Recent Posts

1

General Discussion / Re: I am having trouble with my DNS and NTP settings getting bypassed

« Last post by someone on Today at 07:15:39 am »

Thanks, its working with no wan firewall rules but defaults
That closes a security hole, thanks
I unchecked the box in unbound query forwarding to use system DNS servers
So it uses the settings in Query forwarding and DNS over TLS
Did a reboot
But it is using quad9 but still outgoing 53 instead of 853 to quad9, but works
thanks

2

24.7 Production Series / unable to delete alias

« Last post by defaultuserfoo on Today at 06:40:33 am »

Hi,

how do I get rid of an unused firewall alias that appears as still being referenced and can not be deleted?

When I try to delete it, I'm getting an info that a rule is still using it, but I deleted the rule and then deleted the whole interface the rule was used with.  There is no way that this alias should still be used in any way.

So far, I was only to disable the alias.  It's for a host and contains an IPv4 address.

3

General Discussion / Re: I am having trouble with my DNS and NTP settings getting bypassed

« Last post by someone on Today at 06:30:26 am »

I will try that
I think it wasnt working when I didnt open those ports but will try again
It hits outbound servers on those ports
 Inbound response is usually a high port number and covered by stateful firewall lets it in
Thanks I will definitely close that if I can
I will check the DHCP response
And the syn and rst packets response
I think ack is on the established port
And icmp
I will try it
thanks

4

24.7 Production Series / Re: DNS Over TLS Broken

« Last post by newsense on Today at 06:25:54 am »

So...service operational now ?

5

General Discussion / Re: I am having trouble with my DNS and NTP settings getting bypassed

« Last post by someone on Today at 06:25:02 am »

How I fixed it
I reloaded
Set unbound settings
Set DNS servers in system > general
Disabled firefox DNS
Is now working correctly so far
There were a few changes in unbound
Enable DNS sec support
I have listen port on 853 for quad9 but its using 53
Flush Dns cache on reboot
And aggressive nsec
enabled query forwarding for dns.quad9.net at 9.9.9.9
but at the top it is using the DNS servers I listed in system > general
8.8.8.8,8.8.4.4,9.9.9.9
Probably why quad9 is using 53 instead of 853
enabled DNS over TLS with dns.quad9.net also on port 853
also at the top shows DNS servers set in system > general
havnt changed it yet
also made snapshot
doing good so far even if using 53

6

Zenarmor (Sensei) / Re: Updating the packet engine resets web filtering to moderate

« Last post by IHK on Today at 06:19:14 am »

Can you share the logs and configuration by following the instructions in the link below so that we can make a detailed review?
I ask you to tick all the options.
 

https://www.zenarmor.com/docs/support/reporting-bug

7

General Discussion / Re: Public IPv6 address not getting assigned to LAN connected device

« Last post by kada_harsh on Today at 04:33:20 am »

Repasting working links
https://ibb.co/RD9CBGy

But I dont see GLobal or Public IPv6 address transferred to LAN interface.

Form OPNsense POV,
I have already configured "IPv6 configuration type" as "Track Interface"
https://ibb.co/4NPvd5x

Coming to WAN configuration,
https://ibb.co/26TxHsW

WAN DHCPv6 config is,
https://ibb.co/CnQSfNm

8

General Discussion / Public IPv6 address not getting assigned to LAN connected device

« Last post by kada_harsh on Today at 04:31:00 am »

HI @experts,

I recently set up OPNsense router on a machine and my ISP provides IPv4 and IPv6 addresses shown below
https://ibb.co/RD9CBGy

But I dont see GLobal or Public IPv6 address transferred to LAN interface.

Form OPNsense POV,
I have already configured "IPv6 configuration type" as "Track Interface"
https://ibb.co/4NPvd5x

Coming to WAN configuration,
https://ibb.co/26TxHsW

WAN DHCPv6 config is,
https://ibb.co/CnQSfNm

Please let me know how to resolve this issue. :'(
For all clients connected to LAN, I get IPv6 addresses as shoen below
Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : ipv6only
   Link-local IPv6 Address . . . . . : fe80::2827:2ed0:2b5e:5839%39
   IPv4 Address. . . . . . . . . . . : 10.212.46.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::a210:a2ff:feb6:f63%39
                                       10.212.46.1

No global IPv6 addresses are seen.


Thanks,
Kada

9

24.7 Production Series / Re: DNS Over TLS Broken

« Last post by phantomsfbw on Today at 03:34:46 am »

/usr/local/etc/unbound/root.key does not exist
debug cert update forced
last successful probe: Wed Nov 20 21:33:29 2024
the last successful probe is recent
/usr/local/etc/unbound/icannbundle.pem: No such file or directory
using builtin certificate
have 1 trusted certificates
resolved server address 152.199.24.38
resolved server address 2606:2800:21f:b505:516b:4186:98cd:116
connect to 152.199.24.38
fetched root-anchors/root-anchors.xml (1861 bytes)
connect to 152.199.24.38
fetched root-anchors/root-anchors.p7s (2523 bytes)
signer 0: Subject: /O=ICANN/CN=DNSSEC Trust Anchor Verification/emailAddress=dnssec@iana.org
the PKCS7 signature verified
XML was parsed successfully, 2 keys
success: the anchor has been updated using the cert

10

24.7 Production Series / Re: Unbound issues....

« Last post by newsense on Today at 03:00:09 am »

Leave Unbound running on 53, use Port Forwarding on the (V)LANs to redirect DNS queries to the new port you're running AGH on.