Messages

Same here. No changes in the logs after updating to 27.7.4 but all the rest works.

The logs will display if you set the time frame to "no limit¨.

Cheers I'm having the same issue and this workaround fixed it for me!

Thanks mate that sounds interesting if you are able to post the scripts you have used!

Working for me now too on my test instance.

Seems like 23.1.9 fixed this issue as I was able to successfully upgrade on a environment that was failing and rolled back to the older release!

[/usr/local/etc/unbound.opnsense.d/dns-crypt-forward.conf]

Advanced Configurations in https://docs.opnsense.org/manual/unbound.html#advanced-configurations
is describing new way to add custom option into unbound.

So I did create file
/usr/local/etc/unbound.opnsense.d/dns-crypt-forward.conf

with this content
server:
do-not-query-localhost: no

forward-zone:
   name: "."
   forward-addr: 127.0.0.1@5353
   forward-addr: ::1@5353

command configctl unbound check is OK with that


now, question is how to check if unbound is forwarding queries to dns-cryopt?

so trying these webs:
- http://verteiltesysteme.net/ saying OK
- https://dnsleaktest.com/ running extetended test and result is list of different DNS resolvers from different countries
- https://cmdns.dev.dns-oarc.net/ looks OK

Thanks for all the setup details it worked great! The easiest way to see it was working was to look in Services: DNSCrypt-Proxy: Log / Queries and seeing entries appear!

Small update I now have it working with 2 VLANs with each setup to a different OpenVPN client connection!

https://forum.opnsense.org/index.php?topic=4979.msg25066#msg25066

Ok reading through that long thread I found a link to the following

https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-18-7-setup-with-NordVPN.htm

I now have it working on a single VLAN tied to a single SSID on my network. Things that I believe helped are

1. On the OpenVPN client check Don't add/remove route. This stops your default route getting screwed up!

2. Re-Start the OpenVPN client after you assign the interface to have the IP addresses configured correctly on the gateway.

3. Disable IPv6 on the OpenVPN client, VLAN Firewall Rules & Gateway

Hope this may help others as I was tearing my hairout!

Cheers
Chris

Search the Pfsense forums also.  I have found that if I cannot figure it out using Opnsense resources, I can often use something someone did in Pfsense and figure out how to cross it over to Opnsense.

Cheers,

BTW from what I could see the OpenVPN client setup on pfsense has an additional option/s in regards to the gateway creation.

Hi Koldnitz,
                 Really appreciate the points! I will take a look and see what I can work out! I have a test OPNsense setup in a VM as well as my actual home setup on a mini-pc device!

Thanks again
Chris

I have been searching the forums and I'm the first to say I'm a newbie but found ppl asking the same type of questions in regards to gateway creation and routing? Is this a product limitation or purely my lack of understanding in how to configure this stuff? This sounds like a pretty standard use case?

Thanks
Chris

Hi All,
        Thanks to the author of the below blog post I have a single VLAN running over a OpenVPN client connection

https://blog.veloc1ty.de/2019/11/24/opnsense-route-subnet-over-vpn/

However just wondering if there is a better way without hardcoding IP addresses on a Gateway and OutBound NAT?

If I uncheck Don't pull routes on the OpenVPN client connection it all configures automatically but then all my outbound traffic goes via the OpenVPN client connection.

Thanks in Advance
Chris