"Recent posts
#21
25.7 Series / Re: Can we get an upgrade to 2...
Last post by craigsil - Today at 01:08:17 PMand patched after reinstall with zfs - all good now
#22
25.7 Series / Re: Overriding DNS wildcard fo...
Last post by Monviech (Cedrik) - Today at 12:50:00 PMYou could try if a wildcard + specific overrides behave differently when using dnsmasq as main dns server.
But I doubt it. I would use the hacky worksround in the reverse proxy xD
But I doubt it. I would use the hacky worksround in the reverse proxy xD
#23
25.7 Series / Re: Overriding DNS wildcard fo...
Last post by amogus - Today at 12:47:47 PMQuote from: Monviech (Cedrik) on Today at 12:29:05 PMSince the services you want to override and you host with your own domain should be quite contained, you could handle this with an sni matching layer 4 route in traefik. The target could be the original hostname. Traefik just should not use the same DNS server otherwise there will be a loop since it will send the own traffic to itself.
Just a funny idea. In Caddy this sort of thing works.
Oh yeah, so in Traefik I would forward blog.mydomain.com -> blog.mydomain.com, but I would just tell it to use e.g. 1.1.1.1 for DNS. Yeah this should surely be doable in Traefik. Though seems like quite a hack haha, and I wonder what downsides it could come with. I would prefer if there was some other way to do it.
#24
25.7 Series / Re: Overriding DNS wildcard fo...
Last post by Monviech (Cedrik) - Today at 12:29:05 PMSince the services you want to override and you host with your own domain should be quite contained, you could handle this with an sni matching layer 4 route in traefik. The target could be the original hostname. Traefik just should not use the same DNS server otherwise there will be a loop since it will send the own traffic to itself.
Just a funny idea. In Caddy this sort of thing works.
Just a funny idea. In Caddy this sort of thing works.
#25
25.7 Series / Overriding DNS wildcard for sp...
Last post by amogus - Today at 12:00:20 PMHi,
Before I start, I want to say that this is my first time setting up any custom network stuff and first time using OPNsense.
(Though I'm not anymore a complete beginner, I've had a few months of learning now and I'm very happy with my setup, except this thing I'm currently working on)
So, if you can immediately see that I should switch to doing something completely other than what I'm doing right now, let me know.
Ok, so my setup is as follows:
Running OPNsense 25.7.2
I own a domain, lets call it mydomain.com
I use Unbound + Dnsmasq (because the documentation seemed to recommend this)
I use Traefik as a reverse proxy
(And if relevant, I will also use AdDuard Home, though not set up yet though)
Traefik or AdGuard Home or any other extra service is not installed as OPNsense addons, they are virtualized elsewhere
What I want to do:
I want *.mydomain.com to go to Traefik reverse proxy where I am routed to where needed (so I can do e.g. proxmox.mydomain.com -> goes to 192.168.10.3:8006)
Ok, I can do that all good, I create a host override in Unbound DNS: *.mydomain.com -> Traefik LXC IP. All good, navigating to proxmox.mydomain.com goes through Traefik and gets me to the right place, great.
Issue:
Now when I have *.mydomain.com override, I'm in trouble if I have something hosted on the internet. Lets say a blog on github pages should be on blog.mydomain.com. Well if I try to go to blog.mydomain.com, I just get forwarded to Traefik and it will not be found. Same issue also with the apex domain mydomain.com, even that seems to get forwarded to Traefik.
I'm hoping I could add an override blog.mydomain.com -> "resolve dns normally", but it seems I can only override to specific ip address, which is not usable here.
Any advice?
And to prematurely answer any question "why do you have same domain for local services and potential public ones". Well I think it would be very nice and convenient (once it works correctly). Also some services are both local and public, e.g. if accessing immich in my LAN, everything should go through the lan, but also same domain should also work if I'm not on my lan.
Before I start, I want to say that this is my first time setting up any custom network stuff and first time using OPNsense.
(Though I'm not anymore a complete beginner, I've had a few months of learning now and I'm very happy with my setup, except this thing I'm currently working on)
So, if you can immediately see that I should switch to doing something completely other than what I'm doing right now, let me know.
Ok, so my setup is as follows:
Running OPNsense 25.7.2
I own a domain, lets call it mydomain.com
I use Unbound + Dnsmasq (because the documentation seemed to recommend this)
I use Traefik as a reverse proxy
(And if relevant, I will also use AdDuard Home, though not set up yet though)
Traefik or AdGuard Home or any other extra service is not installed as OPNsense addons, they are virtualized elsewhere
What I want to do:
I want *.mydomain.com to go to Traefik reverse proxy where I am routed to where needed (so I can do e.g. proxmox.mydomain.com -> goes to 192.168.10.3:8006)
Ok, I can do that all good, I create a host override in Unbound DNS: *.mydomain.com -> Traefik LXC IP. All good, navigating to proxmox.mydomain.com goes through Traefik and gets me to the right place, great.
Issue:
Now when I have *.mydomain.com override, I'm in trouble if I have something hosted on the internet. Lets say a blog on github pages should be on blog.mydomain.com. Well if I try to go to blog.mydomain.com, I just get forwarded to Traefik and it will not be found. Same issue also with the apex domain mydomain.com, even that seems to get forwarded to Traefik.
I'm hoping I could add an override blog.mydomain.com -> "resolve dns normally", but it seems I can only override to specific ip address, which is not usable here.
Any advice?
And to prematurely answer any question "why do you have same domain for local services and potential public ones". Well I think it would be very nice and convenient (once it works correctly). Also some services are both local and public, e.g. if accessing immich in my LAN, everything should go through the lan, but also same domain should also work if I'm not on my lan.
#26
25.7 Series / Re: IPv6 traffic within Wiregu...
Last post by schnipp - Today at 11:17:09 AMQuote from: mnaim on July 31, 2025, 11:58:48 AMRight - https://github.com/opnsense/core/issues/9021
I was surprised that the GitHub issue was closed. I can't tell from the ticket content that the bug has been fixed. Does anyone have any further information?
#27
24.7, 24.10 Series / Re: Squid: segmentation fault
Last post by schnipp - Today at 11:13:40 AMNo, the issue of "segmentation fault" still persists in Opnsense 25.7.1. In case squid crashes it will automatically be restarted. So, despite the log entries I never observed any interruptions of the squid service anymore.
#28
General Discussion / Re: Losing WAN connection peri...
Last post by jstarta - Today at 11:01:55 AMQuote from: BrandyWine on August 30, 2025, 06:21:37 AMThe fw WAN is likely not in a /30.
So let's ask.... OP, what subnet is your FW WAN getting from dhcp, or now whatever OS is connecting to the ISP?
Its /22, but I have a static IP so I'll always get the same IP from the ISP
Quote from: BrandyWine on August 30, 2025, 08:26:50 AMNot sure what version of OPNsense you are running, but duly noted freeBSD 14.3-RELEASE has a noted fix for igc driver.
https://www.freebsd.org/releases/14.3R/relnotes/
Its on the latest.
I'll have a look at those links you've sent. So far the switch to using proxmox with Opnsense as a VM has been flawless.
#29
German - Deutsch / Re: Firmware Update Notificati...
Last post by layerbreak - Today at 09:47:13 AMSo sieht das Ergebnis heute aus:
2025-08-31T06:05:04
Error
monit
'OPNsense_Update_Check' status failed (1) -- UPDATE_AVAILABLE: Current version: OPNsense 25.7.1_1, Available version: OPNsense 25.7.2
2025-08-31T06:03:03
Error
monit
'OPNsense_Update_Check' status failed (1) -- UPDATE_AVAILABLE: Current version: OPNsense 25.7.1_1, Available version: OPNsense 25.7.2
2025-08-31T06:05:04
Error
monit
'OPNsense_Update_Check' status failed (1) -- UPDATE_AVAILABLE: Current version: OPNsense 25.7.1_1, Available version: OPNsense 25.7.2
2025-08-31T06:03:03
Error
monit
'OPNsense_Update_Check' status failed (1) -- UPDATE_AVAILABLE: Current version: OPNsense 25.7.1_1, Available version: OPNsense 25.7.2
#30
Virtual private networks / Re: OpenVPN migration to new I...
Last post by phanos - Today at 09:41:01 AMQuote from: maverickcdn on Today at 05:05:47 AMI came from another platform after the now legacy mode was destined to be removed and don't know anything about it so I setup a working config (for me) by bridging (frowned upon it seems) the TAP interface and my LAN interface to a bridge where the bridge is the host network. Whether this is the correct way or not it works great for my needs, if you want more details of my config let me know.
thanks I will try it and let you know
