"
I must have chosen something wrong when I tries to make an alias, because it didn't like ipv6 addresses. Now it works Thanks
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
25.7, 25.10 Series / Re: What is the best strategy to pass traffic to my web server for ipv6
December 03, 2025, 12:18:59 PM #2
25.7, 25.10 Series / (SOLVED)What is the best strategy to pass traffic to my web server for ipv6
December 03, 2025, 12:00:33 PM
This is a small personal network. My ISP earlier let me get a ipv4 address that was routed, so I could reach my web server from the internet. I got a new address recently (standard good ipv4 address via DHCP) and it is not routed. However I can reach my server with ipv6 (tried ping).
What is the best strategy to let traffic in to the web server (only 443) via ipv6? I tried to make a rule and point out the servers ipv6 address, but in the alias section, there is no such possibility, it doesn't like ipv6 addresses. So what do I do?
The ipv6 address span is a /56 that I get from my IPS, and I give it out to four separate networks inside.
What is the best strategy to let traffic in to the web server (only 443) via ipv6? I tried to make a rule and point out the servers ipv6 address, but in the alias section, there is no such possibility, it doesn't like ipv6 addresses. So what do I do?
The ipv6 address span is a /56 that I get from my IPS, and I give it out to four separate networks inside.
#3
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
November 11, 2025, 10:58:12 AMQuote from: franco on November 11, 2025, 07:55:19 AMSo Dnsmasq is still running but not responding?
It works when running, but is stopped without notification three times, causing trouble. I turned it off and am back to ISC DHCP witch never fails.
#4
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
November 07, 2025, 07:21:15 PM
dmesg says nothing about dnsmasq! no segfaults shown
#5
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
November 06, 2025, 09:19:02 PMQuote from: Monviech (Cedrik) on November 03, 2025, 08:54:03 AMGot any weird settings on like strict interface binding (dnsmasq general settings, advanced)? If interfaces drop out I can imagine dnsmasq not liking that.
No it is very straight forward. Activated on LAN only. Nothing extra. Just a simple DHCP span from 101 to 200. about ten fixed addresses. DNS via Unbound as suggested.
I went away two days, when I come home DNSmasq has stopped again. So I gove a fixed address to my iMac, start Dnsmasq again. Tomorrow I'll activate KEA instead
#6
25.7, 25.10 Series / Dnsmasq stops occasionaly
November 03, 2025, 08:49:14 AM
I've switched from ISC DHCP to dnsmasq a few weeks ago. Followed the instructions thoroughly, and all seems to work fine. But twice since the switch the dnsmasq service has just stopped witch of course leads to clients not getting their IP-addresses.
After manually giving my main work computer a fixed address, I can connect with OPNsense server and start the service again. I see nothing in the logs.
After manually giving my main work computer a fixed address, I can connect with OPNsense server and start the service again. I see nothing in the logs.
#7
24.7, 24.10 Legacy Series / Re: <SOLVED> OpenVPN Client can't connect after latest OpnSense update
January 23, 2025, 05:28:32 PM
Sorry for the spamming. Turns out it had to do with my DNS name provider. Just happened to coincide with the upgrade.
#8
24.7, 24.10 Legacy Series / <SOLVED> OpenVPN Client can't connect after latest OpnSense update
January 23, 2025, 03:39:09 PM
I don't know if it has something with the update to do, but after upgrading to 24.7.12 my (since long time working) client OpnSense server can no longer connect to the main site.I see lots of these messages in the log
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: Client disconnected
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: CMD 'state'
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: Client disconnected
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: CMD 'status 3'
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2025-01-23T15:38:01 Notice openvpn_server1 MANAGEMENT: Client disconnected
2025-01-23T15:38:01 Notice openvpn_server1 MANAGEMENT: CMD 'state'
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: Client disconnected
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: CMD 'state'
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: Client disconnected
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: CMD 'status 3'
2025-01-23T15:38:11 Notice openvpn_server1 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2025-01-23T15:38:01 Notice openvpn_server1 MANAGEMENT: Client disconnected
2025-01-23T15:38:01 Notice openvpn_server1 MANAGEMENT: CMD 'state'
#9
24.7, 24.10 Legacy Series / Re: Wireguard - Can't get it to connect
December 25, 2024, 11:55:03 AM
I had a hard time to get it working, until I started using the "peer generator" By using that, and let the clients read the generated QR-code. The everything works nicely
#10
24.7, 24.10 Legacy Series / Re: Unable to use SSH when i disable Permit password login
December 23, 2024, 12:03:36 PM
The ssh keys are stored in .ssh directory in your home directory. Look at man ssh
#11
24.7, 24.10 Legacy Series / Re: ipv6 via dhcp6. How to get ipv6 on more than LAN interface <SOLVED>
November 08, 2024, 02:37:07 PMQuote from: dseven on November 07, 2024, 08:47:55 PMQuote from: gunnarf on November 07, 2024, 07:39:25 PM
And the question then. How do I configure interface #2?
The same way you did #1 ... except use a different value for "Assign prefix ID"
At last I understood how. Thank You!
#12
24.7, 24.10 Legacy Series / Re: ipv6 via dhcp6. How to get ipv6 on more than LAN interface
November 07, 2024, 07:40:47 PMQuote from: tiermutter on November 02, 2024, 11:59:21 AM
You need also ti track WAN interface IP for the other networks. Only make sure to use another identifier for each network. Default is 0, then use 1 and 2 for the other networks.
Default is LAN OPT1 OPT etc, so how do you mean I should do?
#13
24.7, 24.10 Legacy Series / Re: ipv6 via dhcp6. How to get ipv6 on more than LAN interface
November 07, 2024, 07:39:25 PMQuote from: Patrick M. Hausen on November 02, 2024, 11:54:46 AM
A single interface always gets a /64, so you can in fact have up to 256 interfaces with that /56 from your ISP.
And the question then. How do I configure interface #2?
#14
24.7, 24.10 Legacy Series / ipv6 via dhcp6. How to get ipv6 on more than LAN interface <SOLVED>
November 02, 2024, 11:50:23 AM
On my home network, I have requested a /56 from my ISP. It is easy to get ipv6 on the LAN interface via track interface, but how can I get ipv6 to the other two internal interfaces on the firewall?
Gunnar
Gunnar
#15
24.7, 24.10 Legacy Series / Re: unbound DNS seemt to stop resolving DNS
October 29, 2024, 10:20:49 PMQuote from: cookiemonster on October 29, 2024, 11:17:38 AM
Can be but I am not suggesting that setup.
AdGH does only ad blocking with lists. Other lists can also be added.
Then it uses Unbound as upstream resolver.
client -> AdGH -> Unbound -> Root servers (or others if you prefer)
OK! So I let adGH use port 53 and then AdGH asks Unbound on another port. Witch mean I don't have to change clients, since they already uses OpnSense(aka Unbound) as resolver.
