"Recent posts
#1
26.1, 26,4 Series / IPv6 weirdness
Last post by jcdick1 - Today at 03:15:50 AMI am running OPNsense in an XCP-NG VM, and I am seeing some genuine weirdness going on.
I have four interfaces labelled WAN, LAN, Management and Storage.
Some VMs in my environment have only a single interface on the LAN network, others have some combination of the three. Physical devices (PCs, streaming devices, etc) are all on the LAN network.
The Management and Storage networks have firewall rules to keep them isolated - for all intents and purposes, unrouted.
KEA is configured to only have its DHCPv6 server active on the LAN network (only interface with a checkbox in the dropdown). But its "Leases DHCPv6" page is showing active leases on the "Management" interface. And on the hosts, those corresponding IPv6 addresses are showing on their LAN-associated interface. At the same time, some devices on the LAN network cannot get IPv6 addresses.
Even after the latest upgrade, I still have ISC doing the IPv4, as I am fairly dependent on the Unbound relationship for DHCP lease DNS resolution.
This IPv6 stuff is genuinely a headache for me. But since Matter devices require IPv6, I have to figure this all out.
I'd like to put IPv6 on all my interfaces and then it probably wouldn't matter since there'd be addresses available all over, but I can only get a single /64 from my ISP (AT&T).
Any insight or assistance is appreciated. Thank you!
I have four interfaces labelled WAN, LAN, Management and Storage.
Some VMs in my environment have only a single interface on the LAN network, others have some combination of the three. Physical devices (PCs, streaming devices, etc) are all on the LAN network.
The Management and Storage networks have firewall rules to keep them isolated - for all intents and purposes, unrouted.
KEA is configured to only have its DHCPv6 server active on the LAN network (only interface with a checkbox in the dropdown). But its "Leases DHCPv6" page is showing active leases on the "Management" interface. And on the hosts, those corresponding IPv6 addresses are showing on their LAN-associated interface. At the same time, some devices on the LAN network cannot get IPv6 addresses.
Even after the latest upgrade, I still have ISC doing the IPv4, as I am fairly dependent on the Unbound relationship for DHCP lease DNS resolution.
This IPv6 stuff is genuinely a headache for me. But since Matter devices require IPv6, I have to figure this all out.
I'd like to put IPv6 on all my interfaces and then it probably wouldn't matter since there'd be addresses available all over, but I can only get a single /64 from my ISP (AT&T).
Any insight or assistance is appreciated. Thank you!
#2
General Discussion / Re: second LAN port
Last post by pfry - Today at 02:19:11 AMQuote from: Hollywood on Today at 01:28:25 AM[...]My question is, could I also assign igc0 as another LAN port and plug in my VOIP adapter?
You can set up as many ports as you like, and apply whatever rules you like. If you want to share a subnet and ruleset, though, you'd need to create a bridge, assign the subnet and rules and add ports to it.
Quote[...]And speaking of emergency use, I have a nice managed switch and access point, but if they are not on battery backup, could the OPNsense PC broadcast an SSID for temporary use?[...]
Broadcast an SSID via...? Do you have a wi-fi adapter attached to the firewall? I'm not following your intent.
#3
General Discussion / second LAN port
Last post by Hollywood - Today at 01:28:25 AMI had my LAN connected to igc0, an RJ45 port. Now I use ixl0, an SFP+ port. Works great and fast.
My question is, could I also assign igc0 as another LAN port and plug in my VOIP adapter? My thought is that if I just have the OPNsense miniPC and the VOIP adapter plugged into the battery backup, with just 2 items, the UPS would have a longer running time if/when needed.
And speaking of emergency use, I have a nice managed switch and access point, but if they are not on battery backup, could the OPNsense PC broadcast an SSID for temporary use?
Thanks.
My question is, could I also assign igc0 as another LAN port and plug in my VOIP adapter? My thought is that if I just have the OPNsense miniPC and the VOIP adapter plugged into the battery backup, with just 2 items, the UPS would have a longer running time if/when needed.
And speaking of emergency use, I have a nice managed switch and access point, but if they are not on battery backup, could the OPNsense PC broadcast an SSID for temporary use?
Thanks.
#4
General Discussion / Re: Flashing OPNSense .img.bz2
Last post by Ze_Mind - Today at 12:58:14 AMUpdate: I finally got it flashed. Weird how this happens.
I asked a good friend of mine to download it and try to extract the img.bz2. He couldn't either. Says it was done, but got corrupted.
I asked a good friend of mine to download it and try to extract the img.bz2. He couldn't either. Says it was done, but got corrupted.
#5
General Discussion / Re: Flashing OPNSense .img.bz2
Last post by Ze_Mind - Today at 12:45:36 AMI have been able to download an earlier version, 25.7, that worked fine for me.
I do not think it is mirror dependent.
But I'll download the img file and see how it goes.
I do not think it is mirror dependent.
But I'll download the img file and see how it goes.
#6
General Discussion / Re: Flashing OPNSense .img.bz2
Last post by nero355 - Today at 12:40:09 AMQuote from: Ze_Mind on April 18, 2026, 10:50:11 PMYes, I have done that "bzip2 -d" command. Again, it just hangs.Here is the .img file I saved after I had extracted the original .bz2 file a while ago with
Code Select
$ bzip2 -dv https://drive.proton.me/urls/MYEC8EHCQ0#BtMc88nHoTpxAnd succesfully flashed to my USB Stick afterwards with the following dd command :
Code Select
# dd of=/dev/sdb if=OPNsense-26.1.2-vga-amd64.img bs=4MiB status=progressSee if you can do the same :)
The reason I uploaded it for you is that the OPNsense Update Procedure can sometimes be picky/weird when it's done over a Mobile Broadband Connection so I thought maybe you are having similar issues with one of the OPNsense Mirrors and could use an alternative ??
Hope it works better this way...
#7
General Discussion / Re: Updates no longer working
Last post by gauche - Today at 12:15:16 AMOK, yep, feeling stupid as that's obvious now that you say it. That year went quickly!
Thanks for the explanation.
Thanks for the explanation.
#8
General Discussion / Re: WAN Interface Change
Last post by Bishop527 - Today at 12:11:12 AMThank you all for your input. Well I realized that I had my interfaces labled incorrectly and its the LAN interface that I need to swap! So my question is if I switch my lan interface over to a different interface controller should all my vlans, dhcp, etc auto moved over to the new interface? And as always thank you in advance for your input.
#9
26.1, 26,4 Series / Re: Suricata - Divert (IPS)
Last post by nero355 - April 18, 2026, 11:37:38 PMQuote from: Mario_Rossi on April 18, 2026, 08:25:09 PMI posted the results in this thread on my forum: https://hwtweakers.net/forum/viewtopic.php?t=48471You could ofcourse also post it in the Italian sub-forum here : https://forum.opnsense.org/index.php?board=22.0 :)
I know, it's in Italian, but I know that with Google Translate, it shouldn't be a problem anymore.
#10
26.1, 26,4 Series / Re: Changing Interface Name Br...
Last post by nero355 - April 18, 2026, 11:35:38 PMI think I have seen another topic about this recently and the conclusion was that it's normal and to be expected IIRC :)
