Messages

You can find them here: https://pkg.opnsense.org/releases/

I installed OPNsense initially on UFS filesystem. I did not know anything about ZFS, or using Proxmox VM for OPNsense. (I am familiar with VMs, I have a dozen+ running under VirtualBox for a variety of uses. Just didn't occur to me for OPNsense.)

I'm sticking with 25.7 for now, in case someone steps up with some ideas for getting Unbound working so I can try them. If I find myself wanting to downgrade, I'll definitely go ZFS filesystem now that I've read more about it, and maybe Proxmox VM as well. Suggest you read up and consider same if you're not familiar, unless you already have an easier recovery than a format and install.

Thanks for posting, I'm sorry it's happened to you but glad to know it's not just me.

It's a week later and everything is still working and stable with Unbound disabled. My setup is about as simple as it gets, so it just seems odd that it's not happening to more people. Not needing to use it is one thing, but being the default install it shouldn't cause problems. I will try again sometime in the next few weeks to enable it and see what happens.

Sure I could do that too. I wasn't looking for help though, I'm just reporting it in case it can get a fix of some kind. Thanks.

Could be. I wouldn't mind if it wasn't "clickable" and I could just copy/paste the string in a focused search box in the rules area to find the match. I tried the search box in upper right but that doesn't find anything. (Separate "rant"... I often can't find even a setting using the search box...)

In looking at blocked entry in firewall live log, the detail popup has this information in it:

...
reason: match
rid: <magnifying glass> <hex string> (clickable)
...

Firefox browser: Click "rid" launches a new tab that immediately closes. Right-click and use 'open in new window' does same - launches and immediately closes.
Edge browser: Click "Rid" remains in same tab, but tab page is blank.

I was getting a lot of "server not found" browser messages after the upgrade to 25.7. All would seem OK for a while, then there'd be a period of failures. (Multiple devices, wired and wireless, and multiple browsers on those devices). Also, most devices were laggy at intervals, without any error messages. It would just take a long time before any result would appear (in the case of browsing).

I previously had Unbound enabled (it came that way by default). I did nothing further with it. In System->Settings->General, I had specified three DNS server IPs. Nothing more for DNS. It's been this way for a couple of years, and no trouble here that I'm aware of.

After upgrade to 25.7, the problems came.

In searching the 'net for help, I stumbled on a setup post for Unbound that had me mark Enable DNSSEC Support, Register ISC DHCP4 Leases, and optionally Flush DNS Cache during reload, which I also marked. After applying the changes I rebooted.

It has now been several hours and I have not seen any DNS failures or experienced any lags. Performance is quite snappy again.

I assume what I had was a poorly configured DNS situation that was better tolerated before 25.7.

Most people here are far beyond me in config and expertise, I'm just posting in case it helps someone.

(Cable modem -> Protectli Vault with OPNsense -> Cisco switch -> wired clients and one wireless AP for the rest. Basic install setup plus some reserved DHCP LAN IPs.)


***ETA***: All had been working fine for more than 24 hours, when suddenly again nothing is getting DNS resolved. Unbound DNS reporting showed a sharp drop and 0% of queries resolving.

I tried restarting Unbound service, tried stopping/pause/starting, tried flushing the Unbound cache. Resorted to reboot OPNsense via WebUI menu and all is working again.

If anyone has any ideas on what else I can look at or do, I would really appreciate the help.


***ETA2***: Eight hours ago, I cleared Unbound's cache, disabled Unbound, rebooted, so OPNsense would use the DNS servers in System -> Settings -> General directly. All seems to be working fine so far, will continue to monitor. Did go more than 24 hours with the last change, though, so will check back in tomorrow. Meanwhile please let me know any ideas. Thank you.

Just a simple home user here. Protectli VP4630 (32G memory and 1T SSD) and OPNsense, upgraded to 24.1.5_3-amd64 yesterday 4/7.

TLDR; I have no clue if the odd "lockup" issue I experienced rests with OPNsense or Protectli vault. If OPNsense I don't even know if it was this latest update or that's just a coincidence. I know too little to troubleshoot very well and I've already recovered from it and all is good again. So I don't need any help - just want to put this out in case it resonates with anyone.

Simple network: 1 WAN, 1 LAN. Spectrum provided Cisco modem into WAN. Unmanaged switch in LAN port. Wired devices and a wireless AP plugged into switch (One Eero 6+ in bridge mode as the AP). No issues for 5 months.

As mentioned, ran manual update yesterday to OPNsense and everything went fine. About five hours later, wifi disappeared. Checked the Eero - "red light" - disconnected. Eero has been a POS for me so I assumed it was Eero and started researching how to fix. Everything pointed to internet down but modem idiot lights looked good and Spectrum app reported it was up, and anyway I should still have a network just no internet if that was the actual issue. Too much time wasted there but I learned some things.

Finally dawned on me to check a wired desktop (plugged into switch and bypasses Eero) and it had no internet. So not the Eero. Apparently no local network either as it couldn't reach any other wired computer nor bring up the OPNsense webpage.

Tried power cycling modem, protectli, wired computer - no change. Put protectli on a monitor, keyboard, mouse. Got the OPNsense console upon power on, and OPNsense found my IPV4 address from my modem (my ISP has never served an IPV6). Nothing configured on LAN port.

Tried factory reset from console. Assigned WAN, LAN ports and now LAN port had IP range, nothing found for WAN IP. (made sure ports were correct to cables as I've seen the factory reset puts LAN on first port then WAN by default, I assign WAN on first then LAN)  I don't know how many times I tried to get this part working... and failed miserably.

Tried restoring from backup to no avail as well. No joy.

Now I wondered if my modem was broken? Back to Spectrum app, still says modem is working well. Restarted modem from the app which also does a reset (I could have used the reset hole on the modem but it is fidgety). Power cycled protectli while waiting for modem to come up, then another factory reset.

This time it all worked. And the kicker - the modem was now serving an IPV6 address. I have had IPV6 disabled on all prior routers (right or wrong, not here to debate that) and so I had disabled all IPV6 services in OPNsense when I first set it up, since I've never had an IPV6 address from Spectrum ever before.

I have no way to know anything for sure, but I am thinking that by disabling IPV6 in OPNsense, OPNsense got lost somehow when the Spectrum modem began (unsuccessfully until reset/restart?) to serve an IPV6 address. I confirmed with Spectrum that change was made yesterday.

It is certainly an edge case if that's what happened, just want to mention anyway.