Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Unbound not listenning on Wireguard interface at boot
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound not listenning on Wireguard interface at boot (Read 1142 times)
binoix
Newbie
Posts: 13
Karma: 0
Unbound not listenning on Wireguard interface at boot
«
on:
May 30, 2022, 12:07:48 pm »
Hello,
I have set Unbound to listen on All interfaces.
I have defined the Wireguard interface as static.
Yet at each reboot, Unbound is not listenning on the wireguard interface, and I have to restart Unbound for this to work on wireguard interface.
Would is be possible that Unbound is started *before* wireguard interface is up and hence does not take it into account?
Any ideas?
Thanks !
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Unbound not listenning on Wireguard interface at boot
«
Reply #1 on:
June 02, 2022, 11:09:45 am »
The ACL entry is missing after boot. It cannot be generated automatically before wireguard is up, which is after unbound is up. Unfortunately unbound is not capable of runtime reconfiguration for ACL so that unbound needs to be restarted which we don't do by default to prevent resolution disruption (and possible cache flush) on any wireguard up and down.
Cheers,
Franco
Logged
binoix
Newbie
Posts: 13
Karma: 0
Re: Unbound not listenning on Wireguard interface at boot
«
Reply #2 on:
June 02, 2022, 01:28:50 pm »
Thank you Franco for the explanation !
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Unbound not listenning on Wireguard interface at boot
«
Reply #3 on:
June 02, 2022, 01:30:20 pm »
(a manual ACL entry for the wireguard subnet should work)
Logged
Patrick M. Hausen
Hero Member
Posts: 6816
Karma: 572
Re: Unbound not listenning on Wireguard interface at boot
«
Reply #4 on:
June 02, 2022, 02:44:22 pm »
Another approach that I am taking with BIND, because it is even more finicky about interfaces and IP addresses coming and going than Unbound, is to bind the server to 127.0.0.1 only and use port forwarding NAT rules on each interface that shall be accessible for clients. Also helps greatly with HA setups and virtual IP addresses.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Unbound not listenning on Wireguard interface at boot