Messages

Etwas verwirrend... der erste Screenshot der Regeln auf LAN sieht anders aus als der zweite... und der ist völlig verbogen....
Also am besten mal alles was Du da gemacht hast rückgängig machen sodass nur noch die default allow (ohne GW-Angabe) da ist.
Dann braucht es nur eine Regel davor, bei der das GW angegeben ist, Source ist dann der Alias der IPs, die in das VPN sollen.

Dann wie in den Docs beschrieben:
Leave empty to bind to all addresses assigned to this machine or use a loopback address combined with a port forward when the external address is not static.

Sehe ich zwar eher als Rückschritt statt Fortschritt, aber so ist es halt...

Nutze ich selbst nicht, aber die Einstellung "Bind Address" sollte es sein.
Demnach müsste hier die IP des entsprechenden Interface eingetragen werden.

Ich verstehe das aktuelle Problem noch nicht wirklich... Oder die Frage...
Wenn Smartphone und Notebook gleich behandelt werden sollen, dann brauchst du auch nur einen alias.
Screenshots eer Regeln wären hilfreicher als Screenshots vom alias ;)

... Und diese Regeln natürlich vor der default allow anordnen.
Für die Clients entweder eine Regel mit deren IP oder einfacher (falls auch für v6 zutreffend) ein alias mit deren MAC verwenden.

You need also ti track WAN interface IP for the other networks. Only make sure to use another identifier for each network. Default is 0, then use 1 and 2 for the other networks.

Is it still happening? Or was it only once after you made some changes?
I noticed some times ago, that livelog confused some label tags after changing config...

Thank you both, I will give it a try when I am back in office on monday...

Any BSD/ZFS aces? Patrick?

Moin,

magst Du vielleicht mal ein paar Screenshot der betreffenden Einstellungen / Regeln posten?
Das würde die Fehlersuche möglicherweise vereinfachen ;)

Why have a VPN on an inherently unsafe platform?

???

I need VPN to talk to my local network at home and also my workplace.
For both me use v6 in first instance and v4 as failover (4G / DSL).
Where is there "an inherently unsafe platform"?
Where are the "safe" differences to v4?
:o

All I read here can be summarized: ipv6 helps nobody to solve a problem, but results in signifcant problems. NAT is for me a feature, not a bug.

So: ipv6 deserves to die quickly. and for ever...

That's a -1

Me really happy to have v6 for VPN purposes since I am behind CGNAT.
For sure me can pay high amounts of money to get a public IP... but why, thanks IPv6?

Most issues with IPv6 are self inflicted by ISPs doing random weird garbage and not adhering to a common standard.

also +1

What a moron.

+1

Hi there,

I recently set up an appliance to be used as cold spare / backup for the case that the primary system dies:
- Installed OPNsense (24.7.x)
- Installed BEmanager
Everything working so far.

Then I exported the active BE (24.1.x) from the primary system to a network storage using BEmanager and then imported this BE to the new backup system. After activating this BE and rebooting, I get the following error and the device unable to boot:

Code Select Expand


Mounting from zfs:zroot/ROOT/restore-2024-10-24-061121 failed with error 45.
Loader variables:
vfs.root.mountfrom=zfs:zroot/ROOT/restore-2024-10-24-061121


I am pretty sure I've done everything the same way I did it several times before when creating backup devices or moving to new devices.

Primary device:

bectl list
BE        Active Mountpoint Space Created
24.1.10   NR     /          2.26G 2022-01-13 06:34
24.1.10_2 -      -          2.91M 2024-10-24 07:50

Where I exported the active 24.1.10 BE.
(I had to create 24.1.10_2 BE since BEmanager will not recognize any BE for export when only one BE exists; however, it is the same way I've done it several times before.)

Backup device after importing BE:

Code Select Expand


bectl list
BE                        Active Mountpoint Space Created
default                   NR     /          1.12G 2024-10-24 05:22
restore-2024-10-24-061121 -      -          2.26G 2024-10-24 06:11

root@OPNsense:~ # bectl activate restore-2024-10-24-061121
Successfully activated boot environment restore-2024-10-24-061121

root@OPNsense:~ # bectl list
BE                        Active Mountpoint Space Created
default                   N      /          1.12G 2024-10-24 05:22
restore-2024-10-24-061121 R      -          2.26G 2024-10-24 06:11

root@OPNsense:~ # reboot



I am not really familar with ZFS and BE, though I have no idea where to start debugging,
but I now found that the SSD of the backup system only has 8GB where the primary system has 30GB, though ZFS partition size is 5.2GB on backup system and 22GB on primary system. Also swap size differs.
Could this cause any problems? Any other ideas?

Cheers