Quote from: nero355 on Today at 07:26:11 PMI'm guessing you mean the NIC on my homeserver? If thats the case: I only have one NIC and I'd like it to stay that way: This is the reason why I'm proposing that every packet has to arrive as tagged so that the firewall rules triggers as intended. It's what I've been wrapping my head around all the time whether OpnSense can react to tagged packets (and whether it does so automatically if an assigned VLAN tag in OpnSense matches with the incoming tagged packet).QuoteI'm assuming that in my case I'd be only working with tagged ports as everything is supposed to run through by Opnsense, which controls through the firewall rules the VLAN-access, am I right?It depends how you like to setup things :
Let's say you use the Default LAN NIC Port as it is.
This would be considered as an Untagged/Access Mode Port.
But then you need to add more networks and have the following options :
- Use another LAN NIC Port without configuring any IP Address and Assign VLAN Interfaces to it.
This would be considered as a Tagged/Trunk Mode Port.
- Use all other LAN NIC Ports with their own IP Address configured for each network.
These would all be considered as Untagged/Access Mode Ports.
Quote from: nero355 on Today at 07:26:11 PMBy using Untagged/Tagged settings of the Switchport correctly :As far as I understand it you want IOT devices to be untagged. That way they can only communicate if another untagged device within the "internal" VLAN of the switch is also connected to the same switch. Because this isn't happening on my household any untagged devices will be left alone, is that right?
- The VLAN that carries the Network you want the Accesspoint to get/use the IP Address from = Untagged.
- Everything else = Tagged.
Quote from: nero355 on Today at 07:26:11 PM[You'd] have to configure the switch-software in a way that the specific trunk port [untags] packages with IOTIf I got your idea wrong, please let me know!
Quote from: franco on April 09, 2026, 12:59:18 PMAlso when sketching ideas in code and hating the direction deleting it and starting from scratch has been eye-opening on numerous occasions.
Quote from: Au on Today at 06:17:40 PMbut I didn't see a forum for generalized bug reports
Quote from: rolsch on Today at 08:00:23 PMNach dem Upgrade von v25.x.x auf v26.x.x funktioniert diese OUT-Rule nicht mehr,Ich gehe nicht davon aus, dass diese Regel vor dem Upgrade das getan hat, was du beabsichtigst.
da OPNsense v26.x.x nun Traffic von der Firewall (OpenVPN als Client) selbst nicht mehr so handelt.
IF=WAN_igc1, pass, direction=out, Source any, Destination die VPN-IP als Alias, Port any, Protokoll UDP, Gateway das ausgehende Gateway.