"Quote from: Patrick M. Hausen on July 13, 2025, 02:30:04 PMBot crazy at all, IMHO. Been there, done that.thank you !!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
General Discussion / Re: Changing all LANs IP range by search and replace in config.xml...Crazy or not ?
July 14, 2025, 06:10:35 PM #2
General Discussion / Changing all LANs IP range by search and replace in config.xml...Crazy or not ?
July 13, 2025, 12:39:52 PM
Hello,
I currently have a few LAN (LAN/VLAN) with IP ranges in 192.168.1.x, 192.168.5.x etc...it's home use.
Sometime I wonder if I could move to 10.10.1.x, 10.10.5.x instead (basically replace 192.168 by some 10.10 (or other 10.x) prefix.
I seems quite a hard work by working in the GUI: every DHCP, Firewall rules etc...
So I was wondering: what if I just go for search & replace in the config.xml ?
(maybe safer to try with a non critical subnet first).
(of course there are a few static IP to deal manually in relevant equipment.).
is it too crazy or possible? :)
I currently have a few LAN (LAN/VLAN) with IP ranges in 192.168.1.x, 192.168.5.x etc...it's home use.
Sometime I wonder if I could move to 10.10.1.x, 10.10.5.x instead (basically replace 192.168 by some 10.10 (or other 10.x) prefix.
I seems quite a hard work by working in the GUI: every DHCP, Firewall rules etc...
So I was wondering: what if I just go for search & replace in the config.xml ?
(maybe safer to try with a non critical subnet first).
(of course there are a few static IP to deal manually in relevant equipment.).
is it too crazy or possible? :)
#3
General Discussion / Can't make VLAN work with TP-Link switch
December 07, 2024, 10:26:49 AM
Hello,
I have an opnsense routeur working fine with VLAN and a couple of netgear managed switch.
I just added a tp-link TL-SG105PE poe managed switch that I didn't succeed to configure for VLAN
Here is my setup
Opnsense :
Default LAN (192.168.1.x) +Vlan5 (192.168.5.x)
I use vlan5 for cameras
1st switch netgear:
Connected to opnsense with vlan1 untagged (Lan) + vlan5 tagged. Pvid1
Connected to tp-link with vlan1 (untagged) + vlan5 tagged , pvid1
Connected to camera1, vlan5 untagged pvid5 (works fine)
2nd switch tp-link
Connected to netgear vlan1 untagged, vlan5 tagged, pvid1
Connected to camera2 vlan5 untagged pvid5 (tried also pvid1) static ip on 192.168.5.x
I tried also tagged vlan1 between the 2 switches.
I cannot access camera2 on vlan5 whatever I try.
I don't know if tp-link switch either don't like opnsense or netgear switch or my configuration.
Any ideas?
I have an opnsense routeur working fine with VLAN and a couple of netgear managed switch.
I just added a tp-link TL-SG105PE poe managed switch that I didn't succeed to configure for VLAN
Here is my setup
Opnsense :
Default LAN (192.168.1.x) +Vlan5 (192.168.5.x)
I use vlan5 for cameras
1st switch netgear:
Connected to opnsense with vlan1 untagged (Lan) + vlan5 tagged. Pvid1
Connected to tp-link with vlan1 (untagged) + vlan5 tagged , pvid1
Connected to camera1, vlan5 untagged pvid5 (works fine)
2nd switch tp-link
Connected to netgear vlan1 untagged, vlan5 tagged, pvid1
Connected to camera2 vlan5 untagged pvid5 (tried also pvid1) static ip on 192.168.5.x
I tried also tagged vlan1 between the 2 switches.
I cannot access camera2 on vlan5 whatever I try.
I don't know if tp-link switch either don't like opnsense or netgear switch or my configuration.
Any ideas?
#4
22.1 Legacy Series / Re: DHClient stops suddenly? WAN-Connection down a few times a day
May 13, 2022, 11:46:04 PM
Does anyone has a solution or workaround for this?
#5
22.1 Legacy Series / Re: DHClient stops suddenly? WAN-Connection down a few times a day
April 21, 2022, 06:40:44 PM
Yes, I confirm : saving gateway settings and apply (without any modification) bring it back alive :o
#6
22.1 Legacy Series / Re: Running native ipv6 but I get no ipv6 default route
April 19, 2022, 08:40:00 PM
did you check if opnsense itself find an ipv6 route?
On my side,devices on my LAN receive an IPv6 address but won't reach internet:
- traceroute from laptop to google dns (ipv6) will stop when reaching opnsense
- traceroute from opnsense itself to google ipv6 dns give "no route to host"
I didn't tried the netgear switch trick but has opnsense itself cannot find its way,
my situation is a bit different.
what about you @gunnarf ?
On my side,devices on my LAN receive an IPv6 address but won't reach internet:
- traceroute from laptop to google dns (ipv6) will stop when reaching opnsense
- traceroute from opnsense itself to google ipv6 dns give "no route to host"
I didn't tried the netgear switch trick but has opnsense itself cannot find its way,
my situation is a bit different.
what about you @gunnarf ?
#7
22.1 Legacy Series / Re: DHClient stops suddenly? WAN-Connection down a few times a day
April 19, 2022, 04:18:39 PM
Hi !
Did you find a solution to you issue ?
I'm not sure I have same issue, but I recently noticed that my backup WAN gateway (second WAN) sometimes appear down in opensense.
A simple DHCP release/renew (interface/overview menu) is good enough to get the gateway back to green.
my backup wan is a LTE router set in bridge mode.
Did you find a solution to you issue ?
I'm not sure I have same issue, but I recently noticed that my backup WAN gateway (second WAN) sometimes appear down in opensense.
A simple DHCP release/renew (interface/overview menu) is good enough to get the gateway back to green.
my backup wan is a LTE router set in bridge mode.
#8
22.1 Legacy Series / Lenovo won't boot with 22.1 on internal ssd (no OS found)
February 28, 2022, 11:37:09 PM
Hi!
I'm struggling with my lenovo m720q to boot on internal SSD (PCI NVME) with 22.1.
it was working fine for months before with older version.
Install works fine but I tried several bios & install settings without success: when reboot, it says error 1962, no operating system found (boot loop).
I though ssd was dead so I tries a new one: same issue.
As a temporary work around it does boot and reboot fine with installation on external USB HDD (an old 80GB I had in my drawer)
ideas welcome...
I'm struggling with my lenovo m720q to boot on internal SSD (PCI NVME) with 22.1.
it was working fine for months before with older version.
Install works fine but I tried several bios & install settings without success: when reboot, it says error 1962, no operating system found (boot loop).
I though ssd was dead so I tries a new one: same issue.
As a temporary work around it does boot and reboot fine with installation on external USB HDD (an old 80GB I had in my drawer)
ideas welcome...
#9
General Discussion / Re: What's the issue with the poor man bridge aka the dmz double nat ?
January 29, 2022, 07:55:57 PM
Hi both ! thanks for your great feedback, it give me some thinking and homework (this idea to disable NAT in opnsense need extra processing in my head.
@marcquark, I agree with your point and I would like to add in 'pro' that I could connect work computers ( I mean laptop provided by work) directly on the ISP router : So they stay out of my LAN (they don't need) and also not exposed to any misconfiguration I might do on my opnsense router :)
@marcquark, I agree with your point and I would like to add in 'pro' that I could connect work computers ( I mean laptop provided by work) directly on the ISP router : So they stay out of my LAN (they don't need) and also not exposed to any misconfiguration I might do on my opnsense router :)
#10
General Discussion / Re: What's the issue with the poor man bridge aka the dmz double nat ?
January 27, 2022, 06:07:30 PM
Yes, I know.
But there's some place where only available solution is ISP modem that cannot be set in bridge and cannot be removed/replaced.
So, that's why I ask what could be the issues with double NAT through DMZ.
No offense, but I don't ask how to avoid this ;-)
But there's some place where only available solution is ISP modem that cannot be set in bridge and cannot be removed/replaced.
So, that's why I ask what could be the issues with double NAT through DMZ.
No offense, but I don't ask how to avoid this ;-)
#11
General Discussion / What's the issue with the poor man bridge aka the dmz double nat ?
January 27, 2022, 04:03:52 PM
Hi !
I have read several times that double nat in principle is bad and I understand the issues that it can brings.
But it's less clear when it comes to use double nat through DMZ (sometimes called the poor man bridge mode).
Let's assume that I have 2 routers:
- ISP router, connected to internet on one side, providing a DMZ lan RJ45 on the other side.
ie: all incoming traffic from internet will be forwarded to a defined RJ45
- An Opnsense router with WAN port connected to DMZ RJ45 mentionned above and my LAN on the other side.
What could go wrong exactly ?
or what would work fine with ISP router in bridge mode that would not work with the DMZ trick ?
if it matters:
- I use VPN to access my LAN from my smartphone when I'm away (using vpn server in opnsense).
- I have some playstations (those devices are sensitives to NAT topics).
I have read several times that double nat in principle is bad and I understand the issues that it can brings.
But it's less clear when it comes to use double nat through DMZ (sometimes called the poor man bridge mode).
Let's assume that I have 2 routers:
- ISP router, connected to internet on one side, providing a DMZ lan RJ45 on the other side.
ie: all incoming traffic from internet will be forwarded to a defined RJ45
- An Opnsense router with WAN port connected to DMZ RJ45 mentionned above and my LAN on the other side.
What could go wrong exactly ?
or what would work fine with ISP router in bridge mode that would not work with the DMZ trick ?
if it matters:
- I use VPN to access my LAN from my smartphone when I'm away (using vpn server in opnsense).
- I have some playstations (those devices are sensitives to NAT topics).
#12
21.7 Legacy Series / Re: How to use setting under Unbound:"Verfiy if CN in certficate matches"
December 12, 2021, 09:37:31 PM
Hi !
May I ask how to check if the provided "verify CN" works fine ?
I tried to figure out what to use with quad9...I found it may be dns.quad9.net...can I confirm this with opnsense logs or something?
May I ask how to check if the provided "verify CN" works fine ?
I tried to figure out what to use with quad9...I found it may be dns.quad9.net...can I confirm this with opnsense logs or something?
#13
General Discussion / Re: IPv6 questions
April 26, 2021, 12:11:44 PMQuote from: marjohn56 on March 13, 2021, 07:35:06 AM
Rather go the Wifi shedule or VLAN route than play wack-a-mole anyway, you only have to change the DUID or MAC on the client and you get a new address, most 10 year olds probably now how to get around that sort of block.
I faced this some monthes ago: not really on purpose by the kids, but some android now offer random mac address on wifi.
This is a good idea for public wifi, but not good for home :-)
To avoid this, I restricted wifi AP with mac address white list: so only known mac are allowed (this option on phone to use random MAC has to be disabled)
This "Static ARP" option in DHCP can be usefull too, all this to be combined with dedicated VLAN/AP
So at the end, only known MAC can be used have to match known IP on a dedicated VLAN/subnet, so you can rules them all :-)
I have done only in IPv4 so far, due to this SLAAC only on android (also I didn't see something similar to static ARP on DHCPv6)
it may be possible to manage with the alias on MAC trick.
#14
General Discussion / Re: humble suggestion:change or record default number of items listed from 7 to all.
April 26, 2021, 11:51:58 AM
Well if there is trick to change this "7" in a settings files, could also do the job :-)
#15
General Discussion / humble suggestion:change or record default number of items listed from 7 to all.
April 26, 2021, 09:31:38 AM
Hi!
Would it be possible to change or remember the default items displayed in lists ?
I mean this:
7 is pretty small for modern screen and it's often needed to spend a little time to "where's my ryles? oh I forget there's only 7 displayed, let's change it".
if it's possible to consider this, I would be happy to have a tuning somewhere to change default value to "All".
Or it may be even easier just to keep last change: once I set "all" (or 50 or whatever), it should keep it for next visit.
What do you think ?
:)
Would it be possible to change or remember the default items displayed in lists ?
I mean this:
7 is pretty small for modern screen and it's often needed to spend a little time to "where's my ryles? oh I forget there's only 7 displayed, let's change it".
if it's possible to consider this, I would be happy to have a tuning somewhere to change default value to "All".
Or it may be even easier just to keep last change: once I set "all" (or 50 or whatever), it should keep it for next visit.
What do you think ?
:)
