Messages

Oh, ok, thanks, I didn't consider that option.
Anyway that would mean that I have to set the DNS server for each interface?
I have 14 interfaces at the moment... So it is doable, but maybe not so maintainable (in case in future I need to change AdGuard IP address).

Anyway I will consider this option.
I am also considering to use Pi-Hole that if I am not wrong allows creating IP aliases/override.

Hi,

I know this question has been already asked, but I wasn't able to find a working solution.

I am using AdGuard (running on a docker container) and Unbound just because I like how it allows me to define DNS override and alias (AFAIK AdGuard doesn't have that feature) in order to reach my internal services using a nice name instead of IP address.

I've enabled "Services>Unbound>Query forwarding" in order to use AdGuard as DNS filtering, and it works perfectly.

There is anyway a little annoying thing, all DNS queries are in AdGuard are reported as made by the same IP address (that is the OPNSense interface).
Is there a way to solve this annoying thing?

Thanks

I solved using a not so elegant workaround.
I uninstalled the wireguard-go plug-in and installed the official wireguard instead.
I was using the Go version since I read that it is compatible with Zenarmor, but I am not using that feature in my configuration at the moment.

Hi,

I've deleted my Wireguard interface by mistake and now I can see in my list of unassigned interface with an exclamation mark reporting "administrative disabled", but I cannot assign it anymore.

I've already tried to uninstall Wireguard plug-in, reboot, and install it again, but it seems all the configurations were kept (so I couldn't re-insert the interface), so it didn't work.

How can I solve this problem?

Thanks

Exactly (sorry if it was not clear) what I meant was if it is ok to remove all untagged interfaces, also the default one (called LAN) so you can access to the network only through a VLAN tag.

So it is anyway better to have at least one untagged network just in case, and maybe create some strict firewall rules in order to reduce vulnerabilities.

Hi,

I am wondering if I need a LAN interface (I mean the default LAN interface created by OPNSense) defined once all my traffic is managed using VLAN networks, so I guess/expect there should be no traffic going through this interface.

I can only see the LAN network could be useful in case something goes wrong and I need to connect directly to the firewall bypassing my switch, but I feel like I am missing a huge detail here!  :-\

P.S.:
Actually I am thinking to use VLAN over LAGG, so default LAN interface seems to be even more useless, but again, I feel I am doing something wrong.