Messages

I am not a DNS guy.  I'm struggling with these instructions and need clarification:

https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration

I own my own domain.  Instead of lan.internal, shouldn't I use my domain instead?  Because, if I setup the way of the instructions, all of my internal clients get the name computer123.lan.internal when they should get the fQDN like computer123.mydomainname.com

This is just a sanity check for me, I'm pretty sure this is what I want.

Thanks for the information in this thread.  I'm looking at all of this myself and am ... disappointed and confused.  Kea seems to have the options I want, even though I'm a small user, but no dynamic mappings with Unbound? Really?  Deal breaker.

That leaves me with Dnsmasq. I'm not a super-high, or even mid-level network guy so I'm struggling to understand Dnsmasq's DNS vs Unbound, or even how to forward it to Unbound.  I guess I'm old, coming from hand editing bind conf files - I find the OpnSense configuration options for Dnsmasq to be extremely confusing and am even unsure if it offers dynamic mappings.

I tried searching: does anyone have a simple A to B guide to move things over?

Thank you! I guess I was looking at the first tab.

I installed the plugin per the instructions here:  https://docs.opnsense.org/manual/how-tos/nut.html

The options looks somewhat different, but notably the username/password fields are missing so I'm unable to connect to the server that has the UPS on it.

Can I assume configuring from the command line is the same at other NUT installs for this or will the issue be corrected in a future release?  It is somewhat unusable as a client right now unless I'm missing something.

Same problem for me with the Traffic Graph. Latest MS Edge on Windows 11 and macOS 14.6.1.

All were/are fine, link lights and all.  First thing I did when things went wrong, actually.

I've been using OpnSense for as long as I can remember. I have switched hardware a number of times. Today, I ran into something I've never seen and just can't figure out.

My current hardware has 3 interfaces: em0, em1, and em2.  Only em0 (LAN) and em1 (WAN) are used.

My drive has been having some issues reported by SMART, but otherwise everything has been working.  Today I decided to backup my configuration, put a new drive in and restore from backup.  Nothing I have not done before.

No WAN internet. After 2 hours combing over my config, on a lark I decided to reassign em2 as WAN and unassign em1.

Everything works perfectly with that change. I did nothing else. I have not tried swapping them back yet.

I have Unbound DNS configured as my DNS. I do use DHCP also with some static IPs defined to hosts. I have some LAN hostnames defined and it all seems to work okay... except when the WAN goes down (like it is now, I'm on my phone's hot spot).

I'd think that local hosts should still be able to resolve to each other. I must be missing a setting or maybe a rule to allow this.  Is this enough information to get a few suggestions?

Thank you! That seems to have done it.

I'm getting an error in System -> Settings -> Administration.

Even though I have only http selected, I'm getting an error when I save: "Certificate webConfigurator default is not intended for server use."

This cert does exist in the https dropdown, but I'm not using https.

I installed a fresh copy on a test machine and there appears to be a different default TLS cert on a clean install which is NOT in my production install.  I have upgraded many, many times so perhaps that is part of it.

Obviously, with this error, I cannot Save any changes in that section.

Well, I got things a bit better after I discovered the NAT Reflection options in Advanced.

Ticking the Reflection for Port Forwards and Automatic Outbound Reflection got me to the server.

Unfortunately, Apache's DNS site detection is broken because of this on the LAN.  www.mysecretsite.com resolves as the "first" site, but www.myREALLYsecretsite.com resolves to the first.

What I really need to understand is why Unbound's overrides are not working for this but are for other items.  If my LAN clients are hitting it, shouldn't its overrides be honored?

All, I have an internal DNS server that I want to retire in favor of using the built in UnboundDNS.  Everything works except my web server behind NAT.

Externally www.mysecretdomain.com resolves and works perfectly.

Internally www.mysecretdomain.com throws a rebind error because it tries to go to the admin page of OpnSense instead of www which is on a different system.

Indeed, internally pinging www.mysecretdomain.com resolves to my PUBLIC IP when it should resolve to my INTERNAL IP.

Even going to the Overrides section of Unbound and making sure www.mysecretdomain.com resolves to 10.0.1.201 does nothing.  It insists on resolving to my Public/Opnsense WAN IP.

What the heck am I doing wrong?

A long time ago when I started running OpnSense it was advised not to use SSDs.

Has this changed?  I have a mini PC with an EVO Plus NVMe drive I can upgrade with.

[*solved*]

*solved*

Over in the FreeBSD bug tracker I found this link, and see comment #48.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230172

I have to add this to /boot/loader.conf.local on my systems - I figured I try it on the Dell (which I am using) and the Apple which had the same issue.  It fixed both systems.

kern.vty="vt"
hw.vga.acpi_ignore_no_vga="1"

Thanks for responding. I did download vga.  I've sense tried it on a Dell 3050 also with EFI firmware.... same thing.

Did I download the wrong image?

I was looking in Tuneables as someone in the FreeBSD forum thought disabling vesa would do it.