"Recent posts
#1
26.1 Series / Re: What to do with "Rules" no...
Last post by falken - Today at 04:04:34 AMQuote from: senseOPN on February 28, 2026, 02:37:16 PMCan I do this somehow?
You can create a restricted administrator account and deny access to the the old Rules section (and anything else you don't use in your environment) to clean up the menu, and use that account.
#2
26.1 Series / Re: Unbound Query Forwarding ....
Last post by Netlearn - Today at 03:47:16 AMI think that what I need are "stub zones", which are not available in the Unbound web config in OPNsense, plus I'd need an authoritative server like BIND per network, which we don't currently run. Probably, that would be the "per the manual" structure.
On the other hand, the config I have mostly works, but it seems there is only one "affected" device, so I assume that it's globally correct and there is some issue with that particular machine/VPN/config/whatever.
I already read the OPNsense docs and the Unbound docs too, but will give them a review again. I will report and, for sure, have more questions to ask.
On the other hand, the config I have mostly works, but it seems there is only one "affected" device, so I assume that it's globally correct and there is some issue with that particular machine/VPN/config/whatever.
I already read the OPNsense docs and the Unbound docs too, but will give them a review again. I will report and, for sure, have more questions to ask.
#3
25.1, 25.4 Legacy Series / Re: NET-SNMP not working any m...
Last post by Patrick M. Hausen - Today at 02:30:17 AMDid you install and activate lldpd?
#4
Virtual private networks / Re: snat per tunnel interface ...
Last post by multazimd - Today at 01:59:55 AMIt does say in the doc here : https://docs.opnsense.org/manual/vpnet.html#route-based-vti
that NAT rules can be specified on VTI interfaces in pure VTI-based setups without issue.
Has anyone tried it? This can probably help for our use case. Will try out.
that NAT rules can be specified on VTI interfaces in pure VTI-based setups without issue.
Has anyone tried it? This can probably help for our use case. Will try out.
#5
General Discussion / Re: OPNsense firewall rule tha...
Last post by OPNenthu - Today at 01:56:47 AMI'm on 26.1.2_5 and the Redirect Target Port definitely has HTTPS among others, but DNS is missing. I hadn't noticed that. Maybe there are still some gaps.
#6
25.1, 25.4 Legacy Series / Re: NET-SNMP not working any m...
Last post by random1104 - Today at 01:48:42 AMWhat happens if you do want to query LLDP data via SNMP?
#7
General Discussion / Help needed - ISP configuratio...
Last post by ijobs - Today at 01:47:15 AMHi folks,
my new ISP uses the below interface details.
What are the right configuration steps in OPNsense ?
Especially for ipv4 connectivity.
I read different messages about Option Code 64 , AFTR and GIF tunnel.
Thanks in advance
Interface details:
• VLAN ID: 10
• PPPoE
• Authentication via PAP/CHAP
• TCP/IP with IPv6 DS-Lite with the following parameters:
• IPv6 Configuration: SLAAC according to RFC 4862
• IPv6 Assignment: DHCPv6 according to RFC 3315
• DHCPv6 Option: DHCPv6 IAPD (DHCPv6 Identity Association for Prefix Delegation) according to RFC 3633
• AFTR: via DHCP Option Code 64
my new ISP uses the below interface details.
What are the right configuration steps in OPNsense ?
Especially for ipv4 connectivity.
I read different messages about Option Code 64 , AFTR and GIF tunnel.
Thanks in advance
Interface details:
• VLAN ID: 10
• PPPoE
• Authentication via PAP/CHAP
• TCP/IP with IPv6 DS-Lite with the following parameters:
• IPv6 Configuration: SLAAC according to RFC 4862
• IPv6 Assignment: DHCPv6 according to RFC 3315
• DHCPv6 Option: DHCPv6 IAPD (DHCPv6 Identity Association for Prefix Delegation) according to RFC 3633
• AFTR: via DHCP Option Code 64
#8
General Discussion / Re: noip + ipv6?
Last post by Mpegger - Today at 01:29:17 AMNot sure if this will be helpful for you, but I too have T-Mobile/Metro for my cell phone. Currently my home setup for VPN consists of a docker install of WG-Easy, and on the same Linux VM, I also run the Linux CLI version of the No-IP updater as that is the only method currently you can use to update the IPv6 address of the system it's running on. Afaik, there is no current method for IPv6 update in OpnSense (or Windows if you were thinking of using that as an option), and it also made networking alot easier since I didnt have to deal with adding in firewall rules in OpnSense for the WG client(s) being able to access the LAN and WAN. Just need a single (or dual if also using IPv4) firewall rule to open the port for the incoming WG connection to the Linux VM it's running on. This will of course work for ISPs that don't give out a fixed IPv6 address range, which is pretty much every single ISP.
#9
General Discussion / Re: OPNsense firewall rule tha...
Last post by Calimarina - Today at 01:27:03 AMStrange, because I'm using v26.1.2. Thank you for the quick reply though, I appreciate it.
#10
General Discussion / Re: OPNsense firewall rule tha...
Last post by OPNenthu - Today at 01:12:39 AMI think this was fixed in 26.1.1. Check for updates?
https://forum.opnsense.org/index.php?topic=50704.0
https://forum.opnsense.org/index.php?topic=50704.0
Quoteo firewall: local-port field in destination NAT does not support range and well-known name
