1
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
General Discussion / Re: Unofficial OPNSense Discord - Link
« on: May 05, 2024, 05:43:30 am »
Yea fine for chats but less useful for technical discussions since those are not crawlable by search engine robots.
Let just stick with forum & reddit.
Let just stick with forum & reddit.
3
24.1 Legacy Series / Re: Different upstream DNS forwarder depending on source
« on: May 05, 2024, 05:28:34 am »
Unbound doesn't support it.
You may consider using AdGuardHome plugin, it has support for selective upstream for different sources under its Settings>Client settings.
You may consider using AdGuardHome plugin, it has support for selective upstream for different sources under its Settings>Client settings.
4
24.1 Legacy Series / Re: Unable to save settings for GIF interface
« on: April 25, 2024, 03:50:19 pm »
My guess is since 192.0.0.0/29 is not a valid private network subnet the GUI validator is ignoring it.
You should be using valid RFC1918 addresses for your tunnel local addresses, eg: 192.168.x.x, 172.16.x.x etc.
There's really no good reason to use address from public IP space for internal network when there are plenty you can pick from RFC1918.
You should be using valid RFC1918 addresses for your tunnel local addresses, eg: 192.168.x.x, 172.16.x.x etc.
There's really no good reason to use address from public IP space for internal network when there are plenty you can pick from RFC1918.
5
24.1 Legacy Series / Re: Delete / Uninstall Option for Plugins + Packages missing?
« on: April 21, 2024, 05:10:05 pm »
We can remove orphaned plugins by Firmware>Status>Reset plugin conflict.
6
General Discussion / Re: dhcpv6 question
« on: April 16, 2024, 06:35:23 am »
ps wuax | grep dhcp6c will tell you which config file it uses, usually /var/etc/dhcp6c.conf.
7
General Discussion / Re: Limit internet access to some devices -best ption
« on: April 15, 2024, 07:01:53 pm »Quote
port destination: ! LAN net"!" means NOT(invert), so turn on that "Destination/Invert" checkbox.
8
General Discussion / Re: Enabling Multi-Factor Authentication in OPNsense got me LOCKED OUT
« on: April 14, 2024, 05:55:12 am »
Oof, maybe try different keyboard if you have a spare or different usb port.
9
General Discussion / Re: Enabling Multi-Factor Authentication in OPNsense got me LOCKED OUT
« on: April 14, 2024, 05:21:11 am »
You can try restoring a backup config if you have access to boot menu.
Hit 2 on boot menu to enter single mode, hit enter for shell, then remount your root filesystem rw
Look for backup config in /conf/backup and pick the one before the time you broke it, copy it over to /conf/config.xml (overwriting) and reboot.
You can also reset root to its default behavior:
Hit 2 on boot menu to enter single mode, hit enter for shell, then remount your root filesystem rw
Quote
mount -u -o rw /
Look for backup config in /conf/backup and pick the one before the time you broke it, copy it over to /conf/config.xml (overwriting) and reboot.
You can also reset root to its default behavior:
Quote
opnsense-shell password
10
General Discussion / Re: Enabling Multi-Factor Authentication in OPNsense got me LOCKED OUT
« on: April 14, 2024, 04:44:52 am »
Do you have root access to the console? From the root shell you can pick option 13 to restore a backup config.
11
24.1 Legacy Series / Re: Internet drops every few days, only restart fixes, please help diagnose and fix
« on: April 10, 2024, 05:37:20 pm »Quote
2024-04-09T17:46:37-05:00 Notice kernel <6>re0: link state changed to UP
2024-04-09T17:46:33-05:00 Notice kernel <6>re0: link state changed to DOWN
You are using Realtek NIC, which is known to be unreliable in FreeBSD.
Most Realtek NIC issues usually can be solved by using vendor driver instead of the default FreeBSD driver.
Try installing vendor driver first from os-realtek-re plugin (System>Firmware>Plugins) if you haven't already done so.
12
General Discussion / Re: Question on Unbound DNS – Host Overrides
« on: April 09, 2024, 12:26:08 pm »
I don't use unbound DNSBL but if you are accustomed to custom config you may use it as described in https://docs.opnsense.org/manual/unbound.html#advanced-configurations
You may also install os-unboundcustom-maxit plugin from mimugmail repo, you can then paste your custom config through GUI.
You may also install os-unboundcustom-maxit plugin from mimugmail repo, you can then paste your custom config through GUI.
13
24.1 Legacy Series / Re: Setting ifid in dhcp6c.conf
« on: April 01, 2024, 06:41:10 am »
Current GUI does not support it.
You may try using a working /var/etc/dhcp6c.conf generated by OPNsense as a template, edit it and use the modified version as Config file override.
You may try using a working /var/etc/dhcp6c.conf generated by OPNsense as a template, edit it and use the modified version as Config file override.
14
General Discussion / Re: DNS Search Domain
« on: March 30, 2024, 05:49:25 am »
The one in System>Settings>General is only for OPNsense itself.
We can use DHCP to advertise Domain search list to network clients.
HTH.
We can use DHCP to advertise Domain search list to network clients.
HTH.
15
24.1 Legacy Series / Re: NAT destination as WAN Address matches for all virtual IPs
« on: March 30, 2024, 05:43:21 am »Quote
Is this behavior correct? I would think "WAN Address" would only match the address specifically assigned to the interface, rather than any of the virtual IPs..In pf "<Interface name> Address" means all addresses of the interface, VIPs included.
HTH.