Messages

See the OPNsense docs for guidance on selecting a DHCP server. https://docs.opnsense.org/manual/dhcp.html

@meyergru, I always learn something from your posts. Thanks for taking the time to elaborate.

I agree that Unifi is spread way too thin. They still haven't even removed the old legacy interface from the Network App.

FYI - I am running the USW 48 POE with 7.2.120, OPNsense 25.7.3 and multiple VLANs. I have not had any problems with STP. I do not have any untagged traffic on my trunk. Are you using RSTP or STP? I am using RSTP, and all Unifi options on my ports are off (e.g., storm control, loop protection,  etc.) except for STP.

You either need to run Kea or ISC or Dnsmasq for DHCP services. You can't run all three at the same time, even on different interfaces. If you are going to stay with ISC, I suggest removing all interfaces from Kea/DNSmasq and then disabling Kea/DNSmasq.

Note that the recommended DHCP setup for small networks is to use DNSmasq. It is the default for the setup wizard for new installs. See here. https://docs.opnsense.org/manual/dnsmasq.html

@meyergru and @OPNenthu - thank you for educating me. I always learn new things from this forum. I didn't consider the dependency on the native port in the case of a switch failure. Fortunately, I keep an old 8 port Unifi switch around as a cold spare for my main switch. In the event of my switch failing, I can at least get my 4 APs back online. I should be able to provision a new switch by setting one of the ports to a full trunk. Like @meyergru, I never experienced a problem when I had my OPNsense router (Protectli with Intel NICs) plugged into a full trunk port.

Why is a native network needed for Unifi gear? I have VLAN 90 set as my management VLAN. My Unifi switch and APs are all in VLAN 90. The UniFi Network Application is sitting in a server VLAN. When I provision a new Unifi AP, I set the new AP's port on the switch to tagged VLAN 90. This gets the new AP on the network with an IP in VLAN 90. I then adopt the AP, set the management VLAN to 90 in the device's settings and then change the switch port to a "trunk" (all VLANs without a native).

I changed my MGMT VLAN in Unifi to 90 and that avoids the whole native/VLAN1 issue.

I've been running AdGuard Home from mimugmail for years. It works great.

@benix, the utility recommends the commands to run. You'll need to run those commands to do the update. Or you can run the utility with the "shoot-me" option and it will prompt/run each command for you.

Thanks @Patrick for the helpful information. I've been using OPNsense for 3 years and did not know about this.

Thanks @Slashing for posting that utility. The utility can also be used to update the boot loaders. It worked great for me.

Confirmed. Created date is blank for me too. I opened a bug report:

https://github.com/opnsense/plugins/issues/4837

I upgraded to 25.7 on 7/23. I just checked my google drive and I see backup files from 7/24 and 7/25. Was it working correctly for you under 25.1 or is this a brand new installation?

I use a similar same configuration and do not need a gateway. First thing to check is under the DHCP options settings (Services->DNSmasq->DHCP options), did you set the "router [3]" option for VLAN 20 to your router's IP for that vlan and did you set the "dns-server[6]" option to the IP of AdGuard? If you are running AdGuard on OPNsense the IP address for the dns-server will be the same as the router IP for that vlan.

Also, confirm that you have firewall rules on VLAN 20 to allow port 53 traffic to pass to the AdGuard server.

Upgraded from 25.1.12 without incident. Google backups migrated to plug in during the upgrade. My other plug-ins (Ad-Guard, crowdsec, acme, ddclient, mdns repeater and nut) all seem to be working normally. DNSmasq and Unbound (only v4) are working fine too.

Thank you to the OPNsense team! It's like I get to have 2 additional birthdays every year.

KEA, ISC and DNSMasq can all be used. Pick the one the that works best for your requirements.