"Recent posts
#1
Hardware and Performance / Re: "Intel CPU microcode updat...
Last post by Diggy - Today at 08:24:35 PMQuote from: meyergru on Today at 04:38:59 PM3: Use "dmesg | fgrep microcode" on the CLI to see if an update was applied.
Apparently no microcode updates applied. Output from that command:
[1] CPU microcode: no matching update found
#2
26.1 Series / Re: Changing WAN from DHCP to ...
Last post by MrLee - Today at 08:01:57 PMI realized the issue.
I forgot to enable "IPv4 gateway rules to point to my gateway.
all good now.
I forgot to enable "IPv4 gateway rules to point to my gateway.
all good now.
#3
Virtual private networks / Re: WireGuard ProtonVPN connec...
Last post by FredFresh - Today at 07:39:49 PMI was trying to comment each points of your configurations but it seems you deviated A LOT from the Road warrior guide:
first this https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
later this https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#step-3-turn-on-wireguard
pay attention that the second page has the first part that overlap the specific Proton guide, avoid that first part
The best way is to start with the simplest configuration, once it works you can start making changes otherwise you do not know what went wrong.
Please, backup you config, clean the additional settings of the VPN (nat, firewall rules, normalization, devices...just keep peer and instance).
The guide works, what is not there shall not be changed or implemented....and do not ask to IA but here.
Once you implemented the standard configuration, if you have doubts, just write here.
I have also Proton and I can guarantee that the guide works.
first this https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html
later this https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html#step-3-turn-on-wireguard
pay attention that the second page has the first part that overlap the specific Proton guide, avoid that first part
The best way is to start with the simplest configuration, once it works you can start making changes otherwise you do not know what went wrong.
Please, backup you config, clean the additional settings of the VPN (nat, firewall rules, normalization, devices...just keep peer and instance).
The guide works, what is not there shall not be changed or implemented....and do not ask to IA but here.
Once you implemented the standard configuration, if you have doubts, just write here.
I have also Proton and I can guarantee that the guide works.
#4
Hardware and Performance / Re: DEC3920 / DEC3940 / DEC396...
Last post by OPNenthu - Today at 07:33:12 PMIs this a new platform, meaning a desktop variant could be on the horizon?
That would be my guess, too. Reviewers would focus on price:performance comparisons though I'm guessing Deciso isn't keen to do that. They are not really selling h/w kit but rather integrated firewall solutions; premium ones designed by them and certified for OPNsense. ;)
Quote from: pfry on March 16, 2026, 11:22:07 PMI would prefer a formal (preferably third-party) review, too. (Although I'm not in the market for hardware - I prefer to assemble my own.) It may simply not be a priority for Deciso, and they may have the right of it - marketing is not one of my skills.
That would be my guess, too. Reviewers would focus on price:performance comparisons though I'm guessing Deciso isn't keen to do that. They are not really selling h/w kit but rather integrated firewall solutions; premium ones designed by them and certified for OPNsense. ;)
#5
German - Deutsch / Re: Routingprobleme OpenPVN S2...
Last post by viragomann - Today at 06:53:10 PMQuote from: tpf on Today at 05:19:15 PMIch muss noch mehrere Außenstellen per VPN anbinden. Bin mal gespannt, was der Server macht, wenn die alle verbinden. Denn der baut seine Routingtabelle nämlich so, dass weitere Netze, die in einem anderen CSO eingetragen sind, trotzdem auf den Endpunkt der Seite geschickt werden, die das Netz gar nicht hat.Das sieht nur so aus.
Die Route zeigt auf die erstbeste Client-IP. So geht das Route von OPNsense mal in die OpenVPN Instanz. Die routet das dann intern zum jeweiligen Client anhand des CSO.
Das macht pfSense auch nicht anders.
#6
26.1 Series / Do I need reinstall? Give me y...
Last post by gnsinfo - Today at 06:48:28 PMGreeting.
I'm newbie on opnsense.
Which is my problem; Routing, NAT, Rules?
opnsense version : 26.1.4
I configured below;
- Interface : Virutal IP 192.168.55.127, master .254, backup .1
- Gateway : Group WAN_GW1, WAN_GW2
- High Availability : Service sync Caddy, Unbound DNS
- Firewall : Destination NAT, Outbound NAT, Reflection for destination NAT, Sticky Connection
- VPN : OpenVPN
- Service : Caddy, Kea DHCP, Unbound DNS, Zabbix Agent
Now I have problem is I can't ping 192.168.55.127 and 192.168.55.254.
And I can't query to Unbound DNS.
But I can ping 1.1.1.1, and use DNS.
And DNAT function are working properly.
How to get icmp reply from opnsense and how to use dns?
On this problem I checked live log, and there is no block.
To avoid NAT, I configured Hybrid outbound NAT and add rule.
Lastly, I adjusted lo0 routing.
All of my effort to solve it, the opnsense doesn't accept me.
Please show me the way to use opnsense properly.
Thanks for your time.
Good days all in all.
I'm newbie on opnsense.
Which is my problem; Routing, NAT, Rules?
opnsense version : 26.1.4
I configured below;
- Interface : Virutal IP 192.168.55.127, master .254, backup .1
- Gateway : Group WAN_GW1, WAN_GW2
- High Availability : Service sync Caddy, Unbound DNS
- Firewall : Destination NAT, Outbound NAT, Reflection for destination NAT, Sticky Connection
- VPN : OpenVPN
- Service : Caddy, Kea DHCP, Unbound DNS, Zabbix Agent
Now I have problem is I can't ping 192.168.55.127 and 192.168.55.254.
And I can't query to Unbound DNS.
But I can ping 1.1.1.1, and use DNS.
And DNAT function are working properly.
How to get icmp reply from opnsense and how to use dns?
On this problem I checked live log, and there is no block.
To avoid NAT, I configured Hybrid outbound NAT and add rule.
Lastly, I adjusted lo0 routing.
All of my effort to solve it, the opnsense doesn't accept me.
Please show me the way to use opnsense properly.
Thanks for your time.
Good days all in all.
#7
German - Deutsch / Re: CARP Failover inkl. aller ...
Last post by tpf - Today at 06:12:53 PMEs geht ja nicht so sehr ums Wie. Es geht darum: gibts was, was nicht failover-fähig ist? ;-)
#8
Virtual private networks / Re: WireGuard ProtonVPN connec...
Last post by ctrom - Today at 06:12:35 PMQuote from: FredFresh on Today at 05:18:10 PMTry to go here and check if returns the proton public ip or the ip of your ISP: dnsleaktest.com.
I cannot navigate to that website or any other through the VPN. The data I've collected suggests packets are going out and responses are not coming back.
Quote from: FredFresh on Today at 05:18:10 PMYou monitor the wan interface, younshall consider that it is a phisical interface and the wireguard works "inside that"...you should see the same message going outside on both gateways and Not only on the wan.
Yes, if I monitor both the WAN interface and the wg0 interface while performing a "ping 8.8.8.8", I can see the traffic on both:
wg0:
Code Select
# tcpdump -ni wg0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wg0, link-type NULL (BSD loopback), snapshot length 262144 bytes
17:08:50.953725 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 0, length 64
17:08:51.953836 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 1, length 64
17:08:52.954017 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 2, length 64
17:08:53.954193 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 3, length 64
17:08:54.954359 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 4, length 64
17:08:55.954612 IP 10.2.0.2 > 8.8.8.8: ICMP echo request, id 6820, seq 5, length 64
WAN:
Code Select
# tcpdump -ni igc0 host 79.127.136.222
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on igc0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
17:08:50.953776 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:51.953890 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:52.954072 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:53.954242 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:54.954401 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128
17:08:55.954697 IP {WAN IP redacted}.51820 > 79.127.136.222.51820: UDP, length 128 #9
26.1 Series / Re: Unbound Blocklist Updating...
Last post by OPNenthu - Today at 06:07:27 PMThanks!
#10
26.1 Series / Re: Microsoft sites not reacha...
Last post by gstyle - Today at 05:46:04 PMQuote from: Boxer on Today at 05:15:11 PMTry clamping your mss to 1492
This now seems to work.... Will test further
