"Recent posts
#1
Hardware and Performance / Re: Dec740 connected to a USW-...
Last post by pfry - Today at 02:34:50 PMConfirm, no. But I'd bet a fair pile of money on it, assuming the length is what you need. Funny, I took a look at pricing (for the cable) and got all sorts of way too expensive results, but the Ubiquity store price was quite reasonable.
#2
Web Proxy Filtering and Caching / HAProxy to home server not wor...
Last post by satcomjimmy - Today at 02:19:16 PMI have been running services on a home qnap NAS for a while and I've successfully run it behind HAProxy on my OPNSense firewall for months. Yesterday all my family that use iphones lost access. Nothing seems wrong but when I disable HAproxy and just do a basic port forward it works again, so it must be something to do with the proxy setup. It is NOT affecting connections from androids or the same users over most browser connections to the same server with the same credentials, sometimes from the same device. It has consistently affected their connections via the official qnap app and firefox on an iphone. The same iphone could connect to the server on chrome.
I looked for QUIC (UDP instead of TCP) on the firewall logs based on online comments about how apple sometimes tries to force connections from https to quic, but nothing is in the logs showing my clients are trying that, so I'm stumped on what to look for or try and cannot leave this port forward in place.
I looked for QUIC (UDP instead of TCP) on the firewall logs based on online comments about how apple sometimes tries to force connections from https to quic, but nothing is in the logs showing my clients are trying that, so I'm stumped on what to look for or try and cannot leave this port forward in place.
#3
25.7, 25.10 Series / Re: Adding a VLAN takes 26 cli...
Last post by 0zzy - Today at 12:59:19 PMIf you're using clicks, you're not a modern OPs.
Its not a Windows Machine where you Click anything and hopefully not build a SecurityFlaw....
If you wan't to administer OPNSense over a modern Way (like API) I suggest to read the Manual.
There's a way to use the API for that (that's how I do it with versioning and a Git repo in my local Network only for this task).
It Takes 2-3 Minutes and voila a new VLAN is there.
Here's an Example on how to do it:
Its a simple curl Post Call with a json file:
| Field | Description |
| ------------- | ------------------------------------------- |
| `enabled` | 1 = enable VLAN |
| `tag` | The VLAN ID (e.g., 30) |
| `description` | Description visible in GUI |
| `if` | Parent physical NIC (e.g., igb0, igb1, em0) |
| `priority` | Optional (0–7) |
To verify:
What exactly is your problem? Your statement doesn't make sense.
Its not a Windows Machine where you Click anything and hopefully not build a SecurityFlaw....
If you wan't to administer OPNSense over a modern Way (like API) I suggest to read the Manual.
There's a way to use the API for that (that's how I do it with versioning and a Git repo in my local Network only for this task).
It Takes 2-3 Minutes and voila a new VLAN is there.
Here's an Example on how to do it:
Code Select
curl -X POST "https://OPNSENSE-IP/api/interfaces/vlan/addVlan" \
-H "Content-Type: application/json" \
-u "APIKEY:APISECRET" \
-d '{
"vlan": {
"enabled": "1",
"tag": "30",
"description": "LAN_Prod",
"if": "igb0",
"priority": "0"
}
}'
Its a simple curl Post Call with a json file:
| Field | Description |
| ------------- | ------------------------------------------- |
| `enabled` | 1 = enable VLAN |
| `tag` | The VLAN ID (e.g., 30) |
| `description` | Description visible in GUI |
| `if` | Parent physical NIC (e.g., igb0, igb1, em0) |
| `priority` | Optional (0–7) |
To verify:
Code Select
curl -X GET "https://OPNSENSE-IP/api/interfaces/vlan/searchVlan" \
-u "APIKEY:APISECRET"
What exactly is your problem? Your statement doesn't make sense.
#4
German - Deutsch / Re: NUT Plugin noch verfügbar?
Last post by no_Legend - Today at 12:24:09 PMKennt sich jemand mit dem Service aus?
Wie kann ich kontrollieren ob er läuft? In Der Service Übersicht, wird er immer Rot angezeigt.
(das Stop-Zeichen leuchtet Rot und das Play-Zeichen ist nicht Grün)
Wenn ich aber auf auf dem Plugin in die Diagnostics gehe, dann wird eine Ausgabe der USV angezeigt.
Danke und Grüße Robert
Wie kann ich kontrollieren ob er läuft? In Der Service Übersicht, wird er immer Rot angezeigt.
(das Stop-Zeichen leuchtet Rot und das Play-Zeichen ist nicht Grün)
Wenn ich aber auf auf dem Plugin in die Diagnostics gehe, dann wird eine Ausgabe der USV angezeigt.
Danke und Grüße Robert
#5
German - Deutsch / Re: Anfängerfrage: bekomme kei...
Last post by H1N1 - Today at 12:14:14 PMVielen Dank für Eure Hilfe!
Habs jetzt hinbekommen mit der NAT-Regel, die aus unerfindlichem Grund nicht "aktiv" war; nach einem Neustart der Firewall hat es funktioniert!
Habs jetzt hinbekommen mit der NAT-Regel, die aus unerfindlichem Grund nicht "aktiv" war; nach einem Neustart der Firewall hat es funktioniert!
#6
25.7, 25.10 Series / Problems Uploading Photos from...
Last post by AnthonyStark - Today at 12:06:23 PMHello everyone,
I'm currently experiencing an issue when uploading photos from my iPhone (iOS 26.1 - App - PhotoSync) to an SMB share. The iPhone is located in the Home VLAN, while OMV (OpenMediaVault) with the SMB share is located in the Server VLAN.
There is an any-any rule in place for the iPhone between the VLANs. The connection to the share can be established without any problems, but the file transfer stops after a few images. There is no recognizable pattern: sometimes it happens after the second image, sometimes after the 25th. I have repeatedly tested with the same set of images, and the error occurs every time.
Hardware/Setup:
I'm using a Dell Wyse 5070 Extended with a dual-NIC network card (Fujitsu Ethernet Controller 2x1GB DualLan-Card S26361-D3035-A100). OPNsense is up to date and installed directly on the thin client. Intrusion Detection is not enabled. I have Zenarmor installed, but even if I disable it, the same issue occurs.
Previously, I ran Proxmox on the device with a virtualized Sophos XG Home and this setup did not have the issue.
Question:
How can I further narrow down the root cause? Unfortunately, I can't really identify anything helpful in the firewall logs.
I'm currently experiencing an issue when uploading photos from my iPhone (iOS 26.1 - App - PhotoSync) to an SMB share. The iPhone is located in the Home VLAN, while OMV (OpenMediaVault) with the SMB share is located in the Server VLAN.
There is an any-any rule in place for the iPhone between the VLANs. The connection to the share can be established without any problems, but the file transfer stops after a few images. There is no recognizable pattern: sometimes it happens after the second image, sometimes after the 25th. I have repeatedly tested with the same set of images, and the error occurs every time.
Hardware/Setup:
I'm using a Dell Wyse 5070 Extended with a dual-NIC network card (Fujitsu Ethernet Controller 2x1GB DualLan-Card S26361-D3035-A100). OPNsense is up to date and installed directly on the thin client. Intrusion Detection is not enabled. I have Zenarmor installed, but even if I disable it, the same issue occurs.
Previously, I ran Proxmox on the device with a virtualized Sophos XG Home and this setup did not have the issue.
Question:
How can I further narrow down the root cause? Unfortunately, I can't really identify anything helpful in the firewall logs.
#7
Hardware and Performance / Dec740 connected to a USW-Pro-...
Last post by DEC670airp414user - Today at 11:00:42 AMI am going to replace my Dec670 soon.
thinking about going with the above hardware. for the 10Gb connectivity part, I am reading all I need is a single UACC-DAC-SFP10-0.5M. which is listed as certified to work.
can anyone confirm that is all that is needed for me?
thinking about going with the above hardware. for the 10Gb connectivity part, I am reading all I need is a single UACC-DAC-SFP10-0.5M. which is listed as certified to work.
can anyone confirm that is all that is needed for me?
#8
German - Deutsch / Re: Kann curl nicht auf die im...
Last post by meyergru - Today at 10:08:27 AMAlles klar, Du hast es aber falsch verstanden: Du kannst entweder eigene Zertifikate direkt in der UI selbst erzeugen oder Dir per ACME.sh solche von einer offiziellen ACME-CA holen. Die interne OpnSense-CA beherrscht das ACME-Protokoll nicht, also sind diese Wege nicht kombinierbar, wie ich oben bereits erklärte.
Beide Typen von Zertifikat kannst Du u.a. für das OpnSense Web UI nutzen.
Beide Typen von Zertifikat kannst Du u.a. für das OpnSense Web UI nutzen.
#9
25.7, 25.10 Series / Re: [Solved] Monitoring gatewa...
Last post by meyergru - Today at 09:54:06 AMI use Uptime Kuma only for all of my services being basically "up / present", which are quite a lot, so I also put them into groups. The services do not even have individual alerts, those are only enabled at the group level. Actually, I use a HomeAssistant alert to sent a voice notice to my Amazon Echo Dot.
This is a health check only.
On top of this, for real monitoring purposes, I use the well-established telegraf/influxdb/grafana combo. For most Linux boxes, there is a dashboard and also for OpnSense and many more, like for Proxmox.
This is a health check only.
On top of this, for real monitoring purposes, I use the well-established telegraf/influxdb/grafana combo. For most Linux boxes, there is a dashboard and also for OpnSense and many more, like for Proxmox.
#10
25.7, 25.10 Series / Re: Adding a VLAN takes 26 cli...
Last post by franco - Today at 09:05:07 AM> but I think one of the important pieces here is that OPNsense in a lot of places asks the user to manually enter data when OPNsense already knows the answer:
I don't agree and the past discussions are all over the forum and GitHub to read through. I don't enjoy starting at the "but what if we just did it this way". This is not how projects work when they span multiple decades in total.
Cheers,
Franco
I don't agree and the past discussions are all over the forum and GitHub to read through. I don't enjoy starting at the "but what if we just did it this way". This is not how projects work when they span multiple decades in total.
Cheers,
Franco
