"Recent posts
#1
25.7, 25.10 Series / Re: Using Adguard Home and DNS...
Last post by JMini - Today at 01:36:59 AMYou can configure AdGuard and Unbound to forward to any upstream resolvers you want.
Right now I have AdGuard to use DNS over HTTPS to Cloudflare and Google. I'd like to try using a non-google DOH resolver as a second service though.
h3://cloudflare-dns.com/dns-query
https://dns.google/dns-query
My ISP isn't seeing ANY DNS requests and can't inspect the ones being sent to CloudFlare
Right now I have AdGuard to use DNS over HTTPS to Cloudflare and Google. I'd like to try using a non-google DOH resolver as a second service though.
h3://cloudflare-dns.com/dns-query
https://dns.google/dns-query
My ISP isn't seeing ANY DNS requests and can't inspect the ones being sent to CloudFlare
#2
General Discussion / Gateway Monitoring and Packet ...
Last post by Meg - Today at 01:13:05 AMHello: I recently started monitoring my gateway and noticed that I am getting intervals of packet loss. I am running opnsense 25.7.7_4 with adguard home and unbound as my recursive resolver. I am also using zenarmor. I was just wondering if anybody can explain what I am seeing here on the health/quality graph and what could be causing it. As I have never monitored this before I am not sure if this is normal behavior. See attached graph.
#3
25.7, 25.10 Series / Re: Using Adguard Home and DNS...
Last post by julsssark - November 25, 2025, 11:28:06 PMAs I understand it, Unbound provides more privacy than using AdGuard for your DNS service. Unbound is a resolver that directly queries authoritative nameservers, while AdGuard forwards requests to your ISP's (or Google's, etc.) DNS service. DOH will secure your request in transport, but the DNS service you are using will still know your DNS requests.
#4
General Discussion / Re: Multi-wan with PPPoE not w...
Last post by pfry - November 25, 2025, 11:23:24 PMQuote from: Monviech (Cedrik) on November 25, 2025, 09:34:12 AM[...]It would need multiple FIBs (aka virtual routing instances)
Speak of the devil... (Link included for future reference, not that anyone wants to look at it.)
Quote from: charles on November 25, 2025, 09:08:44 AM[...]I have 5 PPPoE lines from the same ISP.[...]
I have to say, when I said (paraphrasing) multiple FIB support would be useful, this isn't what I was thinking of. Ouch.
#5
General Discussion / Re: OPNsense DNS over TLS forw...
Last post by meyergru - November 25, 2025, 11:03:01 PMI already wondered how this was possible - for me, DoT works as expected as verified by a tcpdump. So it is only the column in the grid that display the wrong value, mainly a cosmetic problem.
#6
General Discussion / Re: OPNsense DNS over TLS forw...
Last post by cookiemonster - November 25, 2025, 10:55:57 PMQuote from: chemlud on November 25, 2025, 10:22:29 PMRelated:very well spotted. It seems the likely explanation.
https://github.com/opnsense/core/issues/8386
?
#7
General Discussion / Re: OPNsense DNS over TLS forw...
Last post by chemlud - November 25, 2025, 10:22:29 PM #8
Hardware and Performance / Re: N150 / N355 good fits?
Last post by meyergru - November 25, 2025, 09:36:02 PMForget those TDP numbers.
First off, for the Intel N series, these are most often "TDP down" values which no manufacturer uses for sake of higher performance ratings. Even the N100 is often configured at 25 Watts TDP and for some BIOSes, you need special tricks to bring these down, which you will need when you have a passively cooled system.
Second, with normal load on the system, the numbers are often lower - take the Minisforum. 100W TDP is only for the CPU, but at max load. In reality, the CPU will likely use 8-10 Watts and the rest of the system ~15W, so the real power draw will likely be more like 35 Watts.
An N1x0 will be more like 20-25 Watts, the N355 (estimated) ~30-35 Watts.
First off, for the Intel N series, these are most often "TDP down" values which no manufacturer uses for sake of higher performance ratings. Even the N100 is often configured at 25 Watts TDP and for some BIOSes, you need special tricks to bring these down, which you will need when you have a passively cooled system.
Second, with normal load on the system, the numbers are often lower - take the Minisforum. 100W TDP is only for the CPU, but at max load. In reality, the CPU will likely use 8-10 Watts and the rest of the system ~15W, so the real power draw will likely be more like 35 Watts.
An N1x0 will be more like 20-25 Watts, the N355 (estimated) ~30-35 Watts.
#9
25.7, 25.10 Series / Re: KEA IPv6 Leases
Last post by meyergru - November 25, 2025, 09:26:01 PMMany IoT devices only support SLAAC, if they support IPv6 at all.
Other than that, you have to select the correct RA mode to instruct devices to use DHCPv6 for all interfaces where you want it.
To me, it does not make much sense to use DHCPv6, even if you want to identify devices, because with IPv6 privacy extensions and randomized MACs these days, you cannot effectively do that anyway. Therefore, I prefer to use SLAAC only: https://forum.opnsense.org/index.php?topic=45822.0
Other than that, you have to select the correct RA mode to instruct devices to use DHCPv6 for all interfaces where you want it.
To me, it does not make much sense to use DHCPv6, even if you want to identify devices, because with IPv6 privacy extensions and randomized MACs these days, you cannot effectively do that anyway. Therefore, I prefer to use SLAAC only: https://forum.opnsense.org/index.php?topic=45822.0
#10
25.7, 25.10 Series / Re: KEA IPv6 Leases
Last post by Leo999 - November 25, 2025, 09:16:27 PMMake sure that your device supports DHCPv6. For example, Google devices currently only support slacc, which will not appear on KEA IPv6 leases.
