Posts filed under Opnsense

Firewall redirect DNS traffic to internal DNS servers

With the arrival of IoT (Internet of Things) we are introducing unknown hardware and software to our networks. Many obey the rules we submit them to (custom IP addresses, limited Internet access, specific DNS Servers etc). But there are also devices that use DNS, but have DNS servers hardcoded. Blocking these IP addresses may result in sketchy behavior.

I place all of those devices in a separate VLAN where they have limited connectivity, and where I block outgoing DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) and direct DNS access to the Internet. Everything is supposed to use my internal DNS services. For those devices that have DNS servers hardcoded I created some special NAT and firewall rules to force them to use my internal DNS services.

Read more …
Posted on March 28, 2025 by Willem and filed under Domotica, Opnsense, Security, Tips'n Tricks and tagged DNS NAT redirect firewall.

OPNSense OpenVPN Instances and NordVPN Clients

Ever since I switched from a Juniper SRX to an Opnsense firewall, I was able to use a VPN provider to circumvent certain geofenced websites (mostly news outlets in other countries). Opnsense has the option to create OpenVPN client tunnels, and by creating (firewall) policies, you can direct traffic to a different destination (gateway).

My VPN provider (NordVPN) has a nice support page on how to achieve this, but it’s based on a relative old Opnsense version (v21). Since the release of v24, the configuration of (client) OpenVPN configurations can (also) be done through instances, and the old way is being depricated (and gone in v26.1)

Read more …
Posted on March 27, 2025 by Willem and filed under Security, Tips'n Tricks, Opnsense and tagged openvpn nordvpn opnsense instances.