I gave the phones static ip reservations… I think they got conflicted in opnsense and that caused the issue. I gave them a full 24 subnet… I have a ton of leases. I’ve just been locking it down to Mac filtering. I don’t have a ton of guests that need wifi, and they are on a separate net.
I was able to set “device MAC” on both the iPhone and the android no problem to resolve the issue. Just wondered if there was a way to translate the randomized mac. From what I read it is sent only once for identification then translated somehow back to the device mac… it was a bit confusing how it could do that and the info wasn’t a full document or a “reliable” source. Just the only place I found info on how MAC randomization works on cell phones.
I’ve been reading a few docs on setting up https locally with certbot…kind of like your guide but just for local traffic. As I don’t have linode I am kinda locked in to personal network with no exposed ports to the wan for now besides regular ports. I’d like to do it to understand it at home, then later translate it to a wireguard vpn to linode at something. I’ll check on @Dynamic_Gravitys posts too to see. There’s another source of good documentation:)
MAC filtering is pointless and easily spoofed. I would let the devices and DHCP handle the addresses and shorten the issue time for the WLAN network. /24 is big enough
If you are super worried you can Switch from Personal → Enterprise using EAP-TLS and use certs to control device access. Thats complicated though and end users dont often like the setup
There are also a lot of GUIs that automate serving a cert and connecting people to the network with profiles set by the app and stuff. Theres a whole other world to WiFI security. I dont use it at home because its a lot of effort for me to maintain and I have friends and parents over regularly
Yeah, I really want to dig into Nginx and certs locally. Not for everything, but as a test with like OPNsense, Proxmox, Pi-hole etc. I know I can install certs on each machine individually but I’d like to learn to use a service to serve and verify them, keep any traffic on my network with servers firewall etc from being viewed with https and start using my domain locally I got on namecheap (thanks for that advice fyi). I know its way EXCESSIVE, but fun to learn and useful later if I host a website once I can on a proxy server or maybe a DMZ (once I have more knowledge of this before exposing a PC to the internet).
Well Im really not sure. In any case its not the place for the question if its unrelated to the pihole which it is as you just stated its a browser issue in one or more browsers. Maybe pose the question in the small linux problem thread?
Here is the link to the configuration. I have decided against skirting around forum upload restrictions. I will endeavor to keep this link reliable.
(This link is now redacted. Please DM me)
This folder contains the decompressed configuration so you may read the source and 2 compressed configurations. A zstandard for those who have written their own pihole docker image and have forced the teleporter to use it (Me lol) or Gun Zips for the regular deal
Finally Restart the pihole when everything is set and complete.
Customize to your needs and YMMV
For debugging purposes. Updating gravity the first time should yield this output
[✓] Creating new gravity databases
[✓] Storing downloaded domains in new gravity database
[✓] Building tree
[✓] Swapping databases
[i] Number of gravity domains: 15255050 (6179958 unique domains)
[i] Number of exact blacklisted domains: 30
[i] Number of regex blacklist filters: 54
[i] Number of exact whitelisted domains: 15384
[i] Number of regex whitelist filters: 12
[✓] Flushing DNS cache
[✓] Cleaning up stray matter
[✓] FTL is listening on port 53
[✓] UDP (IPv4)
[✓] TCP (IPv4)
[✓] UDP (IPv6)
[✓] TCP (IPv6)
[✓] Pi-hole blocking is enabled
~ ▓▒░ ░▒▓ ✔ took 7m 38s with root@bi-frost at 13:02:56
I also hope my list tagging remains so its easier for you to go through the lists
Should your google play store or IOS store stop working. Its possible the google and apple URLs got caught. Consult your query log and proceed to whitelist until functional.
Yes thats how it functions. I notifies only everyone who is active in the thread or posted. Its a convenient way to notify and tell everyone … hey update!