Messages

Alright. It was because of filtering, it is on floating rules by default and I don't have any.

The bad thing : no message stating that the import has been successful

The good thing : no duplicates, whereas I imported three times

Hello,

I export my firewall, opened up the import modal window, selected the file, clicked the checkmark. The modal closes itself and ... nothing. Nothing happens, no error in the browser console (tried Firefox and Chromium)

I have no idea what to do from there. Any log file to look at ?

Regards.

[SSH sessions drop very quickly]

Hello,

From an Ubuntu client and an Android client, I have major instability with WireGuard. For example, my SSH sessions drop very quickly, I am lucky if I can type two commands in a row. As soon as I disable/enable WireGuard, it works straight away, but after less than a minute, it starts to fail intermittently. Ping shows a packet drop rate of 50 to 70%.

I don't have this issue when pinging OPNsense from the LAN, or when pinging from LAN to WAN.

It is really weird, I don't see anything related in the client's or server's logs... And I don't have anything fancy in my clients and instance configurations.

How could I downgrade to 25.7.6 to verify that recent November upgrades are the cause of the issue?

Hello,

I have set up a captive portal. It works well by redirecting to https://wifi.mydomain.com to log in.

On another container I made a PHP page (at https://getvoucher.mydomain.com/[token]) that generates vouchers using the OPNSense API and redirect to the login page with the fields automatically filled up. Thus, my customers can just scan a QR code, press Submit and they are in.

The issue I have is with devices having mobile data enables. If so, the getvoucher.mydomain.com is resolved externally, so it is not reaching my script. That doesn't happen for wifi.mydomain.com which resolves correctly. Why ? Is there a way for getvoucher.mydomain.com to behave the same and so that it resolves locally ?

Regards.

[IPV6 Disabled]

There is a serious issue with Services > Router Advertisements.

I have a Guest VLAN with captive portal and IPV6 Disabled but when I connect to it, I get a proper IPV4 from the VLAN network, but I also get an IPV6 from the LAN's IPV6 network !

Please help !

Hello,

I have switched from ISC to DNSMasq. I have a few VLANs.

- I get a /48 from My ISP so each VLAN gets a /64.
- The LAN is configured with PrefixID of 0 and InterfaceID of 1
- Each VLAN as its own PrefixID and InterfaceID of 1
- RA is set as assisted/normal/automatic for each interface
- Each IPV6 DHCP range in DNSmasq is ::dddd:0:0:0 - ::dddd:ffff:ffff:ffff

I have a wifi access point that tags VLANs for the different SSID (one SSID per VLAN). It works well for IPV4.

Wifi devices that connect to LAN and not support DHCPV6 do get SLAAC IPV6 with the proper PrefixID, but they do slowing get IPV6 for all VLANs PrefixID over time (a few minutes) !

What am I doing wrong ?

I have no such issue with DHCPv4 and Ethernet devices supporting DHCPv6 (get both SLAAC and DHCPv6 IPs with the proper PrefixID). May it be because LAN traffic isn't tagged ? How could I prevent that from happening ?

I haven't tried to use dnsmasq yet, but looking at the UI, there is a place for "Hardware addresses", as well as "Client identifier" when configuring "Hosts". I don't know if that would accomplish what you need, but it might be worth checking out....

With dnsmasq, Client identifier is for DUID. If I put the IAID in hardware address it says the hardware address is invalid. So at the moment, there is no way to match both to assign a static IPV6. Too bad ...

My bad : android devices do not support DHCPV6. SLAAC is therefor mandatory.

Hello,

Thank you for that how to.

With that setup :
- How to see devices connected to the network (with DHCPv4 I use "leases") ?
- How to set static IPV6 from the router ?

I have a /48 static IPV6 from my ISP : xxxx:xxxx:xxxx:/48

I set the LAN to track WAN with :
- Assign prefix ID : 0
- Optional interface ID : 1

My DHCPV6 is set as follows:
- Available range: xxxx:xxxx:xxxx:: - xxxx:xxxx:xxxx:0:ffff:ffff:ffff:ffff
- From: ::ffff:0
- To: ::ffff:ffff:ffff:ffff

I then set Ra to
- "managed" : client get the IPV6 gateway, but not IPV6 at all
- "unmanaged" : client get the IPV6 gateway, SLAAC IPV6, no IPV6 in DHCPV6 range
- "assisted" : client get the IPV6 gateway, SLAAC IPV6, no IPV6 in DHCPV6 range

What am I doing wrong ?

[LAN :]

Hello,

I want predictive IPV6s on my network. I get a static xxxx:xxxx:xxxx:/48 from my ISP with these settings :



The LAN is currently configured with "Tack Interface". So far so good I have IPV6 working. But I have some VLANs and I want predictive V6 IPs. I am new to IPV6 and tried so many things that I am getting lost ...

Here is what I am trying to achieve:

LAN :
Network: xxxx:xxxx:xxxx:0::/64
Router's IP: xxxx:xxxx:xxxx:0:1::/128
DHCP range: xxxx:xxxx:xxxx:0:0:: - xxxx:xxxx:xxxx:0:0:ffff:ffff:ffff (xxxx:xxxx:xxxx:0:0::/80)

VLAN 80 :
- Network: xxxx:xxxx:xxxx:80::/64
- Interface's IP: xxxx:xxxx:xxxx:80:1::/128
- DHCP range: xxxx:xxxx:xxxx:80:0:: - xxxx:xxxx:xxxx:80:0:ffff:ffff:ffff (xxxx:xxxx:xxxx:80:0::/80)

VLAN 50 :
- Network: xxxx:xxxx:xxxx:50::/64
- Interface's IP: xxxx:xxxx:xxxx:50:1::/128
- DHCP range: xxxx:xxxx:xxxx:50:0:: - xxxx:xxxx:xxxx:50:0:ffff:ffff:ffff (xxxx:xxxx:xxxx:50:0::/80)

I tried setting a static IP on my lan (xxxx:xxxx:xxxx:0:1::/128) and the proper range in KEA DHCPv6, with RA set to managed, but my DHCP clients don't get an IPV6 at all.

LAN:
Static IPV6 : xxxx:xxxx:xxxx:0:1::/64

KEA DHCPV6 configuration :
- Network : xxxx:xxxx:xxxx:0::/64
- Range : xxxx:xxxx:xxxx:0:0::/80

Hello,

I created a custom ACL.xml :

Code Select Expand

# cat /usr/local/opnsense/mvc/app/models/OPNsense/CaptivePortalVouchers/ACL/ACL.xml
<acl>
    <page-services-captiveportalvouchers>
        <name>Services: Captive Portal Vouchers</name>
        <patterns>
            <pattern>ui/captiveportal/voucher/*</pattern>
            <pattern>api/captiveportal/voucher/*</pattern>
        </patterns>
    </page-services-captiveportalvouchers>
</acl>

But I cannot find the "Services: Captive Portal Vouchers" in the GUI :



Did I miss something ?

This page has other functionalities, it uses PHP.

Hello,

I have setup a Guest captive portal protected VLAN. It works.

I need a URL to be whitelisted, it has to be reachable without authenticating on the captive portal (a website that contains instruction to get access)

How can I do it ?

Regards.

That is the best case I had. The last tries, the crash was nearly immediate after starting all services.