Messages

To view your current firewall optimization values

Code Select Expand

pfctl -st

Yea fine for chats but less useful for technical discussions since those are not crawlable by search engine robots.
Let just stick with forum & reddit.

Unbound doesn't support it.
You may consider using AdGuardHome plugin, it has support for selective upstream for different sources under its Settings>Client settings.

My guess is since 192.0.0.0/29 is not a valid private network subnet the GUI validator is ignoring it.
You should be using valid RFC1918 addresses for your tunnel local addresses, eg: 192.168.x.x, 172.16.x.x etc.
There's really no good reason to use address from public IP space for internal network when there are plenty you can pick from RFC1918.

We can remove orphaned plugins by Firmware>Status>Reset plugin conflict.

[ps wuax | grep dhcp6c]

ps wuax | grep dhcp6c will tell you which config file it uses, usually /var/etc/dhcp6c.conf.

port destination: ! LAN net

"!" means NOT(invert), so turn on that "Destination/Invert" checkbox.

Oof, maybe try different keyboard if you have a spare or different usb port.

You can try restoring a backup config if you have access to boot menu.
Hit 2 on boot menu to enter single mode, hit enter for shell, then remount your root filesystem rw

mount -u -o rw /

Look for backup config in /conf/backup and pick the one before the time you broke it, copy it over to /conf/config.xml (overwriting) and reboot.

You can also reset root to its default behavior:

opnsense-shell password

Do you have root access to the console? From the root shell you can pick option 13 to restore a backup config.

2024-04-09T17:46:37-05:00   Notice   kernel   <6>re0: link state changed to UP   
2024-04-09T17:46:33-05:00   Notice   kernel   <6>re0: link state changed to DOWN   

You are using Realtek NIC, which is known to be unreliable in FreeBSD.
Most Realtek NIC issues usually can be solved by using vendor driver instead of the default FreeBSD driver.
Try installing vendor driver first from os-realtek-re plugin (System>Firmware>Plugins) if you haven't already done so.

I don't use unbound DNSBL but if you are accustomed to custom config you may use it as described in https://docs.opnsense.org/manual/unbound.html#advanced-configurations

You may also install os-unboundcustom-maxit plugin from mimugmail repo, you can then paste your custom config through GUI.

Current GUI does not support it.
You may try using a working /var/etc/dhcp6c.conf generated by OPNsense as a template, edit it and use the modified version as Config file override.

The one in System>Settings>General is only for OPNsense itself.
We can use DHCP to advertise Domain search list to network clients.

HTH.

Is this behavior correct? I would think "WAN Address" would only match the address specifically assigned to the interface, rather than any of the virtual IPs..

In pf "<Interface name> Address" means all addresses of the interface, VIPs included.

HTH.