Messages

I won't be able to have two connections with proton, once their tunnels always have the same address

Just change the first 2 with a different number (e.g. 10.3.0.2).

Proton tunnels reuse the same local tunnel IP (10.2.0.2), which may contribute to routing/state ambiguity

What do you mean by that.
And my observations are, that those tunnels stay up almost all the time, only ICMP gets dropped from time to time, nothing else.

For WireGuard? No. Although you could try a static route to the VPN-Endpoint-IP-address.

Hab mich gestern auch gewundert, aber es dann schnell aufgegeben, weil schon spät und das Fehlerbild merkwürdig war.

Bug oder Feature

You cannot view this attachment.

Doch, "Nur Präfix anfordern" ist bei allen genannten Instanzen aktiv. Genau so wie im Screenshot oben ersichtlich.

Wurde ja schon erklärt, dass das eine SLAAC-Adresse ist und mit DHCPv6 nichts zu tun hat.

Android does not support DHCPv6.

Some sites report the newest version should support it. Google themself said it will even support DHCPv6 Prefix Delegation. A somewhat quick test of mine with the latest LineageOS (Android16) though didn't showed any of that working... 

@Bob.dig gezeigt ist die Client-Config ..

Völlig unklar, ob dem wirklich so ist. Letztlich fehlen die relevanten Angaben, wer hier was ist. Ich geh wie immer vom Schlimmsten aus. ;)

leidlich Netzwerkerfahrung

Was soll denn das für eine Erfahrung sein, alles schreit nach keinerlei Ahnung.
Warum ist 10.20.0.0/16 bei den allowed IPs zu sehen...

A good idea in theory (and some / most consumer routers do that), but for more advanced setups you really need to know the PD size in advance. For example, when configuring the subnet IDs of your LANs, you need to know how many bits are available. Let's say you configure a subnet ID 0x10 but then only get a /60...

Doesn't sound like a real reason not to do it like most consumer routers do, to me. In my mind, OPNsense could be doing something better than the original but then refuses to do it for the same stubborn reasons.

Using "Firewall: Diagnostics: Aliases" I can confirm __wan_network includes the /64 prefix of the network the opnsense is in. However it does not include any other delegated prefixes by the FritzBox.

If this doesn't work, create a group in firewall with all your IPv6-enabled networks. Then use this group-alias for your rule creation, don't use the group itself.

oder gibt es hier weitere Ideen wie man den Zugriff realisieren kann?

Du kannst zum einen das eine, in der Fritzbox hinterlegte Netz von vornherein größer machen, sodass alle Netze der OPNsense abgedeckt sind. Zum anderen kannst Du in der Fritzbox die WireGuard-Config exportieren, in einem Editor das neue Netz hinzufügen und die WireGuard-Config wieder importieren.

I have an Aquantia here, as well. Never worked right.

No problem here with the realtek or aquantia, although I am only using them with PCIe3 and as direct connections to each other, in Windows. 

For completeness, I have four NICs of the RTL8126, two PCIe and two m.2, all work/ed fine in conjunction with intel X550 and AQC107 and also with this switch: Zyxel XGS1250 Desktop Gigabit Smart Switch. I don't think that any problem would be chipset-related.

If you cross-flashed a marvel-firmware on an asus-card, there is a possibility for driver problems with windows, which is resolvable.

they will prefer PCIe 4.0 x1 over PCIe 3.0 x2 (they can do both)

Don't think so, I bet the x4-card will only do PCIe3. But if you had no luck till now, it will not change with these.

I have an Aquantia here, as well. Never worked right.

No problem here with the realtek or aquantia, although I am only using them with PCIe3 and as direct connections to each other, in Windows.