Messages

If the container/VM/whatever does not get its IP address from DHCP, OPNsense simply does not know about it.

that was actually my thinking as well - how the heck would DNS know what my name/domain is, if I never asked network for IP... ;)

thank you
but
do I need to specify every host in overrides?
on top of localdomain, I have also some hosts, that I call with domain: "myhome" (i.e. books.myhome, movies.myhome)
I have an override:

all from *.myhome -> nginix.localdomain

and on that nginix proxy I have proper redirects i.e. books.myhome -> http://192.168.10.31:8081
etc

but now you say I shall put as many lines in overrides as many hosts with static IP set by host?
that will be double work, right?
If I get it correctly, then it might be easier to set static IPs on the opnsense instead...
please guide me

and thank you both for the answer ;-)

hi,

I have many hosts (actually probably all) that are either VMs or CTs on Proxmox.
When I set manually IP address for them, they are not being resolved by nslookup or so.
It is not the case when I either:
1- assign their IP by DHCP (dnsmasq on Opnsense) in Proxmox or
2- add them to hosts (static) on dnsmasq on Opnsense

So imagine VM with hostname signal, its IP is set on Proxmox as 192.168.10.3/24, DNS search on Proxmox is "localdomain"
Opnsense general settings domain: "localdomain"
When container starts it is not being registered by either Unbound or Dnsmasq (it does not ask for IP, right?)
I can ping it using IP but cannot ping as signal or signal.localdomain

No issue if I set DHCP on Proxmox for this container or if I set it as static host on Dnsmasq

What am I doing wrong?
Where is the problem?

thank you

Ideas:

* Submit improvements to the code.
* Submit feature requests to the issue tracker.
* Use the NUT package without the GUI for full customization.


Cheers,
Franco

I went for point 3 only because I have no idea how to contribute to the code
I tried expressing myself in the point 2 but I am not sure I did it properly

ultimatelly I changed the IP
since I have plenty of VMs and physical hosts that are dependent on OPNsense I did it in few steps:
1- created virtual IP: 192.168.1.254/24 pointing to interface, where my initial 192.168.1.1 was
2- changed on every host (with manual IP settings) IP of DNS from hardcoded 192.168.1.1 to hardcoded: 192.168.VLAN.1 - this way hosts that are on VLAN 10 don't use directly IP of DNS on the 1.x interface but according to their VLAN so i.e.:
192.168.10.1 for vlan 10
192.168.30.1 for vlan 30
etc
and:
192.168.1.254 for hosts that have no vlan - also for these hosts I had to change default gw from 192.168.1.1 to 192.168.1.254
3- in the Services/DHCP I removed IP of DNS so every interface announces its own IP ad DNS IP
4- rebooted everything all was working, changed the IP of interface from 1.1 to 1.254 and removed virtual IP.

So far no issues.
But truth be told it was not 1 minute job. Maybe because my configuration was like that or maybe because I am not an expert.
Anyway, thanks all for encouragement.

it looks like I succeeded - thank you again
with small caviat: to get disks temperature I, the command:

Code Select Expand

smartctl -a /dev/ada1 | grep Temperat | awk '{ print $10 }'
requires root priviledges so I did not get it yet how to. But for CPU/ACPI the user telegraf is enough to get the data (without and with fan installed):

thank you @cookiemonster, I shall try, I think I know how to ;-)

i know i know...i could use vlan or openvpn to avoid all this but i don't want my cell phone being a part of the network even temporarily to check the ip camera feeds. thx

while others help you with port forwarding (which is btw quite easy on OPNsense) I will tell you what I did with my cameras:
1- (of course) for all my IoT devices I have separate VLAN: 30
2- LAN ports on managed switch and SSID for IoT connect them directly to this VLAN
3- and now some rules on this VLAN:
- allow DNS
- allow all to reach my Home Assistant IP on another VLAN
- block everything else
4- this way all IoTs are exposed to Home Assistant that includes cameras - if I want to see what is going on I use remote access to my HA and while I am at home I can connect to the camera as well
5- checking the firwall logs, the IoT devices are SCREAMING all the time: LET ME CONNECT TO MY HOME SERVER!!! usually it is in China. And cameras are top 3 with that screem.

I hope you got what I wanted to say ;-)

I am using Tailscale on OPNsense for some time I did not notice such issue - strange

hi there,

I am trying to figure out if I need a fan or not but one thing that does not help me is: the cpu temperatures shown in the report on GUI are not showing trends - only the status at this particular moment:



Is there any way to have it exported on regular basis?
I tried Monit and Telegraf but it seems this information is not there.
Any other way?

thx

I have done this for an internal Opnsense router, assigning its management LAN port 10.a.b.1 rather than 192.168.1.1. I found the least error path was to plan the assignments then do it in initial setup.

that is obviously true - if you start properly then the rest is easier

Me too. In theory you can also edit the backed up config file with the changes needed, then load this from VGA or SSH.

I have checked where in config is the current IP of the router

Code Select Expand

grep 192.168.1.1 opnsense-config-20240411_011301.xml  and it seems the only places are:
1- LAN settings (obviously) for VLAN 1:

Code Select Expand

    <lan>
      <if>igc1</if>
      <descr>Servers_1</descr>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
      <ipaddr>192.168.1.1</ipaddr>
      <subnet>24</subnet>
    </lan>

2- DNS settings for all interfaces:

Code Select Expand

    <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>

3- some rules allowing to connect to DNS for all VLANs:

Code Select Expand

            <content>192.168.1.1</content>
            <content>192.168.1.1</content>


So, in theory, if I just edited this backup file - changing the IP fro current to new -  load it and pray a bit, I should have it restarted with new IP address of the router and all interfaces (DNS) and rules also updated.
Then, on each host that is NOT using DHCP I shall change the DNS only - default gateway for every host is its interface IP so for VLAN 10 it is 192.168.10.1 etc.

I might give a try this way ;-)

right, to go further I use even another machine where my UPS is connected to, that works as nut server
all other machines work as clients
but even client (each client) requires some customisation
and on TrueNAS the customisation option is a bit higher than on OPNsense
good example is: if one of the clients is a Proxmox machine, I will give this machine much more time to shutdown than the other machine that is pure firewall or so

hi Patrick,

I spent some time and described everything last month here:

https://github.com/opnsense/plugins/issues/3855

thank you Patrick
but the GUI for the pluging is very limitted with the configuration

ok, thank you, I hear you both
when I mentioned "many" I meant: openwrt and dd-wrt default settings of their firmware
but also of the ISP routers
I have few r7800 and other WAPs that I repurposed to be only dumb wireless access points
but whenever I play with them and as consequence I need to... reset them to the default (as of course playing is playing) I need to disconnect them from the switch, bring close to my laptop, login, change IP to the proper one and reconnect again

but we moved to the less important part of my post - why to change the IP
my main question was: is my procedure mentioned in my post proper to change the OPNsense IP or anything missing there?

thank you both