Messages

Other options are problematic because of type, e.g. the Unifi option (43).

It should be specified as a hex string with colons, but if you accidentally use quotes around that, it will get interpreted as string and fail to work. Thus, it was better if the specific Unifi option was present in the GUI with an IP and the real configuration was then adapted to prevent such user errors.

Even tho it's a bit weird to say "Hi! We are OPNsense and we now support UniFi products!" ^_^ it would still be very cool to perhaps consider supporting well known DHCP Options that are used by some vendors like CISCO/HPE/Ubiquiti/TP-Link/etc. if the OPNsense Developer Team feels like adding such a feature ?!

Decided to try dnsmasq it's surprising to read it's a one man army from the UK.

Still using unbound for dns.

If you want "DNSmasq on steroids" you could consider running Pi-Hole and using it's FTLDNS which is based on whatever is the latest DNSmasq code + extra code added by the Pi-Hole Developer Team :)

Combined with running your own Unbound instance to query DNS Root Servers as seen here : https://docs.pi-hole.net/guides/dns/unbound/
It's the best DNS solution I have ever had running on my LAN for about 10 years or so by now!

Windows - keine Ahnung.

Windows => https://www.groovypost.com/howto/synchronize-clock-windows-10-with-internet-atomic-time/

Is the same since many Windows versions ago IIRC :)

[one big bad idea]

NOFI but this is just one big bad idea :
- USB NICs have two major issues :
1. Prone to high CPU usage delays.
2. Chipsets inside them are not always of the greatest quality to say the least...

- A Laptop is fun as your handy dandy MP3 player or so when being this old, but using it as any kind of Server device is just a bad idea!
Unless you like your Firewall to get some sleep from time to time ?! ;) ;)

[set DHCP reservations]

In my experience most modern online games don't work with out of the box settings on OPN/pfS due to the way they re-write source ports for NAT traffic. I'm not sure why this continues to be the default config. Many years ago it was a security feature but now it just breaks stuff more than it helps.

As far as I'm aware only OPN/pfS do this, literally every other implementation of a router/firewall will not.

Actually I like it and I hope it never changes! :)

The best way to tackle this for your P2P Clients/Servers/Phones that use apps that need it too is a combination of the following :

If you have many LAN devices all trying to join the same online game lobby (multiple Xbox consoles for example), you will need to set DHCP reservations for each one and manually set outbound traffic rules for each one.

You'll need to manually switch the firewall to Hybrid Outbound NAT and manually create a single outbound NAT rule with the "static" port option selected. This will prevent your source ports from being rewritten by the firewall during NAT traversal.
It's pretty straight forward and I've attached a screenshot for reference. Make a rule like you've see in the screenshot and save/apply the settings. Then retry your games and see if this helps.

And a nice way to add/remove many clients to this rule is to use the Alias/Group option and edit it every time you need to remove or add one of your clients ;)

If you need a tutorial just search for https://duckduckgo.com/?q=opnsense+strict+nat and you should find plenty of them!

@cookiemonster :

Actually I am aware of that topic and many more, but I was kind of hoping that now with the new Forum Software/Update all those issues are a thing of the past ?! :)

No reply after more than a week ?!

Am I the only one?

Absolutely NOT! :)



I am having a really hard time finding a nice way to get messages/notifications from the Announcements sub-forum sent my way too !!! :'(

For now I am following https://forum.opnsense.org/index.php?board=11.0 via RSS in Pale Moon but receiving e-mails in any of my Inboxes would be nice to have too!