On a whim - geez I regret it now - I installed the wireguard-kmod package to test it out. After rebooting, all DNS resolution in my network failed.
I use a separate box running Pi-hole/unbound to provide DNS. I can ping the box from OPNsense, I can SSH to it. The IPs are being handed out as DNS. But resolution fails.
So I removed wireguard-kmod, rebooted, and even did a config restore from a backup. Still not fixed.
I have double-checked firewall rules and all looks OK (they haven't changed). I am at total loss as to what the issue is. Any clues anyone ... please?
resolv.conf, maybe?
https://forum.opnsense.org/index.php?topic=23591.msg112239#msg112239
:-)
Thanks, that was one of the first things I checked as I knew about WG's behaviour. But I don't have DNS configured on any of my WG configs on OPNsense anyway.
But - after a couple of hours, the issue seemed to resolve itself. Weird.