Messages

136

General Discussion / Re: Single Interface, multiple WAN gateways

« on: February 17, 2024, 04:57:56 pm »

Using VLANs would be a much cleaner approach, but creating three gateways on the same interface should work, too. At least for the time being - this is going to be a nightmare when using dynamic interface configuration (DHCPv4/v6, SLAAC).

This isn't fundamentally different from three separate WAN interfaces, so you might want to read the docs about multi WAN, gateway groups and policy based routing first.
Static routes are not the way to go here. Multiple default routes are not supported in OPNsense since it only uses a single routing table (not multiple FIBs like on some other systems).

Cheers
Maurice

137

24.1 Legacy Series / Re: Stuck on upgrade screen 3.5 hours, then failed with "....... signature invalid"

« on: February 15, 2024, 03:03:10 pm »

Try a different mirror, e. g. one close to your location.

Cheers
Maurice

138

German - Deutsch / Re: Frage zu ACME-Client & Pfaden (seit Upgrade auf 24.1)?

« on: February 15, 2024, 02:55:43 pm »

Die ID ändert sich bei einer Erneuerung der Zertifikate nicht. Du findest sie auch in der config.xml.

Grüße
Maurice

139

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 15, 2024, 01:56:28 am »

DHCPv6 shouldn't be required, most devices support SLAAC (Router Advertisements "Unmanaged" mode).

140

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 11:06:42 pm »

Yes, everything visible in the screenshot is correct.

141

24.1 Legacy Series / Re: Dual WAN Dual IP Stack: gateway down, dpinger cannot bind to detached IPv6 addr

« on: February 13, 2024, 11:01:41 pm »

"Use IPv4 connectivity" is not required on WAN2 and does nothing since this isn't a PPP interface.

Does WAN2 still get an IPv6 address when "Request only an IPv6 prefix" is enabled there? This would suggest that the Netgear advertises SLAAC (which is expected). Try setting the WAN2 IPv6 configuration type to SLAAC and check whether it keeps working.

142

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 10:44:46 pm »

The outbound NAT rule should work with default settings, you only need to set the TCP/IP version to IPv6.

143

23.7 Legacy Series / Re: Creating an installable plugin

« on: February 13, 2024, 10:41:28 pm »

1) Yes, running make plugins first builds all prerequisites, which can take a very long time.

2) Prefetch the base, kernel and packages sets so you don't have to build them yourself:

make prefetch-base,kernel,packages

Then build your plugin:

make plugins-<yourplugin>

Cheers
Maurice

144

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 10:11:24 pm »

- configure the OPNsense LAN interface with a static IPv6 address, like 2001:db8::1/64
- set the Router Advertisements mode to "Unmanaged"
- enable hybrid outbound NAT rule generation
- create an IPv6 outbound NAT rule for the WAN interface

145

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 09:25:02 pm »

If you connect your laptop directly to the WLAN bridge, no Prefix Delegation is required - the laptop gets an IPv6 address from your brother's router.
But if you connect the OPNsense WAN to the WLAN bridge and your laptop to the OPNsense LAN, Prefix Delegation is required so OPNsense can provide an IPv6 address to your laptop.

If Prefix Delegation isn't set up on the other router and you don't have access to it, this unfortunately won't work.

If you're desperate, you could configure IPv6 outbound NAT in OPNsense.

146

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 08:54:21 pm »

Does the upstream DHCPv6 server (= your brother's router) support Prefix Delegation and is it configured correctly?

147

23.7 Legacy Series / Re: IPv6 Rules with Gateway not working.

« on: February 13, 2024, 07:40:40 pm »

A SLAAC WAN can only provide IPv6 connectivity for OPNsense itself, not for devices in its LANs. You'll need DHCPv6 Prefix Delegation for this, which also needs to be supported by the upstream router.

Cheers
Maurice

148

24.1 Legacy Series / Re: Dual WAN Dual IP Stack: gateway down, dpinger cannot bind to detached IPv6 addr

« on: February 13, 2024, 07:31:17 pm »

There's indeed not a lot of documentation about the detached state. From my understanding, it means that the router which advertised the prefix is unreachable, which makes the SLAAC address unusable. No idea though why the system considers the Telekom router to be unreachable once WAN2 connects to the Netgear.

Deutsche Telekom uses DHCPv6 for Prefix Delegation only, the WAN address is autoconfigured using SLAAC. Did you configure the DHCPv6 client accordingly ("Request only an IPv6 prefix" enabled)? And did you enable "Use IPv4 connectivity", too (required for PPPoE)?
Does WAN2 only have a DHCPv6 address (/128) or a SLAAC address (/64), too?

Correct, when monitoring the gateway address itself, outages further upstream won't be detected.

You only need gateway groups when features like failover for specific LANs or load balancing are required. For a basic setup (no load balancing, all LANs use failover), simply enabling default gateway switching is sufficient. Default gateway switching (which changes the system's default gateway) and gateway groups (which only work with policy routing rules) are not strictly related.

149

General Discussion / Re: Connect to DSL modem over two switches

« on: February 13, 2024, 07:07:37 pm »

The switch ports connected to the modem and to the OPNsense WAN need to be configured as untagged access ports for VLAN 10. The ports connecting the two switches need to be trunk ports which allow VLAN 10 (tagged).

If it doesn't even work with the modem and OPNsense connected to the same switch, I'd suspect the switch to block the Ethertypes used by PPPoE. Check its settings for allowing / filtering specific Ethertypes.

150

General Discussion / Re: Connect to DSL modem over two switches

« on: February 12, 2024, 10:15:01 pm »

The ports interconnecting the two switches need to be configured as trunk ports. Add VLAN 10 as a tagged VLAN there. Configuration details depend on your switches.

Cheers
Maurice