Messages

You can remove the checkbox "Allow DNS server list to be overridden by DHCP/PPP" and add 9.9.9.9 in one of these DNS fields, but do not select a gateway.

Also please read the helptexts and think about what you are doing, I cannot hand hold every configuration change you want to make. Try things out and try to understand the why and how. (E.g., why is the firewall a DNS client, and a DNS server, whats the difference...)

I did it. I remove the checkbox "Allow DNS server list to be overridden by DHCP/PPP" and add 9.9.9.9 in one of these DNS fields, but do not select a gateway.

 It doesn't work. Wireguard show the same error.

I don't think I can explain it better without writing way too much.

TLDR: You don't have to change anything more. You could also input your quad dns server in system - settings - general and uncheck using the ISP dns servers again if you want.

For anybody that comes after: Using wireguard with hostnames and forcing the OPNsense to be a DNS client to Adguard itself can be a bad idea due to race conditions during boot.

There is no selection  system - settings - general and uncheck using the ISP dns servers again if you want.

You cannot view this attachment.Do you mean untick the selection Allow DNS server list to be overridden by DHCP/PPP on WAN  then I put the empy line on DNS server 9.9.9.9 ????

and use gateway?

I upload screenshot

You can remove the checkbox "Allow DNS server list to be overridden by DHCP/PPP" and add 9.9.9.9 in one of these DNS fields, but do not select a gateway.

Also please read the helptexts and think about what you are doing, I cannot hand hold every configuration change you want to make. Try things out and try to understand the why and how. (E.g., why is the firewall a DNS client, and a DNS server, whats the difference...)

I don't think I can explain it better without writing way too much.

TLDR: You don't have to change anything more. You could also input your quad dns server in system - settings - general and uncheck using the ISP dns servers again if you want.

For anybody that comes after: Using wireguard with hostnames and forcing the OPNsense to be a DNS client to Adguard itself can be a bad idea due to race conditions during boot.

There is no selection  system - settings - general and uncheck using the ISP dns servers again if you want.

You cannot view this attachment.Do you mean untick the selection Allow DNS server list to be overridden by DHCP/PPP on WAN  then I put the empy line on DNS server 9.9.9.9 ????

and use gateway?

I upload screenshot

You can remove the checkbox "Allow DNS server list to be overridden by DHCP/PPP" and add 9.9.9.9 in one of these DNS fields, but do not select a gateway.

Also please read the helptexts and think about what you are doing, I cannot hand hold every configuration change you want to make. Try things out and try to understand the why and how. (E.g., why is the firewall a DNS client, and a DNS server, whats the difference...)

Thank you very much. I appreciate your help.


1. Which is better option. with tick allow dns server.... and blank dns fields or opposite?



Sometimes I use Adguard with Unbound dns as recursive, caching DNS resolver.
2. in dns field I have to fill 127.0.0.1:5353  ?

I don't think I can explain it better without writing way too much.

TLDR: You don't have to change anything more. You could also input your quad dns server in system - settings - general and uncheck using the ISP dns servers again if you want.

For anybody that comes after: Using wireguard with hostnames and forcing the OPNsense to be a DNS client to Adguard itself can be a bad idea due to race conditions during boot.

There is no selection  system - settings - general and uncheck using the ISP dns servers again if you want.

You cannot view this attachment.Do you mean untick the selection Allow DNS server list to be overridden by DHCP/PPP on WAN  then I put the empy line on DNS server 9.9.9.9 ????

and use gateway?

I upload screenshot

The firewall is a dns client itself, just as for example a windows PC or iphone or whatever in your network.

In system - settings - general you configure how the firewall itself should resolve dns names. (e.g. where the firewall as a client should send requests to, to resolve google.com and other names for its own use.) This does not affect your other clients.

If it uses a service on localhost e.g. adguard, it depends on this service to be available to resolve names when wireguard starts. And that seems to not always be tha case.

So by giving the firewall a different dns forwarder (your isp provided ones for example) to use only for itself, it doesnt need adguard and can use the fast path without this dependency.

If it works now consistently after reboots that proves it.

I am not sure if I understood. I understand that opnsense is a client dns as a iphone. Do I have any change under Sytstem -> Settings -> General -> below Networking section ??



I think is fixed only with one click. Thank you very much

I would enable

- Allow DNS server list to be overridden by DHCP/PPP on WAN
- Exclude interfaces (dont select any)
- Do not use the local DNS service as a nameserver for this system (so adguard is not used for dns requests of the firewall itself.

these options only affect the firewall itself as dns client (eg if a service running on the firewall needs to resolve dns), not your normal clients in your networks. Your normal clients will still use adguard.

I enabled as I said - Allow DNS server list to be overridden by DHCP/PPP on WAN.

I don't understand this.
- Do not use the local DNS service as a nameserver for this system (so adguard is not used for dns requests of the firewall itself.
What do you mean?


I have inside adguard Upstream DNS servers tls://dns.nextdns.io and tls://dns.quad9.net.

I have news for you. I reboot now then there isn't any error at wireguard log file.

So it could be two things.

- Either your PPPoE login is very slow and internet access happens after wireguard has already started (I dont know if this delays bootup of services, I dont know the boot sequence that well)
- Or DNS resolution is very slow for some reason, check what happens if you select "Allow DNS server list to be overridden by DHCP/PPP on WAN" or give it a hardcoded dns server there e.g. 1.1.1.1 (System - Settings - General)

How check if PPPoe is very slow or DNS is very slow?

Some times after reboot works. Most of the times every morning that starts opnsense wireguard not work. I will try . Below Allow DNS server list to be overridden by DHCP/PPP on WAN  has the choice Exclude Interfaces. May I put 1.1.1.1 below DNs server  with none gateway?

Adguard do I have to disable ??

May I exclude some interface?

You didnt even tell what your DNS configuration is and what kind of WAN connectivity you have. Without disclosing more information there is little that can be done.

You could fix this right away though by using a static IP address as a target in wireguard. (Pragmatic since your environment is unknown)

I dont have static IP. I have vdsl only IPv4 I have no-ip.com a hostname. My dns is from adguard. I use quad dns. If I use unbound dns I have the same problem. Tell me what specific information do you want from opnsense then I will give you.

Thats the main difference between stable and non stable wireguard setups. Hostname resolution.

Some users who configure hostnames in wireguard might have issues, since wireguard only tries to resolve the name once and then just fails. If the firewall does not have working WAN or DNS yet after boot when wireguard starts, it fails on start if it depends on resolving on hostnames.

But I dont know in which order services start and if this can be improved or not, since quite some users have highly custom DNS settings (like using adguard home with dns over tls and making the firewall use that too).

So this bug have and other users. Franco says is my bug. So if someone has solve the problem , to write here and tell us the solution.

Golden rule of FOSS: If not everybody can reproduce, it's YOUR bug. Sorry, that's the way it is.

Various WG tunnels here, no problems with reboots for years...

Every day, every boot I have the below message. Please, would you like to help me to solve this problem. I have this problem over 2 years.

 /usr/local/opnsense/scripts/wireguard/wg-service-control.php: The command </usr/bin/wg syncconf 'wg1' '/usr/local/etc/wireguard/wg1.conf'> returned exit code 1 and the output was "Name does not resolve: `******.****.net:51820' Configuration parsing error"

Did you outline the precise steps necessary to reproduce the problem? Did you create a bug report/issue on github? No? So no bug that anybody but you knows of.

I sent to original site here. I don't have github account. I don't know how to report it.

Which bug?

Are you kidding me? If I reboot OPNsense the wireguard not work. I have to manual restart. OPNsense shutdown at nights because cause sound then I cant sleep.

I have to restart manually to work wireguard.

> I have the same problem

I don't?  :)

Do I have to put script to work? Which is version will be fixed? This bug is up 2 years.

23.7.4

Is there permantly solution for that?

That fix is going to be on 23.7.4.


Cheers,
Franco

I have the same issue. I use 25.7.9-amd64. I force to make a script to run after reboot.

Can anyone HELP please?

Coincidentally, a patch was added to 24.1.3 that addressed this sort of problem. ;)


Cheers,
Franco

I have the same problem

23.7.4

Is there permantly solution for that?

That fix is going to be on 23.7.4.


Cheers,
Franco

I have the same issue. I use 25.7.9-amd64. I force to make a script to run after reboot.