Messages

By the time I'm able to log in to the box, there's nothing holding open port 53, for tcp or udp. I'm quite convinced this has to do with the interface not being up when adguardhome starts.

Before doing anything manually, what does "netstat -na |grep 53" show?

Is there a way to say that adguardhome service must start after openvpn has completed?

Unfortunately I need to manually specify interfaces, since I have some vlans where I cannot use AdGuard. I think in your case, though, it would bind, but then silently fail for UDP queries on your openldap network. Or, at least, that's what it should do based on the errors I saw.

seems that way. In my setup I don't have this problem, probably because I don't bother with selecting interfaces for AdG. That is where the firewall rules come into their own. So my AdGuard has in its config

Code Select Expand

dns:
  bind_hosts:
    - 0.0.0.0
  port: 53

It looks like when it tries to create the UDP bind on my openvpn interface, that fails (192.168.99.x, below). My guess is the system is bringing up adguardhome before openvpn has had a chance to start and create that interface. In my config, I only see interfaces where I want adguardhome to run. I don't see an option for disabling just UDP on one of the interfaces. When I temporarily disabled adguardhome on the whole VPN network, it did come up successfully.

Piece of the log from the failed launch at boot

Code Select Expand

2025/12/10 18:54:33.531933 [info] dnsproxy: creating udp server socket addr=192.168.40.1:53
2025/12/10 18:54:33.531976 [info] dnsproxy: listening to udp addr=192.168.40.1:53
2025/12/10 18:54:33.531992 [info] dnsproxy: creating udp server socket addr=192.168.41.1:53
2025/12/10 18:54:33.532060 [info] dnsproxy: listening to udp addr=192.168.41.1:53
2025/12/10 18:54:33.532076 [info] dnsproxy: creating udp server socket addr=192.168.80.1:53
2025/12/10 18:54:33.532124 [info] dnsproxy: listening to udp addr=192.168.80.1:53
2025/12/10 18:54:33.532140 [info] dnsproxy: creating udp server socket addr=192.168.99.1:53
2025/12/10 18:54:33.532196 [info] dnsproxy: warning: binding attempt=1 err="listen udp 192.168.99.1:53: bind: can't assign requested address"
2025/12/10 18:54:33.533087 [error] closing query log: flushing log buffer: nothing to write to a file
2025/12/10 18:54:33.533120 [fatal] starting dns server: configuring listeners: listening on udp addr 192.168.99.1:53: listening to udp socket: listen udp 192.168.99.1:53: bind: can't assign requested address

Thanks. I finally had time to try this, and unfortunately, it did not help. When I uninstalled the adguardhome plugin, it did correctly delete /usr/local/AdGuardHome. I reinstalled, restored my AdGuardHome.yaml, and rebooted, but the service didn't start.

Manually running the service after boot starts fine.

Is there some kind of facility to write boot / service logs to a file?

Is it possible some service at boot time incorrectly takes port 53, adguardhome fails to load, then the other service moves to a different port?

I've installed the adguardhome plugin from mimugmail. It was all working well. Some time ago, I think maybe when I upgraded from 25.1 -> 25.7, the plugin stopped loading at boot time. Every time after a reboot, I now need to ssh into the box and manually start it with '

Code Select Expand

service adguardhome start'. After that, it stays running and all is well. Is there some magic I need to do to force it to always run at boot? I learned recently that opnsense uses a mechanism other than /etc/rc.d to start its services. Any suggestions?

I did have a file in /etc/rc.conf.d/unbound with only the contents unbound_enable="yes".

I removed that, and it fixed this issue, thanks.

Maybe related: I also no longer have adguardhome starting at boot time. When I run it manually after a restart, it does launch. What method does opnsense use to decide which services to launch at boot? I'd like to make sure adguardhome is included in that.

Somehow, I think when I upgraded to 25.7, my opnsense server started runing a second unbound instance. Each time I reboot the system, it causes some issues where I have to manually kill one. I see that I've got the following running:

Code Select Expand

root@opnsense:~ # ps ax | grep unbound
47667  -  Is    0:00.03 /usr/local/sbin/unbound -c /usr/local/etc/unbound/unbound.conf
59585  -  Ss    0:03.94 /usr/local/bin/python3 /usr/local/opnsense/scripts/dhcp/unbound_watcher.py --domain [my.domain.tld] (python3.11)
93490  -  Is    0:00.28 /usr/local/sbin/unbound -c /var/unbound/unbound.confIt looks like the one that uses /var/unbound/unbound.conf is the correct config. The one using /usr/local/etc/unbound/unbound.conf should not be running.

I've grepped around trying to find why that second instance is loaded, but I don't see anything. Can anyone point me in the right direction? It also seems that my AdGuardHome doesn't run at boot anymore, but I'm guessing that's because this second instance of unbound consumes ports which I configure AdGuard to use, so AdGuard can't run until I kill the one unbound.

Thanks in advance!

I'm seeing the same thing with AdGuardHome. I can manually start the service after boot, both from the shell and from the GUI, but it doesn't seem to want to autostart. It worked fine before I updated to 25.1.

Thanks very much. Is there a way to auto-restart using either monit or some other service? In pfSense I used to use a watchdog to do that.

Still not sure why I'm losing connectivity, though knowing I've lost it is interesting.

I've been running 22.x since it came out and my system has been very stable. I updated to 23.1, and since then, my system will occasionally (maybe every ~2-3 days) stop serving up DHCPv4 addresses to machines on my network. Even if hardcode an address and ping or try to connect to the router, I cannot. I don't really know how to troubleshoot this more, since the only good fix I've found is to reboot the box. My questions:

1. Any good way to look at the logs from before the previous shutdown?
2. I've seen monit, but I haven't figured out how to use it to make sure that e.g. DHCP is up and running, or other core services
3. I've read through a bit of the forum and I haven't seen others with similar trouble. What should I do to help narrow this down so I can file a formal bug report, if that is indeed what this is?

thanks!

Thanks for sharing that config. It's similar enough to mine that it unfortunately didn't help. I'm now working with support at Namecheap to figure out what I'm supposed to enter as the domain to update. My wild guess is I'd have to make something like e.g. 'dd.EXAMPLE.COM' and then make a CNAME that aliases that, rather than just using EXAMPLE.COM as the dynamic host.

I'm setting up OPNsense to update dynamic DNS at provider Namecheap. In this case, the dynamic address is assigned to my base domain (e.g. example.com), so at Namecheap I have that configured as "@". In ddclient on OPNsense, I have configured the base domain (example.com).

In my logs I'm seeing that the domain is not found. I'm unable to set "@.example.com" in ddclient so I'm guessing that the base domain name is correct. My logs show the following errors. Can anyone tell me what I'm doing wrong?

Code Select Expand

2022-06-06T21:28:26-07:00 Notice ddclient[50858] 63477 - [meta sequenceId="78"] FAILED: updating EXAMPLE.com: Invalid reply.
2022-06-06T21:28:26-07:00 Notice ddclient[50858] 62791 - [meta sequenceId="77"] WARNING: </interface-response>
2022-06-06T21:28:26-07:00 Notice ddclient[50858] 62791 - [meta sequenceId="76"] WARNING: <debug><![CDATA[]]></debug>
2022-06-06T21:28:26-07:00 Notice ddclient[50858] 62791 - [meta sequenceId="75"] WARNING: <Done>true</Done>
2022-06-06T21:28:26-07:00 Notice ddclient[50858] 62791 - [meta sequenceId="74"] WARNING: </responses>
2022-06-06T21:28:26-07:00 Notice ddclient[50858] 62791 - [meta sequenceId="73"] WARNING: </response>
2022-06-06T21:28:26-07:00 Notice ddclient[50858] 62791 - [meta sequenceId="72"] WARNING: <ResponseString>Validation error; not found; domain name(s)</ResponseString>
2022-06-06T21:28:26-07:00 Notice ddclient[50858] 62791 - [meta sequenceId="71"] WARNING: <ResponseNumber>316153</ResponseNumber>
2022-06-06T21:28:26-07:00 Notice ddclient[50858] 62791 - [meta sequenceId="70"] WARNING: <Description>Domain name not found</Description>

Just wanted to bump this to see if anyone had any ideas?

We had a power outage a few days ago, and OPNsense came up fine after the outage, but only had a IPv6 gateway to my ISP. I manually disabled the WAN interface and then re-enabled it, and after that both IPv4 and IPv6 came up.

Is there a setting I need to do to force IPv4 to keep retrying to come up on WAN?

Also is there magic (such as firewall rules or otherwise) to let my internal IPv4 network use the IPv6 gateway to my WAN? thanks a lot.

(Edit: Renamed the subject for clarity)

Ok I've figured it out. I had the OpenVPN server set to listen on Interface "any". It needs to listen on Interface "WAN". D'oh!

thanks all!