"Recent posts
#81
German - Deutsch / Verstädnisfrage Wireguard Rege...
Last post by wirehire - November 26, 2025, 08:15:44 AM Hey,
ich bräuchte eine Erklärung oder eine Bestätigung ob meine Annahme der Regeln korrekt ist.
Aufbau s2s zwei sense wireguard.
Jetzt möchte ich , das aber nur von der einen Seite aus zb icmp und rdp erreichbar ist, die andere seite aber kein zugriff auf das remote Netz hat.
Ich hatte jetzt keine Regeln auf Seite 1 angelegt = wäre für alles wird geblockt. (floating kann es aber überschreiben?)
und nur auf de rzweiten Seite dann die Regel gemacht, da kam aber blocks und ich musste rdp zb im wireguard interface erlauben.
Wäre der richtige Aufbau, auf beiden Seiten ein Block generell zu legen und dann wiederum darüber nur das entsprechende zu erlauben?
Grüße!
ich bräuchte eine Erklärung oder eine Bestätigung ob meine Annahme der Regeln korrekt ist.
Aufbau s2s zwei sense wireguard.
Jetzt möchte ich , das aber nur von der einen Seite aus zb icmp und rdp erreichbar ist, die andere seite aber kein zugriff auf das remote Netz hat.
Ich hatte jetzt keine Regeln auf Seite 1 angelegt = wäre für alles wird geblockt. (floating kann es aber überschreiben?)
und nur auf de rzweiten Seite dann die Regel gemacht, da kam aber blocks und ich musste rdp zb im wireguard interface erlauben.
Wäre der richtige Aufbau, auf beiden Seiten ein Block generell zu legen und dann wiederum darüber nur das entsprechende zu erlauben?
Grüße!
#82
General Discussion / Re: Multi-wan with PPPoE not w...
Last post by charles - November 26, 2025, 07:07:42 AMAlright, FIB is too complex for me.
I think I'll just deploy five OpenWrt instances to handle the PPPoE dialing
then connect them to OPNsense.
Thanks for all the replies!
I think I'll just deploy five OpenWrt instances to handle the PPPoE dialing
then connect them to OPNsense.
Thanks for all the replies!
#83
25.7, 25.10 Series / Re: Using Adguard Home and DNS...
Last post by julsssark - November 26, 2025, 03:31:16 AMSee here and note the links that explain the privacy/reliability advantages: https://nlnetlabs.nl/projects/unbound/about/
While your ISP can't see your DNS requests because they are encrypted, my understanding is that Google/Cloudflare could. Similar to how you can log into your AdGuard console and can see all of the DNS requests coming into AdGuard from your local devices.
While your ISP can't see your DNS requests because they are encrypted, my understanding is that Google/Cloudflare could. Similar to how you can log into your AdGuard console and can see all of the DNS requests coming into AdGuard from your local devices.
#84
25.7, 25.10 Series / Re: Using Adguard Home and DNS...
Last post by JMini - November 26, 2025, 01:36:59 AMYou can configure AdGuard and Unbound to forward to any upstream resolvers you want.
Right now I have AdGuard to use DNS over HTTPS to Cloudflare and Google. I'd like to try using a non-google DOH resolver as a second service though.
h3://cloudflare-dns.com/dns-query
https://dns.google/dns-query
My ISP isn't seeing ANY DNS requests and can't inspect the ones being sent to CloudFlare
Right now I have AdGuard to use DNS over HTTPS to Cloudflare and Google. I'd like to try using a non-google DOH resolver as a second service though.
h3://cloudflare-dns.com/dns-query
https://dns.google/dns-query
My ISP isn't seeing ANY DNS requests and can't inspect the ones being sent to CloudFlare
#85
General Discussion / Gateway Monitoring and Packet ...
Last post by Meg - November 26, 2025, 01:13:05 AMHello: I recently started monitoring my gateway and noticed that I am getting intervals of packet loss. I am running opnsense 25.7.7_4 with adguard home and unbound as my recursive resolver. I am also using zenarmor. I was just wondering if anybody can explain what I am seeing here on the health/quality graph and what could be causing it. As I have never monitored this before I am not sure if this is normal behavior. See attached graph.
#86
25.7, 25.10 Series / Re: Using Adguard Home and DNS...
Last post by julsssark - November 25, 2025, 11:28:06 PMAs I understand it, Unbound provides more privacy than using AdGuard for your DNS service. Unbound is a resolver that directly queries authoritative nameservers, while AdGuard forwards requests to your ISP's (or Google's, etc.) DNS service. DOH will secure your request in transport, but the DNS service you are using will still know your DNS requests.
#87
General Discussion / Re: Multi-wan with PPPoE not w...
Last post by pfry - November 25, 2025, 11:23:24 PMQuote from: Monviech (Cedrik) on November 25, 2025, 09:34:12 AM[...]It would need multiple FIBs (aka virtual routing instances)
Speak of the devil... (Link included for future reference, not that anyone wants to look at it.)
Quote from: charles on November 25, 2025, 09:08:44 AM[...]I have 5 PPPoE lines from the same ISP.[...]
I have to say, when I said (paraphrasing) multiple FIB support would be useful, this isn't what I was thinking of. Ouch.
#88
General Discussion / Re: OPNsense DNS over TLS forw...
Last post by meyergru - November 25, 2025, 11:03:01 PMI already wondered how this was possible - for me, DoT works as expected as verified by a tcpdump. So it is only the column in the grid that display the wrong value, mainly a cosmetic problem.
#89
General Discussion / Re: OPNsense DNS over TLS forw...
Last post by cookiemonster - November 25, 2025, 10:55:57 PMQuote from: chemlud on November 25, 2025, 10:22:29 PMRelated:very well spotted. It seems the likely explanation.
https://github.com/opnsense/core/issues/8386
?
#90
