Messages

Hi meyergru, what do you mean with "OpnSense now works with HTTP/3 as a client"? What does it imply?

Oh, I was investigating how to setup Netbird and found the same problem.

I have the name problem with my ISP... a /64 delegation, son I can't use SLAAC. But I managed to subnet my 64 bits part to have 16 for LANs and the rest for host... No IPv6 for Android phones but the rest of hosts have a working dual stack... I've been using this setup for about three years and everything worked fine.
This is an awful solution, but is the only thing I could do to use IPv6 with my ISP... for now.

Just for the record... With 24.1.4 update I was able to successfully migrate the VPNs (TUN and TAP) of one of my routers.
The resulting configuration was almost identical to the legacy one and worked perfect in term of functionality.
I'm now migrating the other routers.

Great... it's possible that the fix is included in the next update.

Hi @mkerost, this issue has been solved. If you would like to test it you may apply the patches "opnsense-patch 3d09a2c 59ce2706 46354f48 ac4bbb" assuming you are on OPNSense 24.1.3_1

I've tested and it worked perfect.

Cheers...

Hexcode, would you explain your findings in respect to Wireguard side effects?

I'm using both Wireguard (now in core, not more a plugin) and udpbroadcastrelay and both are working fine so if there are some caveats I'd like to know them in advance.

While the checkbox is not there yet. I think that the options were set by default to follow the Suricata 6 behavior.

o intrusion detection: set exception-policy and app-layer.error-policy to their advertised defaults

This is what I understand from the release text.
May be the checkbox will be added later... but I don't know for sure

I dig deeper into the issue and compared the configurations generated in both legacy and new definitions and I think there are a couple of miss configurations on the new instance approach. I'll open a ticket on github.

EDIT:
I opened a ticket on github and AdSchellevis is working on the issue.

Hi mkerost, I'm facing the same problem since yesterday.
I was trying to migrate my legacy openvpn switched vpn to the new instance definition, but it seems that something is missing on the web configuration because, in addition to needing Server (IPv4), it doen't allow you to select the bridge interface nor the DHCP range to assign IP addresses to clients, as you can configure in the legacy page.
If you complete the Server (IPv4) network, it creates a tunnel VPN as if you were using a TUN VPN. I already tested it.

Check my config...

This problem was addressed here https://github.com/opnsense/core/pull/7271
A suppose it will be fixed in the next update.

Hi, why don't you try with the broadcast relay plugin. I'm using it and it works.

Try this setup from the attached image, but first make sure to select backend to native on "Dynamic DNS -> General Settings".

The obfuscated text is the host name you want to update. Take into account that different hosting providers could change the cPanel configuration but hopefully it is on the defaults.

Some years ago, when I configured this host name to use with dynamic IP I had to open a ticket support with my hosting provider due to the update URL being blocked by their firewall. If you can't make this work you could be on the same situation.

This problem was addressed on 24.1.2 update