Messages

Solved...   :o

Firewall -> Settings -> Advanced -> Allow IPv6   

Boy do i feel stupid now..   Weird thing is, i could ping the HE gateway over the GIF interface when this was off..

I try to avoid comparing pfSense eand OPNSense..    however, just to be sure.. I did the exact same on a pfSense firewall, and the gateway showed up immediatly ??

new try ..

Step 1 - create GIF as specified in howto, save, done..
Step 2 - Assign interface to GIF -> OPTx , save, done..
Step 3 - Edit said interface, enable, set description to TUNNELBROKER, save, apply, done..

Step 4 - Go to system -> gateways -> single.. No tunnelbroker gateway to be found..

I have 2 interfaces that show up by themselves.. 1 for my interconnection (received through DHCP)  and one for an ExpressVPN tunnel (also received by DHCP), none for the HE ipv6 tunnel..

After reading the article mentioned above it seems that my chrome browser is leaking this info..


Very strange..  stopping this would mean pluging every browser of every client pc..    hmpff

Same for my, i dont use a proxy either..    it not such a big issue that a private ip shows up, it's not routable from the outside.. but it does identify th eip of the specific computer, which is a privacy issue..

Ah didnt read the whole message :-( sorry..

should be simple though.. All you need to do is create the vlan 110 on the lag, and then change the assignment of your LAN interface from using the lagg(x) itself to vlan 110 on your lagg..   Leave the Lagg(x) unattached in the assignments window..

Should work just fine.. it might be handy if you manage your opnsense firewall using an IP on one of the other vlans at that moment so you wont lose connectivity.

Sure ! no problem.. do that all the time..    Creating a lagg does not create a layer 3 interface automatically.. 


Step 1 - create the lag
Step 2 - Create the desired vlans with the lagg as parent interface
Step 3 - Assign interfaces to vlan x on lagg y

Done.. Just dont assign an interface to the lagg itself.

Hi !

I use an ExpressVPN connection on my opnsense 18.1.11 firewall.  However, i do not want to route all traffic to the VPN, just a small part of it..

This is easily done by setting a few static routes for specific ip adresses or ip ranges and force those to use the ExpressVPN gateway while the rest will use the default GW.

However, what i would like to do is to base these routes on a certain Domain name or URL, instead of an IP address. This way it will also work if the sites in question using DNS round robing or a loadbalancer kind of setup to distribute their load over multiple servers..

Can one do such a thing with OPNSense ?

I opened the whatsmyip.com website, which showed my public IP.  No surprise there.

However, it also showed the inside IP address of my laptop ?

Is there any way to block this information ? I just want my outside IP to show, not which internal machine is behind the session ?!

[Step1 - Add a gif tunnel]

I am trying to setup a IPv6 over IPv4 Tunnel using the Hurricane electric service, by using the howto at https://wiki.opnsense.org/manual/how-tos/ipv6_tunnelbroker.html

For this i am using my 18.1.11 OPNsense system.

It seems that the Howto no longer fits the menu's and settings on this version of OPNSense, and i cant get it to work properly.


Step1 - Add a gif tunnel
The howto says i must include the /64 mask at the "GIF tunnel local address", however, this is not accepted. I can only enter the IPv6 address, without the /64 mask.

Step 2 - Configure the GIF tunnel as a new interface
So i assign the GIF tunnel to a new interface, the edit the interface. I give it a new name and description and leave everything else as-is, like the howto says.

After this is done, i cheked if this works. I ping my own IPv6 address, which works. The i ping the IPv6 address for the far side interface. This works as well.

Then the howto mentions "The newly created interface must now be set as the default IPv6 gateway under System->Gateways->All"  This no longer fits the menu structure on v18.1.11 so i go to System-> Gateways -> Single.

There i should edit the new gateway entry called TUNNELBROKER_V6 and check the default gateway option ans save.  However, there is no new gateway entry, just my regular IPv4 gateway ??

I tried creating an entry manually and check the  default gateway option, but this is not accepted. So i entered the IPv6 address on the far side (Hurricane electric side). This not accepted either, OPnSense states that the gateway address i entered does not fall within any of the subnets configured on my interfaces.

I tried entering my local IPv6 address as a gateway, which strangely IS accepted, but off course does not work.


At his point i am stuck. I tried following the howto several times and even had a look at a few pfSense howto's etc. I seem to remember that i tried this on pfSense a long time ago, and there a gateway entry was configured automatically.


Help ??