Messages

All my servers use SLAAC. The addresses are stable unless I change the MAC address of the server for some reason. I can then point Caddy (or NginX in your case) at these addresses. DHCPv6 is rarely needed.

Interesting, I thought that I had changing IPv6, but that was in the beginning of my journey. So maybe I looked at the privacy extended IPv6 back then. So in theory, I could ditch DHCPv6, and go with SLAAC only you think?

Hmm... I have to think about that, I quiet liked to have 10.10.50.4 and 2000:2000:2000:50::4 for simplicity.

That is a little bit off topic, because my issue is more about OPNsense offerin MAC based reservations, which according to some folks on github is against IPv6 philosophy. And because of that, they have not accounted for certain situations and you run into errors.

Maybe I am misunderstanding you, but IMHO your idea falls flat, because I only need static leases for services. And for that I need a static IPv6.


I can't say to NGINX:
My static /48 prefix is 2000:2000:2000::, my service is in the vlan 30, which has the prefix 2000:2000:2000:30:: so proxy pass to 2000:2000:2000:30:: and somewhere in there is my destination, go find it.

I'm unable to tell.

Me too ;) no seriously, I have this issues with OPNsense, but of course it could also be KEA that is the root issue.

I know a lot of work went into KEA and I truly believe that a lot of bugs were ironed out with the recent release.
Still, KEA is IMHO not polished and production ready.

One example:
1. You have a static IPv4 reservation (based on MAC)
2. You create a IPv6  reservation, based on the same MAC

KEA will now ignore your IPv4 reservation. Yes, it worked before, but now no longer works and instead will get an IPv4 from the DHCPv4 range, while IPv6 will do the reservation correctly.

But James, you should DUID and not MAC for IPv6

Fine, but then it should not use MAC when I click on the "add static lease" button in the lease tab, but DUID instead.
Also, since the newest update, I can no longer see the DUIDs anymore on OPNsense?


So if you think just because ICE is eol that you should switch to KEA, don't! Don't make the same mistake I did.
There is still no need to make the switch. At least not for now.

Updated the script. Hope it works for you, I don't know how I could make it any simpler.
Let me know if I can help you with anything.

./deSEC_DynDNS.sh runs a script called deSEC_DynDNS.sh in the directory you currently are.

Your ls shows that there is no deSEC_DynDNS.sh file in your current directory.

Thank you for the heads up. In newer versions of OPNsense, you have to enable the checkbox "Show community plugins".

Although I have to check if that plugin is even needed anymore. Maybe check it this afternoon.

You have to make a distinction between two different things.

The official OPNsense plugin uses ddclient.net. The catch with ddclient is that there is no official support yet for deSEC.io.


The Github link on the other hand, links to a bash script that I wrote. It was written solely for deSEC.io
How to install it on OPNsense is here: https://github.com/jameskimmel/deSEC_DynDNS#prepare-on-opnsense

I think AI is overhyped and hope that the bubble will soon burst.
I also believe that this was primarily a PR stunt, and Mario and Sam are shady individuals akin to Elon Musk.

BUT, the Firefox version 150 with 270 bug fixes makes me second-guess. Maybe it could be helpful for security.
After all, this is mostly fuzzing on steroids? And fuzzing was also useful?

With my internet connection I received a router that assigns me two dynamic IPs, IPV6 and IPV4.

IPv6 should be static. Otherwise your ISP is not following RIPE recommadations of offering you a statich /48 prefix or at least a static /56.
If that is the case, please name and shame.

So, I created two accounts on DuckDNS and Dedyn.io.

I really like deSEC.io.
If you are looking for a OPNsense plugin that was specifically tailored for deSEC.io, take a loot at this: https://github.com/jameskimmel/deSEC_DynDNS
IMHO simpler than the DDNS plugin.

However, no matter how hard I try in OpnSense, I can't get an IP address to assign Let's Encrypt certificates for an internal NAS.

Why would you need that? You can simply get a cert by using the API DNS challange of desec.io (just make sure to add a 300s wait timeout) to get the cert. For example opnsense.internal.yourdomain.com. Then you can create a unbound DNS override to map opnsense.internal.yourdomain.com to for example 192.168.1.1. On the webGUI settings of opnense you set it to use said cert.

Now you have a valid cert for opnsense.internal.yourdomain.com and can reach your opnsense by inserting https://opnsense.internal.yourdomain.com into your browser.

I also looked at guides for configuring the WAN interface with IPv6, but I'm holding off to avoid creating a mess because I know very little about IPv6.

Don't worry, you won't mess up anything. Just use the settings your ISP tells you to use on the WAN interface (hopefully DHCPv6). In combination a static IPv6 for your interfaces (or identity association if you don't have a static prefix) combined with Router Advertisement, you have a working IPv6 network(s).

cheers, you are right.

But it makes an ugly jump to the bottom and I have to scroll up again to select the second quote (Firefox).

[the worlds]

And if you use anything else you get some crappy Basic HTML version where you can only read the forum partially... W-T-F ?!?!

Is that the case?

You are promoting an unhealthy Internet where only certain software/companies/brands have a monopoly and that's simply a horrible future that I do not wish to be part of !!!

Discourse is open source, a fork always possible. So I don't really see this point.

We already have one here!

It is decent and works. But it isn't as fun an engaging

The average user does not know what he/she wants and uses whatever you stuff under his/her nose !!!

This goes pretty much for everything : From Cars to Computers...

Sure, but again, that is missing my point. Don't think about you and me, think about the 16y old teenager that gets newly drawn into a topic. Forums itself are a dying breed. And I am not advocating for TikTok. But early 2000 style forum is another fritction point.

Congrats : You just named the two most horrible platforms in the world as your favorite! LOL!

I never said they are my favorite. If you would stop twist my words and listen and don't fill in the blanks with what your presumptions  are, you would have known that. I personally can't stand new reddit. I said these two are the worlds favorite forum software.
Which again, think less about you and me, think about the rest of the world.

They are marked READ after opening them so your last step is unnecessary : Not so userfriendly after all, huh ?!

No. Because you don't read every topic. This is to mark the topics as read you have not read.

There is a PREVIEW button : Use it.

I wrote live preview.

You can easily click on the QUOTE button of each post and open them in a New Tab and combine them all together again later.
Super EASY and straightforward :)

Can you also only select certain lines and only quote that? And do that multiplte times=

The way this forum does it is soo much simpler and user friendlier that there is no need to re-invent the wheel or warm water...

To copy your style of arguing: Don't you have a pageup key? This is so much easier than to use the mouse (urgghhh mouse, I use my ThinkPad trackpoint) where you have to point to the bottom right just and click, just to jump back to the topic. You do know there is a button for that on the keyboard, right?

If I am honest : I wish many times we all got stuck in the '90's and did not have this messed up world we live in these days!

Me too. And that is totally fine. But again, think a little bit less about you, and more about the community. But I see, this topic is way to emotional for you.

The single page endless scrolling interface of Discourse sucks.

Why?

Also that is probably not how you would use it. Normal use case is,
-you go to forum X
- see that there are "New (4)" four new threads since your last visit
- open all the new threads that interest you
- click on "dismiss New" to mark all as read.

You know what sucks here?
No live preview sucks.
The quoting sucks, you can't do normal multi quotes.
No code insert like

```bash
code
```
sucks.

Plus there are not even buttons to jump to the first or last post.

It does. You can click on the top or bottom of the bar on the right.

Unlike here, there is always a header. So that "jump to bottom or top" is less really needed to begin with. Because the navigation does not suck and is not stuck in the nineties ;) which is not always a good thing and not always a bad thing. For people under 30y though...

[healthy community]

Not sure if we are talking about some problem back in 2025 or now. Discourse works fine on Safari, Brave, Chrome, Edge, Firefox.
So 95% of browser share.


But either way, that is missing my main point.
For an active and healthy community, you need a good forum software.
And good forum software does not mean that @nero355 can visit the site from Opera Mobile ;) , but that the average user likes to use the software. And this without a doubt boiled down to two plattforms; Discourse and reddit.


OPNsense might get away with a clunky forum software and still have a healty community because it is niche. But it could be a barrier to entry for newcomers. Or it could end up in disussion always only involving the same five oldtimers from the forum. Which is totally fine if you consider yourself a "people come in, drop a question, get it answered by regulars, and drop out again" support forum. But this is not really a healthy community IMHO. That is just a support forum.

Don't know what you are talking about. Maybe bad setup selfhosted discourse?

Anyway, forums like TrueNAS or level1tech are IMHO far, far superior to this forum here.
Like it is not even a competition. Discourse is in a league of its own compared to this.