OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Is Multi-WAN + Whitelist firewall + DNS-over-TLS possible?
« previous next »
  • Print
Pages: [1]

Author Topic: Is Multi-WAN + Whitelist firewall + DNS-over-TLS possible?  (Read 1550 times)

lar.hed

  • Sr. Member
  • ****
  • Posts: 323
  • Karma: 10
    • View Profile
Is Multi-WAN + Whitelist firewall + DNS-over-TLS possible?
« on: November 28, 2020, 07:53:19 pm »
So I have been struggling a bit more than I expected...

Let's start with what was: I used to have a 6-ethernet OPNsense box, and used OPNsense 20.1 - most of what I listed in the subject worked, except failover in multi-wan. I never got to solve that problem, which I think was an firewall problem, since my hardware simply died for me one day.

It took some time to replace that hardware, and now I'm using a Qotom-Q878GE. Way over-powered for my usage but I am a nerd after all, so that is ok 8)

Anyway with 20.7 installed, and trying to rebuild my old OPNsense from scratch, I feel I am struggling more than I like. It is simple things like multi-wan failover that does not work (yes I did the misstake to connect two ethernet cables to the same switch to simulate failover a bit more easily - corrected that with my LTE modem installed), or DNS resolution that simply refuses, or I have to reboot OPNsense for every firewall rule change I make since just applying it will make no difference, and don't even start talking about trying to forward all DNS requests from clients on LAN to Unbound inside OPNsense - and never mind that DNS-over-TLS that I am trying to get to working.

And to top it all I like to keep a tight network so I like to white list what goes out from the WAn interfaces. I just learned that is not possible since internal stuff don't pass the packet filter firewall. But dpinger seems to.

Anyway, what I need to know so to speak is: Have anyone else even tried what I am doing? Or am I alone?

PS! My old ASUS RX88 firewall router, which for the moment handles my network here at home, does all of the above - so I know that it is possible, just don't know if OPNsense can?
Logged

lar.hed

  • Sr. Member
  • ****
  • Posts: 323
  • Karma: 10
    • View Profile
Re: Is Multi-WAN + Whitelist firewall + DNS-over-TLS possible?
« Reply #1 on: November 29, 2020, 08:04:19 pm »
I will answer this myself: NO - it is not.

OPNsense does not allow or work with any kind of filtering on the WAN interface. Adding rules, even simple things like allow HTTP, HTTPS, NTP, SMTP/S allow outbound - this will kill the internet connection, and I have not even added any blocking rules - just 4 simple allow outbound rules, and from that moment I loose internet connection.

Not sure that is how I would design a firewall, however this is how 20.7.5 works.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Is Multi-WAN + Whitelist firewall + DNS-over-TLS possible?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2