handle('/ui/sensei/repo...')
#3 {main}

This is still not working.

I would not call this a convenient way to configure a policy.

Even if I scroll the right/hidden part to the left, it always flips back when choosing a different section, hiding the actual configuration option.
It would have been nice to consider feedback that was collected a year ago. https://forum.opnsense.org/index.php?topic=28732.msg139799#msg139799

This is not mobile-friendly, and not even usable on laptops with smaller screens.