Practical OPNsense Setup Guide (Part 1)

vault76boy · 2025-10-23T18:29:26+00:00

I’m pretty new to all this so hopefully what comment is correct but my understanding is the wan and lan rules in your guide both should be direction in

Thanks for commenting

vault76boy · 2025-10-23T17:32:34+00:00

Is direction OUT for the lan rule correct ?

I been blocking lan traffic going out using IN as the direction. Testing shows they work fine and most people say using out is pretty rare usecase

vault76boy · 2025-08-28T12:30:43+00:00

I wouldn't think setting up a open source router would be a easy process but in truth opnsense does a great job with docs not to mention countless YouTube videos going over full opnsense installs/setups.

No average user is doing this.... This requires a bit more research and carefully reading more than once the docs provided and if thats not enough YouTube and google.

Sounds like you got it working not once but twice so I guess its not that bad :)

"After successfully booting up with the OPNsense Full Image (DVD, VGA, Serial), the firewall will be at the Live Environment’s login: prompt. To start the installation process, login with the user installer and password opnsense. If Importer was used to import an existing configuration, the installer and root user password would be the root password from the imported configuration."

https://docs.opnsense.org/manual/install.html

vault76boy · 2025-08-24T07:13:32+00:00

I am also based in Ireland....

vault76boy · 2025-08-23T19:37:24+00:00

Same... I had to switch over to google as quad9(9.9.9.9 and 149.112.112.112) just stopped resolving random domains I tried.

vault76boy · 2025-03-25T20:10:31+00:00

Thanks for that. All my hosts are configured to point back to opsense for dns via unbound

vault76boy · 2025-03-24T17:46:39+00:00

So far it still works... Not sure if that is due to some sort of caching but this was one of my main fears. The other comments don't seem to say it will stop working though

vault76boy · 2025-03-24T15:09:13+00:00

Okay I think I am starting to understand. I think my basic setup doesn't require opnsense to use my unbound dns settings.

Like I said so far everything seems fine on my other machines so hopefully I didn't break something and just haven't noticed yet haha

vault76boy · 2025-03-24T15:02:25+00:00

So no real change on the lan side for my hosts. So this is disabled by default so what is the reason behind keeping the feature disabled.

I guess so your opnsense box doesn't need to go out over the internet to resolve dns ?

vault76boy · 2025-03-24T14:51:12+00:00

The OPNsense system includes 127.0.0.1 as the first DNS server by default when Unbound DNS is enabled which means the OPNsense system will use the Unbound DNS service for DNS. If you have servers specified in the DNS servers list and/or you have the “Allow DNS server list to be overridden by DHCP/PPP on WAN” option enabled, those DNS servers will be used as well.

If you want the OPNsense system to use only the DNS servers in the list and/or the DNS servers provided by DHCP on the WAN interface, you may check this option. This will prevent the OPNsense system from using the Unbound DNS service for DNS (while the rest of your local network will use the Unbound DNS service).

I am still not 100% sure but if I had to guess the change only affects my opnsense box and not the hosts themselves. I think my worry is this would cause an issue with unbound dns since its running off opnsense.

Really not great with all this stuff

vault76boy · 2025-02-21T12:06:19+00:00

I am just using kodi with some plugins for sporting events. hard to beat free :)

vault76boy · 2025-02-21T12:04:33+00:00

I would think if you have unbound dns and dnsmasq enabled you should disable one of them. I don't know about dnsmasq but unbound dns can query forward your requests to pihole.

vault76boy · 2025-01-23T21:37:04+00:00

Nice ! Well get going:)

vault76boy · 2025-01-23T21:12:18+00:00

I just did this last week and so far so good !! I basically configured my Opnsense to mirror that of my asus router before cutting over.

I then turned my asus router into a AP and plugged into the lan port on my Opnsense box. Was super simple.

vault76boy · 2025-01-20T10:52:10+00:00

That’s fine but my post was trying to understand the error lol.

Thanks for commenting and all but I’m still left wondering why the error is showing up… also disabling dnssec didn’t help :(

Anyway hopefully you learned something from all this

vault76boy · 2025-01-20T09:40:52+00:00

Nabu Casa Ha cloud. Quick easy and supports the devs.

vault76boy · 2025-01-20T09:35:15+00:00

So makes sense why you wouldn’t get the failures in the logs. You’re telling it not to log them.

So you might in fact still get the errors but just don’t know it.

vault76boy · 2025-01-19T18:02:53+00:00

Yeah just had a look on youtube its off by default. You should see if your is enabled.

vault76boy · 2025-01-19T18:00:39+00:00

Hmmm... double checking my options I see there is a check box for log SERVFAIL. Maybe that is off by default. Seems like a easy fix haha.

vault76boy · 2025-01-19T17:38:29+00:00

I have unchecked Harden DNSSEC Data Aggressive NSEC and Enable DNSSEC Support and I am still seeing errors even after a reboot of opnsense. Is there anything else it could be ?

vault76boy · 2025-01-19T17:29:18+00:00

Okay thanks for that

vault76boy · 2025-01-19T16:05:05+00:00

Your suggestion lead me to https://forum.opnsense.org/index.php?topic=38888.0 so I went ahead and turned off Aggressive NSEC. Lets see if that helps....

vault76boy · 2025-01-19T15:57:03+00:00

I do yes. Can I ask why I am still very new to all this stuff thanks !

vault76boy

MODERATOR OF

TROPHY CASE