Kitz Forum

Computer Software => Security => Topic started by: hushcoden on May 03, 2020, 08:00:35 PM

Title: Newbie learning OPNsense
Post by: hushcoden on May 03, 2020, 08:00:35 PM
I'm enjoying playing around with my new 'toy' (a PC Engines firewall where I've installed OPNsense) and I was hoping for some help about two topics:

1) When I enable the IPS, what is the correct configuration for the interfaces ?

   a) Only LAN ?

   b) Only WAN ?

   c) Both LAN and WAN ?

   1.1) Also not clear whether or not I should add the WAN IP address in Home networks ?


2) Trying to configure DoT with Unbound and I've found three different settings to insert in the custom options field, very similar, just slightly different, so which one is the correct one, SSL or TLS ?

Code: [Select]
2.1)
         server:
         forward-zone:
         name: "."
         forward-ssl-upstream: yes
         forward-addr: 9.9.9.9@853
         forward-addr: 149.112.112.112@853
Code: [Select]
2.2)
         server:
         forward-zone:
         name: "."
         forward-tls-upstream: yes
         forward-addr: 9.9.9.9@853
         forward-addr: 149.112.112.112@853
Code: [Select]
2.3)
         server:
         forward-zone:
         name: "."
         forward-tls-upstream: yes         
         forward-addr: 9.9.9.9@853#dns.quad9.net
         forward-addr: 149.112.112.112@853#dns.quad9.net
Title: Re: Newbie learning OPNsense
Post by: Alex Atkin UK on May 03, 2020, 09:50:06 PM
I've never dabbled in IPS so can't help there.

However for DoT they all do the exact same thing.  From the Unbound documentation:

forward-ssl-upstream: <yes or no>
    Alternate syntax for forward-tls-upstream.

The only difference between them is the very last one has a comment at the end to remind you which servers those IP addresses refer to.
Title: Re: Newbie learning OPNsense
Post by: hushcoden on May 04, 2020, 08:18:40 AM
Thanks, and yes DoT it seems to work with either SSL or TLS as I have no DNS leaks...