Messages

Thanks for your comments.

What browser are you using, if using firefox there are some changes in firefox that have to be made or firefox DNS will fight with unbound DNS.

Multiple machines, multiple browsers, email clients, other programs that access the internet, multiple OS (Windows multiple versions, Ubuntu).

You should leave unbound enabled at default except check flush cache on reboot. Nothing to do there for a basic setup.put your dns servers in system>settings>general>dns.

I was informed that if DNS is configured in system->settings... instead of Unbound, then Unbound is not doing anything even if enabled. I didn't test that; I moved my DNS from Unbound to system->settings... and disabled Unbound. Then DNS started working normally.

Just to the right of each one is a gateway drop down bubble. If it doesnt show A IPV4 gateway. Wait for a DHCP connection, then click the drop down bubble and it should be there. Have to attach a IPV4 gateway there. Its a bug I mentioned on the forum before.

None of those things went wrong for me, it was all there as it should be. Unbound DNS became flakier and flakier over varying periods of time until it stopped working completely. Clearing Unbound cache and reboot got it working again but only for short periods. Until I moved DNS and disabled Unbound, then all DNS problems stopped.

Make sure you wipe the opnsense drive before a reinstall if you know how. It has a possibility of carrying data over to the new system. Wipe the RAM.

I will be using ZFS and I'm assuming it will completely format the disk (I've never used it). I suppose I'll find out when I get there.

That went right over my head. It's OK. Thanks for trying to help.

In the gui turn it on. The OPNsense docs tell how to do this.

I searched OPNsense documentation for "SSH" and got back 61 pages. I typed   ssh   in the (upper right) search box within my gui and got nothing. I don't know what to do.

ssh into the device, o

Hi, thanks for jumping in, what will that command do? I don't have SSH access set up (I don't think?) - how do I do that?

It might be interesting for somebody, but I wouldn't know what to do with that.

Do you have a console on that box?

I'm not sure what you mean, do mean how do I access it? IIRC it's a little awkward (it's been a couple of years since install, that's the last time I was interacting with box itself). I believe they sent a special cable I used to connect to my monitor, and I could only plug in a keyboard or a mouse but not both. (Monitor/keyboard/mouse are normally hooked up to my KVMP 4-port switch but the special connector for the Protectli isn't compatible with mine.)

If that's not what you're asking, can you clarify? Thanks.

That vulnerability is with almost certainty not the cause of your stability issues

Thanks, I didn't say it was. I merely ran the audits per the post I linked and Franco said I'm misunderstanding what the audits are for, so I asked what is it about that audit I'm misunderstanding. It went down the rabbit hole from there. I'm just responding - if what's being said isn't relevant to solving my issue I don't know how to distinguish that.

Thank you for offering some items to check. I don't know the answers so I will look into them and get back.

I didn't know anything about anything when I bought the box and put up OPNsense. I've since learned of ZFS filesystem and also Proxmox VM (I've had both VMWare and Virtualbox VMs for many years, so learning Proxmox I hope won't be too far from that). Anyway, as soon as I can devote the time and be without internet a bit I will start again with Protectli and use ZFS and also Proxmox then install OPNsense from scratch, there's virtually nothing to configure so I'll do everything manually. (I want to do this so I can quickly roll back and see if an update in some way contributed to any issues.)

(Both items will be a bit of time, we've just had an unexpected death in the family, I don't have much time available nor can I be without internet right now. Please bear with me. And thank you again for trying to help.)

Sorry, I am completely lost. I don't know who is this admin. I don't know what it is I'm allegedly getting mixed up, according to Franco.

Back to the beginning. I made this post with the error from my latest update, and that I have an unstable internet connection following the update.

I referenced another post that was similar. That OP was advised to run audits, so I did same.

From there this thread has gone off the rails. Instead of me getting help with my unstable internet, I'm spending my time answering every question, accusation, assumption while trying to get my issue back on the rails and not having any luck.

I'm not interested in any blame game of who or what. I'm only interested in getting a stable internet again, and posted for help trying to figure out what went wrong.


For the record I'm just a home user with a tiny network who wants a stable internet.

I had simple consumer routers running DD-WRT for years, very satisfied. When my last router was very old, before it died I set about replacing it. That's when I learned everything in the consumer space has taken all control away from the user, over config, over updates, no more recovery/rollback, data in the cloud. I started looking for what else was out there. I found Firewalla, then pfSense, then OPNsense. I decided OPNsense would work for me. I bought a Protectli 4630 vault, installed OPNsense on it with the defaults (and changed little else, since). I have been "fat dumb and happy" with OPNsense for a few years, until the 25.7 upgrade destablized my internet. I finally realized it was Unbound (whatever that is), learned I didn't need it and could disable it, and all was fine again. Until this error message and this post.

All I want to do is get my internet stable again. I don't know where/what the issues are, but I thought this forum was a place where I could get help toward figuring it out. If I have to become a network professional to continue using OPNsense, I'll have to start looking for a replacement that doesn't have that requirement, because I can't meet it.

you are merely misunderstanding

If I run an audit and it says it has a vulnerability, does that not get patched? What am I misunderstanding about that?

I think the audit errors have disappeared somehow, after a while.

Thanks for posting!

I just ran the audits again and still have errors.

Nothing changed on upgrade log since (I assume) there has been no further upgrade.

Connectivity errors are the same.

I have new errors though on Security log:

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 25.7.6 (amd64) at Sun Oct 26 07:41:54 PDT 2025
vulnxml file up-to-date
unbound-1.24.0 is vulnerable:
  unbound -- Possible domain hijacking via promiscuous records in the authority section
  CVE: CVE-2025-11411
  WWW: https://vuxml.freebsd.org/freebsd/ea1c485f-b025-11f0-bce7-bc2411002f50.html

1 problem(s) in 1 package(s) found.
***DONE***

So I checked for updates and there aren't any. Will a patch for Unbound be coming? This made *me* jump like a real Kangaroo 😂

so that should not be a problem.

Thank you so much for looking at that for me, I breathe easier.

We just went offline again. Unplugging Protectli box only again, waited 30 seconds, plugged back in, we are back online again.

If your system is unstable with newer OpnSense revisions, then maybe look at this, #23. There have been reports about instabilities with non-N Intel CPUs from the same generation.

My hardware was bought new from Protectli, a Protectli Vault VP4630 - 6 Port Intel® i3 × 1 in February 2024. It doesn't say anything in the specs about "N" or "non-N" - how would I find out? ETA: I found a further detail on my invoice: Intel® i3-10110U Dual Core / 4 Thread at 2.1 GHz (Turbo up to 4 GHz) - is that useful?

1. Run the health audit again to see you made progress WRT you original health audit post.

2. Consider the possibility that 25.7.x updates are not your apparent issue with stability.

I already wrote I ran the Health audit again after the update and it was fine. I only posted the full unclipped audit upgrade log because what you claimed was false. And I attached the full log in a text file to avoid the clutter you mention. I wish people wouldn't skim posts when they're trying to help, it makes me waste time on defense instead of learning what I can do.

My connection is very unstable right now. Three times now I have had to reset equipment to get back online since this mornings updates. It no longer seems coincidental, since I have had no issues since early summer when I had to disable Unbound after updating to 25.7.

I have so far concluded it is something connected to the updates but will investigate anything I can.

1. I had my house cabling checked a couple of years ago (before I had OPNsense) because I had an unstable connection. My cable modem would go on and offline repeatedly. Repairs were made and that solved it.

2. My modem is not going offline, at least not according to the "blinky lights". I checked my ISP's website and they have not reported any connection troubles in my area. I have run the ISP troubleshooter online and it reports no connection issues have been logged with my account. I do take all that with a grain of salt.

3. I am able to power cycle the Protectli box (only) to get a connection again. When the issue is external to my house (wiring, ISP), the modem always has to be power cycled to get a connection.

What else can I investigate, to determine it is NOT OPNsense update this morning causing the instability?

Just lost all connectivity here again. Cable modem appears fine (it did earlier, too, when connection dropped) at least based on blinky-lights. Rebooted just Protectli box with OPNsense this time (instead of all equipment) and internet is back online again.

After a lot of reading this summer, I have been wanting to try using ZFS for filesystem and perhaps even installing Proxmox. Maybe now would be a good time. Hoping not to have to wipe and reinstall OPNsense only because my time is really scarce next couple of weeks. But also can't deal with an unstable connection next couple of weeks either.

Ideas? Kind regards.

I mistook the whole lot of package messages for the installation log. Sorry.

No worries, just wanted us on same page.

I have had no trouble with OPNsense since first installing a couple of years ago, having taken all the install defaults (including Unbound enabled by default), and changing only those things necessary to get connected to my ISP. I also switched the order of ports so WAN was first. I put my DNS servers in Unbound, and configured nothing else. This ran fine until upgrade to 25.7 earlier this year. I have another post about that, long story longer, after I disabled Unbound and put my DNS servers in general settings, all has again been fine. Until this morning and the reason for this post.

Yes it is, from the audit I just ran following the update this morning. Full copy attached, without my "clipping".

Also attached is a screensot of the upgrade changelog.