Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Newbie learning OPNsense  (Read 2232 times)

hushcoden

  • Reg Member
  • ***
  • Posts: 429
Newbie learning OPNsense
« on: May 03, 2020, 08:00:35 PM »

I'm enjoying playing around with my new 'toy' (a PC Engines firewall where I've installed OPNsense) and I was hoping for some help about two topics:

1) When I enable the IPS, what is the correct configuration for the interfaces ?

   a) Only LAN ?

   b) Only WAN ?

   c) Both LAN and WAN ?

   1.1) Also not clear whether or not I should add the WAN IP address in Home networks ?


2) Trying to configure DoT with Unbound and I've found three different settings to insert in the custom options field, very similar, just slightly different, so which one is the correct one, SSL or TLS ?

Code: [Select]
2.1)
         server:
         forward-zone:
         name: "."
         forward-ssl-upstream: yes
         forward-addr: 9.9.9.9@853
         forward-addr: 149.112.112.112@853
Code: [Select]
2.2)
         server:
         forward-zone:
         name: "."
         forward-tls-upstream: yes
         forward-addr: 9.9.9.9@853
         forward-addr: 149.112.112.112@853
Code: [Select]
2.3)
         server:
         forward-zone:
         name: "."
         forward-tls-upstream: yes         
         forward-addr: 9.9.9.9@853#dns.quad9.net
         forward-addr: 149.112.112.112@853#dns.quad9.net
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: Newbie learning OPNsense
« Reply #1 on: May 03, 2020, 09:50:06 PM »

I've never dabbled in IPS so can't help there.

However for DoT they all do the exact same thing.  From the Unbound documentation:

forward-ssl-upstream: <yes or no>
    Alternate syntax for forward-tls-upstream.

The only difference between them is the very last one has a comment at the end to remind you which servers those IP addresses refer to.
« Last Edit: May 03, 2020, 09:56:07 PM by Alex Atkin UK »
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

hushcoden

  • Reg Member
  • ***
  • Posts: 429
Re: Newbie learning OPNsense
« Reply #2 on: May 04, 2020, 08:18:40 AM »

Thanks, and yes DoT it seems to work with either SSL or TLS as I have no DNS leaks...
Logged