MT3000: Beryl AX Wi-FI 5G Wireguard DNS OPNsense

bruce · April 30, 2025, 1:35am

Hello,

As discussed with R&D, there is a special method that also as workaround:

uci set dhcp.@dnsmasq[0].domainneeded='0'
uci commit dhcp
/etc/init.d/dnsmasq restart

# The following is only needed for firmware version 4.6.x/4.7.x
sed -i '/domain-needed/d' /etc/dnsmasq.conf.vpn
. /usr/bin/route_policy
handle_dns

truespeed · May 7, 2025, 2:40pm

The first 4 lines executed without issue.

Should

Be either:

/usr/bin/route_policy
or
/usr/bin/route_policy {parameter}

Without the preceeding the ". "

And

handle_dns does not appear to be either a valid paramater to /usr/bin/route_policy or a stand-alone executable/object.

hansome · May 8, 2025, 2:10am

This is not applicable for opal 4.3.x firmware. I've modify Bruce's post.
It's correct for 4.6 and 4.7 firmware.

truespeed · May 9, 2025, 4:46pm

As I was trying this on a Beryl AX running 4.7.4 all of the workaround instructions were executed.

The bottom line was that there was no change in the resolver behaviour. FQDN would resolve, but those expecting to use the search domain did not.

Would these changes remain following a firmware upgrade?

Would these changes be overwritten after a restore from an earlier backup?

One thing that raised my curiosity is that /etc/dnsmasq.conf.vpn contained a dhcp-range=set referring to IP addresses that are not in my configuration (I.E. 192.68.8.x/24 addresses).

I think it would be useful if you post the command sequence to reverse these changes so I can be certain of getting back to the original configuration.

hansome · May 12, 2025, 5:07pm

Yes for /etc/config/dhcp
No for /etc/dnsmasq.conf.vpn

dnsmasq for VPN doesn't work as a DHCP server, that value is ok being a placeholder.

To restore:

uci set dhcp.@dnsmasq[0].domainneeded='1'
uci commit dhcp
/etc/init.d/dnsmasq restart

# The following is only needed for firmware version 4.6.x/4.7.x
cp /rom/etc/dnsmasq.conf.vpn /etc/
. /usr/bin/route_policy
handle_dns

hansome · May 12, 2025, 5:13pm

Sorry, I found there was a typo, corrected one is:

uci set dhcp.@dnsmasq[0].domainneeded='0'
uci commit dhcp
/etc/init.d/dnsmasq restart

# The following is only needed for firmware version 4.6.x/4.7.x
sed -i '/domain-needed/d' /etc/dnsmasq.conf.vpn
. /usr/bin/route_policy
handle_dns

Disabling domainneeded will let domain like "some_hostname" to pass to upstream.

some_hostname.lan and some_hostname.local is the same as FQDN, whether they can be forwarded to upstream depends on "option local '/lan/'". They've been supported on firmware 4.7 for clients using VPN.