Recent posts

#1
German - Deutsch / Re: Wie geht ihr in der Praxis...
Last post by meyergru - Today at 01:07:28 PM
Wieso "fürchtest" Du das? Wenn das das entscheidende Kriterium ist... ¯\_(ツ)_/¯
#2
German - Deutsch / Re: Wie geht ihr in der Praxis...
Last post by MBatOS - Today at 12:59:41 PM
Quote from: meyergru on November 19, 2025, 03:07:01 PM"Namen sind nicht das, was sie bedeuten" - sonst könntest Du ja gleich den Inhalt hinschreiben.
Nun, bei den anderen Firewalls die wir hier einsetzten (Sophos XGS bzw. SG) hat es sich sehr bewährt beide Informationen in der Objektbenennung zu haben. Was die Gruppen angeht ist
---SCHNIPP---
Only letters, digits and underscores are allowed as the group name.
The group name shall not be longer than 15 characters.
The group name shall not start or end with a digit.
---SCHNAPP---
Ja auch nicht hilfreich.

Ich fürchte, dass dieses Verhalten der Opnsense das Genick bei der Auswahl bricht.
#4
Меня как чайника тоже интересуют вопросы из предыдущего поста.
Как связаны IP адреса:
192.168.1.1 - LAN адрес?
10.0.0.2 - Шлюз. Для того чтобы перенаправить трафик. Понятно.
10.0.0.1 - Только для того что бы интерфейс был (рандомный IP из подсети шлюза и больше ни с чем не связан)?

И не очень понятно каки образом трафик из tun2socks перенаправляется в xray ?
В конфиге tun2socks указывается 192.168.1.1, а на интерфейсе 10.0.0.1. Так должно быть?
#5
Q-Feeds (Threat intelligence) / Re: automatic upgrade api
Last post by Q-Feeds - Today at 11:37:22 AM
Quote from: RamSense on Today at 11:11:49 AMThank you for your prompt response and explanation.
The table amount has increased indeed. All is up and running.
Thanks again

Glad to hear that it's working! You did bring up an idea though that we provide more license information in the OPNsense plugin/widget. That way it's easier to recognize if your license is loaded correctly. Thank you!
#6
Q-Feeds (Threat intelligence) / Re: automatic upgrade api
Last post by RamSense - Today at 11:11:49 AM
Thank you for your prompt response and explanation.
The table amount has increased indeed. All is up and running.
Thanks again
#7
Its more like:
- You already half finished a firewall rule
- You notice you need a new alias
- You can add it in a different tab, but you have to save the rule and then edit it again and then add the alias

I mean yeah its a planning issue but it interrupts the workflow surprisingly often. I dont know if often enough to create complex dependencies to solve this, but it would be a "nice to have" if at least the available aliases in an open firewall rule would update.
#8
General Discussion / Can OPNsense allow only a port...
Last post by cicirrr - Today at 10:55:08 AM
I wanted to try sending just a small part of my traffic through an external proxy (I tested one service like ProxyShare,naproxy,proxylite), mainly for some simple routing tests.
Right now I'm using basic policy routing, but I'm not sure if that's the correct or safest way to do it.
For anyone with more experience:
Is there a recommended method for this?
Should I separate it by device or VLAN?
Anything important a beginner should watch out for?
#9
25.7, 25.10 Series / Re: Slow server download speed...
Last post by meyergru - Today at 10:44:32 AM
I can do >500 MBit/s with only one iperf thread and one J4125 and one N100 CPU with OpnSense 25.7.7_4 with either TCP or UDP, so I think there is nothing wrong with OS itself. Maybe the virtualisation layer eats something away.

BTW: When I use iperf3 with "-u", I also have to use "-b 0", otherwise the UDP bandwidth will be limited to 1 MBit/s, as documented for the Linux version. Judging from the fact that you did not see that limitation, I guess you are using iperf3 on OpnSense itself, which will yield totally different results (for me, as well). This is a no-no, see https://forum.opnsense.org/index.php?topic=42985.0, point 10.
#10
Quote from: bimbar on Today at 10:23:25 AMNot really a wizard, but I'm a big fan of being able to edit things in context, so edit or create an alias while having a firewall rule open

I use tabs for that :-P