Messages

quick update:
I deleted the existing Mullvad peer and instance and configured new/fresh ones.
Took me some time (new keys, config file etc) but it works again, for now.

I think I have the same VPN issue as you have.
Not able to fix the problem I deleted all Mullvad peer and instance configs and installed new/fresh ones.
Now everything is working fine again.

Hi,

came back from holiday to see that my Mullvad VPN (Wireguard) had status "stale".
So I restarted the Wireguard service, still stale.
From there it went to status "offline".
Did an update to OPNsense 25.1.12, rebooted, still VPN offline.
No matter what I do, the Mullvad VPN will not connect.
In my config and hardware NOTHING was changed, it worked perfectly before I went on holiday.

As a test I used the Mullvad iPhone VPN app, it connects instantly to the VPN server that I also use in OPNsense.
Anyone got any suggestions?

on version 24.x I was able to monitor my WAN interface (Zabbix, ping-ICMP).
Now with version 25.1.1 I get a ping timeout on the same WAN interface (no config changes were made from my side).

From where? From the internet or from a local device in the WAN subnet?

my Zabbix server is running in my internal home network, and in OPNsense the Zabbix plugin is installed.
Zabbix server has SNMP access to OPNsense.
Untill v25.1.1 this setup worked fine.

Hello,

on version 24.x I was able to monitor my WAN interface (Zabbix, ping-ICMP).
Now with version 25.1.1 I get a ping timeout on the same WAN interface (no config changes were made from my side).
What has changed, is there an option to enable it again? (not a fan of forwarding a port just for ICMP)

"The system is currently booting. Not all services have been started yet."

This is the message that is displayed on the homescreen of my OPNsense router.
(pc-engines APU2C4, OPNsense 24.1.9_4).
It will not go away even after several reboots. Cleared the browser cache, same message.

Also 3 services do not start automatically : cron, snmpd and zabbix_agentd.
(manual start of these services does work).
It is not a severe problem, everything seems to work.

[5335]

Truenas scale:

Version:OPNsense 23.7.8_1-amd64 running in a VM
Opnsense IP 192.168.1.1
Adguard IP 192.168.1.210 (Docker)

I have done these steps I skipped step 1-3 as it is running in container

3 - Opnsense - System - Settings -General

      DNS Servers: 192.168.1.210

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

       Tick: Enable Unbound ( Listen Port: 5353 )

       Tick: Enable DNSSEC Support
       
       Network Interfaces: All

6 - Skipped using unbound to resolve or might add later.

7 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://192.168.1.210:3001 to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist
     
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:

           192.168.1.1:5353

I followed all steps, but like I mentioned my adguard is running remote on another IP in the same network.
I run truenas and have containers running all working fine when I use only unbound.
When I start to use above setup with adguard. I can search the internet etc.

Can someone explain me the addidiontal steps or what am I doing wrong?

System - Settings - General - DNS servers list - 192.168.1.210
Services - DHCPv4 - [LAN] DNS servers - 192.168.1.210

As soon as I put back unbound back to 53 everything is working just fine on homeassistant.
When I use adguard with above settings somehow tuya stops working for the lights and there seems to be problems from homeassistant reaching 443 for example lights running with tuya and solardedge and soem cloud services running on 443 seem to sto pworking.

Unboud is set at 5353 and adguard at 53
I tried forcing DNS to redirect to 192.168.1.210. By creating NAT forward rules.
Nothing seem to help and if I use such rules nothing works?
Please provide me with an example. And perhaps I make this rule wrong because the example are all on opnsense ip or 127.0.0.1.

Try with Unbound to listen on port 5335 (and not 5353).

- Take a backup of your running OPNsense 22.7.4 (System: Configuration: Backups).
- Then create a fresh/new OPNsense 22.7.6 vm (from iso)
- Restore the 22.7.4 backup file into 22.7.6
- Reboot & check

Will that include all addons configuration?

I believe so yes. I had a restore done and my addons were also restored.
(what systems are we talking about, maybe you can do a harddisk swap or clone it 1 on 1).

Create and save a backup (System: Configuration: Backups) from your "old" system.
Then do a fresh install of OPNsense on your "new" system.
Restore the backup config-file in your "new" system, reboot and that's it.
(check if the network interfaces are correct on the new system, if the nic vendor differs on both systems).

hi all,

making a firewall rule but instead of the destination being an "ip" i want it to be a "DNS" record, is it possible to put in a DNS name ie dns.msftncsi.com and that resolves to the ip

if not has it got the plugin squid?

thanks,
rob

You cannot use a DNS name in a firewall rule, only IP addresses.
You can use aliases in OPNsense and define a host/DNS name in there.

Take the blue "Cisco" com-cable and install OPNsense via the terminal (use serial OPNsense image).
Configure OPNsense and follow onscreen steps.
Make sure you define the LAN and WAN interfaces correctly !!
Activate and configure the DHCP server on the LAN interface.

WAN port = connect your internet cable to it with a UTPcat5e cable
LAN port = connect your pc/laptop/switch to it with a UTPcat5e cable  (after you succesfully installed OPNsense)

Your pc/laptop should be able to access the OPNsense webgui via a webbrowser.
Continue the final setup and follow the onscreen steps.

Put these two rules on top (above the rest):

Action: Pass
Disabled: (unchecked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: LAN
Destination / Invert: (unchecked)
Destination: your_DNS_server

Action: Pass
Disabled: (unchecked)
Interface: LAN
TCP/IP Version: IPv4 + IPv6
Protocol: any
Source / Invert: (unchecked)
Source: LAN
Destination / Invert: (unchecked)
Destination: your_streetmap_alias

Then disable the Allow any to any rule (at the bottom).
Remember, OPNsense blocks all by default.

And I use "Host(s)" in the alias config, not URL.
(When using a fully qualified domain name, the name will be resolved periodically (default is each 300 seconds).
see: https://docs.opnsense.org/manual/aliases.html)

- Done.

When this happens, check these logs in OPNsense:

- System: Log Files: Backend
- System: Log Files: General

Look for "detached" and "Linkup stopping".
And maybe first update your OPNsense version to the latest one....

did you UNcheck: Do not use the local DNS service as a nameserver for this system (System:Settings:General)