Messages

according to freshports drm-kmod has two dependencies:
1. gpu-firmware-kmod>=20220511 : graphics/gpu-firmware-kmod
2. drm.ko : graphics/drm-61-kmod
So you were installing one of the two dependencies. Looking at the first one, in turn depends on 127 others.
Short of it, it becomes too much of a dependency burden for what you yourself described as a headless FW appliance. These dependencies are for desktop type systems.
So my suggestion is to see if you can build it or pull the package into a VM and see if you can then move it across.

Right. At least being aware of them you can see why it might still happen, with the issue being apparently rooted on user's receipts (or rather lack of), not on the sending.

stepping away, just wanted to see if you had checked that.

the guest network now has internet and dns. OPNsense looks to be running 100%. I haven't noticed and issues so the network is working 100% for now.

Glad to hear.
As to your current questions, 'mafraid I can't tell.  No idea what those screenshots are even. Or what bridge that is referring to.

Sorry I don't have knowledge of multi WAN. Last parting thought. My suspicion is that there is a misconfiguration that can only be found by addition rather than elimination at your stage. Or rather, that is the approach I would take. You know when you have made so many diagnostic changes that things are a rather convoluted and you can't remember what was what. Happens.
So I would setup OPN from scratch with ONE provider, one WAN only. The problematic one. That's your "safe place". Get it working. That will be telling you the setup is right, before moving to any multi WAN setup.

Zenarmor > Settings > Database. There is a setting there "Directory Storing Database Files". I would look there if perhaps is not pointing to your modified location.

Not quite correct. The behaviour of /etc/resolv.conf for your OPN is determined by the use of System > Settings > General > DNS Server options.

/etc/resolv.conf and the bind address of the DNS service are not related to each other.

I know. There is the rest of the post for context.

I'm glad to hear. Perhaps you would consider for closing the loop, editing the title and ad [Closed] or [Solved]

perhaps of use
https://forum.opnsense.org/index.php?topic=40727.msg213549#msg213549
https://forum.opnsense.org/index.php?topic=40727.msg226879#msg226879

p.s. you should also attach the pic of your NAT rules. We're missing that bit.

And just to clear up, on the mikrotik:  sfp port to open sense: tagged only, vlan 10(converted from LAN) and vlan 40. Port ether4 w/ruckus, access port vlan 10, tagged vlan 40. All other ports, access port vlan 10.

Yes managed switch to OPN is tagged only.
Ruckus, not much of an idea, I don't have experience with them. If it is a wireless access point, if it connects to an access port on the managed switch, then is to be as you configure the port on the switch, either with a tag if is the AP is VLAN-aware and tags traffic as it delivers it to the switch, and then the switch port needs configuring for that.

sure we can help to check the trunk setup (might or not be "the issue").
From the mikrotik you need to set the "wire" going from it to OPN as a trunk. That means ALL traffic is tagged.
Then on the OPN side of it, you need to have all VLANs as tagged devices. The "parent" device does not need to be assigned.
See mine. igc1 is the "parent" and not assigned. The two VLANs hanging from it are. igc1 is the "wire" from the mikrotik switch as trunk.
You cannot view this attachment.

>I'm trying to setup a guest vlan names GVLAN40, Vlan tag of 40. Client can get a DHCP address, reach the management interface, ping the gateway and DNS server. However, I can not get to the internet and can not resolve domain names.

How do you want to setup your VLAN DNS? Normally you run on OPN either dnsmasq or Unbound. In Unbound you set it to listen to all interfaces, which means will start listening on your VLAN IP. Then you simply copy the DNS allow rule from your LAN.
DHCP obviously needs also setting up on the VLAN.

same with mine AdGH yaml

Code Select Expand

dns:
  bind_hosts:
    - 0.0.0.0
  port: 53giving:

Code Select Expand

root     AdGuardHom 24535 115 udp46  *:53                  *:*
root     AdGuardHom 24535 119 tcp46  *:53                  *:*Additionally if I go to AdG UI and to the Setup Guide tab, I see that unwrapped to list each enabled interface including 127.0.0.1
I never added 127.0.0.1 to the yaml myself.

You now mention VLANs. That's new, and something to check. See if you have mixed tagged and untagged traffic. If yes, correcting that might be a gremlin to quash.
The arp table being incorrect puts you back (I think) on the multi WAN setup. A fallback should take care of that and if I believe it means it is trying to reach a gateway outside of your WAN net. Don't you have to setup a separate gateway for each WAN for a multiWAN, with some setting (I don't know which settings are correct) with the "Far gateway" an important setting?
Someone with better knowledge of multiWaN should be able to advice.
I wonder if your far gateways are both set for the one ISP and hence can't reach it when it fails over to the other. Just a thought. Could well be completely off the mark.

The port forward settings look right for a port forward to a specific port, and this:

What's even more odd, I'm not able to reproduce any remote access issues with the Plex app when I simulate a remote connection on my cell phone cellular network or from a different ISP and geo. However, my remote friend is no longer able to connect the Plex from multiple devices.

Also when monitoring the firewall traffic, I see the inbound connections successfully being established on Port 32400/TCP and nothing's getting dropped.

suggests that it is working fine. Maybe either plex side, or your friend's side has a problem.