Recent posts

#1
26.1, 26,4 Series / Re: 26.1.9 broke my DNS?
Last post by passeri - Today at 01:13:00 PM
Weird.

As noted above, I had made no changes at all to my configuration for months before I upgraded from 26.1.8 to 26.1.9, when DNS stopped.

Today I spent some time exploring for problems. The Unbound log showed enquiries were being blocked, yet I have no blocklist set in Unbound. Re-upgrading after returning to the prior snapshot (which also now failed) was marked by the same upgrade oddity that the normally verbose output did not show at all until the entire upgrade had completed. Still DNS did not work although the internet remained accessible by IP address.

I upgraded a reserve machine. It was fine, and displaying the usual output along the way.

I switched off to think about it a while, switched back on (far from the first power cycle in this) and, DNS woke up.

I am nonplussed. I did nothing to stop it working and nothing to fix it again. Cosmic rays from the Universe? Might Q-feeds have interfered for a while?

I will run the internal router for another day or so before nervously upgrading the edge.
#2
General Discussion / DNS Best practices
Last post by Zayan5117 - Today at 12:34:19 PM
I've recently setup my OPNsense firewall with DNS failover, currently it goes
1. Pi-Hole (Running on a primary server)
2. AdGuard (Running on a separate server)
3. Google DNS
4. Quad9
5. Cloudflare
I'm wondering though if there are any issue that can arise or if there's a best practice as I'm using the "Use System Nameservers" in Unbound DNS instead of unbound itself
Any tips or recommendations would be appreciated
#3
26.1, 26,4 Series / Re: "The DHCP Server is active...
Last post by franco - Today at 11:53:26 AM
Should be easy to find with the type ahead search :)


Cheers,
Franco
#4
26.1, 26,4 Series / Re: Maltrails fail2ban doesn't...
Last post by raywan - Today at 11:51:38 AM
Quote from: franco on Today at 07:49:16 AMWas this working before? Because this popped up recently...

https://github.com/opnsense/plugins/pull/5463
I tried manually add "FAIL2BAN_ALLOWLIST 127.0.0.1" in /usr/local/share/maltrail/maltrail.conf or "127.0.0.1 192.168.1.1/24" in Services: Maltrail: General page.
Finally, no help.
It was working good until last 26.4_14 hotfix. I didn't remember which day fail2ban crashed or stop working. But Maltrail server& sensor are both working until now.
#5
General Discussion / Re: Password Reset
Last post by viragomann - Today at 09:46:27 AM
Quote from: TannhäuserGate95 on Today at 09:16:29 AMHow can I get console access to the VM when OPNsense IS the gateway and noVNC loses connection during reboot?
OPNsense is the gateway even for Proxmox and you have only remote access to it?
If so you have to change the configuration of Proxmox, so that you bypass OPNsense.

Quote from: TannhäuserGate95 on Today at 09:16:29 AMi can only access OPNsense console from the Proxmox GUI through noVNC, and noVNC will not display before the "splash screen"
Don't agree.
The Proxmox integrated noVNC viewer shows the whole boot process in my setup.
In the noVNC screen there is also a start button shown up, if the VM is down.
#6
26.1, 26,4 Series / Re: "The DHCP Server is active...
Last post by dseven - Today at 09:46:11 AM
Quote from: franco on Today at 07:51:47 AMYou can drop ISC DHCPv4 and v6 legacy configuration from System: Configuration: Defaults: Components if you no longer use the ISC DHCP plugin.

... and if you're wondering why it's not appearing under "I" for "ISC" in the list of components, look under "S" for "Services:" ;)
#7
Updated to the latest business edition yesterday

Noticeunbound blocklist parsing done in 13.18 seconds (512317 records
#8
General Discussion / Re: newbie trying to set up ne...
Last post by Nullman - Today at 09:29:42 AM
Quote from: lumilumi on Today at 09:13:44 AMI thought that wireless access points were by default a bit unsecure
You thought wrong. Access points from Ubiquiti or Grandstream have WPA3 and WPA3 Enterprise support. They also support per SSID VLAN segmentation and they can work with RADIUS authentication servers. And lets not even get into performance metrics and reliability.

There are several things you should never do with your opnsense box.

Use it as a soft switch.
Use it as an wifi access point.
Use USB devices on it.

Quote from: lumilumi on Today at 09:13:44 AM- do you have a reccommendation for one less than $100?
Grandstream GWN7604. Keep in mind that some of these devices are not shipped with power supply so you will need PoE injector or PoE switch.
#9
General Discussion / Re: Password Reset
Last post by TannhäuserGate95 - Today at 09:16:29 AM
How can I get console access to the VM when OPNsense IS the gateway and noVNC loses connection during reboot?
Is there a way to access the VM console (OPNSense) from the Proxmox host directly without going through the network?
The problem is, i can only access OPNsense console from the Proxmox GUI through noVNC, and noVNC will not display before the "splash screen"
#10
General Discussion / Re: newbie trying to set up ne...
Last post by lumilumi - Today at 09:13:44 AM
I thought that wireless access points were by default a bit unsecure - do you have a reccommendation for one less than $100?