Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - mannebk

Pages1
#1
25.7, 25.10 Series / Re: struggeling with RFC 1918, every time a client boots up, I need to toggle it...
October 10, 2025, 01:11:06 AM
nice, now that I wrote that forums thread, I cant even make it work with toggling that RFC1918 switch anymore....

it feels like nothing i do has any effect, expect when I kill the rule that's allowing me to access the GUI from my OPT 1 network, that has and instant effect.

this clearly indicates I'm missing something here.
#2
25.7, 25.10 Series / struggeling with RFC 1918, every time a client boots up, I need to toggle it...
October 10, 2025, 12:46:06 AM
Hi folks,

so I'm kinda stumped.

I installed OPNsense 24.7, and set it up.

I run WAN behind an UDM-Pro, this OPNsense basically is the firewall running on my at home proxmox that has all the VMs that are exposed to the WAN. Traffic gets separated at UDM level.

To access the management GUI Ive added OPT1 interface with an IP in my local LAN, and allowed traffic to the GUI port and This Firewall from my management computers IP addresses.

(in the beginning to access the GUI i used this from OPNsense CLI:
Code Select
echo '
pass in quick on vtnet0 proto tcp from 10.101.111.0/24 to any port 443 keep state
' >> /usr/local/etc/firewall_rules.conf

pfctl -f /usr/local/etc/firewall_rules.conf

Of course i know that dosnt stick through a reboot, so after i got access to the GUI, i added a nice OPT1 Rule to fix it.

So fare all works as expected. OPNsense has wan access, runs updates, etc.pp. local clients get ips, routs and DNS proper.

I have persistent access to GUI from my local LAN.

Non of the traffic goes ways it should not.

But then, I get an issue with clients in LAN (not OPT1) having access to WAN. WAN is a RFC1918 IP. (10.99.99.0/30, gateway&dns 10.99.99.1, OPNsense 10.99.99.2, brodcast .3)

So every time OPNsense gets a new client, or it reboots, I need to toggle the RFC 1918 in WAN so the client gets access to WAN. To be precise, Im not quite sure what triggers it, but when I check it, safe it, uncheck it and safe it again, my clients have the WAN access back.

Almost as if it always falls back to block RFC1918 traffic for each new IP it hands out. Very baffling.

Funny thing is:

By accident i installed v23 first, had the same issue, updated (all the way to 25.7, no tests in between), same issue, installed 25.7 from iso, same issue, updated to latest stable, same issue.

So what am I missing here?

recap:
my WAN 10.99.99.0/30 with DHCP handing out 10.99.99.2 to OPNsense and delivering routeing and DNS proper.

my LAN 10.99.10.0/24 with dhcp running for .100-.149

my OPT1 network is 10.101.111.0/24 and opt1 is 10.101.111.82, traffic allowed (for ease of setup right now) form interface OPT1 from OPT1 network to This Firewall ports any/any

and yes, I tried static ip for my WAN and LAN, same issue.

my OPNsense can ping upstream, no problem, all 3 interfaces, and real WAN (google, yahoo etc.pp)

my clients can only ping LAN side of OPNsense. yes they get proper IP, route and DNS.

current clients are Grommunio and an ubuntu desktop, ubuntu desktop just because I had such trouble with the network setup, i wanted to test a basically fail-safe system and that confirmed my issues I had with Grommunio.

Any hints what Im doing wrong?

Thanks
Manne
Pages1