Routers

How to Configure DNS over TLS (DoT) Using Unbound DNS in OPNsense

How to Configure DNS over TLS (DoT) Using Unbound DNS in OPNsense

Increase the security and privacy of DNS requests? Yes please...

Previously, I wrote about how to configure DNS over HTTPS using DNSCrypt-Proxy. Since Unbound DNS in OPNsense does not support DNS over HTTPS (DoH) directly, it was necessary to use the DNSCrypt-Proxy plugin. The plugin also supports DNS over TLS (DoT). However, I discovered while browsing Reddit that Unbound gained native support for DoT at some point in time, which is very nice. Because of built-in support for DoT, the configuration of DNS over TLS becomes pretty trivial.
How to Redirect all DNS Requests to a Local DNS Resolver

How to Redirect all DNS Requests to a Local DNS Resolver

Force all devices on your network to use your local DNS resolver

When I first set up my home network using my OPNsense router and was learning firewall rules, I took the approach of allowing only the Unbound DNS service on OPNsense to be accessed and blocking access to all other DNS servers. This simplistic approach works well enough since any rogue access to external DNS servers are simply blocked. Only the DNS resolver on the local network is allowed (unless the DNS requests are encrypted, of course – see note below).
Create an OPNsense Virtual Machine in Virtualbox for Screenshot or Evaluation Purposes

Create an OPNsense Virtual Machine in Virtualbox for Screenshot or Evaluation Purposes

Want to create an OPNsense virtual machine to take screenshots or evaluate the features available in the web interface?

When creating content for this website, I often have the need to take screenshots of the OPNsense web interface. Sometimes I am able to use my actual home network router to take screenshots, but I have to be careful not to modify any settings. I sometimes have to resort to tweaking the screenshot slightly after taking it in order to show what the interface should look like without everything already configured.
How to Create a Basic DMZ (Demilitarized Zone) Network in OPNsense

How to Create a Basic DMZ (Demilitarized Zone) Network in OPNsense

Are you hosting publicly accessible services on your network? Protect your internal network with a DMZ

A DMZ (demilitarized zone) is a segmented part of a network that is used to host all publicly accessible websites and services. The intention is to protect the internal network from external threats. It is an effective strategy to minimize public exposure of your critical assets as well as limit the damage caused when an intruder is able to penetrate your network. A great definition of a DMZ can be found here.
How to Configure the WireGuard VPN Server in OPNsense

How to Configure the WireGuard VPN Server in OPNsense

Seeking a faster, lighter weight, and potentially more secure VPN server to access your home network? Check out WireGuard VPN...

WireGuard is a modern designed VPN that uses the latest cryptography for stronger security, is very lightweight, and is relatively easy to set up (mostly). I say ‘mostly’ because I found setting up WireGuard in OPNsense to be more difficult than I anticipated. The basic setup of the WireGuard VPN itself was as easy as the authors claim on their website, but I came across a few gotcha’s. The gotcha’s occur with functionality that is beyond the scope of the WireGuard protocol so I cannot fault them for that.