Recent posts

#1
25.7, 25.10 Series / Re: Hostwatch - high disk writ...
Last post by OPNenthu - Today at 07:18:09 AM
Quote from: Monviech (Cedrik) on January 17, 2026, 06:41:23 PM[...] the hostwatch daemon was mostly designed to discover IPv6 addresses, so that for example an IPv6 only captive portal is possible in the future.

Any consumer that needs a full picture of IPv6 addresses now has a fast sqlite database to work with.

The other things that happen with the data can still be fleshed out over time.

Ok, it just clicked.

Can this also track IPv6 temporary addresses?  If it will become possible to create a host alias that updates dynamically from ND data, or even update DNS so that firewall/unbound logs resolve to a host using privacy addresses...

Tempering my excitement :)
#2
25.7, 25.10 Series / Re: CALL FOR TESTING: IPv6 imp...
Last post by franco - Today at 06:35:29 AM
Correct, I also added IFNAME and NAINFO as well as finished the implementation of "new_raw_option_nnnnn" with a user which shows what else is there in the server response in raw hex format.

On my install I see this one for example:

new_raw_option_86=XXXXXXXXXXXXXXXXde396ffffed8ee9a

Once we ship the new version of dhcp6c we can start using these things.  IFNAME is pretty useful because we can stop building separate script files and use a static separate script, see https://github.com/opnsense/core/commit/e8f35e9dc


Cheers,
Franco
#3
25.7, 25.10 Series / Re: CALL FOR TESTING: IPv6 imp...
Last post by Maurice - Today at 06:22:16 AM
@franco Nice! That's just the foundation though, correct? The dhcp6c_script doesn't do anything with this information yet, or does it?
#4
25.7, 25.10 Series / Re: hostwatch at 100% CPU
Last post by Panther2698 - Today at 05:19:39 AM
The fix was to disable automatic discovery as Partrick mentioned. The patch was definitely not professional. This was a very easy mistake to miss but completely avoidable, hopefully future patches dont brick and/or break our routers.... (Don't enable random features by default)
#5
25.7, 25.10 Series / Re: New site PPPoE PMTU woes
Last post by ToasterPC - Today at 04:42:20 AM
Quote from: meyergru on January 18, 2026, 09:05:18 PMYes, that is expected if anywhere between you and 8.8.8.8 there is a limitation of 1492 bytes (probably imposed by your ISP). That also means your settings of 1512 do not work and you cannot use 1500 bytes MTU on either OpnSense WAN or LAN, you should set them to 1492 and be content with it.

Hmm, I understand.
Still, I find it a bit odd that under these conditions the older site was able to work at all, but, in any case, setting every interface and bridge involved to an MTU of 1492 in both Proxmox and OPNsense, followed by rebooting the VM didn't seem to fix the problem for downstream devices.

As an example, this is the cURL output of trying to acquire the Kindle for PC installer from a computer in the LAN:

curl -vv "https://kindleforpc.s3.us-east-1.amazonaws.com/70980/KindleForPC-installer-2.8.70980.exe"                                                                                                         ─╯
21:31:28.941631 [0-0] * Host kindleforpc.s3.us-east-1.amazonaws.com:443 was resolved.
21:31:28.941779 [0-0] * IPv6: (none)
21:31:28.941820 [0-0] * IPv4: 52.217.141.234, 52.217.162.210, 52.216.240.80, 3.5.11.193, 16.182.43.34, 54.231.235.34, 3.5.13.160, 52.217.200.218
21:31:28.941847 [0-0] * [HTTPS-CONNECT] adding wanted h2
21:31:28.941867 [0-0] * [HTTPS-CONNECT] added
21:31:28.941899 [0-0] * [HTTPS-CONNECT] connect, init
21:31:28.941943 [0-0] *   Trying 52.217.141.234:443...
21:31:28.942040 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:28.942057 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:28.942082 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:28.943317 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:28.943344 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:28.943363 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:28.946057 [0-0] * ALPN: curl offers h2,http/1.1
21:31:28.946644 [0-0] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
21:31:28.946766 [0-0] * SSL Trust Anchors:
21:31:28.959938 [0-0] *   OpenSSL default paths (fallback)
21:31:28.960042 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:28.960083 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:28.960151 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:29.143547 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:29.143616 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:29.143661 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:30.144799 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:30.144852 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:30.144889 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:31.146133 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:31.146192 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:31.146225 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:32.147358 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:32.147471 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:32.147504 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:33.148706 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:33.148781 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:33.148818 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:34.149975 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:34.150035 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:34.150049 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:35.151166 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:35.151221 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:35.151251 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:36.152396 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:36.152456 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:36.152487 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:37.153634 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:37.153694 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:37.153708 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:38.154837 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:38.154894 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:38.154930 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:39.156122 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:39.156183 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:39.156215 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:40.157384 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:40.157449 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:40.157465 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:41.158668 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:41.158749 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:41.158804 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:42.159978 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:42.160070 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:42.160101 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:43.161245 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:43.161299 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:43.161332 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:44.162493 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:44.162561 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:44.162577 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:45.163758 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:45.163814 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:45.163843 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:46.165018 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:46.165106 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:46.165162 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:47.166352 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:47.166441 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:47.166503 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:48.167713 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:48.167813 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:48.167918 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:49.169152 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:49.169274 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:49.169343 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:50.170555 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:50.170622 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:50.170638 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:51.171800 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:31:51.171861 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:31:51.171898 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:31:52.105875 [0-0] * TLSv1.3 (OUT), TLS alert, decode error (562):
21:31:52.105986 [0-0] * TLS connect error: error:0A000126:SSL routines::unexpected eof while reading
21:31:52.106047 [0-0] * [HTTPS-CONNECT] connect, all attempts failed
21:31:52.106121 [0-0] * [HTTPS-CONNECT] connect -> 35, done=0
21:31:52.106192 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 35, done=0
21:31:52.106209 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(), filter returned 35
21:31:52.106258 [0-0] * closing connection #0
curl: (35) TLS connect error: error:0A000126:SSL routines::unexpected eof while reading

If I try the same command from the router itself, the handshake is performed successfully, regardless of the MTU being 1512 or after changing everything to 1492:

sudo curl -vv "https://kindleforpc.s3.us-east-1.amazonaws.com/70980/KindleForPC-installer-2.8.70980.exe"
21:40:28.981882 [0-0] * Host kindleforpc.s3.us-east-1.amazonaws.com:443 was resolved.
21:40:28.981933 [0-0] * IPv6: (none)
21:40:28.981939 [0-0] * IPv4: 16.182.36.178, 52.216.37.154, 52.216.88.134, 54.231.163.106, 16.182.67.74, 54.231.132.178, 16.15.201.213, 16.15.191.19
21:40:28.981947 [0-0] * [HTTPS-CONNECT] adding wanted h2
21:40:28.981953 [0-0] * [HTTPS-CONNECT] added
21:40:28.981961 [0-0] * [HTTPS-CONNECT] connect, init
21:40:28.981974 [0-0] *   Trying 16.182.36.178:443...
21:40:28.982013 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:40:28.982021 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:40:28.982030 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:40:29.042533 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:40:29.042548 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:40:29.042555 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:40:29.063286 [0-0] * ALPN: curl offers h2,http/1.1
21:40:29.063387 [0-0] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
21:40:29.063416 [0-0] * SSL Trust Anchors:
21:40:29.063427 [0-0] *   CApath: /etc/ssl/certs
21:40:29.063437 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:40:29.063446 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:40:29.063455 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:40:29.143735 [0-0] * TLSv1.3 (IN), TLS handshake, Server hello (2):
21:40:29.143859 [0-0] * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
21:40:29.143878 [0-0] * TLSv1.3 (IN), TLS handshake, Certificate (11):
21:40:29.144539 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0
21:40:29.144551 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0
21:40:29.144559 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 0, 1 socks
21:40:29.145112 [0-0] * TLSv1.3 (IN), TLS handshake, CERT verify (15):
21:40:29.145176 [0-0] * TLSv1.3 (IN), TLS handshake, Finished (20):
21:40:29.145197 [0-0] * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
21:40:29.145220 [0-0] * TLSv1.3 (OUT), TLS handshake, Finished (20):
21:40:29.145254 [0-0] * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / RSASSA-PSS
21:40:29.145263 [0-0] * ALPN: server accepted http/1.1
21:40:29.145271 [0-0] * Server certificate:
21:40:29.145282 [0-0] *   subject: CN=s3.amazonaws.com
21:40:29.145290 [0-0] *   start date: Jul 20 00:00:00 2025 GMT
21:40:29.145299 [0-0] *   expire date: Jun 25 23:59:59 2026 GMT
21:40:29.145308 [0-0] *   issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01
21:40:29.145320 [0-0] *   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
21:40:29.145329 [0-0] *   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
21:40:29.145337 [0-0] *   Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
21:40:29.145350 [0-0] *   subjectAltName: "kindleforpc.s3.us-east-1.amazonaws.com" matches cert's "*.s3.us-east-1.amazonaws.com"
21:40:29.145359 [0-0] * SSL certificate verified via OpenSSL.
21:40:29.145367 [0-0] * [HTTPS-CONNECT] connect+handshake h2: 163ms, 1st data: 161ms
21:40:29.145374 [0-0] * [SETUP] query ALPN
21:40:29.145381 [0-0] * [HTTPS-CONNECT] connect -> 0, done=1
21:40:29.145388 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=1
21:40:29.145396 [0-0] * Established connection to kindleforpc.s3.us-east-1.amazonaws.com (16.182.36.178 port 443) from 187.213.231.111 port 45196
21:40:29.145405 [0-0] * [HTTPS-CONNECT] query ALPN
21:40:29.145412 [0-0] * using HTTP/1.x
21:40:29.145433 [0-0] > GET /70980/KindleForPC-installer-2.8.70980.exe HTTP/1.1
21:40:29.145433 [0-0] > Host: kindleforpc.s3.us-east-1.amazonaws.com
21:40:29.145433 [0-0] > User-Agent: curl/8.17.0
21:40:29.145433 [0-0] > Accept: */*
21:40:29.145433 [0-0] >
21:40:29.145488 [0-0] * Request completely sent off
21:40:29.258847 [0-0] < HTTP/1.1 200 OK
21:40:29.258863 [0-0] < x-amz-id-2: p8U1WgWd11rwEnrNeb0r044EDI/E84CXm6DkU0TvAfva4EeYK5eWUOf5neCmEiHChEba0rI2rSo=
21:40:29.258870 [0-0] < x-amz-request-id: 8V0MHSM36PK4E00R
21:40:29.258875 [0-0] < Date: Mon, 19 Jan 2026 03:40:30 GMT
21:40:29.258881 [0-0] < Last-Modified: Thu, 21 Aug 2025 10:56:57 GMT
21:40:29.258887 [0-0] < ETag: "2b756dcc3905a9ff3aef6a0a57dd7c09-18"
21:40:29.258892 [0-0] < x-amz-server-side-encryption: AES256
21:40:29.258898 [0-0] < Accept-Ranges: bytes
21:40:29.258904 [0-0] < Content-Type: application/octet-stream
21:40:29.258910 [0-0] < Content-Length: 298242024
21:40:29.258915 [0-0] < Server: AmazonS3
21:40:29.258921 [0-0] <
Warning: Binary output can mess up your terminal. Use "--output -" to tell curl to output it to your terminal anyway, or consider "--output <FILE>" to save to a file.
21:40:29.258942 [0-0] * client returned ERROR on write of 16384 bytes
21:40:29.258951 [0-0] * closing connection #0

Is there something else that could be the root of the issue aside from the MTU of the WAN?
#6
25.7, 25.10 Series / Re: OPNSense throwing multiple...
Last post by franco - Today at 04:05:14 AM
> Notice kernel <6>[9338999] pid 62018 (sh), jid 0, uid 0: exited on signal 10 (no core dump - bad address)
> Error opnsense /usr/local/sbin/pluginctl: The command `/sbin/ifconfig -Lmv ` failed to execute ()
> Error configd.py [redacted-id] Script action stderr returned "b'Bus error'"

I agree with Patrick. This is looks very unlike a healthy system.

The firmware health audit can probably confirm?


Cheers,
Franco
#7
25.7, 25.10 Series / How to increase a proxmox VM d...
Last post by del13r - Today at 04:04:03 AM
This old topic helped me out: https://forum.opnsense.org/index.php?topic=19250
I thought I would create a new topic here for me to refer to in future and to help anyone else out in the same position.

I have opnsense running on proxmox. Setup is rock solid, no complaints.
I found that Zenarmor was consuming more disk space once I got a faster internet connection.
This prompted me to increase the disk space on my opensense VM.

Here is how I did it.

Find the disk of your VM on proxmox.

You cannot view this attachment.

Step 1, resize the proxmox virtual disk on Proxmox/Debian

ssh root@proxmox

root@proxmox:~# qm resize 100 scsi1 +120G
  Size of logical volume pve/vm-100-disk-1 changed from 30.00 GiB (7680 extents) to 150.00 GiB (38400 extents).
  Logical volume pve/vm-100-disk-1 successfully resized.

# originally wanted 150G but later decided i wanted 200G

root@proxmox:~# qm resize 100 scsi1 +50G
  Size of logical volume pve/vm-100-disk-1 changed from 150.00 GiB (38400 extents) to 200.00 GiB (51200 extents).
  Logical volume pve/vm-100-disk-1 successfully resized.

# checking size of the VM disk after resize

root@proxmox:~# fdisk /dev/mapper/pve-vm--100--disk--1 -l
Disk /dev/mapper/pve-vm--100--disk--1: 200 GiB, 214748364800 bytes, 419430400 sectors

Device                                  Start       End   Sectors   Size Type
/dev/mapper/pve-vm--100--disk--1-part1     40    532519    532480   260M EFI System
/dev/mapper/pve-vm--100--disk--1-part2 532520    533543      1024   512K FreeBSD boot
/dev/mapper/pve-vm--100--disk--1-part3 533544 419430359 418896816 199.7G FreeBSD UFS

Step 2, resize and then grow the file system on Opnsense/FreeBSD

ssh root@OPNsense

root@OPNsense:~ # gpart show
=>      40  419430320  da0  GPT  (200G)
        40    532480    1  efi  (260M)
    532520      1024    2  freebsd-boot  (512K)
    533544  62380976    3  freebsd-ufs  (30G)
  62914520  356515840      - free -  (170G)

root@OPNsense:~ # gpart resize -i 3 da0
da0p3 resized

root@OPNsense:~ # gpart show
=>       40  419430320  da0  GPT  (200G)
         40     532480    1  efi  (260M)
     532520       1024    2  freebsd-boot  (512K)
     533544  418896816    3  freebsd-ufs  (200G)

root@OPNsense:~ # df -h
Filesystem                  Size    Used  Avail Capacity  Mounted on
/dev/gpt/rootfs              29G    12G    15G    44%    /

root@OPNsense:~ # growfs /
Device is mounted read-write; resizing will result in temporary write suspension for /.
It's strongly recommended to make a backup before growing the file system.
OK to grow filesystem on /dev/gpt/rootfs, mounted on /, from 30GB to 200GB? [yes/no] yes

root@OPNsense:~ # df -h
Filesystem                  Size    Used  Avail Capacity  Mounted on
/dev/gpt/rootfs              193G    12G    166G    7%    /

#8
25.7, 25.10 Series / Re: CALL FOR TESTING: IPv6 imp...
Last post by franco - Today at 04:01:36 AM
@pataps: yay, great, thanks! Among other things AFTR is now natively supported by the daemon (and advertised to the dhcp6c_script as "new_aftr_name") but I made a small mistake with the initial implementation:

https://github.com/opnsense/dhcp6c/commit/60c87d02c

Can you try again?


Cheers,
Franco
#9
Мне Дипсик такой ман наваял.
#10
25.7, 25.10 Series / Re: CALL FOR TESTING: IPv6 imp...
Last post by Maurice - Today at 01:43:04 AM
Option 64 is the AFTR FQDN for DS-Lite. OPNsense doesn't support configuring DS-Lite automatically using this option, but dhcp6c should just ignore it - unless it's indeed malformed. I'd perform a packet capture to confirm.

Cheers
Maurice