Messages

[DoT traffic on port 853]

@meyergru

Yes, with the rules I've been using it seems to work well. I also have a few additional DNS rules in place to tighten things up a bit.

I also redirect DoT traffic on port 853, which helps prevent devices from bypassing the local resolver using encrypted DNS directly to external providers.

Additionally, I've been experimenting with blocking DoH endpoints, starting with things like Google DNS, to stop clients from using DNS-over-HTTPS to bypass local policies. So far this setup seems to be working well in my tests.

Hi,

This is one of the DNS redirect rules I have for my IoT devices, and I'm sure it is working as it should. 🙂
The firewall rule is set to "manual."
Please correct me if I'm wrong.

Under Settings - NETWORK in your Unifi, in the bottom. Global Switch Settings. There you will find Ethernet Port Profiler
Create New - (image 2) Add your VLANS into Tagged VLANs, like Image 2.

I think you need to add Profile and add your port profiler into it(your vlan).

Are there any updates on this case?

I've experience the same issue when I configure DoT in Unbound with Quad9 Servers even when I only enable 1 Server (ex. 9.9.9.9). Most times, the issue is reproducible (no DNS resolution for any DNS-client; SERVFAIL in Log) after running the following DNS-Checker: https://dnscheck.tools

Thanks for your update.

Hi,

Got the same error with 26.1.2 also when i run the DNS-Checker.

Hi,

Thank you for your reply.
I have already done what you suggested earlier, but unfortunately it did not resolve the issue.

Is there anyone else out there who has managed to fix this?

I am experiencing an issue with port forwarding over a VPN connection, and it appears that multiple users are encountering the same behavior.

I have a single forwarded port configured through AirVPN. To validate the setup, I tested the configuration using pfSense, based on reports from other users that port forwarding functions correctly in that environment. With identical firewall and NAT rules applied, the forwarded port successfully opens and is reported as reachable.

However, when applying the same port-forwarding and firewall rules in OPNsense, the port remains closed. I have verified that the rules are functionally equivalent and applied to the correct interfaces. Despite this, inbound traffic to the forwarded port does not reach the internal host.

I have found several reports from other users describing the same issue, and after reviewing existing discussions, there does not appear to be a definitive resolution.

Is this a known limitation or bug in OPNsense's VPN/NAT handling, and if so, is there a fix planned?
Additionally, what architectural or implementation differences between pfSense and OPNsense could explain why the same configuration works in pfSense but fails in OPNsense?

[0.002]

Hi.

So, does a delay value of 0.002 represent 2 milliseconds or 2 seconds? I'm having difficulty understanding the logic behind this.
What I'm ultimately trying to achieve is to monitor my RTT (gateway ping) over time to see whether it changes.
My current RTT is around 2.3 ms, and it would be useful to have this displayed as a graph in the Reporting → Health section.
That's why I started this discussion, to better understand what these values represent and how to interpret the reported numbers.

user: 2,304  <------ 2,3 or 2304?
nice: 0
system: 1,59      <------ 1,59 or 159 ?
interrupt: 0
processes: 370,081      <------ What is this, 370 or 370,081 (three hundred seventy thousand and eighty-one)

Looking at the screenshot I would assume I see a decimal point.  Looking at your post I see commas that add to the confusion.  RRD/system health uses averages so it's very likely decimal points as shown in the GUI.
Cheers,
Franco

Hi,

Sorry about that, I did use commas in my previous post, but I actually meant decimals.

user: 2.304  <------ 2.3 or 2304?
nice: 0
system: 1.59      <------ 1.59 or 159 ?
interrupt: 0
processes: 370.081      <------ What is this, 370 or 370.081 (three hundred seventy thousand and eighty-one)  <---- That seems like a lot of processes.

I was hoping I could found some health report of the RTT (ping gateway) like the widget in the dashbord of Gateway.
But the health report is showing "delay" 0.002 and this number doesn't mean anything to me :)
I was hoping it was showing the RTT/ping gateway in "ms" in my case 2.3 ms

Are you referring to the comma after the date number, "December 11, 2025"? Are there other commas I am not seeing in the images?

That is one of the standard (i.e. common) date formats.

Hi,
It's not the date. The other numbers: First image:

user: 2,304  <------ 2,3 or 2304?
nice: 0
system: 1,59      <------ 1,59 or 159 ?
interrupt: 0
processes: 370,081      <------ What is this, 370 or 370,081 (three hundred seventy thousand and eighty-one)


Second image: System Information - Quality | WAN_DHCP  (ping)

Delay: 0,002      < ------ Belive this should be the ping in ms, so my ping to the gateway on the widget is 2.4ms and I was thing this number should also be 2.3 and not 0,002. The Quality should show you the real RTT to what every you are pinging from your gateway.

Hi,

I've noticed that commas are placed incorrectly, and I'm also seeing commas used in numbers where I wouldn't expect them.
Could someone please explain why this is happening and how I can correct it?

Hi,
It has been enable all the time. It's look like it some decimal problem here 0.002, should be 2.3ms or so :)

Hi,

How do I monitor the RTT of the gateway in Reporting:Health?
My RTT is around 2.5 ms, and I would like to see a graph of this on the reporting page, but I can't figure out where to look.

delete please

Hi,

After updating to 25.7.8 I can't change the columns size in the Firewall: Log Files: Live View.

Thanks in advanced