"Recent posts
#81
General Discussion / Re: Replicating DD-WRT DNS loo...
Last post by nero355 - January 25, 2026, 04:37:40 PMMy best guess is that DD-WRT uses DNSmasqd instead of ISC or KEA and you might want to dig through the config files on your DD-WRT Router to check if that is indeed the case.
DNSmasqd does both DHCP and DNS while ISC and KEA depend on Unbound for DNS stuff...
DNSmasqd does both DHCP and DNS while ISC and KEA depend on Unbound for DNS stuff...
#82
Q-Feeds (Threat intelligence) / Testing firewall rules with qf...
Last post by DEC740airp414user - January 25, 2026, 04:36:46 PMCan a list be posted of the qfeeds blocklist. Community edition
I have a few vlans I want to test to make sure they are successfully blocked.
And see the number increase on the home page widget
I have a few vlans I want to test to make sure they are successfully blocked.
And see the number increase on the home page widget
#83
German - Deutsch / Re: Netzwerk, Security & Firew...
Last post by JeGr - January 25, 2026, 04:23:09 PMDa anscheinend nicht ganz so klar war, dass das einfach so weiterläuft, hab ich das im Startpost nochmal editiert und auch die Alternative URL mit eingefügt, wenn mal die Weiterleitung klemmt.
@Patrick: Könnte Freitag der Caddy auf der Sense gewesen sein, der da zwischendurch mal Schluckauf hatte, der Domain-Referrer läuft auf meiner externen OPN Kiste. Wenns wieder vorkommt gern aufschreiben, dann kann ich vllt. in den Logs mal sehen, warum der einfach nicht weiterleiten will.
@Patrick: Könnte Freitag der Caddy auf der Sense gewesen sein, der da zwischendurch mal Schluckauf hatte, der Domain-Referrer läuft auf meiner externen OPN Kiste. Wenns wieder vorkommt gern aufschreiben, dann kann ich vllt. in den Logs mal sehen, warum der einfach nicht weiterleiten will.
#84
Tutorials and FAQs / Re: [HOWTO] Sonos speaker in m...
Last post by Mr.SmartEpants - January 25, 2026, 04:17:05 PMI tried setting this up, but it doesn't work unless I connect my device to the same IoT SSID/vLAN network as the Sonos speakers. Once I connect to the same vLAN they work fine. I've attached a screengrab of my current FW rules because I'm sure that's where the problem is. What did I do wrong?
https://imgur.com/aVIkHfU
https://imgur.com/a/EIVy70V
https://imgur.com/aVIkHfU
https://imgur.com/a/EIVy70V
#85
26.1 Series / Re: Upgrade to RC1 successful
Last post by franco - January 25, 2026, 04:13:50 PMOk, fair. The menu part is https://github.com/opnsense/core/commit/e1325c5d4 .. the previous refactor wasn't needed there apparently but let's make it explicit for both modes.
The plugin side is clear but I'll push a patch tomorrow morning when I can verify it since the patch is a bit longer due to all the exceptions.
Cheers,
Franco
The plugin side is clear but I'll push a patch tomorrow morning when I can verify it since the patch is a bit longer due to all the exceptions.
Cheers,
Franco
#86
26.1 Series / Re: OpenVPN legacy plugin
Last post by franco - January 25, 2026, 04:11:34 PMWorth creating a ticket about then :)
#87
General Discussion / Re: WAN failover DNS problem
Last post by viragomann - January 25, 2026, 04:09:11 PMSo you have a multi-WAN HA setup. I see.
If you don't have query forwarding enabled in Unbound it, works as recursive resolver and requests the root servers directly. I'd expect, that this will also work on the mobile internet line, if you can request a certain server like 8.8.8.8. But possibly the provider redirects your DNS requests to his own DNS in fact.
You will not be able to detect this for unencrypted DNS traffic.
If that's the case, your only options will be to enable DNS query forwarding.
If you don't trust your provider, you can configure "Unbound DNS: DNS over TLS" and state certain DoT servers. Encrypted DNS cannot be redirected to any other server. In this case the DNS resolution would fail.
If you don't have query forwarding enabled in Unbound it, works as recursive resolver and requests the root servers directly. I'd expect, that this will also work on the mobile internet line, if you can request a certain server like 8.8.8.8. But possibly the provider redirects your DNS requests to his own DNS in fact.
You will not be able to detect this for unencrypted DNS traffic.
If that's the case, your only options will be to enable DNS query forwarding.
If you don't trust your provider, you can configure "Unbound DNS: DNS over TLS" and state certain DoT servers. Encrypted DNS cannot be redirected to any other server. In this case the DNS resolution would fail.
#88
26.1 Series / Re: OpenVPN legacy plugin
Last post by mburmester - January 25, 2026, 04:01:09 PMThanks for clarifying. The reason why I need the old plugin is that the new interface always sets a key-direction. But my VPN provider needs key-direction not set.
#89
25.7, 25.10 Series / Re: ISC to Dnsmasq breaks some...
Last post by allenlook - January 25, 2026, 03:52:14 PMIt seems I can ping from PC to PC (again only by short-name alone), but not from PC to devices like cameras, garage door openers, etc.
#90
26.1 Series / Re: Track interface / Identity...
Last post by Aerowinder - January 25, 2026, 03:36:25 PMfranco,
Very strange. It doesn't even show that I sent the PM. I sent an email this time, subject=Track interface / Identity association - IPv6 prefix ID already in use.
Edit: I have misremembered, that since I am doing a total gateway bypass from the AT&T gateway, I no longer need the script. You only need that script if you still have the gateway upstream. I kept it for potential future needs, but it's no longer in use on the OPN system. Therefore, my dhcp6 settings are "Basic", no advanced settings or config file overrides in use.
I restored my 25.7.11_2 snapshot, and the issue does not exist there with the same configuration.
Very strange. It doesn't even show that I sent the PM. I sent an email this time, subject=Track interface / Identity association - IPv6 prefix ID already in use.
Edit: I have misremembered, that since I am doing a total gateway bypass from the AT&T gateway, I no longer need the script. You only need that script if you still have the gateway upstream. I kept it for potential future needs, but it's no longer in use on the OPN system. Therefore, my dhcp6 settings are "Basic", no advanced settings or config file overrides in use.
I restored my 25.7.11_2 snapshot, and the issue does not exist there with the same configuration.
