Messages

Multi-WAN stability would greatly improve if 'gateway groups' and WAN interfaces would be implemented on top of dedicated FIBs instead of policy routing.

Such setups are notoriously unstable because connections get bound to the wrong local IP address; this is because "monitoring IP host routes", default routes, static routes and dpinger all fight over the same FIB.

Btw., OPNsense 26.1 just broke Multi-WAN completely... maybe a good occasion to "rethink" this feature without the burden of a migration path.

I would like to enforce environment variables on specific configd services and all their actions.

I had some success by manually editing /usr/local/opnsense/service/conf/actions.d/actions_<service>.conf files and rc.d files (pre-pending '/usr/bin/env VARIABLE=value ' to commands), but this isn't viable for all action types and gets lost after updates.

Is there a more permanent way to do this?

I first thought that /usr/local/opnsense/service/conf/configd.conf.d/ is what I was searching, but these affect *all* services.

If you wonder, my immediate usecase  is acmeclient: I would like to override DNS resolvers with CURLOPT_DNS_SERVERS, such that it doesn't end up querying the nameservers from /etc/resolv.conf (which leaks the internal DNS view, breaking DNS-01 challenge preparation).