"
So I got it working, not entirely sure how but it seems like it never actually restarted the service when I hit restart button under nginx. So I ended up disabling nginx, applying, and enabling nginx and it worked!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: Nginx DuckDNS and Home Assistant Port Forwarding
November 16, 2025, 02:22:15 AM #2
General Discussion / Re: OPNsense VLANs Configuration with Unifi Flex Switch and U6 Pro AP
November 15, 2025, 02:21:06 PM
Glad you got it working!
What's the advantage of KEA over DNSmasq?
What's the advantage of KEA over DNSmasq?
#3
General Discussion / Re: Nginx DuckDNS and Home Assistant Port Forwarding
November 15, 2025, 05:35:09 AM
Wanted to post an update, I enabled my expressvpn and filtered on that ip address. I saw the "Pass" in the firewall logs when trying to access xxx.duckdns.org. However, I still get "ERR_Connection_time_out".
So it seems like my firewall is configured properly, but nginx is not properly forwarding to correct IP or port. Any troubleshooting steps would be greatly appreciated!
So it seems like my firewall is configured properly, but nginx is not properly forwarding to correct IP or port. Any troubleshooting steps would be greatly appreciated!
#4
General Discussion / Re: OPNsense VLANs Configuration with Unifi Flex Switch and U6 Pro AP
November 15, 2025, 04:53:52 AM
So, it could be a few things. Lets start by checking a few things to make sure they are configured correctly. In OPNsense:
1. Make sure your interfaces are configured (and enabled) and have the appropriate IP address assigned.
2. Make sure you have your firewall configured so that each Vlan can actually get out to the internet. I have mine set up with a firewall alias named privateNetworks with type: network, content: 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16 -> under each vlan firewall interface make sure you have a rule set up with: Action: PASS, quick: x, direction: in, TCP/IP version: IPv4, protocol: any, source: "vlan" net (from dropdown), invert: x, destination: privateNetwork, then make sure you save and hit apply.
3. Go to services->DNSMasq DNS & DCHP -> general-> enabled: x and include all of your vlan interfaces. Then under "DCHP ranges" set up your ranges for each interface. Then what I did is under "hosts" I make static IP's for all of my networking devices (unifi switch, server, etc) on the default network, I think for you that is 172.16.99.## (whatever network your opnsense is on).
4. One other helpful firewall rule is to allow ICMP from your LAN to all networks. To do this, under firewall->rules->LAN interface click add and create a rule with: Action: pass, TCP/IP version: IPv4, protocol: ICMP, source: LAN net, invert: unchecked, destination: any, destination port: any. This will allow you to hardwire into your switch and ping all of your devices to make sure they are connected properly.
On to the unifi server: Under settings->networks, make sure you have each Vlan set up and your VLAN ID matches the same VLAN ID you have in OPNsense.
For any port that you want a single vlan on make sure the "Native VLAN" is set to that vlan and under "tagged vlan management" hit block all. for any port you want all (or some) vlans on (trunked port) click on the port and make the native vlan default, make sure it shows the ip address range you are expecting to the right. Under "tagged vlan management" hit allow all.
If you are planning on setting up multiple wifi ssid's, each one for each vlan, make sure you set those up in settings->wifi set up each wifi ssid with a single vlan under the "network" selection dropdown.
It took me a bit to set up my OPNsense and unifi switch. Its honestly easier to just set up one vlan, getting that working with your LAN and then adding after that. Setting all of them up at once tends to lead to errors and mishaps. Sorry for the long winded response, I hope this helps!
1. Make sure your interfaces are configured (and enabled) and have the appropriate IP address assigned.
2. Make sure you have your firewall configured so that each Vlan can actually get out to the internet. I have mine set up with a firewall alias named privateNetworks with type: network, content: 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16 -> under each vlan firewall interface make sure you have a rule set up with: Action: PASS, quick: x, direction: in, TCP/IP version: IPv4, protocol: any, source: "vlan" net (from dropdown), invert: x, destination: privateNetwork, then make sure you save and hit apply.
3. Go to services->DNSMasq DNS & DCHP -> general-> enabled: x and include all of your vlan interfaces. Then under "DCHP ranges" set up your ranges for each interface. Then what I did is under "hosts" I make static IP's for all of my networking devices (unifi switch, server, etc) on the default network, I think for you that is 172.16.99.## (whatever network your opnsense is on).
4. One other helpful firewall rule is to allow ICMP from your LAN to all networks. To do this, under firewall->rules->LAN interface click add and create a rule with: Action: pass, TCP/IP version: IPv4, protocol: ICMP, source: LAN net, invert: unchecked, destination: any, destination port: any. This will allow you to hardwire into your switch and ping all of your devices to make sure they are connected properly.
On to the unifi server: Under settings->networks, make sure you have each Vlan set up and your VLAN ID matches the same VLAN ID you have in OPNsense.
For any port that you want a single vlan on make sure the "Native VLAN" is set to that vlan and under "tagged vlan management" hit block all. for any port you want all (or some) vlans on (trunked port) click on the port and make the native vlan default, make sure it shows the ip address range you are expecting to the right. Under "tagged vlan management" hit allow all.
If you are planning on setting up multiple wifi ssid's, each one for each vlan, make sure you set those up in settings->wifi set up each wifi ssid with a single vlan under the "network" selection dropdown.
It took me a bit to set up my OPNsense and unifi switch. Its honestly easier to just set up one vlan, getting that working with your LAN and then adding after that. Setting all of them up at once tends to lead to errors and mishaps. Sorry for the long winded response, I hope this helps!
#5
General Discussion / Re: OPNsense VLANs Configuration with Unifi Flex Switch and U6 Pro AP
November 15, 2025, 02:39:57 AM
How are you configuring your ports? For the UniFi switch the "Network" selection cannot be the same as the vlan you are using, I usually use "default". Then under tagged vlan management pick the vlans you want on that port. See articles below for more info:
https://homenetworkguy.com/how-to/beginners-guide-to-set-up-home-network-using-opnsense/
https://help.ui.com/hc/en-us/articles/9761080275607-Creating-Virtual-Networks-VLANs
https://homenetworkguy.com/how-to/beginners-guide-to-set-up-home-network-using-opnsense/
https://help.ui.com/hc/en-us/articles/9761080275607-Creating-Virtual-Networks-VLANs
#6
General Discussion / Nginx DuckDNS and Home Assistant Port Forwarding
November 14, 2025, 04:57:15 AM
Hi All, I've followed the tutorial here: https://forum.opnsense.org/index.php?topic=24778.0
and found that I can access my Home Assistant by entering my Duckdns website (with the :8123 port at the end) from my home network, but when I try to access from my phone or even https://www.ssllabs.com/ssltest/ I get "took too long to respond" from my phone and "unable to connect to server" from ssl labs.
I figured it was a firewall problem because if, from my phone, I put in the xxx.duckdns.org:80 it times out immediately. However, when I go in to the firewall logs it shows no blocked access when I try to access it normally from my phone (without wifi).
So I have two questions:
1). following the tutorial while using duckdns.org, has anyone had any issues or see any issues with my results?
2). from my home network do I always have to access my duckdns.org website by adding the :8123 port at the end?
Any help is greatly appreciated, I've searched for days and tried many different things and cannot figure it out. Not getting any blocked or allowed access from my phone is very strange to me.
As a clarification, I do get a log showing blocked access from my phone (without WiFi) if I put in xxx.duckdns.org:8123 but no log that I can find if I access it via https (443). Also, I'm running OPNsense on a protectli firewall with the Nginx and Acme plugins, and the home assistant is running as a docker container on my home server using a MACVlan for networking.
and found that I can access my Home Assistant by entering my Duckdns website (with the :8123 port at the end) from my home network, but when I try to access from my phone or even https://www.ssllabs.com/ssltest/ I get "took too long to respond" from my phone and "unable to connect to server" from ssl labs.
I figured it was a firewall problem because if, from my phone, I put in the xxx.duckdns.org:80 it times out immediately. However, when I go in to the firewall logs it shows no blocked access when I try to access it normally from my phone (without wifi).
So I have two questions:
1). following the tutorial while using duckdns.org, has anyone had any issues or see any issues with my results?
2). from my home network do I always have to access my duckdns.org website by adding the :8123 port at the end?
Any help is greatly appreciated, I've searched for days and tried many different things and cannot figure it out. Not getting any blocked or allowed access from my phone is very strange to me.
As a clarification, I do get a log showing blocked access from my phone (without WiFi) if I put in xxx.duckdns.org:8123 but no log that I can find if I access it via https (443). Also, I'm running OPNsense on a protectli firewall with the Nginx and Acme plugins, and the home assistant is running as a docker container on my home server using a MACVlan for networking.
#7
General Discussion / Re: Host Name and Domain Resolve to IP Address and Port
October 27, 2025, 04:58:09 PM
Thank you!
#8
General Discussion / Host Name and Domain Resolve to IP Address and Port
October 26, 2025, 05:20:06 AM
I'm trying to make it easier to access different docker container's web apps on my server by just typing in HOST.DOMAIN.com so that it resolves to 192.168.X.XX:PORT #, I've tried unbound overrides, unbound query forwarding and DNSMASQ host tabs, none work. This seems like it should be easy seeing as by default you set up your web app access to opnsense by opnsense.domain.com. What is the easiest way to do this?
Pages1
