Messages

The release notes for 25.7.8 have an important note:

https://forum.opnsense.org/index.php?topic=49869.0

The Unbound blocklists feature formerly known as a business feature is
now a community feature.  Since this required merging both the existing
community one with the business one you need to make sure to reapply the
blocklist settings after the reboot since it will not generate a new and
possibly incompatible format.  Make sure to check your automatically
migrated settings while at it.

Maybe this is it?

My blocklist is disabled at the moment, if I got what you mean.
Thanks

In general it doesn't. I run it at multiple offices and an entire data centre with that setting and no problems at all.

Something about your configuration must be unusual. Still pondering what that might be. Did you change the interfaces setting for Unbound, possibly? Something in private networks?

I read about another user on Reddit who is dealing with the same issue as mine. Anyway, I've never complained about OPNsense, but I have already run across a couple of problems with the last version.

I realized that Unbound, in this scenario (without checking the "use name server" button), works intermittently and unpredictably.

Then probably enable:

Services > Unbound DNS > Advanced > Log SERVFAIL

Ok, I can see something as I ran a query:

Then probably enable:

Services > Unbound DNS > Advanced > Log SERVFAIL

Ok, I started seeing something as I ran a query:



Thanks

Look at the Unbound log files for the cause of the SERVFAIL - how often do I need to repeat this?

I looked at both the Unbound log files and the firewall log. There is nothing meaningful. Even no log entries in the Unbound log files. The firewall lets queries PASS.

Thanks

As I wrote: investigate the cause of the SERVFAIL by looking at the log files.

If I set "Use System Nameservers" in the Query Forwarding settings, it works but I don't think Unboud is working properly this way.
Thanks

Probably local resolution fails entirely. You need to investigate the logfiles to find the cause of that SERVFAIL.

Your browsers continue to work because modern browsers implement their own methods of name resolution.

Yes, I found out that I can browser websites via Firefoxr because I had cloudflare DOT activatet on it.
But if I disabled it, I have the same problem. So, there is definitely something wrong with the DNS requests to Unbound.
But what exactly?

Thanks

 Hi,

OPNsense 25.7.8 runs as a VM in my Proxmox machine. I ran across a strange behavior of Unbound: my hosts behind OPNsense still have internet access and get their DNS queries resolved by Unbound if I simply uses the browser, but if I ping a website, say, google.com in the prompt command it doesn't get resolved.

I saw the logs in Reporting: Unbound DNS, and noticed that the requests from the hosts got dropped:



 Could you please help understand why it happens and how to fix it?

Thanks

Hi everyone,

I have set a virtual LAB UP in eve-ng, I gave the OPNSense 25.1 High High Availability a go for the first time, before deploying them in a production environment.
Here is what I got at the end of the setup:

Node1 (master)


Node2 (backup)


Not an expert here, but I think that WAN and LAN should should be both in master status.
In order to fix it, I also tried to tinker with the advskew: I set 101 on the master and 100 on the backup node, I rebooted but nothing changed.

How can I fix it?
Thanks

Hi everyone,
I have set a Dual-WAN failover up on my OPNsense v. 24.7.8. The WAN1 gets a static IP, while WAN2 is under NAT and gets a dynamic IP.
As long as the WAN1 is up, the external PC connected to OPnsense via a Road Warrior Wireguard tunnel can reach the LAN behind OPNsense, but if WAN1 goes down there is no connection anymore (only the devices behind OPNsense can go to internet via WAN2..as expected).
I set up monitoring on the WAN interfaces as well as "Allow default gateway switching", but Wireguard still doesn't work via WAN2.
Any suggestions please?
Thanks

It would also be possible if both have the same though, but then they need different LAN IPs and you can only connect a single WAN of OPNsense to them, means you need also a switch between the devices.

I don't think that I've understood what you mean above.
Thanks

anyone?

Hi everyone,

I was wondering if it is possible to set up a dual WAN failover where both WANs have the same gateway.
This could be the case if you have two modems/routers and two connection lines from the same ISP (or they could be different for that matter), and you put an OPNsense device behind them to better manage and protect your network.

Is it possible in OPnsense? Could there be some problems?
Thanks

Hi everyone,
I created two LABs in virtual environments, each running OPNsense as a firewall/router of their own LANs.
I also set a dual WAN failover on their WAN ports (one port with static IP, and a dhcp client on the other).
I then set a site-to-site Wireguard tunnel between the two OPNsense machines to make their LANs reach each other. Everything works great so far.

However, I noticed that the tunnel works as long as a WAN with static IP is UP on at least one side of the two LABs; in other words, if the two "static IP WANs" fail on both sides, the Wireguard tunnel stops working even though the two DHCP WANs are regularly up and the clients on both sides can go out to the Internet.
Is this expected and considered normal behaviour in a real-world scenario too?
Thanks

Moved to General Discussion. My bad, sorry