Messages

Edit: I just found that it depends on Type
URL Table: Refresh Frequency

I only have 1 alias where Type = Host(s). I change the default value here:
Firewall: Settings: Advanced
Aliases Resolve Interval [default (300s).]
my value = 14400

The new value is honored. Is this something different than the original post?

[nice feature]

# Check list:
Remove the trailing dot when adding a reservation (fix with script?)
(The trailing dot has significance in the context of kea)
It will crash unbound on a restart if not removed.

Restart unbound after adding reservation (trigger with script?)
After restart, LAN hostname resolution from reservation / v4, v6 (WORKS)

Track WAN IPv6 Prefix (under active development)
Make sure to temporarily turn off 'Track WAN...' if changing to a different DHCP server.
Update kea, unbound, radvd if WAN IPv6 Prefix changes (working on script)

Are options applied to reservations?
For example, IPv4 DNS server(s) shows as blank under the reservation list.
It also shows as blank in '/conf/config.xml'

Per documentation:
https://docs.opnsense.org/manual/dhcp.html
If a client is assigned a reservation, within the pool, but goes offline
Why can this IP be assigned to a different client?
IPv4 - It should be assigned based on the unique MAC address, and therefore NOT assigned to a different client?
IPv6 - Same, except by DUID?
By definition, reservation is matched vie MAC or DUID?

# Auto collect option data
Automatically update option data for relevant attributes as routers, dns servers and ntp servers when applying settings from the gui.

Auto collect option data (IPv4) (nice feature)
Automatic = (view by un-checking Auto...)
Routers (gateway)
DNS servers
NTP servers

Not Automatic =
Static routes
Classless static routes
Domain name (auto based on System settings?)
Domain search
Time servers
Next server
TFTP server
TFTP bootfile name

I have been very happy with Zyxel NWA130BE (WiFi 7). I actually get 2.5gbs performance over WiFi.

OK, great, I will try that.

Are you looking for "New Topic"?

Yes, it looks like it reappears for all of the sections below. I realize this might be "by design" to make it obvious that the items in a section can be changed with an action. My logic for allowing it to be sticky is if I know I will not need a command in a particular section, it saves a bit on screen area to see more information from the other columns. All other column choices appear to be sticky and the column widths remembered, which is great.

Code Select Expand

System: Access: Users
System: Access: Groups
System: Access: Privileges
System: Gateways: Configuration
System: Routes: Status (Action)
System: Diagnostics: Services (also missing the word "Command" under drop down)
Interfaces: Devices: Bridge
Interfaces: Overview
Firewall: Aliases
Firewall: Automation: Filter
Firewall: Automation: Source NAT
Firewall: Categories
Firewall: Groups
Firewall: Diagnostics: Aliases (also missing the word "Command" under drop down)
Firewall: Diagnostics: States


LAN has Track6 mode by default which launches DHCPv6 and Radvd.

This was not obvious to me when I did a fresh install and tried to change from ISC to kea or dsnmasq. After reading this entire thread, it now makes even more sense. I am on kea and IPv6 works perfectly.

I added a reservation using the '+' command under Services: Kea DHCP: Leases DHCPv6.
I then went to check the kea log and found this, without a time stamp.

Code Select Expand

FileNotFoundError: [Errno 2] No such file or directory: '/var/db/kea/kea-leases6.csv'
^^^^^^^^^^^
if lstpos is None or (os.path.isfile(fn) and os.fstat(fhandle.fileno()).st_ino != os.stat(fn).st_ino):
File "/usr/local/opnsense/scripts/kea/kea_prefix_watcher.py", line 51, in yield_log_records
for record in yield_log_records(inputargs.filename):
File "/usr/local/opnsense/scripts/kea/kea_prefix_watcher.py", line 109, in <module>
Traceback (most recent call last):
Has anyone else experienced this?

Edit: '/var/db/kea/kea-leases6.csv' does exist and seems to be correct.
Not sure if this matters, but before I saved the reservation, I removed the trailing dot from the hostname.

I recently switched from ISC to kea and I am very impressed. My environment is relatively simple, but IPv6 is working (lan, wan, nat port rules, etc.). Plus I like kea=dhcp, unbound=dns just from an organizational point of view. Not familiar with ("Ubiquiti") DHCP option requirements, but I would be curious if you wanted to share.

BTW, just wanted to re-mention this.

Excellent, thank you. I will google 'menu override files'. It is not security related, I just find myself clicking on the wrong service.

I modified 2 files. They will not survive updates, but I'm good with that.
comment lines 127-133
/usr/local/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml
comment lines 3-13
/usr/local/opnsense/mvc/app/models/OPNsense/Dnsmasq/Menu/Menu.xml
execute
/usr/local/etc/rc.configure_plugins

Thanks again.

Happy New Year
For example, can I remove the entire entry for dnsmasq?
I tried looking here:
System: Access: Privileges
But this area does not seem to cover the entire service.
And this is just to remove it from displaying, not the underlying software.
Thanks.

I also had a trouble with DNS after doing a fresh install a couple of week ago. When looking at
"Firewall: Log Files: Live View" and "Firewall: Diagnostics: States:"
I noticed it was complaining about this setting:
Interfaces: [WAN] > Block private networks
I executed "Firewall: Diagnostics: States: Actions: Reset state table".
Everything works great now, but resetting this table has become a very important step when setting up or making changes to the Firewall settings.

I have been testing with DNSSEC off, but DoT is still on. I am starting to agree with DEC740airp414user on this, even though information found seems to lead in another direction.
In particular, this option appears to affect performance:
"Harden DNSSEC Data"

Harden DNSSEC Data
If this is on, it appears to have a negative impact on performance.

Enable DNSSEC Support
If this is on, it was very difficult to see if it had an impact.

Both are off now. DoT is still on.