"Recent posts
#1
25.7, 25.10 Series / Dnsmasq not responding to some...
Last post by Lu - Today at 04:40:38 AMI have a printer that makes DNS queries like any other device, mainly to reach machines on the LAN, but also to 3rd party services on the Internet. From what I can tell, Dnsmasq on OPNsense flat-out refuses to answer its DNS queries. I've done packet captures on the OPNsense device, to compare requests from my own machine with those of the printer's, and I don't know why they go unanswered. It waits and asks again with the search domain appended again, defensive-programming-style. I don't see anything blocking them when I watch the live view of the firewall when triggering queries from the printer.
Does anyone have any ideas about the cause, or what else I can do to diagnose it?
As a band-aid solution, I've had to configure it to use static IP addresses instead of names to get basic functionality, but that isn't sustainable.
Does anyone have any ideas about the cause, or what else I can do to diagnose it?
As a band-aid solution, I've had to configure it to use static IP addresses instead of names to get basic functionality, but that isn't sustainable.
#2
General Discussion / Re: Install problem on NVMe (n...
Last post by pfry - Today at 04:10:04 AMChecking reviews, the UD90 uses a Phison controller and (apparently) correctly reported internal temperature. Seems like an odd fault.
#3
General Discussion / tor stuck establishing a conne...
Last post by grimelog - Today at 03:19:18 AMOn my Qubes machine I cloned the working settings I currently use for wireless to that lan. I currently, cannot connect to the internet. I know this did work at one point. Any idea what I might be getting stuck on connecting to a tor relay on my Qubes machine. I think this was working before the switch to kea.
I do have intrusion detection and intrusion prevention up, and tried taking both down with no luck so far. Any idea what might be blocking me from connecting to tor?
I do have intrusion detection and intrusion prevention up, and tried taking both down with no luck so far. Any idea what might be blocking me from connecting to tor?
#4
Virtual private networks / Wireguard VPN no longer works ...
Last post by grimelog - Today at 03:13:58 AMMy setup used to work. What I could do for my rule set was switch my default outbound connection between my wireguard gateway, and non-vpn gateway. Currently, only the non-vpn gateway works. I've doubled checked and everything should be setup fine on Mullvad's end. For whatever reason nothing seems to be getting out of my Wireguard tunnel. Anyone know what might be going on here?
These settings used to work correctly I know for a fact. Maybe, I changed one thing that broke it. Have any tips for how to troubleshoot this?
These settings used to work correctly I know for a fact. Maybe, I changed one thing that broke it. Have any tips for how to troubleshoot this?
#5
General Discussion / Re: Install problem on NVMe (n...
Last post by Jwidess - Today at 03:09:43 AMI unfortunately don't have another SP UD90 drive on hand to verify this with. I may have the opportunity to test another one sometime in the next few weeks, but it's unlikely.
#6
General Discussion / Re: Degraded printer functiona...
Last post by Lu - Today at 02:38:50 AMAh, Ta. I'm aware of the auto-generated rules, and I'm not using VLANs. I added it out of frustration, really.
#7
Hardware and Performance / Re: New device option?
Last post by OPNenthu - Today at 02:30:12 AMRockchip has been in the headlines lately for not good reasons (license violations relating to FFMpeg code despite repeated requests to cease). JFYI.
#8
German - Deutsch / Re: Eigener DNS bei einer IPv6...
Last post by Maurice - Today at 02:15:14 AMQuote from: Zapad on January 13, 2026, 04:46:40 PMAber Aufgrung des tieferens einsteigens in die thematik IP6 würde ich NIEMALS GUA Lokal verwenden und trotz der Privacy extensions nach Draussen Strippen.Dann kann der Einstieg so tief nicht gewesen sein.
Täglich wechselnde Präfixe haben ISPs ersonnen, um statische Präfixe als "Business-Feature" teuer verkaufen zu können. Das Privacy-Argument ist nur vorgeschoben. Wie @meyergru schon sagte sind Cookies, Fingerprinting etc. in dieser Hinsicht viel relevanter als ein statisches IPv6-Präfix.
#9
General Discussion / Re: How can you force the Acme...
Last post by insipx - Today at 01:59:56 AMFigured it would be nice to have a step-ca plugin so I went down the rabbithole and made it: https://github.com/insipx/os-step-ca
intentionally kept simple (anything more complicated or requiring anything other than `https-01` challenges should use the acme.sh plugin). hoping to upstream to opnsense/plugins eventually whenever I have some free minutes. This plugin is configurable with step-ca short-lived certificates and will renew with the `--expires-in` flag. so, setting `--expires-in` to `4h` will renew a cert when it expires in 4h, no matter whether the cert lives for 6, 12, 16 or 24 hours. It is only meant for a single cert/web gui cert, however.
the installation is a bit tedious currently b/c there's no repo hosting it
intentionally kept simple (anything more complicated or requiring anything other than `https-01` challenges should use the acme.sh plugin). hoping to upstream to opnsense/plugins eventually whenever I have some free minutes. This plugin is configurable with step-ca short-lived certificates and will renew with the `--expires-in` flag. so, setting `--expires-in` to `4h` will renew a cert when it expires in 4h, no matter whether the cert lives for 6, 12, 16 or 24 hours. It is only meant for a single cert/web gui cert, however.
the installation is a bit tedious currently b/c there's no repo hosting it
#10
General Discussion / Re: Ignoring redirect-gateway
Last post by tbone56 - Today at 12:54:07 AMMy goal is to route all upstream traffic over the VPN automatically.
I am rebuilding the box opnsense is running on, so I will attempt to reconstruct it.
Thank you for the response viragomann.
I am rebuilding the box opnsense is running on, so I will attempt to reconstruct it.
Thank you for the response viragomann.
