Messages

Thanks, I'll look at that.

IPv4 TCP/UDP   LAN net   *   *   SafePorts    *   *      Allow Safe Ports (80, 443)      
           
IPv4 TCP/UDP   TVs    *   *   TVPorts    *   *      Allow TV's to their ports(Bunch of ports) Including 80 and 443      
              
IPv4 *   *   *   *   *   *   *      Block LAN Traffic      

TV's are on .63-.65

I added the t65tv temporarly to allow to anywhere.  I'll check the logs and see if it shows.


LANIn2025-12-12T17:35:30-07:00TCP192.168.10.63:5512963.34.182.173:443 blockBlock LAN Traffic
LANIn2025-12-12T17:35:30-07:00TCP192.168.10.63:5512963.34.182.173:443 blockBlock LAN Traffic
LANIn2025-12-12T17:27:34-07:00TCP192.168.10.63:3911434.160.212.185:443 blockBlock LAN Traffic
LANIn2025-12-12T17:27:34-07:00TCP192.168.10.63:3911434.160.212.185:443 blockBlock LAN Traffic
LANIn2025-12-12T16:57:35-07:00TCP192.168.10.63:57909174.129.18.38:443 blockBlock LAN Traffic

I switched my ISP router to transparent bridging mode.  Then let opnsense do everything.

I have a early general firewall rule that allows LAN traffic to ports in an alias 'safe ports' (80 443)

The last firewall rule deny traffic to anywhere.  "Block LAN Traffic"

Lan is subnet 192.168.10.0/24

In the logs I'm seeing the following getting blocked on the last rule like this:

LAN In 2025-12-12T12:00:39-07:00 TCP 192.168.10.63:40982   34.160.212.185:443   block   Block LAN Traffic

The earlier rule should have passed this.

Not sure why?

thanks!  I'll ignore them!

Globally removed?  I've removed the instances and it's still there.  I'll see if I missed something.  I remember when I was installing it there were some other changes.  Thanks for the help.

enc0
pflog0
wan_stf

I switched from Wireguard to OpenVPN, and the wireguard group is still showing.  How can I remove it?

Tried editing a backup file and changing the name to 'OpenVPN (group)', but when I restored that backup things stay the same. 

I managed to get openvpn working fine on opnsense.  But I now have two identical set of rules both named OpenVPN. 
One refers to IF=openvpn,  The other one refers to IF=opt4

Comparing those to what was setup for WireGuard, I believe the one on IF=openvpn should be labeled "OpenVPN (Group)"

Under Firewall/Group it shows wireguard, openvpn, and enc0

I would like to know how to edit that entry under Firewall/Rules named 'OpenVPN' and rename it to 'OpenVPN (group)' like the wireguard one. 

The other question would be is that entry REALLY a group? 

Forgot to mention:

(rules/settings/advanced)
Reflection for port forwards  CHECKED
Automatic outbound NAT for Reflection  CHECKED

I have a C4000 router, and managed to get it working last night in transparent bridge mode.  Settings to note follow:

(Interfaces/WAN)
WAN device pppoe0
IPv4 Config type PPPoE
MTU 1492
MSS 1460
Vlan priority "best effort"

(Interfaces/devices/point to point)
Type PPPoE
Link Interfaces (same as WAN is assigned)
Username
Password

(Interfaces/devices/VLAN)
Nothing needed.

On the centurylink router, I had to use Port 1, not the one that is labeled LAN/WAN

Thanks for that video!  It looks like the easiest way to get outside access through the system.

Is it possible to get incoming connections through both the ISP and OPNsense?  I tried, but failed.
I had OPNsense setup as the default.
ISP router on 192.168.1.1,  OPNsense WAN on 192.168.1.10, OPNSense LAN on 192.168.10.1
The system was working great.  Then I wanted to open a connection to my sever that is on 192.168.10.5
Before OPNsense, I just did a port forward from the incomming port of 1234 to port 80 on 192.168.10.5
My attempts to get an outside connection working has failed so far.  I thought there would be a way with firewall rules.?

YES!  Found the issue.  I had to edit named.conf.options and add this line.  Now all sites resolve.

   dnssec-validation yes;