Messages

Hi gspannu, any plans to update Blocky to the latest version?
Thanks so much for providing the packages, OPNsense and Blocky are a perfect match!

Thanks! It's working fine again

Hello, any reason why the Github page was removed?
https://github.com/gspannu/OPN-Plugins

Recognized it when my OPNsense told me the repo is unavailable when updating my packages.

Just installed the Blocky package, thanks so much for providing an OPNsense version.
It works great and was out of the box compatible with my existing config.yml from my Blocky docker instance.
That's one thing why Blocky is great, the config.yml is easily deployable and requires minimal to no changes between platforms with setting it up in mintues.

Would be great if your plugin could offer more functionalities over the OPNsense WebUI in future, for example editing the config.yml or showing the logs.

Now I have two blocky instances running on different hardware.
My DNS maintenance windows won't affect my family anymore. :)

[The code is here on]

I'd like to look at the source code of the plugin itself, but I can only see the compiled package in that repository. Would just interest me without having to install the package first.

Essentially I'm interested in this plugin since it uses a go binary and its available in the freebsd ports.
https://cgit.freebsd.org/ports/tree/dns/blocky

The code is here on Github
It is a very simple plugin, identical to AdGuard Home plugin and built on the same code.

I would absolutely love it, if you would take this on and build a full fledged plugin as you did with os-caddy.
Really appreciate your work there... 🙏🏻

Was the source code removed?

Opening the link results in error 404:
Github

It seems like that indeed, since only a few specific clients are behaving like this.
Doesn't seem to be a problem at all, since I discovered no issues so far on my clients.

Hello,

my OPNsense is configured as a DNS upstream server and the domain "home.arpa" was added in General System Settings.

I have an issue where the domain is applied external requests.
When DNS requests are answered by Unbound, the "home.arpa" domain is added as a suffix.

Example:
cloud-jobs.linkplay.com
is changed to
cloud-jobs.linkplay.com.home.arpa

That happens not with all, but with many domains and results in a SERVFAIL error.
Unbound is set in transparent mode, to resolve local requests (for DHCP static leases) and external requests

Could someone tell me how this can be fixed?

I configured a cronjob to run firmware updates every day at 4 AM.
It seems that minor updates are installed but major updates are only triggered when searching manually for updates. Not sure if my cronjob is correctly set. So far no stability issues with this setting.

My cronjob:

Code Select Expand

0 4 * * * Automatic firmware update

There also seem to be more options regarding automatic firmware updates:

• Custom Firmware Update Check
• Custom Firmware Update Install
• Firmware Update Check

Not sure if multiple options need to be combined, thus multiple cronjobs are required.
Do we have a best practice how to set automatic updates per cronjob?

After following this thread: https://forum.opnsense.org/index.php?topic=32232.0

I enabled a Cron job with action "Renew DNS for WireGuard on stale connections" that runs every minute.
After rebooting my OPNsense multiple times, the connection worked every time.
Let me check if this fixes my issue on a long run, gonna report back.

The endpoint is configured via DNS entry.
I'm not sure how I could replace it with IPs, since the domain resolves multiple IP adresses via nslookup.

Is there some workaround for this specific issue, where a DNS entry can be used as endpoint?

The issue happened in earlier versions and was fixed:
https://forum.opnsense.org/index.php?topic=34949.0
https://forum.opnsense.org/index.php?topic=18956.0

Is it possible the issue came back with 24.1.5?
The issue is reproducable in my case, my WireGuard link does not go up after a reboot until I click "Apply".

Hello,

since a few OPNsense versions now, I discovered that my Wireguard VPN tunnel is not coming up after a reboot automatically. After restarting my OPNsense shows no active connection via "VPN -> WireGuard -> Status"

Workaround:
To solve the issue until the next reboot, I have to manually disable and enable the WireGuard instance via "VPN -> WireGuard -> Instances"

My guess:
The issue might be related to my WAN uplink, probably the service tries one connection only and it fails since my WAN link is not up yet. The service does not seem to try it again after the WAN link is up and the WireGuard instance keeps being down.

Does someone have an idea how to fix this?
I'm running the latest OPNsense 24.1.5_1 version.

Kind regards

Guess I found the right configuration after following this guide:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

I had to disable "Dynamic gateway policy" on the Wireguard Interface.
Instead a gateway IP has to be added to the Wireguard VPN instance.
Afterwards a new gateway needs to be configured on System settings as mentioned above.

Seems to work even after a restart now.

Hello,

today I discovered my whole network went offline today after making changes days ago.
After troubleshooting and resetting my whole OPNsense install, I discovered the reason for the issue.

I have 3x interfaces configured (LAN, WAN, Wireguard).
LAN and WAN are running with default settings.
Wireguard is an interface I added after successfully configuring a Wireguard config, which is policy based and only meant for specific clients with specific source IPs.

The VPN setup worked great, until my Firewall was restarted than everything went offline.
After checking my routing table I discovered the default route was deleted.

This happens when on my Wireguard interface following option is configured:


Everything works when this option is enabled, until my router gets restarted.
Then the VPN still works but internet traffic from other devices is not sent out anymore since the default route gets deleted. Disabling this option makes everything work again for my Non-VPN Clients.

Could someone help me to fix this?