From 1cfd87f450dde30dff2c3d785763760463a15976 Mon Sep 17 00:00:00 2001 From: kavren Date: Sun, 28 Dec 2025 21:45:29 -0500 Subject: [PATCH] fix: Guest VLAN internet - DNS pointed to non-existent IP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Root cause: OPNsense DHCP and firewall rules referenced 10.4.2.129 for Pi-hole DNS, but that IP doesn't exist. Pi-hole is at 10.4.2.11. Updated all references in OPNsense config.xml and documentation. đŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- docs/CHANGELOG.md | 7 +++++++ docs/DECISIONS.md | 10 +++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 244dd42..f1f9e16 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -4,6 +4,13 @@ ## 2025-12-28 +### Guest VLAN Internet Fix +- Fixed Guest VLAN (10.4.30.0/24) having no internet access +- Root cause: OPNsense DHCP and firewall rules referenced non-existent 10.4.2.129 for DNS +- Fix: Updated all DNS references in OPNsense config.xml from 10.4.2.129 to 10.4.2.11 (Pi-hole) +- Affected: DHCP DNS server settings for all VLANs, firewall DNS allow rules +- Guest clients need DHCP lease renewal to get correct DNS server + ### RustDesk Server Deployment - Deployed RustDesk server LXC 129 on pm2 via ProxmoxVE helper script - Configured static IP: 10.4.2.36 diff --git a/docs/DECISIONS.md b/docs/DECISIONS.md index e1045a0..760400f 100644 --- a/docs/DECISIONS.md +++ b/docs/DECISIONS.md @@ -107,16 +107,16 @@ Unmanaged Gigabyte switches pass VLAN tags through (they just don't understand t #### DHCP Configuration All DHCP served by OPNsense: -- LAN: 10.4.2.100-200, DNS: 10.4.2.129 (Pi-hole) -- Trusted: 10.4.10.100-200, DNS: 10.4.2.129 -- IoT: 10.4.20.100-200, DNS: 10.4.2.129 -- Guest: 10.4.30.100-200, DNS: 10.4.2.129 +- LAN: 10.4.2.100-200, DNS: 10.4.2.11 (Pi-hole) +- Trusted: 10.4.10.100-200, DNS: 10.4.2.11 +- IoT: 10.4.20.100-200, DNS: 10.4.2.11 +- Guest: 10.4.30.100-200, DNS: 10.4.2.11 #### OPNsense Firewall Rules (Implemented) | Rule | Source | Destination | Action | |------|--------|-------------|--------| -| Allow DNS | IoT/Guest | 10.4.2.129:53 | Pass | +| Allow DNS | IoT/Guest | 10.4.2.11:53 | Pass | | Block IoT→LAN | 10.4.20.0/24 | 10.4.2.0/24 | Block | | Block Guest→LAN | 10.4.30.0/24 | 10.4.2.0/24 | Block | | Block Guest→IoT | 10.4.30.0/24 | 10.4.20.0/24 | Block |