Messages

121

German - Deutsch / Re: FTTH von DNS:NET mit eigenem GPON (Huawei MA5671A) an OPNsense

« on: March 14, 2024, 10:22:26 am »

"Allow all" Regeln werden auf dem LAN-Interface beim initialen Setup eigentlich automatisch erstellt. Keine Ahnung, warum die bei dir fehlen. Nur bei zusätzlichen Interfaces (optX) müssen diese manuell erstellt werden.
Die ausgehende Regel benötigst Du nicht, das ist by default immer erlaubt.

Für die Outbound-NAT-Regel kannst Du alle Standardeinstellungen beibehalten, nur das Interface musst Du auf ix0 stellen.

122

German - Deutsch / Re: FTTH von DNS:NET mit eigenem GPON (Huawei MA5671A) an OPNsense

« on: March 13, 2024, 09:36:53 pm »

Ggfs. auch mal "Ferner Gateway" aktivieren, da deine WAN-Adresse eine /32 ist. Bei PPP sollte das eigentlich nicht notwendig sein, aber wer weiß. Ein ganz grundsätzliches Problem scheinst Du ja nicht zu haben, der PPPoE-Verbindungsaufbau klappt offensichtlich. Da dein ISP 100.64.0.0/10 verwendet kann es auch erforderlich sein, "block private networks" auf dem WAN-Interface zu deaktivieren.

Um das Management-Interface des SFPs erreichbar zu machen, assignst Du einfach ix0 und konfigurierst es statisch mit z. B. 192.168.1.9/30. Outbound-NAT brauchst Du wahrscheinlich auch.

123

German - Deutsch / Re: FTTH von DNS:NET mit eigenem GPON (Huawei MA5671A) an OPNsense

« on: March 13, 2024, 05:57:48 pm »

Die Schnittstelle "onboardLAN" hängt wohl an einem anderen Router? Zumindest bekommt sie über DHCP ein Gateway zugewiesen. Evtl. verwendet OPNsense dieses als Default-Gateway statt des WAN-Gateways?

Grüße
Maurice

124

German - Deutsch / Re: IPv6 Verständnisfrage

« on: March 13, 2024, 03:50:24 pm »

Hängt davon ob, ob dein Anbieter das gesamte /64 statisch zu deinem WAN-Interface routet oder Neighbor Discovery einsetzt. In letzterem Fall würde es schwierig.

Grüße
Maurice

125

24.1 Legacy Series / Re: Multi-WAN - IPv6 - IPv6 LoadBalanced Gateway Groups

« on: March 09, 2024, 08:53:53 pm »

An IPv6 gateway group only works if both WANs are from the same ISP and they allow using the same prefix on both. Typically, each WAN gets assigned its own prefix which can't be routed via the other WAN.

Otherwise, you'll have to use NPT for one of the WANs.

Cheers
Maurice

126

Tutorials and FAQs / Re: OPNsense aarch64 firmware repository

« on: March 09, 2024, 08:28:40 pm »

See Marinoz' question earlier in this thread. My focus is on providing up-to-date packages, sets and VM images. I currently have no plans to work on hardware-specfic patches / images. Others are more active in this field.

127

Tutorials and FAQs / Re: OPNsense aarch64 firmware repository

« on: March 09, 2024, 12:58:34 am »

OPNsense 24.1.3 aarch64 packages and sets released. Includes hotfix 24.1.3_1.

This took longer than usual because my build attempts kept failing repeatedly. This issue most likely was the culprit. The patch for portmaster was merged into opnsense/ports last night and I was able to complete the builds today.

128

General Discussion / Re: unbound not working with Nest and Echo 4th Gen

« on: March 04, 2024, 02:37:40 pm »

DNS64 is not a standalone feature, it needs NAT64 to work. Does your ISP provide NAT64? Or did you configure your own?

And how is NLnet relevant in this context?

Cheers
Maurice

129

24.1 Legacy Series / Re: Multiwan wrong outbound gateway

« on: March 02, 2024, 12:41:44 pm »

Firewall: Settings: Advanced: Skip rules when gateway is down

Cheers
Maurice

130

General Discussion / Re: Routing PPPoE WAN alongside LAN

« on: March 02, 2024, 12:38:04 pm »

Yes, it is possible to do this using VLANs. But you should tag the LAN, too. Mixing tagged and untagged frames on the same interface isn't recommended on OPNsense.
There should be no security impact as long as the switch is configured correctly.

Cheers
Maurice

131

Development and Code Review / Re: Trying to build opnsense from scratch (make serial), failed on cciss_vol_status

« on: March 02, 2024, 12:21:57 pm »

Multiple cores aren't the issue, I frequently build OPNsense on 16+ cores.
Don't clone the FreeBSD src repo. OPNsense uses its own fork (https://github.com/opnsense/src) which is automatically cloned by make update.

Cheers
Maurice

132

24.1 Legacy Series / Re: Where to view IPv6 prefix assignment

« on: February 24, 2024, 02:42:27 pm »

The interfaces overview has been rewritten from scratch for 24.1 and for some reason the delegated prefix (and some other information like DNS servers) wasn't included.

https://forum.opnsense.org/index.php?topic=38223

133

Tutorials and FAQs / Re: OPNsense aarch64 firmware repository

« on: February 21, 2024, 09:36:23 am »

OPNsense 24.1.2 aarch64 packages and sets released.

[Update 2024-02-21]
Hotfix 24.1.2_1 released.

134

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 19, 2024, 10:14:38 pm »

On Android, set the MAC address to "Device" (not "Random").

What you can't disable are privacy extensions. Android (like most systems) generates one SLAAC address based on the MAC address (which makes it essentially static, as long as the prefix doesn't change) and one randomised address. For privacy reasons, only the random address is used for outbound connections.

135

General Discussion / Re: ipip6 tunnelling

« on: February 18, 2024, 05:13:34 pm »

The remote IPv4 address is pretty much arbitrary since this is essentially a point-to-point connection. You can e. g. use 192.0.0.1/32.

Cheers
Maurice