| 14 Sep 2023 |
|  @fred:demoniak.ch left the room. | 10:40:46 |
| 16 Sep 2023 |
|  Asuras joined the room. | 21:03:40 |
 DwemerRoot | Redacted or Malformed Event | 23:07:51 |
| 17 Sep 2023 |
|  Heliopolis joined the room. | 06:37:04 |
|  ·☽•Nameless☆•777 · changed their profile picture. | 07:31:14 |
| 18 Sep 2023 |
 instrumental_only | In reply to @instrumental_only:matrix.org
RoyalTiger: Hey Royal, I finally got my Opnsense to connect. Turns out it was link aggregation issue with an old ISP router. I got a new one and am able to get DHCP up on my FW. Im now trying to implement some plugins and try to configue some VPN. If you have any suggestions let me know Have you had to change the MAC on Opnsense to match ISPs router before? Or if I want to change the MAC is there some kinda of auto generator to create MAC addresses? | 05:48:34 |
|  memseeker joined the room. | 11:14:36 |
 RoyalTiger | In reply to @instrumental_only:matrix.org
Have you had to change the MAC on Opnsense to match ISPs router before? Or if I want to change the MAC is there some kinda of auto generator to create MAC addresses? https://docs.opnsense.org/manual/interfaces.html
-> MAC Adress
Normally you can choose two ways: Set the interface of your WAN interface as the MAC of your preconfigured device (no doubllings allowed, so be sure to disconnect the device with the "real" MAC, otherwise you will get routing errors) or take the real interfaces mac address of your interface and configure it on your providers side (leave the MAC entry empty within OPNsense)
Regarding choosing a MAC address: You normally can choose any combination of mac adresses (like 00:00:00:00:00:00). But some endpoint want at least a prefix of a real producer. There are lists on the web what distributor uses which prefix.
| 19:24:44 |
| RoyalTiger | That's an example list: https://gist.github.com/aallan/b4bb86db86079509e6159810ae9bd3e4 | 19:26:14 |
| RoyalTiger | If you choose a common one (if your remote station is MAC sensitive) you should be good to go with for example Broadcom or Intel prefixes. | 19:29:48 |
| RoyalTiger | Wait, I'm not sure if I understand your question right: For your router (if your router is a real "router" - so routing traffic between external and internal net) you shouldn't have to set anything regarding MAC adresses. Your need this just if you have to match a specific MAC adress connection to your provider directly. But here it again depends on what your ISPs router exactly does. | 19:37:19 |
| RoyalTiger | In reply to @instrumental_only:matrix.org
Have you had to change the MAC on Opnsense to match ISPs router before? Or if I want to change the MAC is there some kinda of auto generator to create MAC addresses? * https://docs.opnsense.org/manual/interfaces.html
-> MAC Adress
Normally you can choose two ways: Set the interface of your WAN interface as the MAC of your preconfigured device (no doubllings allowed, so be sure to disconnect the device with the "real" MAC, otherwise you will get routing errors -> I correct myself, MAC-based it's clearly "switching" not "routing" 😉) or take the real interfaces mac address of your interface and configure it on your providers side (leave the MAC entry empty within OPNsense)
Regarding choosing a MAC address: You normally can choose any combination of mac adresses (like 00:00:00:00:00:00). But some endpoint want at least a prefix of a real producer. There are lists on the web what distributor uses which prefix.
| 19:44:16 |
| RoyalTiger | * Wait, I'm not sure if I understand your question right: For your router (if your router is a real "router" - so routing traffic between external and internal net) you shouldn't have to set anything regarding MAC adresses. You need this just if you have to match a specific MAC adress connection to your provider directly. But here it again depends on what your ISPs router exactly does. | 19:44:49 |
| instrumental_only | In reply to @royaltiger:matrix.org
Wait, I'm not sure if I understand your question right: For your router (if your router is a real "router" - so routing traffic between external and internal net) you shouldn't have to set anything regarding MAC adresses. You need this just if you have to match a specific MAC adress connection to your provider directly. But here it again depends on what your ISPs router exactly does. I have to set it to IP passthrough mode, and it needs a static DHCP. | 20:50:51 |
| instrumental_only | * I have to set it to IP passthrough mode on ISP router, and it needs a static DHCP. Wants me to put the MAC address for my bare metal Opnsense box. I would rather not put my bare metal Opnsense box MAC address if thats possible. | 20:53:10 |
| 19 Sep 2023 |
| ·☽•Nameless☆•777 · changed their display name from ☽•Nameless☆ to •☽•Nameless☆•777. | 17:35:38 |
| ·☽•Nameless☆•777 · changed their display name from •☽•Nameless☆•777 to •☽•Nameless☆•777 •. | 17:36:12 |
| ·☽•Nameless☆•777 · changed their display name from •☽•Nameless☆•777 • to ·☽•Nameless☆•777 ·. | 17:37:05 |
| 20 Sep 2023 |
| RoyalTiger | In reply to @instrumental_only:matrix.org
I have to set it to IP passthrough mode on ISP router, and it needs a static DHCP. Wants me to put the MAC address for my bare metal Opnsense box. I would rather not put my bare metal Opnsense box MAC address if thats possible. Yeah, as I described before, should be no problem. | 11:15:02 |
|  LEXO joined the room. | 14:18:47 |
| instrumental_only | In reply to @royaltiger:matrix.org
Yeah, as I described before, should be no problem. Yeah, I will give it a try like you said. Also I have my DNS over TLS setup in Opnsense is it better to do DNS over HTTPS. I know they are different, just trying to get a better understanding. | 20:35:58 |
| 21 Sep 2023 |
| RoyalTiger | In reply to @instrumental_only:matrix.org
Yeah, I will give it a try like you said. Also I have my DNS over TLS setup in Opnsense is it better to do DNS over HTTPS. I know they are different, just trying to get a better understanding. That's a question? One of the main reasons to prefer DoH over DoT is, that it uses the default HTTPS port 443, while DoT uses 853. So DoT is easier to block by port, while DoH traffic is much harder to separate out of the normal data stream. | 07:57:38 |
|  marunjar joined the room. | 20:49:30 |
|  lunardigs (Jordachedude) changed their display name from lunardigs (forwhatisthecometothisonehere?) to lunardigs (Jordachedude). | 23:35:15 |
 Nick | Hello this is my first time posting. Here. So I'm using opnsense 23.7.4. With regard to using DoH. I'm using DNSCrypt Proxy and I have allow privileged ports so I can use port 53. That part seems to be working looking up DNS and the logs show it working. My question is the DNSBL is not as elaborate as it is in Unbound DNS blocklist. I can't add URLs of block list since it dont have that option in DNSCrypt proxy. Is there anyway to make this happen ? I can't turn on unbound DNS since I'm using port 53 in DNSCrypt proxy.
Is there any way to do this? | 23:52:17 |
| 22 Sep 2023 |
| RoyalTiger | I can't really say anything regarding DNSCrypt Proxy, I didn't tried it till now. Is there any function that can't be implemented by Unbound or is there any special reason you are using it? There should be a possibility to move the Unbound Port (if I'm right). Do you wan't to use Unbound additional to DNSCrypt or instead of? | 10:21:52 |
| RoyalTiger | In reply to @neftv:matrix.org
Hello this is my first time posting. Here. So I'm using opnsense 23.7.4. With regard to using DoH. I'm using DNSCrypt Proxy and I have allow privileged ports so I can use port 53. That part seems to be working looking up DNS and the logs show it working. My question is the DNSBL is not as elaborate as it is in Unbound DNS blocklist. I can't add URLs of block list since it dont have that option in DNSCrypt proxy. Is there anyway to make this happen ? I can't turn on unbound DNS since I'm using port 53 in DNSCrypt proxy.
Is there any way to do this? A short lookup of DNSCrypt gave me some points regarding tamper proof between Client and Resolver, but I didn't dig deep into it. Is there any additional advantage against like DNSSEC + DoH? If you are able to give me some more input, then I maybe able to elaborate more. | 10:26:43 |
| RoyalTiger | In reply to @neftv:matrix.org
Hello this is my first time posting. Here. So I'm using opnsense 23.7.4. With regard to using DoH. I'm using DNSCrypt Proxy and I have allow privileged ports so I can use port 53. That part seems to be working looking up DNS and the logs show it working. My question is the DNSBL is not as elaborate as it is in Unbound DNS blocklist. I can't add URLs of block list since it dont have that option in DNSCrypt proxy. Is there anyway to make this happen ? I can't turn on unbound DNS since I'm using port 53 in DNSCrypt proxy.
Is there any way to do this? Ah, and welcome to this channel. 😉 | 10:35:57 |
| Nick | Well unbound DNS wont turn on if I use DNSCrypt for the DoH and I use 0.0.0.0:53. But as mentioned that part work it just the DNSBL tab not as elaborate as the Blocklist in Unbound DNS. I wanted to use those features in DNSBL in DNSCrypt. | 10:38:07 |
|  Gurki joined the room. | 20:48:27 |
