Messages

1

General Discussion / Re: Existing assigned interface to VLAN

« on: October 27, 2024, 03:56:01 pm »

Of course it was that simple  I thought too complicated. Thank you kind person for your help!

2

General Discussion / Existing assigned interface to VLAN

« on: October 27, 2024, 02:18:28 pm »

I know this should be fairly basic thing to do but for some reason I fail to wrap my head around it and decide how to do it easiest way.

Basically I have a physical port igb1 used for my server so it has been assigned in interfaces without VLANs and have own DHCP etc normally. But now I have a need for more subnets and I have run out of ports on my OPNSense so I need to tranform this existing interface into a VLAN so I can then get the existing network and a new one from the same port and then in VLAN aware switch handle rest.

But what is the most effective way of transforming this existing network into a VLAN network. What I mean by that is that I would like to keep the existing DHCP static mappings and the same ip subnet on the existing network so minimal changes done to it.

3

23.1 Legacy Series / Re: OPnsense mirrors slow in updates

« on: April 11, 2023, 02:32:03 pm »

It seems that the mirror is not the problem. Every phase in the update check last multiple minutes, when it downloads something it is like 2 seconds but still the update process takes like 10 minutes. And all I get in the plugins list is my os-wireguard package that I installed from shell as I can't see anything in the plugins list. Also installing via shell takes 10 minutes.

No idea what could be wrong, the hardware should not be an issue, CPU idles in 2% and RAM around 6% so it does have enough performance...

EDIT: I was able to fix it immediatelly after my message. I had to check " Prefer to use IPv4 even if IPv6 is available" in System > Settings > General

4

23.1 Legacy Series / OPnsense mirrors slow in updates [solved]

« on: April 10, 2023, 08:26:50 am »

Hi,

When I run Opnsense update, it is super slow. Checking for updates takes like 10 minutes for the process to complete and I can't load plugins page at all (list is empty). Packages page sometimes shows the packages, most of the times it is empty. The mirror I am using is https://mirrors.dotsrc.org/opnsense/FreeBSD:13:amd64/23.1 and downloading packages from here with browser everything works fine. Is there a way to change this mirror properly? I have tried changing it from the GUI but it says that an actual firmware update most be performed for it take which sounds pretty stupid firstly because there is no updates atm so I can't install updates so I can't change mirror to actually install plugins. The OPNSense is new installation and only change I have done is that I installed wireguard which I had to do from shell using pkg command as the GUI never shows any of the plugins.

5

General Discussion / OPNSense in DMZ

« on: February 04, 2023, 09:39:58 am »

Hi,

I have a situation where I had to change to 5G mobile broadband. So I have a ZTE modem from ISP and a service that enables me with public IP and should not have blocked ports. I also have a opnsense firewall behind that modem.

I am trying get my Wireguard VPN tunnel to work from internet to my local network. My initial setup was that I put the ZTE modem into bridge mode, this way opnsense got public IP and internet was working normally. But I can't get Wireguard to work at all. Basically there is no packets coming from my phone to opnsense so Wireguard handshake fails (timeouts). I also tried traceroute from internet to my public WAN IP and it never reaches opnsense, ICMP traceroute does and those packets are dropped by opnsense but TCP traceroute shows nothing after some ISP IP.

Only way I get Wireguard to work is to put the ISP ZTE modem into router mode and opnsense into DMZ. This way opnsense gets private IP from ZTE, internet works, Wireguard works and even TCP traceroute completes.

But what are the downsides of this setup? I would like opnsense to get public IP and have the ZTE in bridge but as the packets are lost somewhere, it does not seem to be possible. Are there going to be problems with my opnsense in some way as it has private IP? I did have unbound crashing at times but it seemed to help when I enabled " Allow DNS server list to be overridden by DHCP/PPP on WAN".