Messages

I have an OpenVPN pass all rule.

I believe the problem is that OPNSense adds an ACL entry in unbound just for the openvpn server i.e xx.xx.xx.1/32 but not for the tunnel network xx.xx.xx.0/24. Don't know if this is  by design or a bug. If it is by design something should be stated in the OpenVPN setup doc page that an ACL entry should be added in unbound for the tunnel network.

I don't see the drawback to automatically add the entire tunnel network (xx.xx.xx.xx/24 or whatever net mask may be) instead of just the openvpn server (xx.xx.xx.1/32) to unbound ACL when an OpenVPN server is created/enable. I think this second option is more intuitive and lead to less head scratching.

Anyway adding the entire tunnel network to the unbound ACL solves the problem.

Thanks for the welcome and for the prompt answers. Great reading on the tunables.

Regarding the OpenVPN issue, yes my openvpn tunnel network was already automatically added to unbound ACL.

First post here. First of all, congratulation for this great project. I have been a very long time user of pfSense and active on their forum. I stumbled upon OPNSense by chance and I liked it so much that I migrated my long time pfSense to OPNSense. It is a fantastic firewall.

Now here is the issue. I created an OpenVPN server and set it to pass my local domain and the LAN firewall IP as DNS server. OpenVPN connection worked flawlessly, however clients were not able to resolve DNS queries.
Unbound was set to respond on ALL interfaces but was not. NSLookup from clients showed the query was refused. If I select each one of the interfaces i.e. WAN, LAN, localhost and OpenVPN, unbound will respond to DNS queries as expected. It seems that selecting ALL doesn't make unbound listen to ALL interfaces but just LAN, WAN and localhost.

Also any plan to support NCP on OpenVPN? I really miss that from pfSense.

Thanks and congratulations again for this project. As time permit I would love to get familiar with the code and help as much as I am able to.