Messages

Hi there,

can you please help me understand the OPNsense gateway handling ?

I have a fairly simple setup: WAN is attached to a VDSL modem using PPPoe and VLAN tagging (for the German Telekom)
You cannot view this attachment.

I then create another MODEM interface (just so I can access the modem's WebUi).
This will create another Gateway and set it to active (before creating the MODEM interface, WAN_PPPOE AND WAN_DHCP6 were active)
You cannot view this attachment.

Why does OPNsense create the interface in the first place and why is it active ?
When I try to disable the gateway this is the error that I am getting:
You cannot view this attachment.

Finally, when I try to delete the disabled Modem gateway, OPNsense will not delete it, but enable it and set it to active again !!!

What is the reasoning behind this behaviour ? Is this a bug ?

Thanks in advance!

Thanks for the reply.
Yes, I am using a Protectli device ans bridged the port using these instructions.

But why are the interfaces moving back and forth ?

Dear all,

I'm getting some strange log messages like:
2025-05-09T22:37:26   Notice   kernel   <5>bridge0: mac address AA:BB:CC:DD:EE:FF vlan 0 moved from igc1 to igc2   
2025-05-09T22:37:26   Notice   kernel   <5>bridge0: mac address BB:CC:DD:EE:FF:AA vlan 0 moved from igc2 to igc1   
2025-05-09T22:37:25   Notice   kernel   <5>bridge0: mac address CC:DD:EE:FF:AA:BB vlan 0 moved from igc2 to igc1   
2025-05-09T22:37:25   Notice   kernel   <5>bridge0: mac address DD:EE:FF:AA:BB:CC vlan 0 moved from igc3 to igc2   
2025-05-09T22:37:25   Notice   kernel   <5>bridge0: mac address DD:EE:FF:AA:BB:CC vlan 0 moved from igc2 to igc3   
2025-05-09T22:37:25   Notice   kernel   <5>bridge0: mac address AA:BB:CC:DD:EE:FF vlan 0 moved from igc1 to igc2   
2025-05-09T22:37:25   Notice   kernel   <5>bridge0: mac address AA:BB:CC:DD:EE:FF vlan 0 moved from igc2 to igc1   
2025-05-09T22:37:24   Notice   kernel   <5>bridge0: mac address DD:EE:FF:AA:BB:CC vlan 0 moved from igc2 to igc3   
2025-05-09T22:37:24   Notice   kernel   <5>bridge0: mac address BB:CC:DD:EE:FF:AA vlan 0 moved from igc1 to igc2   
2025-05-09T22:37:24   Notice   kernel   <5>bridge0: mac address AA:BB:CC:DD:EE:FF vlan 0 moved from igc2 to igc1   
2025-05-09T22:37:24   Notice   kernel   <5>bridge0: mac address EE:FF:AA:BB:CC:DD vlan 0 moved from igc1 to igc2   
2025-05-09T22:37:24   Notice   kernel   <5>bridge0: mac address CC:DD:EE:FF:AA:BB vlan 0 moved from igc2 to igc1   
2025-05-09T22:37:23   Notice   kernel   <5>bridge0: mac address BB:CC:DD:EE:FF:AA vlan 0 moved from igc2 to igc1   
2025-05-09T22:37:23   Notice   kernel   <5>bridge0: mac address BB:CC:DD:EE:FF:AA vlan 0 moved from igc1 to igc2   
2025-05-09T22:37:23   Notice   kernel   <5>bridge0: mac address AA:BB:CC:DD:EE:FF vlan 0 moved from igc2 to igc1   
2025-05-09T22:37:23   Notice   kernel   <5>bridge0: mac address EE:FF:AA:BB:CC:DD vlan 0 moved from igc1 to igc2   
2025-05-09T22:37:23   Notice   kernel   <5>bridge0: mac address CC:DD:EE:FF:AA:BB vlan 0 moved from igc2 to igc1   
2025-05-09T22:37:22   Notice   kernel   <5>bridge0: mac address DD:EE:FF:AA:BB:CC vlan 0 moved from igc3 to igc2   
2025-05-09T22:37:22   Notice   kernel   <5>bridge0: mac address DD:EE:FF:AA:BB:CC vlan 0 moved from igc2 to igc3

What could be the reason for this ?

Thanks a lot for this tutorial. This is very much appreciated.

Is anybody proxying the OPNsense web interface in this way and willing to share their BACKEND_POOL settings ?

Basically, it is working, but if I make a change in the HAProxy service settings and hit the "APPLY" button it will spin indefinitely. I'm missing some parameter or setting to make it work fully.

EDIT: Maybe this is just the normal or intended behaviour: Hitting "Apply" will probably cause HAProxy to reload the setting and thus not acknowledging the button press

EDIT2: Enabling "Seamless reload" gets rid of this behaviour

Is there a possibility to forward requests based on the domain name ? Without using a reverse proxy ?

I'd like to use OPNsense (os.domain.com) to do some filtering (e.g. GeoBlocking) and then forward accepted requests based on the domain name to a secondary server (gw.domain.com).

like so: Internet -> [OPNsense] os.domain.com -> [MailGateway] -> gw.domain.com

Is that possible via OPNsense (not using a reverse proxy) ? And if yes, how ?

Thanks in advance!