Messages

Hello,
I am very much a beginner when it comes to OPNsense. I apologize if this has been posted before, I couldn't find anything for my situation.

Today I setup my SurfShark VPN via WireGuard. I used this tutorial and it worked!:

Originally, I used this thread to setup Remote Access:https://forum.opnsense.org/index.php?topic=40273.0

But now my Plex Server's Remote Access isn't working. When Portforwarding I have tried to set destination to "Single host or Network" and the IP address to my new IP.  It did not work. Again, I have very little experiance with OPNsense, so if anyone could help me either with a resource or some step by step instructions I would greatly appreciate it!

Hi, can you guide me on how you succeeded in setting up Surfshark wireguard VPN on Opnsense ? FYI i am using Adguardhome as DNS resolver after disabling Unbound. I tried to follow this guide and i couldnt succeed. i have dnsleaks...

[/localdomain/]192.168.1.1:53530

what is this localdomain ? where do i find it ?

Thanks. i did just as you said. it looks bit more responsive now.
Will test it now for some time and report.

Ok, then you suggest i use AGH alone with Unbound for local dns resolving ????
can i just use Unbound running on another Port for local resolving and the rest of DNS Queries handled by AGH with DoT/DoH servers instead of using Unbound with its Port as the Upstream/Bootstrap servers ???

Yes! Move unbound to another port, say 53530, put AGH on port 53, and configure it to use unbound on port 53530 as the upstream for your "localdomain" and DoT for everything else, and (optionally) point to unbound for "Private reverse DNS servers" too.

wait wait wait pls... you mean i use Unbound with changed Port as Upstream DNS Server in AGH DNS Settings instead of DoT/DoH servers ?
i will tell you what i am doing now...
Upstream DNS Servers - from dns.brahma.world & libredns including its sdns addresses
Bootstrap DNS Servers - DoT Servers also from dns.brahma.world & Libredns including IpV6 Addresses
Fallback DNS Servers .. empty.... and
Private reverse DNS Server as 192.168.1.1:5353(AGH IP:Unbound Port) .

Is my configuration correct or should i fine tune it further ?
 

Is there a simple Guide on how i can setup Adguardhome + Dnscrypt on Opnsense or it is just Nonsense-Setup and i dont need it when i have AGH ?

If you don't know that you need it, you probably don't need it. AGH can do DoT, if you're worried (for some reason) about your ISP being able to see your DNS queries. dnscrypt seems like unnecessary complication, and likely WILL impact DNS resolution time (negatively).

Ok, then you suggest i use AGH alone with Unbound for local dns resolving ????
can i just use Unbound running on another Port for local resolving and the rest of DNS Queries handled by AGH with DoT/DoH servers instead of using Unbound with its Port as the Upstream/Bootstrap servers ???

Because when i use AGH as DHCP server + DNS resolver i have a very low response time of 1ms....
But when i use Opnsense DHCP and AGH as DNS resolver the response time is 8-18ms.... i can see that the website struggles to open in this setup compared to when the AGH alone handles everything... the Webpages opens on the fly and i can feel it...

Again, the DHCP server is NOT involved in individual DNS transactions, so there's some other factor in play here.

AGH provides a DHCP server implementation for cases where the existing DHCP server is not flexible enough to allow pointing clients to specific DNS services, which could be the case with a basic consumer-grade router/gateway, but it is not the case with OPNsense. Using AGH's DHCP server instead of ISC or Kea will not have any effect on DNS response times, provided DHCP is configured to point clients to the same DNS servers.

ok, then i will have to dissect my setup and pinpoint what could be wrong.
Is there a simple Guide on how i can setup Adguardhome + Dnscrypt on Opnsense or it is just Nonsense-Setup and i dont need it when i have AGH ?

I've not tried to use dnscrypt, so maybe there's some nuance that I'm not aware of, but....

Unbound is not a DHCP server, it's a DNS resolver.

The DHCP server is not "a hop in the network" - it's a service for centralising IP address assignment and network configuration for devices on your network. It's not involved in DNS transactions, other than telling clients which DNS servers to use.

What are you trying to accomplish with the AGH DHCP server?

Hi, now we are getting there with the right Point... all i am saying is that when AGH has its own DHCP Function and when i am using AGH as main DNS Resolver, why dont i use the both so that the DNS QUery from all the Devices works better and all in one Hand ?
Because when i use AGH as DHCP server + DNS resolver i have a very low response time of 1ms....
But when i use Opnsense DHCP and AGH as DNS resolver the response time is 8-18ms.... i can see that the website struggles to open in this setup compared to when the AGH alone handles everything... the Webpages opens on the fly and i can feel it...
If i use AGH as a DHCP server (i still dont know how todo it) + DNS server and when i disable Unbound completely, what happens to the function of local dns resolver? do i need it or will i miss any important function  or do i have any drawbacks associated with it ?

I am a total noob in Network... so please bear with my silly questions... hoping for a solution..

To add. https://github.com/opnsense/docs/blob/master/source/manual/how-tos/dnscrypt-proxy.rst seems to have instructions on how to get dnscrypt on OPNSense.

Sorry, this post didnt help me much. no matter how many times i override the config manually, once i commit the config and restart the service, the Config gets reset to default ... i dont know why

> Is there a way on how i disable the DHCP of Opnsense completely and use AGH DHCP function ?
Yes. I'm not sure why you'd want to do this but just disable it on OPN and enable it on AGH. Did you try that?

Hi, thanks for your reply. i tried that but AGH simply refuses to enable DHCP Option( an error keeps popping up saying its not possible) i think Opnsense doesnt allow that.
any Instructions on how to do it pls?

you mean its not possible to get AGH & Dnscrypt work together in Opnsense ? i could get it working together nicely under Openwrt.
Is there a way on how i disable the DHCP of Opnsense completely and use AGH DHCP function ?
On the Internet all i am seeing is the complex guide on installing AGH+Unbound+Dnscrypt. I dont understand why Unbund is necessary in the middle when AGH can function the same like Unbound?

Hi Forum Members,
i got latest Opnsense installed onto my Qotom q355G4. its running quite well. I also installed AGH with Unbound. But the response time is little bit more aroung 8-10ms.
i saw a guide where it says AGH + Unbound + Dnscrypt. Instead of installing all the 3 Plugins and get it to work which will obviously increase the resolving time, i wanted to try AGH + Dnscrypt Proxy 2 Setup by Bypassing Unbound totally. The DHCP Part works well in AGH, why dont we use it instead of diverting the traffic to Unbound and create one more Hop in the Network ? if it is possible i want to know how do i do it.
I tried to disable Unbound and also tried to enable DHCP Function in AGH, but it refuses to get enabled. I think i need to disable DHCP Function under LAN in Opensense.
I guess AGH can do all the functions of Unbound and it is more efficient. Then why should i use both together instead of using AGH for all purposes ? Is my interpretation of Network in Opnsense works ? if i am wrong pls correct i am not a network guy but i would like to try things. i am learning.

Any proper steps would be higly appreciated.

Hi, is Unbound necessary for AGH to function properly in opnsense ? Or can we just disable unbound and use AGH with it's DHCP function to do the DNS queries??? Will this idea work at all???

One more doubt.....
Is it possible to disable all the DNS services and use only Adguard home and it's DHCP function to work with opnsense? So that I don't have to redirect the port and install unbound or DNScrypt proxy and Adguard home for adblocking ??? If yes should I use DNS interface to only 192.168.1.1(opnsense up) or all and port as 53 ?? I will obviously disable unbound and Dnsmasq etc.. will it work without problems? I won't play any games or any rare services which exclusively depend on port 53. I will also port forward every request on opnsense to go through opnsense up and port 53. Will this setup work ? Atleast such idea worked on openwrt and I was happy with AGH and Openclash working on openwrt.

But if I remember correctly mimugmail had commented about it saying that he will include it in his repo. If that is not the case and if no one got it to work on opnsense, is there any one plugin which does the job of openclash in opnsense?

Hi, I happened to install opnsense today on rpi4b, which I was using to run openwrt with many useful packages like qosify, Adguard home, banip, crowdsec, irqbalance and most importantly Openclash. Everything was running as it should be.
I had an extra qotom q355g4 pc lying around and I thought I could make use of it and started reading on how to install all the useful plugins on opnsense. I somehow succeeded in installing everything correctly but this opnsense plugin is missing.
I am not able to find any guide or success story of openclash installing and running it on opnsense. I can link to this plugin on GitHub(

Code Select Expand

https://github.com/vernesong/OpenClash )
Is it possible to install and get it working on opnsense? If yes please guide me how and I also heard that mimugmail repo included this package but in the actual repo it's not there. I don't have that much skills to build this package for opnsense myself. Hence requesting anyone help here.
Please guide me. I want to use vless/vmess/shadowsocks server so that anyone who uses my network surf internet behind the proxy.

Thanks in advance.