OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Recent Posts

Recent Posts

Pages: [1] 2 3 ... 10
1
General Discussion / Re: How to add a blackhole route in OPNsense according to RFC6890 ?
« Last post by Gognic on Today at 07:47:16 am »
Quote from: RamSense on May 28, 2023, 06:29:42 pm
Ah!
They are static routes instead of firewall rules :-), never used them before. I will play around with them also to see how this works. thanks.

P.S. is there any downside of using this / black-holing?
P.S.S. if you disable the loopback addresses, why have you configured them?

The problem with the loopback address is this, I have tried to enable those rules, but OPNsense seems to ignore them, especially the two rules of IPv6 ::1/128 and ::/128 .

If these rules are also working in your environment,  feedback is welcome, I will modify my configuration screenshot.   ;D
2
23.1 Production Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6
« Last post by Gromhelm on Today at 06:52:57 am »
Just updated to 23.1.9 and Yes! All green lights on https://test-ipv6.com/ !

Quote
Your readiness score 10/10   for your IPv6 stability and readiness, when publishers are forced to go IPv6 only

Nothing changed in the configuration. I did see an error regarding IPv6 prefix update in the logs after update, and Unbound failed to start automatically, but everything was fine after manually starting unbound (see my description of this on GH).
3
General Discussion / Re: os-api-backup Authentication Issues
« Last post by xvjyhgade on Today at 06:06:35 am »
it was of course my fault. In the actual code I was writing I was using an auth parameter in the requests.get method. When I should have used an 'Authorization' header directly. Thanks for everyone time
4
23.1 Production Series / Re: Update to 23.1.8 got stuck
« Last post by cmccallu on Today at 06:06:27 am »
Seems like 23.1.9 fixed this issue as I was able to successfully upgrade on a environment that was failing and rolled back to the older release!

5
Zenarmor (Sensei) / Re: Sites Blocked but don't log
« Last post by jpward1981 on Today at 05:29:53 am »
A bug report has been submitted.
6
General Discussion / Re: Link fault detection
« Last post by kpiq on Today at 05:25:02 am »
Franco,

I guess I answered my own question (above) about "link fault detection" by tinkering around with my home network.  Ran ifconfig before and after disconnecting the WAN cable, saw the carrier loss detected by freebsd.

Now, I was just reviewing the WAN_GW gateway configuration (system > gateway > single) and noticed the "Far Gateway" choice, described as "This will allow the gateway to exist outside of the interface subnet".  WAN_GW is using the WAN interface and is defined as Upstream Gateway, with Far Gateway unchecked.

I definitely don't know what I'm talking about here, but please hear me out.   Even if I wasn't using frr, does this sound insane?

- create another Single Gateway, this one tied to the LAN interface, with a staitic IP address pointing to the default gateway of my other firewall, Upstream unchecked and Far Gateway checked,
- include this new single gateway as a Tier2 gateway in the Gateway Group that already has WAN_GW defined as a Tier1 member.
- Replicate the same setup on the other firewall, reversing the gateway order in the Gateway Group.

Thanks for your patience.

Regards

Pedro
7
German - Deutsch / Re: WireGuard keine Verbindung trotz Handshake
« Last post by Ronny1978 on Today at 05:22:50 am »
Evtl. ein IPv4 / IPv6 Problem??? ???

Was hast du den bei DNS im Wireguard Client eingegeben bzw. wer macht DNS bei dir? Die OpnSense oder der PiHole?
8
German - Deutsch / Re: Gast lan hat kein Internet
« Last post by Ronny1978 on Today at 05:17:12 am »
Filter -> DNS Umschreibungen -> bei Domain dann ds....synology.me oder sowas eintragen und bei der IP dann halt die IP der DS im Netz (zum Beispiel 192.168.1.20 bei mir).
9
German - Deutsch / Re: Gast lan hat kein Internet
« Last post by alex3003 on Today at 12:33:41 am »
Quote from: Ronny1978 on June 01, 2023, 06:17:19 am
Ich habe den Dienst UNBOUND (und auch im Zusammenspiel mit Adguard) aktiviert und dort eine Domainüberschreibung eingetragen. Somit geht die DynDNS Adresse direkt zur Synology ohne Umwege.
Hallo Ronny,
habe jetzt Adguard installiert, aber wie bzw. wo hast du eine Domainbeschreibung eingetragen für die Synology?
10
General Discussion / Re: IPv6 issue where prefix delegation not available from ISP
« Last post by meyergru on June 01, 2023, 11:29:52 pm »
I think Franco is right here with the prefix hint. The prefix size seems to be /56, see https://www.reddit.com/r/OPNsenseFirewall/comments/xmurda/psa_howto_ipv6_on_spectrum_formerly_twc_time/
Pages: [1] 2 3 ... 10
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2