Messages

Opnsense 22.7.4 Install:

1 - Activate mimugmail's community repository

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

      Tick: Enable Unbound ( Listen Port: 5353 )

      Tick: Enable DNSSEC Support
     
      Network Interfaces: All

6 - Opnsense - Services - Unbound - Dns Over Tls

      Server IP: 1.1.1.1

      Server Port: 853

      Verify CN: cloudflare-dns.com

7 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist
     
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:

          192.168.1.1:5353

         
Extra Wireguard: If we have created a wireguard network in Opnsense, for example, 10.0.0.1/24 we have to set the dns 10.0.0.1 in the wireguard clients. In Wireguard Opnsense it is not necessary to configure anything.

This mostly worked for me for my main LAN (10.10.18.1), except under Services – DHCPv4 – [LAN1] I had to set the DNS server to 10.10.18.1 otherwise the clients don't get any DNS server address, but my clients on my secondary LAN (10.10.21.1) weren't working until I set the DNS server for LAN2 to 10.10.21.1 rather than 10.10.18.1. When I had Adguard running externally on 10.10.18.200 I was able to use that for both LANs but apparently OPNsense is a bit fussy about routing traffic across interfaces to itself.

This meant that I also had to create separate NAT-Port Forward "Force DNS traffic that is NOT addressed to my Adguard server" rules for LAN1 and LAN2, so I've got four rules in total, to cover port 53 and port 853 on both LANs.

For any report here please attach an update log, information on what version you started updating from and the exact error message you're seeing (whether on boot or in the GUI doesn't matter, but context is everything). This is a general statement not meant to address anyone personally.

I've updated my post to clarify that I was updating from 25.1.8_1 to 25.1.12. I actually thought I was on 25.1.11 but I restored from the backup made yesterday so clearly I wasn't.

After doing the latest update my OPNsense failed to boot, as shown in this screenshot


I've never been happier than I'm running it as a VM under Proxmox, as I was able to restore from my backup and get my Internet back within minutes.

EDIT: This was updating from 25.1.8_1 to 25.1.12

I'm running OPNSense 24.1.3 under Proxmox on a Lenovo M720q, with one inbuilt NIC and a four-port Intel PCI card.

All the ports are assigned to OPNsense as VirtIO bridges, and they are available in OPNsense. I've assigned the NIC to LAN and port1 on the card to WAN, as shown in the attached screenshot of the Overview screen. My ISP router is using 192.168.0.1, so I've assigned 192.168.0.2 to the OPNSense LAN port.

The clients are connected to a dumb switch, and that is connected to the LAN port, and my PC is set to 192.168.0.64, with the Gateway set to 192.168.0.1 when I have the modem connected to the ISP router, and I change it to 192.168.0.2 when I plug the modem into the OPNsense box, but even if I power cycle the modem to renew the address I can't access the Internet.

In the ISP router the Internet Connection type is set to Automatic - DHCP, and I've set the WAN interface in OPNsense to DHCP, but looking at the Overview screen it seems to get a DHCPv6 address but not a DHCPv4 one, so is that the problem?

Is 192.168.0.2 the right gateway address? Under System-Gateways-Configuration it only has a WAN_DHCP6 gateway, so do I need to add an IPv4 one?

EDIT: Never mind, it turned out I was plugging the router into the wrong port on my OPNsense box!

I'm using a Lenovo M720q with a PCI-E 4-port NIC card, which is running Proxmox and then OPNsense in a VM.

In Proxmox, under PVE-Network it shows the onboard NIC as eno1, which is assigned to the Linux Bridge vmbr0 and the CIDR is 192.168.0.199/24 (which is the address I use to access Proxmox) and the Gateway is 192.168.0.02 (which is the address I've assigned to OPNsense). Then the 4-port NIC is shown as enp1s0f0, f1, f2, f3, which are assigned to the Linux Bridges vmbr1, 2, 3, 4.

In OPNsense I have "LAN interface (lan, bridge0)" which I've given the static IP of 192.168.0.2; "OBLAN interface (opt5, vtnet0)" which shows the "WAN interface (opt1, vnet1)" which gets the address "100.x.x.x" from the Cable Modem; then I've labelled the remaining three ports as Port 2,3,4 and they're using opt2/vtnet2, etc.

Under Interface-Other Types I've also created a Bridge with the interface bridge0 and the members OBLAN and Ports 2-4.

Under the DHCPv4 [LAN] settings I've set the Gateway to 192.168.0.2 and I've tried various settings for the DNS servers, including my Adguard Home servers on 192.168.0.20 and 192.168.0.30, and 1.1.1.1.  I've also tried setting the DNS servers under System-Settings-General, and I've tried adding firewall rules for LAN and OBLAN to allow outgoing to port 53, and rules for WAN to allow any traffic in from LAN and OBLAN but I still can't access the Internet, and even trying to ping 8.8.8.8 under Interfaces-Diagnostics doesn't work.

I've also tried powercycling the modem as I read that might be necessary to make it recognise the new router. Plugging the modem back into the ISP supplied router and it works fine, which that router set to 192.168.0.1.

So I'm out of ideas at the moment and I'd be grateful for any help.