Messages

Dunno what Unbound's problem is, I have a fairly straightforward setup

In Services > Unbound > Query Forwarding, I have 192.168.1.24 port 5353 enabled which is my DNS resolver.

Randomly today I could not get onto aliexpress.com, my browser said it couldn't resolve the address.  I opened my terminal, and 'nslookup' also failed with SERVFAIL.  However I then typed dig address.com @192.168.1.24 -p5353 and it worked INSTANTLY. 

Tried dig @192.168.1.1 and it failed.

Where is the massive desynchronization going on here?  Why is OPNsense and Unbound reporting SERVFAIL when it very clearly is working just fine via dig?

Why not?

Terrible design choice, what do you expect people to do, constantly be deleting and recreating their gateways as needed?

I have to constantly re-do and update the gateways as I change tunnel endpoints, there's no reason I should not have permission when I am root

It's more likely the pppoe interface is displaying the correct ip address as negotiated from IPCP, and that your ISP has another layer of SNAT, nat'ing your PPPoE address to another address.

Thank you for the reply!

Oh dear, okay, well it seems that the only one listening to public incoming connections is the 78.x.x.x IP and NOT the 142.x.x.x IP reported in the monitor screen

I have a WireGuard server listening and it won't work when connecting to the 142.x.x.x internal IP, but works great when the 78.x.x.x IP is specified!

Thanks again for your time

Okay and just to follow up, after more testing, so on OPNsense itself if I spawn a shell and 'curl ipinfo.io' it reports the 142.x.x.x address which does report as my correct city and all other details, but then if I simply receive a DHCP address and do a 'curl ipinfo.io' on the client -- it reports the actual correct 78.x.x.x IP!  The one that I need to be passed to my Dynamic DNS monitor.

Thanks again, sorry for the triple post

I've even tried different check IP methods like 'icanhazip' and it STILL is reporting the 142.x.x.x IP instead of the 78.x.x.x one

So confused!

Hello, novice user here, using Bell Fiber internet in Canada.  I use OPNsense of course, completely up to date, and have think I've narrowed down my Dynamic DNS updating woes to the fact OPNsense is detecting the wrong IP address as my WAN IP!

What I mean is this

You cannot view this attachment.

If you see here, the IP is being reported as a 142.x.x.x address, which is being passed on to my Dynamic DNS client, and is unconnectable.
But when I open a terminal and do a 'curl ipinfo.io' for example, it displays my true IP which is a 78.x.x.x IP address

So I guess my question is, why?  And how do I fix it?

I need to pass on the 78.x.x.x IP to the Dynamic DNS updater, and simply choosing WAN isn't working

Thanks so much!

Hi there

OPNsense 25.1-amd64
FreeBSD 14.2-RELEASE
OpenSSL 3.0.15

Every day, several times a day, I have to re-enter my login credentials to OPNsense (192.168.1.1).  It absolutely refuses to keep me logged in and I'm not sure how to change this as it's persisted across both Brave and Edge now!

Furthermore it always flips back to 7 rows in the view and I need it to stay on ALL!  So I can see more than 7 small results at a time!

Thanks so much for any help

I've never disabled any cookies, though!  It's just my regular web browser and I don't have any kind of cookie rejecting stuff enabled or uBlock etc..

Thank you though, I am off to Google

Hi there

OPNsense 24.7.12_4-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

Every time I go into Aliases or tunnels or anything at all really, OPNsense is defaulting to a piddly 7 results at a time. 

I have to stop what I'm doing and go into the top right corner and change the 7 to "ALL" which wouldn't be so bad if it remembered, but it doesn't remember :(

I followed the guide in the OPNsense documents for Selective Routing to External VPN.  The tunnel is up with no problems, and connectivity works, yet my dashboard is showing the Gateway is offline, and in the interfaces, appears red with 100% packet loss:

You cannot view this attachment.

And to make things even more ridiculous, the gateway address listed IS pingable!  From right within the tunnel itself!  It's just OPNsense having problems for some reason?

And I obtained the gateway the exact way the guide says -- I connected the tunnel, did a traceroute, and that IP is the first hop after 10.2.0.1

Thanks kindly for any help!

I am in absolute hell right now.

Tried following the WireGuard Selective Routing to External VPN Endpoint tutorials and now I notice in the dashboard the wheel is filled up with state violations.  When I click the pie chart, it shows non-stop scrolling of state violation rules

I am in literal hell right now, and all I wanted to do was connect to my VPN's with OPNsense.

I hate this so much.  The guide I followed doesn't seem to work either, my DNS is leaking

I'm here for the same reason..  This is an absolute nightmare.  The documentation is one of the worst things of all, the guide just totally is ignorant to the needs of the user at the bottom of it

The tunnels are established, and I can assign a client to the alias which will then browse through the tunnel with no problems.  A 'curl ip.me' check shows the VPN IP..  But I can't solve the leaking DNS problem

I have the WireGuard config file, it says 10.2.0.1 is the DNS server!  I forgot to include this, sorry!  But I wasn't sure how this comes into play..  And if it's using that DNS server won't it be bypassing my Unbound?

I will go look around and see if I can find that, thanks for your response!

Hi there, I have been following the WireGuard Selective Routing to External VPN Endpoint guide and inevitably have DNS leaks now at the end of it, even when clients are successfully using the VPN, it fails all the DNS leak tests online which expose my home IP, and will be totally useless as a result

I run Unbound and it has all the ad-blocking stuff enabled so I am hoping to continue using it, only maybe make the DNS queries go over VPN instead of WAN?

The information at the very bottom of the guide is extremely confusing and jumbled up all over the place.  I don't want to stop using my local Unbound and switch to the VPN's DNS server..  I don't want to lose local network name resolution either, as I use that as well.

So I don't understand what to do.  The information at the bottom of this guide "Dealing with DNS leaks" is a bunch of vague theories with no information on how to actually accomplish anything..  as a novice user who depends on step by step guides to even get this far, it leaves me super confused and not knowing what to do

- My OPNsense installation is 192.168.1.1
- It's running Unbound+Ad Blocking for my home network
- It is using KEA DHCP reservations to assign hostnames to my local clients, and provide DHCP leases to clients which gives them 192.168.1.1 to use as DNS server
- I have ProtonVPN WireGuard endpoint created and can assign hosts to it through the alias, but the DNS leaks and exposes my home IP
- I don't want to change to an external DNS server nor lose local network hostname resolution

I want my browsing IP to show as the VPN, but also the DNS Leak Test address to show the VPN IP as well.  I still retain using Unbound with ad-blocking for client DNS queries.  Local hostnames are still resolvable

I have asked Google Gemini for some help because I can't really make sense of it all but I'd rather actually get the correct answers here and am willing to donate again once I get this fixed, as it's sort of holding up my entire network setup at the moment

Thanks again in advance for any help, I can provide any additional required details!

I am also left confused by the notes at the bottom of this page, and it seems other have had this issue many times before, even found GitHub issues about it where they just said the note at the bottom is good enough and didn't address it -- but it's not good enough..  I am a novice user, and the "solutions" are like reading another language almost

You guys can't just drop these vague notes at the bottom and expect people to understand it..  Further information, steps, diagrams or examples would be greatly appreciated

I am also stuck with leaking DNS servers after completing the Selective Routing to External VPN guide.  Thanks kindly for any help!