106
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
107
General Discussion / Re: DHCPv6 service handed out leases don't get a default gateway address
« on: October 06, 2021, 08:57:05 pm »
Oh, that's usual to me. Don't worry.
Cheers...
Cheers...
108
General Discussion / Re: DHCPv6 service handed out leases don't get a default gateway address
« on: October 06, 2021, 12:23:42 am »
Clients that come through IPv6LAN know they should actually go through the IPv6NET interface to the outside world because you defined an upstream gateway on IPv6NET, so it has a default gateway and everythig that hasn't a reachable destination go through the default gateway.
109
General Discussion / Re: DHCPv6 service handed out leases don't get a default gateway address
« on: October 05, 2021, 09:26:07 pm »
Hi, I think you should have a WAN side and a LAN side and the network part of both should be different.
Try to assign an IPv6 to your existing WAN and then assign an IPv6 to your existing LAN.
For example your WAN IPv6 address xxxx:xxx:xxxx:c0::2/64, your IPv6 gateway xxxx:xxx:xxxx:c0::1/64.
Then, your LAN IPv6 address xxxx:xxx:xxxx:c0:1::1/80.
Configure your DHCPv6 from xxxx:xxx:xxxx:c0:1:ffff:ffff:300 - xxxx:xxx:xxxx:c0:1:ffff:ffff:2000.
Observe the /80 prefix used in LAN IPv6. It needs to be something higher than /64 because you are subnetting.
I have a configuration like this and the dual stack is working fine.
The default route is the local link address, and it is ok because your gateway may be reached using the local link as well as the routable address.
Try to assign an IPv6 to your existing WAN and then assign an IPv6 to your existing LAN.
For example your WAN IPv6 address xxxx:xxx:xxxx:c0::2/64, your IPv6 gateway xxxx:xxx:xxxx:c0::1/64.
Then, your LAN IPv6 address xxxx:xxx:xxxx:c0:1::1/80.
Configure your DHCPv6 from xxxx:xxx:xxxx:c0:1:ffff:ffff:300 - xxxx:xxx:xxxx:c0:1:ffff:ffff:2000.
Observe the /80 prefix used in LAN IPv6. It needs to be something higher than /64 because you are subnetting.
I have a configuration like this and the dual stack is working fine.
The default route is the local link address, and it is ok because your gateway may be reached using the local link as well as the routable address.
110
General Discussion / Re: Offline or Standby UPS with OPNsense
« on: September 28, 2021, 07:04:33 pm »Will the new APC model BE600M1 work with the usbhid driver?
I can't say it for sure, but may be someone tested it already.
My guess is that it will work with driver=usbhid and port=auto.
I have an APC Back-UPS RS 900G with USB port and use the above config.
Usually they use the same communication protocol for different models with USB.
Cheers...
111
General Discussion / Re: Offline or Standby UPS with OPNsense
« on: September 27, 2021, 06:22:54 pm »
For the box and the modem, it will work fine, but I don't think it's okay to use the surge protected outlet to plug in the POE switch. The surge protection circuit of the UPS has its tolerance in relation to the power specifications of the UPS, so you could be overloading it.
Generally, those outlets are used to protect the load from voltage fluctuations without using the backup battery, so in the event of a power outage, the battery is used to power only essential loads.
Generally, those outlets are used to protect the load from voltage fluctuations without using the backup battery, so in the event of a power outage, the battery is used to power only essential loads.
112
General Discussion / Re: managing IoT devices over multiple subnets
« on: September 27, 2021, 05:33:48 pm »
Yo can define a VLAN for each kind of device, so you have a VLAN for cameras separated from the IoT one.
You may do it this way for two reasons:
1 - You can easily define firewall rules for each VLAN so no VLAN can see the others
2 - You can access a group of devices o services using an appropiate gateway
In case of IoT devices, you may use Openhab, Home Assistant or Domoticz to access the devices.
In case of the cameras, you can use Shinobi, Motioneye or Zoneminder to access them and avoid using the cloud of the camera manufacturer.
This way, none of the cameras nor IoT devices can access the Internet and you still have access to them through the gateway.
You may do it this way for two reasons:
1 - You can easily define firewall rules for each VLAN so no VLAN can see the others
2 - You can access a group of devices o services using an appropiate gateway
In case of IoT devices, you may use Openhab, Home Assistant or Domoticz to access the devices.
In case of the cameras, you can use Shinobi, Motioneye or Zoneminder to access them and avoid using the cloud of the camera manufacturer.
This way, none of the cameras nor IoT devices can access the Internet and you still have access to them through the gateway.
113
21.7 Legacy Series / Re: 21.7.3. - high CPU and MEM usage
« on: September 23, 2021, 02:45:12 pm »
Same here. Reboot needed. Also syslog-ng crashed and fixed after reboot.
114
21.1 Legacy Series / Re: Weird Issues Updating Firmware & Firewall Logs Not Updating
« on: September 23, 2021, 02:43:20 pm »
I found the same problem today trying to update to 21.7.3 and solved it just turning on "Prefer IPv4 even if IPv6 is available".
Recently my ISP changed my WAN IPv4 to a private one and started to use Carrier NAT. I complained about the change and finally they give me back a public IP. Since then IPv6 started to work weird.
Recently my ISP changed my WAN IPv4 to a private one and started to use Carrier NAT. I complained about the change and finally they give me back a public IP. Since then IPv6 started to work weird.
115
General Discussion / Re: UPS and reboot
« on: September 22, 2021, 03:43:35 pm »
In the BIOS it should be set "Always Power On", so when the line power is back, the UPS powers on and the the OPNSense box starts even if it was properly shut down.
116
General Discussion / Re: Poor video conferencing performance
« on: September 22, 2021, 01:05:59 am »
Hi,
I did what is pointed on this thread and it worked fine for me
https://forum.opnsense.org/index.php?topic=7423.0
It's an old guide but I actually get A or A+ in all tests
Cheers
I did what is pointed on this thread and it worked fine for me
https://forum.opnsense.org/index.php?topic=7423.0
It's an old guide but I actually get A or A+ in all tests
Cheers
117
21.7 Legacy Series / Re: Setting a firewall option without passing or rejecting traffic
« on: September 17, 2021, 02:04:13 am »
Try disabling "Quick" option, so the action is not taken inmediately. The firewall will continue evaluating for the other rules until it reaches a quick rule or the last matching one.
118
21.7 Legacy Series / Re: Unbound with DNS-Over-TLS
« on: September 01, 2021, 10:09:14 pm »
You are right @hushcoden, I forgot to mention that now DoT servers are set on set separately of each other.
119
21.7 Legacy Series / Re: Unbound with DNS-Over-TLS
« on: September 01, 2021, 08:30:23 pm »
Hi OnTheGrind,
I followed the instructions from here and it worked fine https://homenetworkguy.com/how-to/configure-dns-over-tls-unbound-opnsense/
Let me know if it works for you.
Bye...
I followed the instructions from here and it worked fine https://homenetworkguy.com/how-to/configure-dns-over-tls-unbound-opnsense/
Let me know if it works for you.
Bye...
120
General Discussion / Re: LAN bridge vs. NFS
« on: August 12, 2021, 10:52:24 pm »
Try to switch Do-Not-Fragment in Firewall » Normalization