OPNsense 26.1.1 with Adguardhome and Unbound

Started by akore, February 09, 2026, 01:57:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 09, 2026, 01:57:20 PM
New to OPNsense. I have a  Sophos XG 115 with newly installed OPNsense 26.1.1 and I installed mimugmail 1.16 Adguardhome. All of the tutorial's online and here in the forums have outdated info that does not line up with what the GUI looks like today so I am not sure that I got everything setup correctly but I do have access to the internet so at least I didn't break that... yet. I think the only thing I might be missing is DNS port forwarding that is mention in some tutorials which I can only find Query Forwarding under Unbound. There is also a Dnsmasq DNS & DHCP section under Services which I have not a clue about. If there are newer tutorials that I missed that someone could point me to that would be helpful.


February 09, 2026, 04:52:28 PM #1
Quote from: akore on February 09, 2026, 01:57:20 PMI think the only thing I might be missing is DNS port forwarding that is mention in some tutorials
Are you looking for this : https://forum.opnsense.org/index.php?topic=9245.0 ??
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
February 09, 2026, 05:14:00 PM #2
I did read over that entire HOWTO but it doesn't match up to the current GUI. There is no "General DNS Resolver Options" anymore that I can find under Unbound General settings. And under Firewall NAT there is no longer anything mentioned about "Port Forward". So my guess would be at some point with the later interactions of OPNsense they change/moved/renamed things that just do not line up with all the instruction that I have come across on here or YouTube or Reddit... etc....
Today at 12:42:40 AM #3
Quote from: akore on February 09, 2026, 05:14:00 PMI did read over that entire HOWTO but it doesn't match up to the current GUI.
It should not be that hard to fix that IMHO by browsing around a bit on the OPNsense webGUI ?!

For example :
QuoteAnd under Firewall NAT there is no longer anything mentioned about "Port Forward".
Has been renamed to 'Destination NAT' as you can see here : https://forum.opnsense.org/index.php?topic=50472.0 ;)

QuoteThere is no "General DNS Resolver Options" anymore that I can find under Unbound General settings.
I do not use OPNsense for DNS so you will have to figure out that one yourself.
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 04:09:33 PM #4 Last Edit: Today at 04:19:02 PM by coffeecup25
This isn't the answer you want to read, but it's the best one so far.

There is no one place to look to install Adguard Home into OPNsense. Everyone does it differently. There are a lot of similarities among install techniques, but none are identical. Also, you do not need a port forward. I can't even see how that idea got into the mix in the first place. It is probably a kluge that somehow worked so it became 'official'.

Google how to install Adguard Home into both OPNsense and pfSense. Find several articles for each then roll up your sleeves and compare and contrast what you read.

Yes, you can install Adguard Home into pfSense. The article from India is what I used for the basics of that. You won't need it for that aspect.  My installed config was different though.

If you want to use Unbound, associate it with Not port 53. I used 5353 but anything will work. Inside Adguard Home Settings where it asks for DNS servers, enter 192.168.1.1:5353 (or whatever your router IP is). Don't load up outside servers. They may work, but you won't be using Unbound. If you are using IPV6 you are on your own.

Also, get familiar with WINSCP and find AdguardHome.yaml as you will need a copy of it for your backup. And you will need to make config edits there because Adguard Home only gives you one try on the initial install to get some very important things right.

Now, try to have fun.
Today at 04:22:53 PM #5
Quote from: coffeecup25 on Today at 04:09:33 PMAlso, you do not need a port forward.

I can't even see how that idea got into the mix in the first place. It is probably a kluge that somehow worked so it became 'official'.
Ehm...

It's just this : https://forum.opnsense.org/index.php?topic=9245.0 ;)

Since 26.x.x it's called (correctly) Destination NAT but all old documents/HowTo's call it by it's old name Port Forward ;)

QuoteIf you want to use Unbound, associate it with Not port 53. I used 5353 but anything will work. Inside Adguard Home Settings where it asks for DNS servers, enter 192.168.1.1:5353 (or whatever your router IP is).
Port 5353 is a bad idea because of mDNS traffic and a better idea would be 5335 or 53053 for example !!
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 04:34:22 PM #6 Last Edit: Today at 04:50:48 PM by coffeecup25
nero355,

Not to be argumentative but I have been using 5353 for a long time without ill effects. Some 'tutorials' also use it.

But I can see your point.

Ehm ....

I have no idea why a port forward is in the mix. I don't use it and never have on either OPNsense or pfSense.  As I said , not problems, ever.

If you ask someone how to create a BSD VLAN, you also get an unlimited number of examples. All are official and insulting to notice everyone does it a little differently. Or at least explains it differently.  I decided to use a 2nd subnet instead, which nobody in the forums had any idea how to install. (Very easy BTW, much much easier than a BSD VLAN). My point is that the person who gets it to work first becomes the expert once they carve it into stone. Then others who followed the instructions dig in their heels and refuse to consider other points of view. Don't even get me started on the pointed debates about using Unbound vs external DNS servers, even when the only option for the particular situation calls for an external DNS server.

In fact, OPNsense updates require an external DNS server. I'm using unbound, but discovered no repositories can be found without an external server listed on the initial setup page. Even some OPNsense official documentation somewhere mentioned those DNS servers are the ones OPNsense uses for updates.(Yes, I know, someone will add a post that condescendingly tell me they can do it just fine.)

To repeat, sometimes there is only one way to do something, but with BSD software there are often lots of ways.
Today at 05:43:26 PM #7 Last Edit: Today at 06:04:48 PM by akore
Thanks coffeecup25.That is what I thought. I will do more research and give it another try. Thankfully OPNsense has Snapshots so that when I break it I can get it back to functioning without having to swap out the box while I nuke and pave and try again from scratch.

I have tried PFsense and OpenWRT on the Sophos box but I found the UI of OPNsense to be best out of the 3. OpenWRT is what I used for the first 4 months after buying the Sophos box but when I broke OpenWRT and I could not get it to install correctly a second time I thought it was time to try something else.
Today at 06:48:35 PM #8 Last Edit: Today at 06:59:53 PM by coffeecup25
Quote from: akore on Today at 05:43:26 PMThanks coffeecup25.That is what I thought. I will do more research and give it another try. Thankfully OPNsense has Snapshots so that when I break it I can get it back to functioning without having to swap out the box while I nuke and pave and try again from scratch.

I have tried PFsense and OpenWRT on the Sophos box but I found the UI of OPNsense to be best out of the 3. OpenWRT is what I used for the first 4 months after buying the Sophos box but when I broke OpenWRT and I could not get it to install correctly a second time I thought it was time to try something else.

Once you get it figured out, I think you will be very happy with OPNsense and Adguard Home. I am. The initial config of Adguard Home was a little frustrating in getting everything properly synchronized. Sorting through all the differences is the worst part. Adguard Home is far more configurable than Unbound ad blocking and far easier to manage block list exceptions.

As I look back on it, the config was actually pretty simple. If it feels like you are jumping through strange hoops, start over. As I wrote before, the initial install screen is the most important. You only get one try and then have to go back to AdguardHome.yaml and reboot to fix what you need fixed. It's not difficult but it is annoying.

I haven't used OPNsense snapshots, so good luck there. I'm old fashioned and prefer good backups, but snapshots can certainly be better in the right circumstances.

I used pfSense CE for many years. Their update cycle was developing issues and becoming unreliable. OPNsense updates give me more confidence. My needs are simple so if development froze today, I would still remain happy. Nobody else would, I'm sure.

Openwrt on X86 looks like a bear to install. Good on you for getting it to work even once.

Today at 09:46:23 PM #9
Quote from: coffeecup25 on Today at 04:34:22 PMNot to be argumentative but I have been using 5353 for a long time without ill effects. Some 'tutorials' also use it.

But I can see your point.
Just wanted to warn you, because the guys @ https://docs.pi-hole.net/guides/dns/unbound/ made that mistake many years ago and switched from 5353 to 5335 and my guess is OPNsense now uses by default 53053 because of the same reason :)

QuoteI have no idea why a port forward is in the mix. I don't use it and never have on either OPNsense or pfSense.  As I said , not problems, ever.
You don't use any Redirect DNS NAT rules then I am guessing ?

I like having them to catch "Naughty Clients" on my network just in case... :)

QuoteTo repeat, sometimes there is only one way to do something, but with BSD software there are often lots of ways.
Actually if you talk about pure FreeBSD then the explanations written in the FreeBSD Handbook is pretty much the way to do it IMHO : https://docs.freebsd.org/en/books/handbook/
It has taught me a lot of things about 20+ years ago...



Hmm... I am getting old... LOL! ^_^
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions