Recent posts

#81

26.1 Series / Re: Ooma Telo VOIP device can ...

Last post by pseudonym3k - Today at 09:25:16 AM

It wasn't DNS, but you put me on the right path! I also configured to redirect all clients to get their NTP time from OPNsense and that was done very near the time the Telo went offline. I disabled that rule and within a minute or so, the Telo went online.

I think the DNS redirect is OK but I will check that my rule is working correctly and fix if not, and then I'll know if that is also a problem for the Telo.

Thank you so much for your insight. Marking this solved.

<rant>Ooma support levels 1 and 2 never ever mentioned any hardcoded and required servers, be them time or DNS or whatever. Not once. None of their tests and reports showed any failed connections to any time or DNS servers, all passed. Grrrrr.</rant>

#82

26.1 Series / Re: Ooma Telo VOIP device can ...

Last post by pseudonym3k - Today at 08:45:48 AM

telo needs to be able to send DNS requests to their own servers

Thank you for this observation. I am rerouting all DNS requests to OPNsense, to force all clients to use only the DNS servers I've configured. So yes, the Telo is making DNS queries but they are going to my DNS servers and not any hard-coded ones Telo may be requesting.

I did make this change, to have all DNS handled by OPNsense, somewhere near the time the Telo stopped connecting. I thought I had verified the Telo was still working, but perhaps it was just residual and soon wasn't. I will test this. Hopefully this is all that's wrong and I have a spare Telo.

#83

26.1 Series / Re: Suricata - Divert (IPS)

Last post by QuisaZaderak - Today at 08:45:42 AM

I understand I should configure at least the two allow rules to divert traffic to suricata but what happens with the block rule? I do nothing?

If it is already blocked by the FW rule, it does not need to be diverted further.

#84

German - Deutsch / Re: 26.1.4 Wireguard funktioni...

Last post by Monviech (Cedrik) - Today at 08:17:47 AM

Bei mir funktioniert wireguard mit den neuen regeln.

Bitte vergleiche die neue und alte Regel in
/tmp/rules.debug

#85

General Discussion / Re: Mark a topic Solved

Last post by Patrick M. Hausen - Today at 08:00:28 AM

Edit the first post and add e.g. "[SOLVED]" to the subject line.

#86

German - Deutsch / Re: 26.1.4 Wireguard funktioni...

Last post by Zapad - Today at 07:39:58 AM

Erstelle ich diesselbe regel unter Regeln>Global und deaktiviere unter Regel new.

Läuft es.

You cannot view this attachment.

Also irgendein Wurm in den neuen Regeln drin.

#87

Virtual private networks / Re: Hub-Spoke Wireguard VPN wo...

Last post by FredFresh - Today at 07:32:51 AM

What ip are you pinging?
Did you try to ping from a client and from the opnsense gui?
Did try a traceroute (tracert on windows)?

#88

Tutorials and FAQs / Re: Tayga firewall rule?

Last post by Maurice - Today at 07:28:50 AM

If you use firewall rules to block access to specific IPv4 addresses / networks, you also need to block access to the mapped IPv6 addresses / networks.

Example:
You have a firewall rule on the Guest interface which blocks inbound packets to destination 192.168.1.0/24.
When using Tayga with prefix 2001:db8:64::/96, you need an additional block rule for destination 2001:db8:64::192.168.1.0/120.

Also, if you use an FQDN for accessing the OPNsense Web GUI, make sure you have a AAAA DNS record.

Cheers
Maurice

#89

26.1 Series / Re: Floating rules disappeard ...

Last post by fobe - Today at 07:22:36 AM

If I do a fresh install, will this be "fixed"? (I mean the default lockout rules).

#90

German - Deutsch / 26.1.4 Wireguard funktioniert ...

Last post by Zapad - Today at 06:51:39 AM

nach Migration der Regel funktioniert WG nicht, spiel man sicherung vor Migration>läuft.

Erstellt man regel manuell>läuft nicht.

Es wird anscheinend was übertragen aber ich sehe nicht wo geblockt und warum.

You cannot view this attachment.