Messages

https://forum.proxmox.com/threads/pve-9-memory-on-pfsense.172542/

When I set this up by giving HAProxy cert-bringer's public key, I keep getting errors like this: Permission denied (publickey).

This sounds like OPN side is set so far and the error is given to the cert-bringer user by the remote host. The haproxy one.
So you need to configure sshd on that side.

good. Yes you need keyboard/monitor for console but I imagine you can remove them and plug them back in when required and the console will simply appear again when you "wake it up" with key presses. In reality is not "asleep" nor missing.

did you try my last suggestion, what was the outcome ?

All I can guess is that the console needs waking up but that is actually "there". I can't think of a way the console would be only available on boot but not reboot.
Can you try that, reboot, wait for the time when you can get to the UI so the system is fully initialised, then use the keyboard to see if the console (the login prompt in this case) comes up?

Or at a wild guess on a reboot if you are using EFI, that maybe there's a buffer variable kept and is not initialised ? Truly wild guess, thinking aloud here.

It sounds like an bios boot device ordering problem. Reboot with monitor/keyboard attached. Check the boot order is set to the disk with OPN installed. Also check that your install is BIOS or eFI and the selection on BIOS must match.

I see. On the Unbound UI only on specific or all interfaces, the recommended setting. That'll be because it is a service _meant_ to be made available to clients reaching it from these interfaces. But I see your point if you wanted to make it listen to a loopback then you need to get creative, as you have done.
However the way it is available using the UI gets you to the same outcome in the way I described, I think.

Without trying to downplay your experiences, there are thousands if not multiples of that using OPN with Unbound and without problem. Bugs are always a possibility however when there are like these here, they come to the configuration of either Unbound or how the network and their clients are setup to do name resolution.
@pftoon - if still required, please can you open your own thread, so it can be diagnosed in its own setup?
@pseudonym3k - if still a problem, we'll need to go to basics. I mean showing settings of multiple parts of OPN (like the ones on post #9), doing diagnostics from clients.

It could well be a corrupted filesystem if there are missing files.
System > Firmware > Run and audit: Health - should help to identify.
Also from there you resolve plugin conflicts, which restore the missing ones if you had restored a config. Installing from scratch will of course have no knowledge of what packages or plugins you had.

Unbound can have a port changed in the UI.
If you want to have AdGuardHome listening on port 53 you just need to tick the "Primary DNS" box.
The "normal" setup is AdGuard on 53 so all clients go to it first and AdGuard is set to go to Unbound on the different port as its upstream resolver.

I'm probably not understanding the requirement. If it is to change the port that AdGuard listens on, then it goes on its config file as there is no option on the plugin ui.

If I read htop correctly the RES is 3700 so 3.7 megabytes

I'm saying that the dhcp service gives to clients various pieces of information including the dns server to use, that's all.
I don't know what else to suggest then if your clients have problems when you only use Unbound for name resolution. Normally it is a configuration problem, whether on Unbound itself or the overall dns resolution setup for clients, which is what I've been trying to get you to see.

Services like AdGuardHome but seems not.

I previously had Unbound enabled (it came that way by default). I did nothing further with it. In System->Settings->General, I had specified three DNS server IPs. Nothing more for DNS. It's been this way for a couple of years, and no trouble here that I'm aware of.

System->Settings->General is for OPN itself but take notice of the tooltips because then you can start pushing these to clients depending on other settings.
Then you look what you have in your selected  DHCP service. That gets passed to your clients. Say for instance ISC DHCPv4, expand your LAN interface settings there. Check the tooltip for "DNS servers" too: "Leave blank to use the system default DNS servers: This interface IP address if a DNS service is enabled or the configured global DNS servers." So that means that if you have Unbound enabled and as per default listening on all interfaces, the DHCP lease will have this interface's IP as the DNS server for the clients. But you can see you can also override things here.
As diagnostic, when it happens on your clients, check what ip they are using for dns.

phew, just in time hey! There are plugins available to save configs regularly like sftp and to nextcloud.

@pseudonym3k I read you are running a pretty "default" setup but it is an upgrade so worth visiting basics. What services do you have running on your infra and on OPN ?