"Recent posts
#1
25.7, 25.10 Series / dnsmasq dhcp: Clients accumula...
Last post by fab - Today at 04:37:22 PMHello dear forum. I'm trying to migrate to the new dnsmasq DNS/DHCP server at the moment. But I have a strange problem, that if upstream [WAN] changes the delegated /56 prefix (when restarting the router for example), my WHOLE network accumulates these new addresses without invalidating the old defunct IPv6 addresses and the servers and workstations still try to use these invalid addresses, which of course ends with an error. And I can't test this without completely restarting my router. I still haven't found an option to trigger this dnsmasq functionality without restarting my router (sorry for being such a noob). It worked flawlessly with the old ISC dhcp server, and the old addresses were invalidated properly. I'm really frustrated, because I have no idea why this is happening. The only thing I can do if upstream [WLAN] disconnects (through a reboot of OpnSense), is restart all my servers and workstations, to get a good set of IPv6 addresses until [WLAN] goes down again.
And there's another problem (which many people seem to have according to google). On some machines there are still "valid" IPv6 addresses which have a lifetime of 24h and I can't get rid of them.
I can't give much of logs (there aren't many informative messages anyway), but I hope someone can help me anyway. But please be a little patient, I'm not dumb, but this kind of problem is completely new to me and IPv6 is really complicated. On one side I want the new functionality (if it worked) and on the other side my old setup with ISC dhcp worked as expected (I have 7 VLANs which worked flawlessly).
Thanks alot,
fab
And there's another problem (which many people seem to have according to google). On some machines there are still "valid" IPv6 addresses which have a lifetime of 24h and I can't get rid of them.
I can't give much of logs (there aren't many informative messages anyway), but I hope someone can help me anyway. But please be a little patient, I'm not dumb, but this kind of problem is completely new to me and IPv6 is really complicated. On one side I want the new functionality (if it worked) and on the other side my old setup with ISC dhcp worked as expected (I have 7 VLANs which worked flawlessly).
Thanks alot,
fab
#2
General Discussion / Re: Help needed with DNSCrypt ...
Last post by hushcoden - Today at 04:12:49 PMThanks guys, and how do you understand it's actually a bot?
Hopefully I won't fall for it again next time...
Hopefully I won't fall for it again next time...
#3
General Discussion / Re: Help needed with DNSCrypt ...
Last post by Patrick M. Hausen - Today at 03:56:49 PME.g. the explanation of forward first is the wrong way round.
#4
26.1 Series / Re: Is os-ddclient avail still
Last post by nero355 - Today at 03:43:46 PMCheck the NOTE @ https://docs.opnsense.org/manual/dynamic_dns.html and figure out how to switch to the new native solution :)
#5
General Discussion / Re: Help needed with DNSCrypt ...
Last post by nero355 - Today at 03:37:54 PMQuote from: hushcoden on Today at 11:53:17 AMMany thanks for your explanation, much appreciated.You can not talk to "him" since it's some kind of SPAMbot that has started posting "Machine Learning Chatbot"-like answers on Forums of which many are also outdated and incorrect so watch out !! ;)
#6
26.1 Series / Is os-ddclient avail still
Last post by Lost_Ones - Today at 02:05:02 PMHello,
After upgrading to 26.1, I have noticed that my dynamic DNS is not longer working. I do not see it under services, and not avail under system- firmware - os-ddclient. Has this retired, or do I need to look for it somewhere else?
Regards,
After upgrading to 26.1, I have noticed that my dynamic DNS is not longer working. I do not see it under services, and not avail under system- firmware - os-ddclient. Has this retired, or do I need to look for it somewhere else?
Regards,
#7
General Discussion / Re: Best way to set up DMZ wit...
Last post by Monviech (Cedrik) - Today at 01:39:09 PMI use my own daemon with a fritzbox and don't care about changing prefixes and other strange ISP behaviors.
It also automatically populates firewall aliases so clean subnet separation is very easy.
Additionally it works very well with my Fritzbox and you can still open firewall there for specific devices that should get inbound IPv6 connections as well.
Not using prefix delgation can have benefits with janky providers.
https://docs.opnsense.org/manual/ndp-proxy-go.html
It also automatically populates firewall aliases so clean subnet separation is very easy.
Additionally it works very well with my Fritzbox and you can still open firewall there for specific devices that should get inbound IPv6 connections as well.
Not using prefix delgation can have benefits with janky providers.
https://docs.opnsense.org/manual/ndp-proxy-go.html
#8
General Discussion / Re: Best way to set up DMZ wit...
Last post by Bob.Dig - Today at 12:50:09 PMQuote from: User074357 on April 03, 2026, 07:56:35 PMUsing "Firewall: Diagnostics: Aliases" I can confirm __wan_network includes the /64 prefix of the network the opnsense is in. However it does not include any other delegated prefixes by the FritzBox.If this doesn't work, create a group in firewall with all your IPv6-enabled networks. Then use this group-alias for your rule creation, don't use the group itself.
#9
26.1 Series / Re: Failed to load widget
Last post by OPNenthu - Today at 12:13:10 PMThis can happen if the login session times out. Were you asked to sign again when you refreshed?
#10
General Discussion / Re: Port OPNsense to Linux?
Last post by chemlud - Today at 12:08:07 PMQuote from: pfry on Today at 04:17:57 AMNobody remembers pfsense 3?
...they are too young :-D
