Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Newbie learning OPNsense  (Read 172 times)

hushcoden

  • Reg Member
  • ***
  • Posts: 263
Newbie learning OPNsense
« on: May 03, 2020, 08:00:35 PM »

I'm enjoying playing around with my new 'toy' (a PC Engines firewall where I've installed OPNsense) and I was hoping for some help about two topics:

1) When I enable the IPS, what is the correct configuration for the interfaces ?

   a) Only LAN ?

   b) Only WAN ?

   c) Both LAN and WAN ?

   1.1) Also not clear whether or not I should add the WAN IP address in Home networks ?


2) Trying to configure DoT with Unbound and I've found three different settings to insert in the custom options field, very similar, just slightly different, so which one is the correct one, SSL or TLS ?

Code: [Select]
2.1)
         server:
         forward-zone:
         name: "."
         forward-ssl-upstream: yes
         forward-addr: 9.9.9.9@853
         forward-addr: 149.112.112.112@853
Code: [Select]
2.2)
         server:
         forward-zone:
         name: "."
         forward-tls-upstream: yes
         forward-addr: 9.9.9.9@853
         forward-addr: 149.112.112.112@853
Code: [Select]
2.3)
         server:
         forward-zone:
         name: "."
         forward-tls-upstream: yes         
         forward-addr: 9.9.9.9@853#dns.quad9.net
         forward-addr: 149.112.112.112@853#dns.quad9.net
Logged

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 1158
    • My Broadband History
Re: Newbie learning OPNsense
« Reply #1 on: May 03, 2020, 09:50:06 PM »

I've never dabbled in IPS so can't help there.

However for DoT they all do the exact same thing.  From the Unbound documentation:

forward-ssl-upstream: <yes or no>
    Alternate syntax for forward-tls-upstream.

The only difference between them is the very last one has a comment at the end to remind you which servers those IP addresses refer to.
« Last Edit: May 03, 2020, 09:56:07 PM by Alex Atkin UK »
Logged
Exchange: INTAKE (ECI DSLAM) Router: pfSense (i5-7200U) ISP/Modems: Zen (Home Hub 5A running OpenWrt) + Plusnet (VMG-3925-B10B) WiFi: Ubiquiti nanoHD

hushcoden

  • Reg Member
  • ***
  • Posts: 263
Re: Newbie learning OPNsense
« Reply #2 on: May 04, 2020, 08:18:40 AM »

Thanks, and yes DoT it seems to work with either SSL or TLS as I have no DNS leaks...
Logged
 

anything