"Recent posts
#1
25.1, 25.4 Legacy Series / Re: Failing IPv6 connectivity ...
Last post by Arno Thuber - Today at 02:17:22 PMQuote from: MikeH on April 05, 2026, 11:30:50 AMWell, enabling Router Advertisements did help, I don't even know why I tried this.
And after discovering this thread, I set RA MTU in Dnsmasq DNS & DHCP in my IPv6 range to 1492 and everything is fine.
Stumbling over intermittent connection issues I was able to track down to happen with IPv6 enabled sites which are backed by tm-azurefd.net your tip finally did the trick. Thank you very much.
#2
26.1, 26,4 Series / Issues with Unbound overrides
Last post by mightyi - Today at 01:03:48 PMI have been a happy user of Opnsense for many years on my home network, having migrated from Sophos.
I recently upgraded to 26.1 and was trying to add an alias for a pod container on my management VLAN so it was accessible on my default internal VLAN, but it refused to work no matter what. It was then I noticed another issue - none of my wilcard overrides worked either!
After a breach a number of years ago where someone used an anydesk hack I have locked down any remote control domains by redirecting them to 127.0.0.1 and blocking/redirecting DNS to anything other than the firewall to stop manual intervention. This has always worked great, but in recent months I've had issues with a couple of my aliases not working as they should - and finally got round to fixing this week.
No matter what I do I cannot get the overrides to work properly, they work on the firewall locally, but trying lookup from a client machine always results in the apex and www for the domains directing to the actual ip addresses. Initially, it appeared that blacklisting was causing client to ignore the overrides because they were completely ignored; I manually deleted all the unbound xonfig, deleted from the template and reinstalled it. This cured a lot of the issues, but still www and apex refuse to resolve to 127.0.0.1 from a client.
Working with Claude it had me try a lot of things and could only conclude that it couldn't really be done in 26.1.x - which I can't believe! I even tried adding manual blocklists config files, which resulted in exactly the same problem.
Can anyone offer any advice of the workaround for this? It appears since the revamp of Unbound, functionality is broken for overrides; I'm using ISC DHCP and it integrates well with Unbound, so don't really want to start moving to Kea dhcp as it doesn't have the same integrations.
I recently upgraded to 26.1 and was trying to add an alias for a pod container on my management VLAN so it was accessible on my default internal VLAN, but it refused to work no matter what. It was then I noticed another issue - none of my wilcard overrides worked either!
After a breach a number of years ago where someone used an anydesk hack I have locked down any remote control domains by redirecting them to 127.0.0.1 and blocking/redirecting DNS to anything other than the firewall to stop manual intervention. This has always worked great, but in recent months I've had issues with a couple of my aliases not working as they should - and finally got round to fixing this week.
No matter what I do I cannot get the overrides to work properly, they work on the firewall locally, but trying lookup from a client machine always results in the apex and www for the domains directing to the actual ip addresses. Initially, it appeared that blacklisting was causing client to ignore the overrides because they were completely ignored; I manually deleted all the unbound xonfig, deleted from the template and reinstalled it. This cured a lot of the issues, but still www and apex refuse to resolve to 127.0.0.1 from a client.
Working with Claude it had me try a lot of things and could only conclude that it couldn't really be done in 26.1.x - which I can't believe! I even tried adding manual blocklists config files, which resulted in exactly the same problem.
Can anyone offer any advice of the workaround for this? It appears since the revamp of Unbound, functionality is broken for overrides; I'm using ISC DHCP and it integrates well with Unbound, so don't really want to start moving to Kea dhcp as it doesn't have the same integrations.
#3
26.1, 26,4 Series / Re: Set specific IP address fo...
Last post by Nullman - Today at 12:51:44 PMQuote from: rama3124 on May 01, 2026, 11:30:40 PMI upgraded to opnsense 26.1.7 yesterday and for some reason the internet just completely stopped working through both wifi and wired. I only had a backup from 25.7 so I did a fresh install of 25.7 and now the internet works but I've lost all my dhcp mappings.
My unraid server IP address has been given to another device. How do I kick this device off the address and give it to my unraid server? Sorry if my question seems silly, I'm still new to opnsense
Go to Services / Dnsmasq DNS & DHCP / Hosts and create DHCP static mappings so that IP addresses get tied to MAC addresses.
#4
26.1, 26,4 Series / Re: OPNsense 26.1.7-amd64 - Gu...
Last post by Nullman - Today at 12:48:13 PMQuote from: frade on Today at 03:25:26 AMI've already tried your suggestions, using Edge, Chrome, and Firefox, and/or in private mode and with a clear cache... nothing solved this problem.
Thank you for your help.
You are running out of options. Everything points at the hardware issue/missconfiguration.
#5
26.1, 26,4 Series / Re: Problem with IPv6 traffic ...
Last post by odites999 - Today at 12:48:08 PMAfter trying a few things without success, I saw a suggestion online to set the mss value to 1460. I did that, and everything is back to normal. I'll keep an eye on it anyway. What I don't understand is why, with the same configuration, it was working until I decided to update to version 26.1.6_2, and it hasn't worked since.
#6
26.1, 26,4 Series / Re: NetBird Interface breaks b...
Last post by sopex - Today at 12:34:37 PMQuote from: SimonS94 on Today at 11:05:19 AMI stumbled across this thread, since I am also running netbird on OpnSense 26.1 on a VM for my enterprise. I don't think I ever rebooted after installing Netbird but I am kind of scared now. @sopex would you suggest to run your command to everyone that is using NetBird on OpnSense? Since the PR isn't accepted yet. What exactly does the command do?
The original PR that was mentioned above will take some time to be merged, but for irrelevant to this code reasons.
The patch I provided is a very small part of the original PR that just sets the netbird interface to volatile so the boot sequence doesn't freak out when it can't find it.
I would install it yes.
#7
26.1, 26,4 Series / Re: Can't start Dnsmasq when D...
Last post by Monviech (Cedrik) - Today at 11:14:49 AMEnable advanced mode in dnsmasq and use strict interface binding, and make sure the interfaces used for dnsmasq and dhcrelay dont overlap.
If thats not possible drop in a custom dnsmasq config file that configures a relay in dnsmasq instead.
If thats not possible drop in a custom dnsmasq config file that configures a relay in dnsmasq instead.
#8
26.1, 26,4 Series / Can't start Dnsmasq when DHCRe...
Last post by SimonS94 - Today at 11:11:32 AMI have Dnsmasq setup as a DHCP Server for some of my VLANs. I also have DHCRelay configured for some VLANs, that should get their IP from my Windows DomainControllers. The VLAN's don't overlap, i specifically set "No DHCP" on Dnsmasq for the VLANs that get relayed via DHCRelay.
Whenever I change something in Dnsmasq and the service (probably) restarts itself, it fails to start. and it says the DHCP Port is already in use. whenever i then just kill the DHCRealy, start DNSmasq and then start DHCRelays again, everything works. When I change something on Dnsmasq again, it fails to start again until i kill the DHCRelay.
How could I fix this?
Whenever I change something in Dnsmasq and the service (probably) restarts itself, it fails to start. and it says the DHCP Port is already in use. whenever i then just kill the DHCRealy, start DNSmasq and then start DHCRelays again, everything works. When I change something on Dnsmasq again, it fails to start again until i kill the DHCRelay.
How could I fix this?
#9
26.1, 26,4 Series / Re: NetBird Interface breaks b...
Last post by SimonS94 - Today at 11:05:19 AMI stumbled across this thread, since I am also running netbird on OpnSense 26.1 on a VM for my enterprise. I don't think I ever rebooted after installing Netbird but I am kind of scared now. @sopex would you suggest to run your command to everyone that is using NetBird on OpnSense? Since the PR isn't accepted yet. What exactly does the command do?
#10
General Discussion / Tailscale drops at least every...
Last post by DiceAir - Today at 11:05:03 AMI've been having this problem where my tailscale drops every night. internet is still stable and I can't figure out why it drops
I have 2 opnsense servers call it site 1 and site 2 all connected to the tailscale net authenticated and subnets/vlans allowed. I have the following nat rules on the one site
the error I'm getting is
root@OPNsense:~ # grep "06:5" /var/log/configd/configd_20260502.log
root@OPNsense:~ # grep "06:5" /var/log/configd/latest.log
root@OPNsense:~ # grep "06:5" /var/log/system/system_20260502.log
<28>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk rtsold 92031 - [meta sequenceId="1"] <rtsock_input_ifannounce> interface tailscale0 removed
<28>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk rtsold 92031 - [meta sequenceId="2"] <rtsock_input_ifannounce> interface tun0 removed
<13>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk kernel - - [meta sequenceId="3"] <6>[112873] tailscale0: link state changed to DOWN
<13>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk kernel - - [meta sequenceId="4"] <6>[112873] tun0: link state changed to UP
<13>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk kernel - - [meta sequenceId="5"] <6>[112873] tun0: changing name to 'tailscale0'
root@OPNsense:~ #
Also my ipv4 address is static so should stay stable. Internet doesn't drop at all. don't worry about time zone I'm in South Africa that has been fixed
I have 2 opnsense servers call it site 1 and site 2 all connected to the tailscale net authenticated and subnets/vlans allowed. I have the following nat rules on the one site
the error I'm getting is
root@OPNsense:~ # grep "06:5" /var/log/configd/configd_20260502.log
root@OPNsense:~ # grep "06:5" /var/log/configd/latest.log
root@OPNsense:~ # grep "06:5" /var/log/system/system_20260502.log
<28>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk rtsold 92031 - [meta sequenceId="1"] <rtsock_input_ifannounce> interface tailscale0 removed
<28>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk rtsold 92031 - [meta sequenceId="2"] <rtsock_input_ifannounce> interface tun0 removed
<13>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk kernel - - [meta sequenceId="3"] <6>[112873] tailscale0: link state changed to DOWN
<13>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk kernel - - [meta sequenceId="4"] <6>[112873] tun0: link state changed to UP
<13>1 2026-05-02T06:53:46+02:00 OPNsense.MuncompWerk kernel - - [meta sequenceId="5"] <6>[112873] tun0: changing name to 'tailscale0'
root@OPNsense:~ #
Also my ipv4 address is static so should stay stable. Internet doesn't drop at all. don't worry about time zone I'm in South Africa that has been fixed
