"Recent posts
#1
General Discussion / Re: Can't get IPv6 working in ...
Last post by Patrick M. Hausen - Today at 05:53:53 PMWhat does your allow all rule for IPv6 on LAN look like exactly? If you have source = LAN net instead of source = any, and you are using the NDP proxy, that would explain the traffic being denied because there is no LAN net. The firewall doesn't have an IPv6 address in that single /64 you use with the proxy on LAN (!).
#2
General Discussion / Re: Can't get IPv6 working in ...
Last post by CJ - Today at 05:48:12 PMI installed the ndp-proxy-go plugin and configured it according to the manual. I unchecked RA under Dnsmasq General.
My client now get global and unique local addresses that match the WAN prefix. Client default route now shows LAN IPv4 and IPv6. Client DNS shows WAN gateway for IPv6 and OPNsense for IPv4.
I still have no IPv6 connectivity on the client. All pings timeout. Looking at the Firewall Live View I see the client global address being blocked by the default deny rule despite the default LAN allow all rules.
My client now get global and unique local addresses that match the WAN prefix. Client default route now shows LAN IPv4 and IPv6. Client DNS shows WAN gateway for IPv6 and OPNsense for IPv4.
I still have no IPv6 connectivity on the client. All pings timeout. Looking at the Firewall Live View I see the client global address being blocked by the default deny rule despite the default LAN allow all rules.
#3
Hardware and Performance / Re: CPU Recommendations?
Last post by BrandyWine - Today at 05:41:22 PMIntel i3. And I have a few N150 devices, some doing work and others rather idle like my opnsense fw, the N150 can do work.
I guess it depends on what type of work your fw will doing.
Is 10G an interface spec, or do you expect 10G worth of data all the time?
I guess it depends on what type of work your fw will doing.
Is 10G an interface spec, or do you expect 10G worth of data all the time?
#4
Hardware and Performance / Re: DEC750 NVMe thermal pad?
Last post by BrandyWine - Today at 05:36:36 PMHaving the fan is good, and when it fails the FW device is still ok because it's a passive-sinked case.
I was think small fan(s) like those you get on a Pi hat, or something like a 25mm. I made 3d hat for my cable modem and it has two 25mm fans (it's duct work in design, but caps the top edge of the modem). I cant hear them running, but they pull a lot of heat out.
For the devices that have no fan and site flat like a wifi AP, I usually place small 1cm riser feet on those to allow better convection cooling.
I never experimented using a Peltier pads. Always wondered if they could be used as pad between say nvme and the sink.
Many ways to keep things cool.
I was think small fan(s) like those you get on a Pi hat, or something like a 25mm. I made 3d hat for my cable modem and it has two 25mm fans (it's duct work in design, but caps the top edge of the modem). I cant hear them running, but they pull a lot of heat out.
For the devices that have no fan and site flat like a wifi AP, I usually place small 1cm riser feet on those to allow better convection cooling.
I never experimented using a Peltier pads. Always wondered if they could be used as pad between say nvme and the sink.
Many ways to keep things cool.
#5
General Discussion / Re: Can't get IPv6 working in ...
Last post by Monviech (Cedrik) - Today at 05:11:32 PMIf there is no prefix you have these choices:
- Configure your ISP router to provide a prefix via DHCPv6
- Use the ndp proxy without a prefix via SLAAC
- Use NAT66 with ULAs or a "stolen" "internal" GUA
- Don't use IPv6
- Configure your ISP router to provide a prefix via DHCPv6
- Use the ndp proxy without a prefix via SLAAC
- Use NAT66 with ULAs or a "stolen" "internal" GUA
- Don't use IPv6
#6
German - Deutsch / Re: Umgang mit VLAN
Last post by cwt - Today at 05:07:57 PMDie Devolo Adapter (die reiner Powerline Adapter, nicht die Wifi-Teile) reichen alles VLAN Traffic weiter. Also auch tagged Pakete. Allerdings kann man nicht konfigieren, was und was nicht.
Ich persönlich bin kein Unifi-Fan. Für SOHO und ,,besseres Privat-Wifi" empfehle ich meist EAPs von TP-Link (aber das ist Geschmacksache). Deren Controller für erwetertes Wifi-Management läuft entweder als Hardware Appliance oder ggf. als native Installation bzw. auch in Docker. Damit kann man m. E. relativ einfach mehrere (isolierte) Wifis mit VLAN support aufbauen.
Ich persönlich bin kein Unifi-Fan. Für SOHO und ,,besseres Privat-Wifi" empfehle ich meist EAPs von TP-Link (aber das ist Geschmacksache). Deren Controller für erwetertes Wifi-Management läuft entweder als Hardware Appliance oder ggf. als native Installation bzw. auch in Docker. Damit kann man m. E. relativ einfach mehrere (isolierte) Wifis mit VLAN support aufbauen.
#7
General Discussion / Re: Can't get IPv6 working in ...
Last post by CJ - Today at 04:41:18 PMQuote from: Monviech (Cedrik) on Today at 02:50:07 PMCheck /tmp if you find a file that contains "prefix" for you WAN interface.
(eg igb1_prefix6...) out of my head right now.
I reset to defaults and confirmed that my WAN was set to DHCPv6. I don't see anything prefix in /tmp.
#8
Virtual private networks / Re: Peer generator - possible ...
Last post by _Mike - Today at 04:01:17 PMQuote from: username_123 on May 01, 2026, 01:52:29 PMI found the configuration in the file /conf/config.xml stored at the XML path /opnsense/OPNsense/wireguard/server/servers
I had the same issue - This fixed it for me. Thanks!
#9
General Discussion / Re: Can't get IPv6 working in ...
Last post by Monviech (Cedrik) - Today at 03:40:31 PMThanks I will fix that, looks like a grammar error.
#10
General Discussion / Re: Can't get IPv6 working in ...
Last post by CJ - Today at 03:32:24 PMQuote from: Monviech (Cedrik) on Today at 03:07:23 PMOn WAN you need DHCPv6 configured in order for that file to show.
For the ndp proxy, it has an example configuration to follow inside the manual. If you configure it exactly like that, IPv6 will most likely "just work" without any NAT66.
I'll give that a try. There does seem to be some typos/errors in the manual. There's no or option to the either clause.
Go to Interfaces ‣ LAN and choose either a link-local IPv6 configuration.
