Messages

Good morning,
my OPNSense running in a VM on ProxMox logged LCP timeouts, took down the PPP session and failed to recover.

This log entries look suspicious:

[wan] IFACE: Rename interface pppoe0 to pppoe0

[wan_link0] can't remove hook mpd46000-0 from node "[11]:": No such file or directory

[wan_link0] PPPoE: can't connect "[11]:"->"mpd46000-0" and "[8]:"->"left": No such file or directory

After a reboot of the OPNSense it worked again.

Thanks for the quick reply!
I wasn't aware of keeping the Type field empty and entering the URL(s) instead.

Reading the IPFire DBL how-to-use docs guided me towards using the 'DNS Request Policy Zone (RPZ)' feature of unbound but I guess this isn't configurable via the OPNSense WebUI?

Can we get this integrated into the unbound blocklists?

It didn't work as my logs prove...

My use case is onboarding a new device on the network not knowing its MAC address.
When the dynamic lease is created I create a static with some fixed IPv4/6 addresses for it and want it to be picked up immediately when I reconnect the device to my network.

This is from my dnsmasq logs where the dynamic assigned 10.0.0.92 from the initial dhcp discover was assigned by dnsmasq although I already had created a static entry for 10.0.0.231
2025-08-08T16:43:47 Informational dnsmasq-dhcp DHCPACK(re1_vlan1) 10.0.0.92 8c:30:66:7e:29:5c
2025-08-08T16:43:47 Informational dnsmasq-dhcp DHCPREQUEST(re1_vlan1) 10.0.0.92 8c:30:66:7e:29:5c
2025-08-08T16:43:43 Informational dnsmasq-dhcp DHCPOFFER(re1_vlan1) 10.0.0.92 8c:30:66:7e:29:5c
2025-08-08T16:43:43 Informational dnsmasq-dhcp DHCPDISCOVER(re1_vlan1) 8c:30:66:7e:29:5c

I just had the case where dnsmasq handed out the IPv4 or a lease instead of the static configured one requiring to delete the lease in /var/db/dnsmasq.leases manually.
Please reconsider this pull request!

I've switched from the native netmap driver to the emulated one which fixed the problem.

I have the same problem on 22.7.11_1.

Do you have the NAT port forwarding configured as well as the rules on the PPPoE interface?

Mine showed an update to 21.1.9_1, not 21.1.8_2. Is the upgrade fix included in that version as well?

Try my steps on the bottom of page 2. This procedure worked fine for me when it wanted to update to an older version from the gui.

Thanks, but as I'm running Sensei I'll wait until they announce that a 21.7 compatible version is available or the current one already is.

Mine showed an update to 21.1.9_1, not 21.1.8_2. Is the upgrade fix included in that version as well?

Upgraded my Gigabyte GA-J3455N-D3H based firewall successfully, took about 80 seconds until it was pingable again.

Don't guess, troubleshoot!
Install tcpdump, tshark or Wireshark depending on the OS on the destination host and capture to find out what's coming in.
The same on the opnsense firewall, just connect using ssh (Windows 10 >= 1809 has an openssh client that can be installed as free additional feature) and use tcpdump -i $interfacename host $targetip -vvnn for example.

Thanks for your replies!

Using a custom fqdn for just the single administration IPv4/6 address is a workaround I already thought of but hoped to avoid.

@schnipp: thanks for the alternate hostname config option pointer!

@Mks: the help text says that the unbound custom options will be removed in a future version so that' s nothing I want to use if possible.

Same issue as this user had with 20.1 still exists in 20.7: https://forum.opnsense.org/index.php?topic=17190.msg78161

Interestingly the IPv6 address of each interface is returned but only the IPv4 interface of one  ???

Is there a config option to control the automatic DNS entry generation for the firewall itself?