"Recent posts
#1
26.1, 26,4 Series / Assign specific DNS server to ...
Last post by sos_opnsense - Today at 08:03:50 AMI'm sure under the previous ISC DHCP server you could assign specific DNS servers to specific hosts.
I'm running OPNsense 26.1.8 and Dnsmasq as the DHCP server (Unbound and Technitium as my main DNS servers), but I'd like to assign a specific, separate DNS server to my Nintendo Switch 2 and there doesn't seem to be an easy way to do this under Dnsmasq (or KEA).
Am I missing something obvious?
I'm running OPNsense 26.1.8 and Dnsmasq as the DHCP server (Unbound and Technitium as my main DNS servers), but I'd like to assign a specific, separate DNS server to my Nintendo Switch 2 and there doesn't seem to be an easy way to do this under Dnsmasq (or KEA).
Am I missing something obvious?
#2
Hardware and Performance / Re: cpu-microcode-intel: no ma...
Last post by fastboot - Today at 07:54:07 AMGood catch regarding the mobile vs desktop R0 variants. You are right, the i3-1215U is a mobile Alder Lake R0 CPU, so .40 should indeed be the correct platform variant, not .80.
So my original assumption about a missing .80 blob was likely wrong.
However, the interesting part still seems to be:
dmesg:
CPU microcode: no matching update found
combined with:
So there still appears to be some kind of matching/loading issue on this platform, even if the root cause is not the missing .80 variant.
I have opened a FreeBSD bug report for further investigation:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295351
So my original assumption about a missing .80 blob was likely wrong.
However, the interesting part still seems to be:
dmesg:
CPU microcode: no matching update found
combined with:
- installed cpu-microcode-intel package
- stale-looking revision 0x432
- newer revisions apparently existing upstream/Linux side
So there still appears to be some kind of matching/loading issue on this platform, even if the root cause is not the missing .80 variant.
I have opened a FreeBSD bug report for further investigation:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295351
#3
26.1, 26,4 Series / [Solved!] Re: SSH Connection r...
Last post by nme34 - Today at 04:55:43 AMQuote from: meyergru on May 16, 2026, 10:34:05 PMWell, obviously whatever id_rsa file you created is not accessible, but that is a pure client problem. Maybe the path is incorrect. You could always use password-based authentication instead.
Apart from that, port 22 on 192.168.1.1 cannot be reached, so either the IP is wrong, or SSH is not enabled or some firewall rule prevents you from accessing the SSH port.
Thanks for the reply. I finally figured out that my PC VPN was the culprit. I checked the firewall and everything else. I then used a terminal through "split tunnel" (bypass the VPN) and it worked just like it used to. Thanks for the suggestions. I can look for those, too, if I have any more problems. Have a great day.
#4
26.1, 26,4 Series / Re: Wireguard issue
Last post by Monju0525 - Today at 02:32:04 AMUsed the new endpoint address and still getting "name does resolve ". What is the format using the ip address instead? Do I need to add the port number?
#5
26.1, 26,4 Series / Re: SSH Connection refused
Last post by meyergru - May 16, 2026, 10:34:05 PMWell, obviously whatever id_rsa file you created is not accessible, but that is a pure client problem. Maybe the path is incorrect. You could always use password-based authentication instead.
Apart from that, port 22 on 192.168.1.1 cannot be reached, so either the IP is wrong, or SSH is not enabled or some firewall rule prevents you from accessing the SSH port.
Apart from that, port 22 on 192.168.1.1 cannot be reached, so either the IP is wrong, or SSH is not enabled or some firewall rule prevents you from accessing the SSH port.
#6
26.1, 26,4 Series / [Solved!] SSH Connection refus...
Last post by nme34 - May 16, 2026, 10:28:08 PMI have had OPNsense installed before on this PC I have now in the past and SSH worked fine. I tried the instructions on the OPNsense site and that did not work. Port 22 was refused.
I read this: https://www.derekseaman.com/2021/04/how-to-adding-ssh-keys-to-opnsense.html
and tried:
ssh -i id_rsa root@192.168.1.1
and received:
Warning: Identity file id_rsa not accessible: No such file or directory.
ssh: connect to host 192.168.1.1 port 22: Connection refused
The OPNsense install is new and default except for the above attempted setup.
Can someone point me in the right direction?
I read this: https://www.derekseaman.com/2021/04/how-to-adding-ssh-keys-to-opnsense.html
and tried:
ssh -i id_rsa root@192.168.1.1
and received:
Warning: Identity file id_rsa not accessible: No such file or directory.
ssh: connect to host 192.168.1.1 port 22: Connection refused
The OPNsense install is new and default except for the above attempted setup.
Can someone point me in the right direction?
#7
General Discussion / Re: NUT is Broken After Udatin...
Last post by kiekar - May 16, 2026, 09:32:18 PMQuote from: Patrick M. Hausen on May 16, 2026, 07:16:40 PMCode Selectopnsense-revert -r 26.1.7 nut
pkg lock nut
It worked. Thanks
#8
26.1, 26,4 Series / Re: How to pin a Host to a Gat...
Last post by zartoz - May 16, 2026, 09:26:09 PMI have success! I configured a LAN Interface rule for the specific Host, but specified the Destination as an Inverse of "LAN net" and then pointed to my LTE Gateway. I did have to do 2 rules, both in and out rules for the Host with the specified gateway.
#9
German - Deutsch / Re: Unbound unter OpenVPN
Last post by viragomann - May 16, 2026, 09:13:20 PMQuote from: trixter on May 15, 2026, 09:16:38 PMNun möchte ich aber auf dem WAN den DNS abschalten - klar könnte man das auch per Regel blocken, das ist nur ein Workaround. Macht man bei den Regeln einen Fehler, ist wieder alles offen.Ich denke, da hast die eine falsche Sichtweise. Natürlich sind Regeln hier das geeignet Mittel, um Zugriffe zu beschränken.
Die Interfaces, die man in Unbound auswählt, sind lediglich jene, auf welche Unbound lauscht. Ihn auf die Interface IP lauschen zu lassen ist komfortabel in Verbindung mit einem DHCP Server, weil dieser die Interface IP automatisch auch gleich an die Clients als DNS verteilt. Als Zugriffsbeschränkung ist das aber gar nicht geeignet.
Clients am LAN könnten eben so gut ihre DNS-Anfragen an die Management-IP richten. Wenn da ein DNS läuft und die Firewall-Regen den Zugriff erlauben, werden sie eine Antwort erhalten.
Das gilt natürlich auch für alle anderen Services, die auf OPNsense laufen.
Firewall-Regeln sind also in jedem Fall das Werkzeug der Wahl, um unerwünschte Zugriffe zu unterbinden.
Quote from: trixter on May 15, 2026, 09:16:38 PM>>Möchte meinen VPN-lern die internen Servernamen mitgeben, die den Rest der Welt nichts angehen!In der OpenVPN Server-Konfiguration musst du ohnehin einen DNS-Server eintragen. Das kann dann auch die LAN-IP oder sonst eine sein, auf der Unbound lauscht. Wenn die Clients nur die Hostnamen, nicht den gesamten FQDN, auflösen können sollen, musst du die lokale Domäne auch als Suchdomänen pushen.
Erlaube den Zugriff ggf. noch mit einer Regel, dann sollten die Clients Namen auflösen können.
#10
Virtual private networks / Re: Forcing Outbound VPN Conne...
Last post by viragomann - May 16, 2026, 08:43:11 PMQuote from: cardblower on May 16, 2026, 11:46:32 AMis there a way of forcing my outbound VPN connection to use a specific gateway rather than the default one?On LAN?
I've tried a firewall rule (LAN and floating) to force destination traffic for the vpn endpoint to a specific gateway
If you're talking about a VPN client running on a LAN device, yes, this would be the proper way and should work.
But if want to force a connection from a client running on OPNsense itself to a certain gateway, you can only do this with a policy-routing rule for outbound traffic on the WAN.
