Messages

Current main network (192.168.40.1) is on LAN(igb1) and therefore untagged. I want my main network (192.168.40.1) to be on vlan40 (tagged) and I want igb1 to use 192.168.50.1 so .50.1 will be untagged. I created a vlan40 but gave the IP of 192.168.99.1 temporarily.

Can I do the following by editing the XML config and re-uploading it?

• Under <interfaces><lan> - Change the <ipaddr> from 192.168.40.1 to 192.168.50.1
• Under <interfaces><opt5> - Change the <ipaddr> of vlan40 from 192.168.99.1 to 192.168.40.1
• Under <dhcpd><lan> - Change the <range>  to be 192.168.50.x and 192.168.50.y
• Under <dhcpd><lan> - Change the <dnsserver> to 192.168.50.1
• Under <dhcpd><lan> - Cut the static maps from <lan> and copy it under <dhcpd><opt5>
• Under <dhcpd><opt5> - Change the <range> to be 192.168.40.x and 192.168.40.y
• Under <dhcpd><opt5> - Change the <dnsserver> to 192.168.40.1

After saving the file and re-uploading this configuration -- Will my PC, opnSense firewall, switch and other devices (APs, servers, etc) still be accessible as they will all be in the same subnet?

Thanks in advance

Easiest way to change this would be to have console access to your Opnsense server.

I do have access to the console. What would be the steps to change the LAN to 192.168.50.1 and then use vlan40 as 192.168.40.1?

Should I reconfigure igb1 and provide it a new IP of 192.168.50.1 first? and then proceed to create the vlan 40 in the Opnsense console? What is the command to create a vlan in console?
Finally can i copy all the dhcp reservations from my current LAN to this new VLAN40 interface?

Can someone please explain to me the concept of untagged traffic in OpnSense

Currently I have the following setup :
Interfaces: Assignments
Interface   Identifier    Device   
[CCTV]   opt3   igb2_vlan10 CCTV VLAN (Parent: igb2, Tag: 10)
[GUEST]   opt6   igb1_vlan20 Guest VLAN (Parent: igb1, Tag: 20)
[IOT]   opt4   igb2_vlan30 IOT VLAN (Parent: igb2, Tag: 30)
[LAN]   lan   igb1
[LAN2]   opt1   igb2
[WAN]   wan   igb0
[WGVPN]   opt2   wg1 (WireGuard - wireguard)


The LAN interface is setup with subnet 192.168.40.0 --- and all the devices on my main network are assigned IPs from that subnet. However, does it mean that all the traffic on this subnet is untagged -- since it is using the physical interface (igb1) rather than the VLAN interface?

If yes, is there a way to move the same subnet (192.168.40.0) to a VLAN interface(igb1_vlan40) and change the subnet on the physical interface (igb1) to say - 192.168.50.0

Should I update the LAN subnet first to 192.168.50.0 or setup the igb1_vlan40 with some random subnet and then move the devices over and then go back and change the IP subnet in LAN and then again in igb1_vlan40.

I hope my question makes sense...

The bottom line is that I want my main network devices to be tagged to 40 -- so I can move them off in my cisco switch from the default vlan1 to vlan40 and then shut down vlan1 on the switch.

on the switch side -- I am already allowing vlan 40 on the trunk ports, but the native vlan on those trunks is vlan1 -- which i need to change to 50 but when i do this, I lose all access to opnsense presumably because I am on a different vlan and can't access opnsense anymore. So I want to make sure I do this in the correct order and not lose access to any device on my network.

I didn't want to do it per client. I just want the service available to all clients during a specified time. However, I don't want to unblock all the other services.

Looks like that is not possible at the moment with AdGuard Home

I am happy to see this integrated into OpnSense as a plugin. I am currently using HAProxy plugin, but would like to move to this plugin and I have some questions.

• This seems to include DynDNS and Acme Certs. -- Does this mean that by using this plugin, I can get rid of the os-ddclient and the on-acme-client plugins altogether and simply set them up under this plugin?
• Currently for a few services like Omada, Nextcloud, I had to set up certain headers rules (http-request redirect, http-request header set, http-response replace-value etc etc) in HaProxy in order for it to work. How would the same headers be setup in this plugin?

I have a question regarding the Blocked services.

I see that there is an option to pause the blocking. Can someone confirm if there's a way to pause blocking only for certain services instead of pausing the block for all services?

For eg. I just want to unblock YouTube from 6PM to 7AM on Weekdays and all day on Sat, Sun. I don't want to pause the blocking of any other services. Can this be achieved with the current Pause Blocking feature?

I'll just add here that  -- as a user who doesn't fully grasp the DNS nitty gritties without reading 5-7 articles before fixing the DNS related issues that I have AND then promptly forgetting within a day or so -- it is definitely confusing to have 3 different places that can do similar things. Sometimes, users like me read something on the web, and put those settings in which might turn out to be in conflict with previous settings we might have done on the different pages and it's hard to relate those unless you know what's going on.

I would definitely recommend reducing the footprint of doing stuff to a single page and would also like to ask if there is further progress on this issue since it was last discussed?

Awesome, thanks.

Hello,

I was wondering if the os-caddy-maxit plugin supports Cloudflare DNS challenges or would I have to re-compile caddy with the cloudflare dns myself?

I was planning on switching from the os-haproxy over to caddy.

I need to be able to access AdGuard Home from my main LAN but also from my VLAN when I connect via Wireguard in case there's something I need to do when on the road.

Is there a way to enable the web-interface from more than 1 interfaces without enabling it on all interfaces?

Weirdly, when I remove 0.0.0.0 from the bind_hosts my OpnSense firmware updates start timing out. I can still access the internet just fine, but the Opnsense updates keep failing.

So should AdGuardHome be listening on ALL interfaces by default for dns: bind_hosts? Seems strange that only the OpnSense updates should fail while the internet is still accessible !!

Is there a way to allow the web interface for AdGuardHome to be available on multiple interfaces but not all ?

Initially, I set it up on ALL interfaces and the yaml file used 0.0.0.0.

Code Select Expand


http:
      address:0.0.0.0:8080


I have 5 separate VLANs and I have since changed the bind_hosts to stop listening on all interfaces and only enabled it on 4 of my VLANs. I would like to do the same to the web interface but I was looking to see what format I can use to do that

The following allows access on VLAN 1, but I would also like access on VLAN 7 and VLAN 10

Code Select Expand


http:
      address:192.168.1.1:8080


I tried the following three formats, but then AdguardHome failed to start up.

Code Select Expand


http:
      address:192.168.1.1:8080
      address:192.168.7.1:8080
      address:192.168.10.1:8080


Code Select Expand


http:
      address:192.168.1.1:8080, 192.168.7.1:8080, 192.168.10.1:8080


Code Select Expand


http:
      address:
            - 192.168.1.1:8080
            - 192.168.7.1:8080
            - 192.168.10.1:8080


None of the above format worked for me and googling doesn't provide relevant results and I was hoping if someone could tell me what format to use

Is there a way to allow the web interface for AdGuardHome to be available on multiple interfaces but not all ?

Initially, I set it up on ALL interfaces and the yaml file used 0.0.0.0.

Code Select Expand


http:
      address:0.0.0.0:8080


I have 5 separate VLANs and I have since changed the bind_hosts to stop listening on all interfaces and only enabled it on 4 of my VLANs. I would like to do the same to the web interface but I was looking to see what format I can use to do that

The following allows access on VLAN 1, but I would also like access on VLAN 7 and VLAN 10

Code Select Expand


http:
      address:192.168.1.1:8080


I tried the following three formats, but then AdguardHome failed to start up.

Code Select Expand


http:
      address:192.168.1.1:8080
      address:192.168.7.1:8080
      address:192.168.10.1:8080


Code Select Expand


http:
      address:192.168.1.1:8080, 192.168.7.1:8080, 192.168.10.1:8080


Code Select Expand


http:
      address:
            - 192.168.1.1:8080
            - 192.168.7.1:8080
            - 192.168.10.1:8080


None of the above format worked for me and googling doesn't provide relevant results and I was hoping if someone could tell me what format to use

EDIT: Weirdly, when I remove 0.0.0.0 from the bind_hosts, my OpnSense firmware updates start timing out. I can still access the internet just fine, but the Opnsense updates keep failing.

So should AdGuardHome be listening on ALL interfaces by default for dns: bind_hosts? Seems strange that only the OpnSense updates should fail while the internet is still accessible!!

Hello,

sorry for bringing this post back to life, but I have the same issue. I have followed this suggestion, but I still have the same issue.

Are there any known alternatives, or maybe could you describe if you had to change any config files in the nextcloud server itself? (shouldn't be needed, since it's going over reverse proxy, same as mine)

Thank you.
Kosta

You should list out your config so we can see. It's been working fine for me.

I can also suggest looking into using the Caddy plugin from the mimugmail repository. Finding config examples for Caddy is much easier than finding something for HAProxy on OpnSense. I plan to migrate to the Caddy plugin too... but currently everything works, so I am afraid to mess around with it now.

Did the problem happen before or after you upgraded OPNsense?  Had you updated your static lease to the MAC of the new NIC?

I'm a bit unclear as to the order of events.

I updated first and during the reboots, I also changed the port from em1 to em0.

I changed the hostname much later in the process when I had no DNS resolution working.