"Recent posts
#1
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by reincoder - Today at 06:14:07 AMThank you very much, everyone, for your kindness and patience. To confirm again:
- The engineering team performed the rollback, and we are now aware of the issue.
- @Kayakero's review helped us to pinpoint the issue.
- This was not related to rate limits. Due to multiple retries to the API endpoint we returned 429 rate limit error.
- We will proceed with the migration to the new cloud storage system; however, at this moment, we do not think Opnsense needs to patch anything. We will make the adjustments on our end.
If there is any issue, please reach out to us on our community: https://community.ipinfo.io/
Opnsense is a major supporter of our IPinfo Lite service, so we owe it to the Opnsense community to handle data issues related to us in our community.
— Abdullah | DevRel, IPinfo
- The engineering team performed the rollback, and we are now aware of the issue.
- @Kayakero's review helped us to pinpoint the issue.
- This was not related to rate limits. Due to multiple retries to the API endpoint we returned 429 rate limit error.
- We will proceed with the migration to the new cloud storage system; however, at this moment, we do not think Opnsense needs to patch anything. We will make the adjustments on our end.
If there is any issue, please reach out to us on our community: https://community.ipinfo.io/
Opnsense is a major supporter of our IPinfo Lite service, so we owe it to the Opnsense community to handle data issues related to us in our community.
— Abdullah | DevRel, IPinfo
#2
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by Netlearn - Today at 05:38:10 AMThanks for the fast response.
Updates work on the five units.
Updates work on the five units.
#3
General Discussion / Re: Seeking advice for first G...
Last post by Seldon - Today at 03:07:53 AMThanks so much for your help, in advance. Firewall rules are quite daunting to me, but I believe (and hope!) that my understanding is getting a bit better.
Here's my Guest VLAN, along with the added Floating Rules.
You cannot view this attachment.
Here's the Admin VLAN, with a few restrictive rules:
You cannot view this attachment.
Here's my Home VLAN:
You cannot view this attachment.
I have to access the WAN net because I'm behind another NAT unfortunately. Should The Admin Aliases to Firewall be placed in the Floating, or are they best left specifically for the Admin VLAN rules?
Here's my Guest VLAN, along with the added Floating Rules.
You cannot view this attachment.
Here's the Admin VLAN, with a few restrictive rules:
You cannot view this attachment.
Here's my Home VLAN:
You cannot view this attachment.
I have to access the WAN net because I'm behind another NAT unfortunately. Should The Admin Aliases to Firewall be placed in the Floating, or are they best left specifically for the Admin VLAN rules?
#4
25.7, 25.10 Series / Re: Unwanted route that keeps ...
Last post by Patrick M. Hausen - Today at 12:54:23 AMInterfaces > LAN - is there a gateway set?
#5
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by Maurice - Today at 12:32:25 AM@neel I had a look: You currently can't build USB installer images (make serial / make vga) on aarch64. The build script wants to add a protective MBR to the image, but this only exists on amd64.
But building an iso image (make dvd) is possible, this has explicitly been enabled for aarch64.
But building an iso image (make dvd) is possible, this has explicitly been enabled for aarch64.
#6
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by Maurice - December 06, 2025, 11:38:42 PMOPNsense 25.7.9 aarch64 packages and sets released. Includes ndp-proxy-go 0.3.0.
#7
25.7, 25.10 Series / Re: KEA, PiHole and IPv6
Last post by NudgeyNMR - December 06, 2025, 11:23:05 PMA tutorial would be most welcome.
#8
German - Deutsch / Re: 10G Hardware Empfehlungen
Last post by bsch - December 06, 2025, 10:26:01 PMQuote from: knebb on November 30, 2025, 01:15:09 PMOk, jetzt nicht 10GbE, sondern nur 2,5GbE:
ThomasKrenn LES Systeme.
Oder bekommst Du wirklich 10GbE WAN Uplink? Wo ist das? Kann ich umziehen ;)
Ja, ich bekomme 10G :D Wie gesagt... arbeite selbst beim ISP und ja es wird auch in DE langsam XGS-PON ausgerollt. Braucht keine Sau ... aber ich will es bei mir testen. Geht da auch um weitere Test-Szenarien.
Hab mir jetzt die klassische kleine schwarze Mini-PC Kiste mit 2 SFP+ Ports gekauft.
#9
25.7, 25.10 Series / Re: DNS best practice for loca...
Last post by Monviech (Cedrik) - December 06, 2025, 10:18:43 PMRead this section from start to finish, it answers all questions, with examples.
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
#10
25.7, 25.10 Series / DNS best practice for local re...
Last post by cinergi - December 06, 2025, 09:37:10 PMHello,
Just wondering what is considered the best practice for local DNS resolution when using Unbound and dnsmasq together: Unbound running as primary resolver on port 53 and forwarding to dnsmasq on some other port for the local domain? Or vice versa, i.e. dnsmasq on port 53 forwarding non-local queries to Unbound? I'm currently using the latter setup (dnsmasq 53 --> Unbound 5353) but am wondering if the other setup (Unbound 53 --> dnsmasq 5353) would be better in some way. The documentation includes both options as valid.
I recall having some issues when I initially tried Unbound --> dnsmasq, specifically Unbound sometimes randomly stopped forwarding local queries to dnsmasq, but that was in the early days of the transition away from ISC DHCP so it may have been a bug that was since fixed.
For the Unbound --> dnsmasq case, what happens for queries to local non-FQDN host names? For example, if my local domain is home.lan, I would configure Unbound to forward queries for home.lan to dnsmasq; so queries for my-pc.home.lan (for example) would be properly forwarded, no problem there. But what about non-FQDN queries to my-pc without a domain? How would Unbound know to forward those as well?
Thanks!
Just wondering what is considered the best practice for local DNS resolution when using Unbound and dnsmasq together: Unbound running as primary resolver on port 53 and forwarding to dnsmasq on some other port for the local domain? Or vice versa, i.e. dnsmasq on port 53 forwarding non-local queries to Unbound? I'm currently using the latter setup (dnsmasq 53 --> Unbound 5353) but am wondering if the other setup (Unbound 53 --> dnsmasq 5353) would be better in some way. The documentation includes both options as valid.
I recall having some issues when I initially tried Unbound --> dnsmasq, specifically Unbound sometimes randomly stopped forwarding local queries to dnsmasq, but that was in the early days of the transition away from ISC DHCP so it may have been a bug that was since fixed.
For the Unbound --> dnsmasq case, what happens for queries to local non-FQDN host names? For example, if my local domain is home.lan, I would configure Unbound to forward queries for home.lan to dnsmasq; so queries for my-pc.home.lan (for example) would be properly forwarded, no problem there. But what about non-FQDN queries to my-pc without a domain? How would Unbound know to forward those as well?
Thanks!
