Messages

oder gibt es hier weitere Ideen wie man den Zugriff realisieren kann?

Du kannst zum einen das eine, in der Fritzbox hinterlegte Netz von vornherein größer machen, sodass alle Netze der OPNsense abgedeckt sind. Zum anderen kannst Du in der Fritzbox die WireGuard-Config exportieren, in einem Editor das neue Netz hinzufügen und die WireGuard-Config wieder importieren.

I have an Aquantia here, as well. Never worked right.

No problem here with the realtek or aquantia, although I am only using them with PCIe3 and as direct connections to each other, in Windows. 

For completeness, I have four NICs of the RTL8126, two PCIe and two m.2, all work/ed fine in conjunction with intel X550 and AQC107 and also with this switch: Zyxel XGS1250 Desktop Gigabit Smart Switch. I don't think that any problem would be chipset-related.

If you cross-flashed a marvel-firmware on an asus-card, there is a possibility for driver problems with windows, which is resolvable.

they will prefer PCIe 4.0 x1 over PCIe 3.0 x2 (they can do both)

Don't think so, I bet the x4-card will only do PCIe3. But if you had no luck till now, it will not change with these.

I have an Aquantia here, as well. Never worked right.

No problem here with the realtek or aquantia, although I am only using them with PCIe3 and as direct connections to each other, in Windows. 

both of which should have theoretically fixed this problem

Not exactly. Although I am curios how pass is treated without any reply-to. But then, pass is not a "new" rule so it probably has the reply-to still attached.

Erst allgemein blocken und dann zulassen wird halt einfach nicht klappen wenn alles auf "Quick" eingestellt ist.

Quick ist doch der Default, hat funktioniert und wird auch weiterhin funktionieren. Entweder Du bist ein sehr fortgeschrittener Benutzer und hast nur deinen Anwendungsfall nicht erklärt oder es gibt ein allgemeines Verständnisproblem mit den Regeln.

Yep, you only can set it in advanced mode of that rule, that makes sense. Why it is not the default anymore makes less sense to me.

.

Interesting, at least rules.debug shows no reply-to at all. Not sure if it was present there with an older config.

If I have to guess, your NAT worked but you had no allow rules for those? A reboot is not required.

After importing the exported rules, they don't show in the new rules.

You have to play with the filter.

After updating OPNsense to 25.7.11_9 all gateways are reported as being down. This installation is in the OracleCI. I still can reach it, so something is weird.

PCap on WAN shows nothing for ICMP.

Edit: Gateway monitor Service  wasn't running. After restarting it, everything works as expected.

Nein, die Webseite liegt in meinem Lokalen Netz

Tut sie nicht lt. deinem Bildchen.

For Android there is "WG Tunnel", that can cope with dynamic IPs. If your resolution is to restart WG on OPNsens though, you might have another problem und upgrading OPNsense is strongly advised to begin with. 

und einmal die IPv6 vom LAN-Interface (also die IPv6 die ich im Dashboard der opnsense auch unter dem LAN-Interface sehe)

Aber warum, das solltest Du ja verhindern, in dem Du die Sense entsprechend konfigurierst.

Du kannst natürlich dem AGH auch eine ULA geben, aber auch die müsstest Du dann verteilen und die Sense entsprechend konfigurieren, im Endeffekt nicht einfacher, eher das Gegenteil.