"
I am aware but unfortunately, the geniuses who set up the domain years ago did and I didn't have the time yet to reconfigure everything
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
26.1 Series / Re: Cannot lookup my domain anymore with dnsmasq after 26.1 upgrade
February 15, 2026, 08:15:42 PM #2
26.1 Series / Re: Cannot lookup my domain anymore with dnsmasq after 26.1 upgrade
February 15, 2026, 10:31:50 AM
Okay, it seems it was the problem noted at https://github.com/opnsense/core/issues/9754
Changing the "Local" flag to off for each host has fixed it. Weirdly, it worked fine before...
Regards
SoWhy
Changing the "Local" flag to off for each host has fixed it. Weirdly, it worked fine before...
Regards
SoWhy
#3
26.1 Series / Cannot lookup my domain anymore with dnsmasq after 26.1 upgrade
February 15, 2026, 10:00:43 AM
Hi all,
I have a setup with dnsmasq running on port 53 and no Unbound. I also have a Windows Domain Controller running at 10.1.1.20. In dnsmasq options, I have defined
Before the upgrade to 26.1, running
resulted in OPNsense returning 10.1.1.20 and my Windows clients could connect using DOMAIN\User
I upgraded to 26.1 yesterday and now when I try to run the same command, I get
and my Windows clients can no longer connect with the error "A certification authority could not be contacted for authentication"
This of course completely breaks my setup. What changed with dnsmasq in the upgrade and how can I fix it?
TIA
SoWhy
I have a setup with dnsmasq running on port 53 and no Unbound. I also have a Windows Domain Controller running at 10.1.1.20. In dnsmasq options, I have defined
Code Select
domain.local = 10.1.1.20
domain = 10.1.1.20Before the upgrade to 26.1, running
Code Select
nslookup domain.localresulted in OPNsense returning 10.1.1.20 and my Windows clients could connect using DOMAIN\User
I upgraded to 26.1 yesterday and now when I try to run the same command, I get
Code Select
:~$ nslookup domain.local
Server: 10.1.1.1
Address: 10.1.1.1#53
Non-authoritative answer:
*** Can't find domain.local: No answer
:~$ nslookup domain
Server: 10.1.1.1
Address: 10.1.1.1#53
** server can't find domain: NXDOMAIN and my Windows clients can no longer connect with the error "A certification authority could not be contacted for authentication"
This of course completely breaks my setup. What changed with dnsmasq in the upgrade and how can I fix it?
TIA
SoWhy
#4
25.1, 25.4 Legacy Series / Multiple subnets with dnsmasq?
July 29, 2025, 07:31:40 AM
Hi there,
I have set up dnsmasq as my DHCP server on my OPNsense 25.1.12. I added a range 10.10.10.100 - 10.10.10.200 for interface LAN with a couple of hosts with reservations. Since the amount of devices is increasing, I wanted to create some new subnets 10.10.20.0/24 and 10.10.30.0/0 and put some of the devices there but devices without a reservation should still get their IPs from the 10.10.10.0/24 pool. However, when I add a host to another subnet, it will still get an IP from the 10.10.10.0/24 subnet, ignoring the reservation.
How can I get dnsmasq to assign the IP from another subnet if a reservation like that exists?
TIA
SoWhy
I have set up dnsmasq as my DHCP server on my OPNsense 25.1.12. I added a range 10.10.10.100 - 10.10.10.200 for interface LAN with a couple of hosts with reservations. Since the amount of devices is increasing, I wanted to create some new subnets 10.10.20.0/24 and 10.10.30.0/0 and put some of the devices there but devices without a reservation should still get their IPs from the 10.10.10.0/24 pool. However, when I add a host to another subnet, it will still get an IP from the 10.10.10.0/24 subnet, ignoring the reservation.
Code Select
2025-07-29T07:27:50 Warning dnsmasq-dhcp not giving name AFVM1 to the DHCP lease of 10.10.10.153 because the name exists in /var/etc/dnsmasq-hosts with address 10.10.20.101
2025-07-29T07:27:50 Informational dnsmasq-dhcp DHCPACK(igc1) 10.10.10.153 12:34:56:78:90:ab AFVM1
2025-07-29T07:27:50 Informational dnsmasq-dhcp DHCPREQUEST(igc1) 10.10.10.153 12:34:56:78:90:ab
2025-07-29T07:27:50 Informational dnsmasq-dhcp DHCPOFFER(igc1) 10.10.10.153 12:34:56:78:90:ab
2025-07-29T07:27:50 Informational dnsmasq-dhcp DHCPDISCOVER(igc1) 10.10.10.153 12:34:56:78:90:abHow can I get dnsmasq to assign the IP from another subnet if a reservation like that exists?
TIA
SoWhy
#5
Virtual private networks / Re: WireGuard from OPNsense to FritzBox only works one way?
February 19, 2024, 05:16:28 PM
So basically the problem is that FritzBox cannot use a transfer net and instead needs to use an IP in my local subnet, e.g. 10.10.10.123/32 instead of 10.10.100.2/32? ???
#6
Virtual private networks / WireGuard from OPNsense to FritzBox only works one way?
February 19, 2024, 04:18:00 PM
Okay, this is a bit much to write down, so I will try to make this brief but I cannot figure out the problem...
I have WireGuard running on my OPN install (24.1.1) with a couple of peers configured and it works as expected.
The WG instance has a tunnel address of 10.10.123.1/24. My regular network behind the tunnel is 10.10.10.0/24 and the OPN is 10.10.10.1/32. The peers have "Allowed IPs" like 10.10.123.101/32, 10.10.123.102/32 etc.
I set up a connection to my FritzBox in my other network (192.168.100.0/24) using a config file and set the "Remote Network" to be 10.10.0.0/16 in the FritzBox. The peer on my OPN has "Allowed IPs" 10.10.123.2/32, 10.10.0.0/16 and 192.168.0.0/16. The connection is established successfully according to both the FB and OPN.
Here is the problem:
When I am in the 10.10.10.0/24 network, I can reach any device in the 192.168.100.0/24 without problems, e.g.
However, when I'm in the 192.168.100.0/24 network, I cannot reach any device after the OPN, e.g.
works as expected (10.10.10.1 being the OPN) but
will lead to time outs.
I already tried deactivating the packet filter on the OPN to see if it's a firewall problem but the firewall already shows these connections as "pass", e.g.
I tried searching but I could not find anything (although I admit I have no idea what exactly to search for).
Can anyone help me figure this out?
TIA
SoWhy
PS: My previous setup was two FritzBoxes connected through WireGuard with the same subnets and that worked but I wanted to replace one of them with the OPN box
I have WireGuard running on my OPN install (24.1.1) with a couple of peers configured and it works as expected.
The WG instance has a tunnel address of 10.10.123.1/24. My regular network behind the tunnel is 10.10.10.0/24 and the OPN is 10.10.10.1/32. The peers have "Allowed IPs" like 10.10.123.101/32, 10.10.123.102/32 etc.
I set up a connection to my FritzBox in my other network (192.168.100.0/24) using a config file and set the "Remote Network" to be 10.10.0.0/16 in the FritzBox. The peer on my OPN has "Allowed IPs" 10.10.123.2/32, 10.10.0.0/16 and 192.168.0.0/16. The connection is established successfully according to both the FB and OPN.
Here is the problem:
When I am in the 10.10.10.0/24 network, I can reach any device in the 192.168.100.0/24 without problems, e.g.
Code Select
tracert 192.168.100.236
Tracing route to XXX [192.168.100.236] over a maximum of 30 hops:
1 17 ms 14 ms 13 ms 10.10.123.1
2 52 ms 51 ms 47 ms 192.168.100.1
3 52 ms 55 ms 56 ms XXX [192.168.100.236]However, when I'm in the 192.168.100.0/24 network, I cannot reach any device after the OPN, e.g.
Code Select
tracert 10.10.10.1
Tracing route to 10.10.10.1 over a maximum of 30 hops
1 30 ms 30 ms 30 ms fritz.box [192.168.100.1]
2 68 ms 67 ms 68 ms 10.10.10.1works as expected (10.10.10.1 being the OPN) but
Code Select
tracert 10.10.10.5
Tracing route to 10.10.10.5 over a maximum of 30 hops
1 30 ms 30 ms 32 ms fritz.box [192.168.100.1]
2 74 ms 75 ms 67 ms 10.10.123.1
3 * * * Request timed out.will lead to time outs.
I already tried deactivating the packet filter on the OPN to see if it's a firewall problem but the firewall already shows these connections as "pass", e.g.
QuoteWG 2024-02-18T19:39:32 192.168.100.125:65038 10.10.10.5:53 udp
I tried searching but I could not find anything (although I admit I have no idea what exactly to search for).
Can anyone help me figure this out?
TIA
SoWhy
PS: My previous setup was two FritzBoxes connected through WireGuard with the same subnets and that worked but I wanted to replace one of them with the OPN box
Pages1
