Messages

Hi everyone

Is it possible to tunnel certain websites, youtube etc via vpn (using URLs or domains) and not out of the default route?

I'm thinking of adding a VPN to my installation so I can attempt to route all traffic where I'll require an account to access them in Australia, to Singapore or New Zealand.  I know it can be done if IP addresses are used, but is it possible with URL's or domains?  I'd still like to route other traffic through the default route though

thanks

My internet also stopped working, I added google DNS to the Bind TLS, restarted Bind and Adguardhome services and I was back working again, I had no need to restore a snapshot

Donated $30 as I try to each year, thanks for the great work and support team.

interestingly it's enabled on my system as well, and I don't have carp and it's not enabled in intrusion detection.

pflog0: permanently promiscuous mode enabled
wg0: promiscuous mode enabled
igc1: promiscuous mode enabled
igc3: promiscuous mode enabled
vlan01: promiscuous mode enabled
igc0: promiscuous mode enabled
vlan03: promiscuous mode enabled
vlan04: promiscuous mode enabled
vlan06: promiscuous mode enabled

Turned out reverting to prior snapshot resolved the issue.
I then upgraded again, this time got 25.1.9 and it appears to be working.

no idea what caused this.

Thanks Franco

they have acknowledged that there is a problem on their side, and are busy fixing it.

thanks for confirming

I believe this is an ISP issue, which they have identified, so I am waiting for a response from them

Hi Everyone

this is quite possibly something I've done, but I wanted to check if anyone else is having issues with IPv6 since the update to 25.1.8_1?

I configured IPv6 successfully a few weeks back and it's been working fine since, I upgraded to the new version and I am no longer getting an IPv6 address from my ISP.  The event logs are showing the below:

Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: configuring inet default gateway on wan   
Warning   opnsense   /usr/local/etc/rc.configure_interface: Skipping gateway WAN_DHCP6 due to empty 'gateway' property.   
Warning   opnsense   /usr/local/etc/rc.configure_interface: Skipping gateway WAN_DHCP6 due to empty 'monitor' property.   
Notice   opnsense   /usr/local/etc/rc.configure_interface: ROUTING: configuring inet default gateway on wan   
Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: configuring inet default gateway on wan   
Warning   opnsense   /usr/local/etc/rc.configure_interface: Skipping gateway WAN_DHCP6 due to empty 'gateway' property.   
Warning   opnsense   /usr/local/etc/rc.configure_interface: Skipping gateway WAN_DHCP6 due to empty 'monitor' property.   
Notice   opnsense   /usr/local/etc/rc.configure_interface: ROUTING: configuring inet default gateway on wan   
Warning   opnsense   /usr/local/sbin/pluginctl: Skipping gateway WAN_DHCP6 due to empty 'gateway' property.   
Warning   opnsense   /usr/local/sbin/pluginctl: Skipping gateway WAN_DHCP6 due to empty 'monitor' property.   
Warning   opnsense   /usr/local/sbin/pluginctl: Skipping gateway WAN_DHCP6 due to empty 'gateway' property.   
Warning   opnsense   /usr/local/sbin/pluginctl: Skipping gateway WAN_DHCP6 due to empty 'monitor' property.   
Warning   opnsense   /usr/local/etc/rc.routing_configure: Skipping gateway WAN_DHCP6 due to empty 'gateway' property.   
Warning   opnsense   /usr/local/etc/rc.routing_configure: Skipping gateway WAN_DHCP6 due to empty 'monitor' property.   
Notice   opnsense   /usr/local/etc/rc.routing_configure: ROUTING: configuring inet default gateway on wan   
Warning   opnsense   /usr/local/etc/rc.routing_configure: Skipping gateway WAN_DHCP6 due to empty 'gateway' property.   
Notice   opnsense   /usr/local/etc/rc.routing_configure: ROUTING: configuring inet default gateway on wan   
Warning   opnsense   /usr/local/etc/rc.routing_configure: Skipping gateway WAN_DHCP6 due to empty 'gateway' property.   
Warning   opnsense   /usr/local/etc/rc.routing_configure: Skipping gateway WAN_DHCP6 due to empty 'monitor' property.   
Notice   opnsense   /usr/local/etc/rc.routing_configure: ROUTING: configuring inet default gateway on wan

I'm running standard DHCPv6 on the WAN and SLAAC on the rest of the network.

I've kicked the connection at the ISP and rebooted the firewall a few times, even disabled and re-enabled IPv6 on the WAN and I still can't get an IP address from the ISP, not sure if this is them or me as a search seems to point to the fact that they aren't providing a gateway in the lease and therefore Opnsense won't assign any address.

Any assistance/advice would be appreciated.

thanks

Thanks @meyergru, that's far more useful, I've replaced all the RFC1819 rules with that.  It gives some interesting options too.

thanks again for the support everyone

Thanks for this meyergru, I did read your article and it helped with the setup.

However, I don't think I'm ready to implement an IPv6 solution that's secure atm, I still have too much to learn.

I'm going to revert back to IPv4 which I at least understand better.

thanks for your reply

Hi everyone

first my appologies if this is aavailable elsewhere, I've done some digging, but I haven't been able to locate a solution to this.

FYI, This is for my home network.

I've been able to setup IPv6 successfully on Opnsense, using DHCP from the ISP and tracking interface from the vlans, it was all working well, could ping cloudflare DNS on IPv6 from the gw and all client vlans recieved addresses and were able to get possitive results from https://test-ipv6.com :-)

I then started looking at fw rules and on each vlan I have a final rule that allows access to the internet and block access to internal subnets, RFC1918.  I then realised that I don't have the ipv6 address in it and I assumed traffic could then pass between vlans (am I wrong here?).
So I added the first 3 parts of the ipv6 address with a ::/48 and that worked.  However, because this is a dynamic ipv6 address it would need to change if/when I get a new address.  Does anyone know how to solve that problem?

Lastly, I thought the solution to the above would be to request a static ipv6 address from my provider, which I did and got a /48.  However, when I add that as a static entry on the WAN interface, it all breaks.  I can't even ping cloudflare DNS on IPv6 from the gw and none of the vlans get ipv6 addresses.
Something that confused me was the documentation says "When the ISP offers a static address block you can assign one /64 network to your WAN interface and other /64 networks to your LANs".  Does this mean I need to manually break up the /48 into /64 addresses and configure internal DHCP6 in Opnsense?

Sorry for all the questions, I'm pretty new to ipv6 but wanted to take the dive and learn

thanks again, really appreciate any help I can get.

thanks for that feedback, I'll have to be more careful now that I know that :-)

HI, the DHCP service wouldn't start while the configuration was incorrect.

It took me a while to figure out what was wrong but easy to fix once I assigned a static IP to my computer and connected to the console.

My Appologies everyone, I know the configuration error is entirely my fault, I've only known OpnSense to be extremely reliable and robust and all errors I've experienced have been of my own making.

My surprise though, was that a misconfiguration of 1 of the DHCP scopes, broke the DHCP service and renedered the firewall unable to assign any IP on the remaining 5 scopes I have configured.  I would have expected it to be confined the misconfigured scope, and that's why I wondered if it was a bug.

Sorry

Hi everyone

I hope someone can help me, I had an incident this evening where I was unable to access the console for Opnsense and it was broken, DHCP issue.

The main issue I encountered was trying to find documentation to recover, does this exist somewhere?  I read about an option 13 which allowed recovery to a previous config file, however, I could not locate option 13.

I'd love to have a document handy for such times, so if anyone can point me in the right direction I'd appreciate it.

Also, some security guides recommend disabling the root account and using another account with root permissions, however, that prevented me from reverting config files at the console.  How do I get around that?

thanks for the great help