Topics

Hi all,

I recently read this opnsense guide https://docs.opnsense.org/manual/how-tos/vlan_and_lagg.html

And have realised that my setup is not 100% aligned/correct as I am mixing untagged (lan) and tagged (vlan) traffic

My setup is simple for a home network. I am really happy with opnsense and how everything is working. Current setup on a dedicated 4 port minipc:

wan - port0 (dhcp)
lan - port1 (static with dhcp via ISC)
vlan2 - lan as parent (static with dhcp via ISC)
vlan3 - lan as parent (static with dhcp via ISC)


I do not have a lagg and not sure I need one - i see it is optional in the guide linked above.

So what I was hoping to do is the following but transitioning is tricky as I think I will lose connectivity as soon as I disable the lan interface.


1. create a new vlan for my main network (to replace the lan) but I know that i can't give this vlan the same ip as lan yet!
2. remove lan interface so that port1 is unassigned
3. link vlan1 to port1 and set ip and dhcp config to the same as lan (now removed)
4. link vlan2 and vlan3 to unassigned port1

This can't be done using the gui but maybe using the console?

Any assistance appreciated!

Given that everything seems to be fine currently and I rarely use my vlans - is it worth doing this at all?

I use the following online resource for icons for my home server 'home page' but it still has the old opnsense branding.

https://github.com/homarr-labs/dashboard-icons

Is it easy for me to get the new icons so they can update the project?

Hi all

This was all working but not any longer and I haven't made any changes to my config. I am using duckdns, Let's Encrypt and DNS-01 challenge

I can successfully renew the cert if I remove the alt name (so mydomain.duckdns.org renews fine).

If I add back the alt name (opnsense.mydomain.duckdns.org) then the renewal fails.

Has something changed with letsencrypt and support for alt names?

Any assistance or advice appreciated.

I know this is probably a basic concept but I am a noob - so apologies and I hope someone can help me.

I understand that rules are applied in sequence from top to bottom and I wanted to check I am on the right track.

I want to block access to port 2375 apart from my 2 docker hosts on the LAN interface.

Is this close? Thanks in advance.


rule1: allow port 2375 for alias containing my two docker hosts
rule2: reject port 2375 for LAN net
rule3: default allow LAN net

I have a simple opnsense setup for my home network. I use the adguard plugin together with unbound on port 5335

Everything is working fine for dns resolution for all of my lan hosts.

I have one host that I need to resolve for any subdomain on this host as follows:

host.lan -- 192.168.1.10 (working)
test.host.lan  -- 192.168.1.10 (DOES NOT WORK)

Is there a way to allow / config so that anything.host.lan resolves to the same ip as host.lan?

I am on latest 24.7 and have tried switching to KEA dhcp (I only use ipv4 on my system) but have found that a number of clients do not resolve to their hostname using KEA so I went back to ISC.

Is this a known limitation for KEA dhcp at the moment?

I also remember reading a release note for opnsense 24.7 relating to ISC dhcp and static dhcp reservations - something about having to restart a service after changing/adding reservations. At the moment I need to restart opnsense for these new reservations to apply but there must be a way to do this without having to restart?