Messages

What issue? OPNsense functions just fine with bad colors. ;)

Because others might also benefit. Opensource isn't just about taking, it's also about contributing back.

Great, but please also file an issue. Perhaps even with a PR for better colors?

It really depends on your network setup. If it's a flat network (LAN and WLAN are on the same VLAN) OPNsense won't be involved whatsoever. You might want to look if there is some form of wireless client isolation configured (it is an option on many AP's).

If they aren't on the same VLAN you have to make sure that mDNS is configured, and the necessary ports are open between the VLANs.
https://docs.opnsense.org/manual/how-tos/multicast-dns.html

Hi,

I'm trying to get wireguard working over ipv6 - so to start a tunnel on my public ipv6 ip address. For some obscure reason this won't connect.
Over ipv4 it works without issues.

The wireguard process is listening on port 16667, on both ipv4 and ipv6

Code Select Expand

netstat -an | grep 16667
udp6       0      0 *.16667                *.*                   
udp4       0      0 *.16667                *.*           

There are pf rules in place

Code Select Expand

fctl -s rules | grep 16667
pass in log quick on igb0 reply-to (igb0 my_wan_ip) inet proto udp from <test_alias> to (self) port = 16667 keep state label "bb98ab23aa9424dfc474d537ac13aec4"
pass in log quick on igb0 reply-to (igb0 fe80::342c:zzzz:yyyy:xxxx) inet6 proto udp from <test_alias> to (self) port = 16667 keep state label "bb98ab23aa9424dfc474d537ac13aec4"

The alias contains both ipv4 and ipv6 address of the other side.

What am I missing? Strangely enough not even

Code Select Expand

tcpdump -i igb0 port 16667 and udp and ip6 shows any traffic incoming.

Outgoing (both from the OPNsense machine itself as clients on the LAN) works fine.

I'm running an APU2E4, so should I be worried? Apply that UART tuneable before updating?

In my case, I run my 'prod' (aka the one connecting to the internet) OPNsense on bare metal. I do have a virtualised OPNsense for testing stuff in a lab environment.

* Router does one thing does one thing, and does it well
* In case my Proxmox host goes down, it doesn't take everything with it - a hypervisor needs patches + reboots to update kernels

Hmmz. Ofcourse, this means that it'll be using your public ipv6 prefix, which is not guaranteed.
Does dhcpd6 update the ip addresses, or will it keep using the old ones?

Or should I just like hand out specific ula's..?

That is so straightforward it hurts. Thx!

Ah. That works too, just have to figure out how to get the DUIDs. Thanks.

I was hoping there was someone with a cool idea.

When working with dhcpv6, how does one need to configure isc dhcp to do the registration?
I have the impression it also doesn't work out of the box.

Hi,

I was wondering if there's a way to get ipv6 addresses registered in unbound for resolving in the local lan, without having to do this manually?

I'm in the process of reconfiguring my internal network to also fully support IPv6 using SLAAC. I've also added an ULA so ideally I'd like to have that be automatically registered in unbound - but sofar the solution is eluding me.

The only way I see forward is to use dhcpv6, but if I can avoid an extra service (also android devices don't do dhcpv6), it'd be fantastic.

Have you checked if there is any process that is using a lot of cpu?

I've moved from the unifi usg to opnsense, because of the lack of options and control.

I do miss the unified pane of glass where you see and control it all, but I'd never go back.

You'll really have to post more information - all setups are individual, there's no way to know what might be blocking your traffic.

Screenshots of your configuration might help. It's a big jump (which was probably never tested).

Awesome news! Thank you!

How usable is the UEFI build at this point?