/api/unbound/settings/set made changes @ 2024-02-06T11:27:01.915000 (mshillam@10.10.10.2)

config.xml

@@ -403,6 +403,22 @@
       <virtual>1</virtual>
       <networks/>
     </openvpn>
+    <opt2>
+      <if>wg1</if>
+      <descr>WireGuard</descr>
+      <enable>1</enable>
+      <lock>1</lock>
+      <spoofmac/>
+    </opt2>
+    <wireguard>
+      <internal_dynamic>1</internal_dynamic>
+      <descr>WireGuard (Group)</descr>
+      <if>wireguard</if>
+      <virtual>1</virtual>
+      <enable>1</enable>
+      <type>group</type>
+      <networks/>
+    </wireguard>
   </interfaces>
   <dhcpd>
     <lan>
@@ -2059,6 +2075,33 @@
         <description>/firewall_rules_edit.php made changes</description>
       </created>
     </rule>
+    <rule uuid="bb1641fc-ab5e-430e-a2e1-851f817b663d">
+      <type>pass</type>
+      <interface>wan</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <descr>Allow Wireguard Clients</descr>
+      <direction>in</direction>
+      <quick>1</quick>
+      <protocol>udp</protocol>
+      <source>
+        <any>1</any>
+      </source>
+      <destination>
+        <network>wanip</network>
+        <port>51820</port>
+      </destination>
+      <updated>
+        <username>mshillam@10.10.10.2</username>
+        <time>1707218706.3198</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>mshillam@192.168.1.10</username>
+        <time>1707211104.3689</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
     <rule uuid="9164be23-f88a-4b24-929c-b9c6b070854a">
       <type>pass</type>
       <interface>wan</interface>
@@ -2310,6 +2353,91 @@
       </created>
       <disabled>1</disabled>
     </rule>
+    <rule uuid="0a9b4d85-be5e-4e73-948f-1ca518e71415">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.250.235</address>
+        <port>55555</port>
+      </destination>
+      <descr>Van Assistant</descr>
+      <category/>
+      <associated-rule-id>nat_64318d479f2526.39259860</associated-rule-id>
+      <created>
+        <username>mshillam@192.168.1.10</username>
+        <time>1680969031.6519</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+      <disabled>1</disabled>
+    </rule>
+    <rule uuid="1b74f569-872e-4079-ad81-50070923cd4a">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>udp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.0.41</address>
+        <port>5060</port>
+      </destination>
+      <descr/>
+      <category/>
+      <associated-rule-id>nat_6439315a906da8.89657158</associated-rule-id>
+      <created>
+        <username>mshillam@192.168.1.10</username>
+        <time>1681469786.5916</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="a7cb285e-e332-4c72-a667-89dec3fedbc4">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp/udp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.1.10</address>
+        <port>27671</port>
+      </destination>
+      <descr>QbitTorrent</descr>
+      <category/>
+      <associated-rule-id>nat_64972efdc0eb78.57389754</associated-rule-id>
+      <created>
+        <username>mshillam@192.168.1.10</username>
+        <time>1687629565.7902</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
+    <rule uuid="68c9f6d8-c370-4877-9fe3-1a96815f71a4">
+      <source>
+        <any>1</any>
+      </source>
+      <interface>wan</interface>
+      <statetype>keep state</statetype>
+      <protocol>tcp/udp</protocol>
+      <ipprotocol>inet</ipprotocol>
+      <destination>
+        <address>192.168.0.42</address>
+        <port>55000</port>
+      </destination>
+      <descr>Wazuh API</descr>
+      <category/>
+      <associated-rule-id>nat_649ff9ab0b8d46.26057858</associated-rule-id>
+      <created>
+        <username>mshillam@192.168.1.10</username>
+        <time>1688205739.0473</time>
+        <description>/firewall_nat_edit.php made changes</description>
+      </created>
+    </rule>
     <rule uuid="bada502c-03fe-43eb-8d37-d125b41e516d">
       <type>pass</type>
       <interface>lan</interface>
@@ -2349,6 +2477,30 @@
       </created>
       <disabled>1</disabled>
     </rule>
+    <rule uuid="1f56cbaf-85d7-47e1-b4cf-015044592dc5">
+      <type>pass</type>
+      <interface>opt2</interface>
+      <ipprotocol>inet</ipprotocol>
+      <statetype>keep state</statetype>
+      <direction>in</direction>
+      <quick>1</quick>
+      <source>
+        <network>opt2</network>
+      </source>
+      <destination>
+        <any>1</any>
+      </destination>
+      <updated>
+        <username>mshillam@10.10.10.2</username>
+        <time>1707218729.6291</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </updated>
+      <created>
+        <username>mshillam@192.168.1.10</username>
+        <time>1707211216.0048</time>
+        <description>/firewall_rules_edit.php made changes</description>
+      </created>
+    </rule>
     <rule uuid="8d03f2c0-1e97-4483-81f0-47b896f7d9f3">
       <type>pass</type>
       <interface>wireguard</interface>
@@ -2374,91 +2526,28 @@
         <description>/firewall_rules_edit.php made changes</description>
       </created>
     </rule>
+    <scrub>
       <rule>
-      <source>
-        <any>1</any>
-      </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>192.168.250.235</address>
-        <port>55555</port>
-      </destination>
-      <descr>Van Assistant</descr>
-      <category/>
-      <associated-rule-id>nat_64318d479f2526.39259860</associated-rule-id>
+        <interface>wireguard</interface>
+        <proto>any</proto>
+        <src>any</src>
+        <srcmask>24</srcmask>
+        <dst>any</dst>
+        <dstmask>24</dstmask>
+        <max-mss>1380</max-mss>
+        <descr>Wireguard MSS Clamping IPv4</descr>
+        <updated>
+          <username>mshillam@192.168.1.10</username>
+          <time>1707218303.1704</time>
+          <description>/firewall_scrub_edit.php made changes</description>
+        </updated>
         <created>
           <username>mshillam@192.168.1.10</username>
-        <time>1680969031.6519</time>
-        <description>/firewall_nat_edit.php made changes</description>
-      </created>
-      <disabled>1</disabled>
-    </rule>
-    <rule>
-      <source>
-        <any>1</any>
-      </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>udp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>192.168.0.41</address>
-        <port>5060</port>
-      </destination>
-      <descr/>
-      <category/>
-      <associated-rule-id>nat_6439315a906da8.89657158</associated-rule-id>
-      <created>
-        <username>mshillam@192.168.1.10</username>
-        <time>1681469786.5916</time>
-        <description>/firewall_nat_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <source>
-        <any>1</any>
-      </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp/udp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>192.168.1.10</address>
-        <port>27671</port>
-      </destination>
-      <descr>QbitTorrent</descr>
-      <category/>
-      <associated-rule-id>nat_64972efdc0eb78.57389754</associated-rule-id>
-      <created>
-        <username>mshillam@192.168.1.10</username>
-        <time>1687629565.7902</time>
-        <description>/firewall_nat_edit.php made changes</description>
-      </created>
-    </rule>
-    <rule>
-      <source>
-        <any>1</any>
-      </source>
-      <interface>wan</interface>
-      <statetype>keep state</statetype>
-      <protocol>tcp/udp</protocol>
-      <ipprotocol>inet</ipprotocol>
-      <destination>
-        <address>192.168.0.42</address>
-        <port>55000</port>
-      </destination>
-      <descr>Wazuh API</descr>
-      <category/>
-      <associated-rule-id>nat_649ff9ab0b8d46.26057858</associated-rule-id>
-      <created>
-        <username>mshillam@192.168.1.10</username>
-        <time>1688205739.0473</time>
-        <description>/firewall_nat_edit.php made changes</description>
+          <time>1707211316.8665</time>
+          <description>/firewall_scrub_edit.php made changes</description>
         </created>
       </rule>
+    </scrub>
   </filter>
   <rrd>
     <enable/>
@@ -2516,9 +2605,9 @@
     <gatewaysfilter>WAN_DHCP</gatewaysfilter>
   </widgets>
   <revision>
-    <username>mshillam@192.168.1.10</username>
-    <description>/api/ntopng/general/set made changes</description>
-    <time>1706261030.0741</time>
+    <username>mshillam@10.10.10.2</username>
+    <description>/api/unbound/settings/set made changes</description>
+    <time>1707218821.915</time>
   </revision>
   <OPNsense>
     <captiveportal version="1.0.1">
@@ -3905,6 +3994,18 @@ WS</content>
             <categories/>
             <description/>
           </alias>
+          <alias uuid="758ee635-c4e6-4f07-b2d2-f26a4bdf1243">
+            <enabled>1</enabled>
+            <name>Wireguard</name>
+            <type>port</type>
+            <proto/>
+            <interface/>
+            <counters>0</counters>
+            <updatefreq/>
+            <content>51820</content>
+            <categories/>
+            <description>Wireguard port</description>
+          </alias>
         </aliases>
       </Alias>
     </Firewall>
@@ -4350,7 +4451,7 @@ WS</content>
         <logverbosity>1</logverbosity>
         <valloglevel>0</valloglevel>
         <privatedomain/>
-        <privateaddress>0.0.0.0/8,10.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
+        <privateaddress>0.0.0.0/8,100.64.0.0/10,169.254.0.0/16,172.16.0.0/12,192.0.2.0/24,192.168.0.0/16,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,233.252.0.0/24,::1/128,2001:db8::/32,fc00::/8,fd00::/8,fe80::/10</privateaddress>
         <insecuredomain/>
         <msgcachesize/>
         <rrsetcachesize/>
@@ -4613,35 +4714,36 @@ WS</content>
     <wireguard>
       <server version="0.0.4">
         <servers>
-          <server uuid="1ab1d187-8f66-4202-bc47-acf3a00cc5e8">
+          <server uuid="543d8477-b61c-4232-a45b-cd4c7a216caa">
             <enabled>1</enabled>
-            <name>WireGuard</name>
-            <instance>0</instance>
-            <pubkey>qtofuB5C++QEbGrvqQnqjzsJUo2AJonLI7dQUOfiDX0=</pubkey>
-            <privkey>GDxf8bMyl/U4/vytDU9cE0cdO7FoBeYVIZC8Bf+qyXc=</privkey>
+            <name>Home_WireGuard</name>
+            <instance>1</instance>
+            <pubkey>ng7nYGyJrYR/PB87G8NWQHHH+Cs46U2xp7XKVa1LaE4=</pubkey>
+            <privkey>qMNJrYkVKAyWir+31vowaj3ldQoB2xV0CJX/s7T8oGM=</privkey>
             <port>51820</port>
             <mtu/>
-            <dns>192.168.0.1</dns>
-            <tunneladdress>10.10.10.1/24</tunneladdress>
+            <dns/>
+            <tunneladdress>10.10.10.0/24</tunneladdress>
             <disableroutes>0</disableroutes>
             <gateway/>
-            <peers>6be8b51a-ad39-4ee8-adeb-36635ff709c0</peers>
+            <carp_depend_on/>
+            <peers>e1d3aea3-57bd-4323-9309-207ee938d40d</peers>
           </server>
         </servers>
       </server>
       <general version="0.0.1">
-        <enabled>0</enabled>
+        <enabled>1</enabled>
       </general>
       <client version="0.0.7">
         <clients>
-          <client uuid="6be8b51a-ad39-4ee8-adeb-36635ff709c0">
+          <client uuid="e1d3aea3-57bd-4323-9309-207ee938d40d">
             <enabled>1</enabled>
-            <name>mat</name>
-            <pubkey>F56Pp/Pg1oJwi++Pgw49UEonn63t0c1feq9A5MxmPi4=</pubkey>
+            <name>Mat_Macbook</name>
+            <pubkey>CtH6Ivilk8n/g8faV481kxOjQapP+iWSRg42KvotcwU=</pubkey>
             <psk/>
-            <tunneladdress>10.10.10.2/32,192.168.0.25/32</tunneladdress>
-            <serveraddress/>
-            <serverport/>
+            <tunneladdress>10.10.10.2/32</tunneladdress>
+            <serveraddress>home.shillam.me.uk</serveraddress>
+            <serverport>51820</serverport>
             <keepalive/>
           </client>
         </clients>
@@ -5692,5 +5794,11 @@ WS</content>
     <gre/>
   </gres>
   <ifgroups version="1.0.0"/>
-  <laggs version="1.0.0"/>
+  <laggs version="1.0.0">
+    <lagg/>
+  </laggs>
+  <wireless>
+    <clone/>
+  </wireless>
+  <dhcpdv6/>
 </opnsense>