Messages

Something funky is still going on, even between updates.

In the past week I've bought a new m.2 ssd and reinstalled opnsense (ZFS) and all plugins incl adguardhome.  New ssd is reported as OK by SMART tests.

Now I'm noticing that even between reboots (no updates) that some of the adguard home config changes I've made since the last reboot are lost.

Not sure that can mean a repo issue?

I've ordered a new ssd and will reinstall next week and then see what happens during the next scheduled update in 1-2 weeks time, not sure what else I can do for now?

Hi, I already have the microcode and those tunables applied after I spotted them from last time I had an issue.

I guess I'll see how it goes next set of updates and report back but would be interested to see if anyone else with an N series chip experiences continuing problems.

Yes that's what I'm running the adguard home only repo.

I'm not convinced this is the issue though.  When I upgraded from 25.7.3 to 25.7.4 I got a "/" corruption error but at the time didn't report it as I was short of time.  I suspect the same has happened again but it's not shown in the logs and I didn't see it on the screen during update.   The SSD seems fine via SMART so like the other thread I linked above there seems to be a possible N series Intel corruption issue lurking somewhere?

So run a pkg update after upgrading each time?

I have an issue which may be related to: https://forum.opnsense.org/index.php?topic=48343.15 but I'm using the ZFS file system and I've implemented the tunables recommended in that thread and rebooted before I upgraded (as I suffered this issue last upgrade last week). 

When I update (as I just have from 25.7.4 to 25.7.5) I'm experiencing an issue where the update doesn't work first time and my Adguard Home and Unbound config reverts to a previous version and I have to update again (which then works) and restore my Adguard Home and Unbound config. This issue also happened when I upgraded from 25.7.3 to 25.7.4.

I'm using ZFS on a sata ssd and there are no SMART errors and I can't figure out what's going wrong.

I've attached a system.log file from today, but not sure what to look for?

Edit: I'm also now noticing that on just a plain reboot (no update) that my unbound config is reverting to a previous version as well, so something funky is going on

I've just added a port forwarding rule to forward UDP port 41641 to my linux server which runs Tailscale to allow me to access plex, jellyfin, immich etc when away from home.  Without port forwarding I was being DERP relayed which isn't great for plex etc as the bandwidth is pretty low.  With a direct connection I get better performance out of my synchronous gigabit connection.

However I would also like to limit what can connect to this port so I first created a host alias for the two new Tailscale FQDNs 'login.tailscale.com' and 'controlplane.tailscale.com' and then the IPv4 and IPv6 rules below to effectively only allow connections from these hosts.

This is working as in I can still connect to may server when remote, but would appreciate and comments on whether this will achieve what I'm trying to do in terms of blocking anything else or isn't effective etc.  In the rules below, "BRSK" is my WAN interface. 192.168.1.9/32 is the IPv4 address of my server and I have obfuscated the IPv6 address. I get a static /48 from my ISP and therefore my LAN gets a static /64 delegated.

I'm switching ISP in less than 2 weeks and trying to plan out the best way to update my config to update the connection type, interfaces, gateways, default routes etc etc.

My current ISP (BT) is PPPOE/DHCPv6 and my new ISP (BRSK) is DHCPv4/SLAAC.

Can I achieve this via the GUI or do I need to go to the shell and re-assign interfaces? Which is the best way?

My current ISP uses PPPOE with credentials for IPv4 and DHCPv6 over PPPOE for IPv6 and they give out a /56.

My new ISP has no credentials, I need to clone the MAC address of their supplied router onto my WAN interface and then change to DHCPv4 and SLAAC on WAN to get a /48.

I've seen some posts about residual gateways and routes causing problems so how to go about this please?

I use Kea DHCPv4, Router Advertisements for IPv6 (no DHCPv6 on LAN) and Unbound for DNS if they matter.

Hi @tinkermanuk did you ever get this successfully sorted?

I'm planning on swtiching from BT (pppoe) to BRSK shortly (DHCP IPv4 and SLAAC for IPv6) and was looking at the same settings as you were in OPNSense and got confused.  I had hoped it was a simple setting switch but it looks more complex.  For example did you have to make any changes to  gateways in addition to the pppoe > DHCP switch?

At the very least I would recommend accessing plex via a reverse proxy.  Caddy is a simple reverse proxy to set up and handles certificates etc for you.  Yes you will need a domain and a ddns service (unless you have a static public IP address).

Alternatives are accessing over wireguard/tailscale or some people even use cloudflare tunnels, latter may be against cloudflares ToS but these options do not require any open ports.

If you search the plex and selfhosted subreddits you will find lots of posts on how to do these things and they will all be a step up from forwarding a port directly to plex.

Nobody?

No, 24.7.3_1 is fine for me after the devs reverted back to earlier versions of dhcpv6. I believe there were upstream freebsd ipv6 issues that haven't been fixed.

My system went down at 02:13 last night, I'm assuming my ISP assigned me a new IP address or ipv6 prefix but it looks like dhcpv6 couldn't cope and failed?

My ISP is BT in the UK so I'm stuck with pppoe at the moment, my log file is attached and I've trimmed it to start at the point of failure if you read it bottom up.

Any ideas?  This was on 24.7 and after a restart I've upgraded to 24.7.1.

Think I've cured it, NTP wouldn't start either and was complaining about an fd address issue, so I removed the virtual IPs for my LAN and IoT networks and this has cured both.

Not sure why this is suddenly a problem....?

Unbound won't start after a reboot, message in log is "Unable to open pipe. This is likely because Unbound isn't running."

I've tried turning off as many settings as possible including DNS over TLS and using the system nameservers (configured to 9.9.9.9 and 1.1.1.2) but still won't start.

Unbound is listening on LAN interface, port 53, no overrides, blocklists or any advanced settings enabled other than prefetch.

My WAN connection is pppoe with dual stack ipv4/6