Topics

I got confused by DNS over TLS feature in Unbound DNS resolver in Opnsense - I thought it will allow clients to connect to opnsense Unbound on port 853 and benefit from encryption and authentication. Turns out that DNS over TLS is only offered from Ubound to another recursive DNS server.

Could anyone please advise me how/if this can be setup in opnsense? I want clients to connect to opnsense Unbound on port 853 using DNS over TLS (using unbound as a recursive resolver).

A user asked in 2022 what's correct way to add static arp entries to opnsense. They linked to an older discussion where users were adjusting static_arp_pairs configuration directly in /etc/rc, but as he pointed out this would be overwritten by opnsense future updates.

I wanted to clarify that since around January 2024 opnsense provides Neighbors menu that let's you insert such static permanent arp entries (applies after reboot).

I wanted to mention this as these posts seemed to score higher in internet search engines than the above documentation page, so I was hoping this post will get clumped with others and help out some future users.

I'm suspecting that opnsense autogenerated rules cause my routing to fail. It should be possible for the user to opt-out of these rules.

UPDATE: issue turned out to be unrelated to firewall rules, nonetheless if I could have easily turn them off I would have quickly recognized that they are irrelevant to the issue instead of wasting a day fiddling with firewall rules (especially when you are new to opnonsense)

I'm perplexed by the exact same problem as was described here, namely why putting NAT rules to "Disable outbound NAT rule generation (outbound NAT is disabled)" disables outbound routing between interfaces? I expected it to disable NAT, but let traffic be forwarded freely between interfaces (after allowing it in firewall rules).