"Recent posts
#1
Zenarmor (Sensei) / Re: Backup & Restore Backup Do...
Last post by sy - Today at 04:02:17 PMHi,
It is the same with backup issue. I will share the patch files as a temporary workaround.
It is the same with backup issue. I will share the patch files as a temporary workaround.
#2
Development and Code Review / Re: Delete one firewall rule o...
Last post by patient0 - Today at 01:50:49 PMQuote from: Monviech (Cedrik) on Today at 11:31:03 AMVery nice, thank you for confirming first. If it's not easily reproducible it would be quite hard to track.I opened GH issue DEV 26.1.a_621: deleting one firewall rule => all rules disappear.
It's reproducable for me by creating a new VM from the 25.7.r1 ISO and upgrading to Development 26.1.a_621 (which is only two steps, 1) upgrade pkg and 2) upgraded directly to 26.1.a_621).
The config.xml attached in the issue (and we track the issue there, I assume)
#3
General Discussion / Re: Where should I put the mai...
Last post by timlab55 - Today at 01:41:29 PMI found out what the problem was. My VPN kept getting in the way. Since I turned that off, there are no issues. When I post something in this forum, I found that I don't get an email telling me that someone answered my question. This post is closed.
#4
25.7, 25.10 Series / Re: OPNsense 25.7.8 (amd64) **...
Last post by jim1985 - Today at 12:57:17 PMThis occasionally happens to me.
When it does I find a full reboot from SSH fixes it for me.
Have you tried rebooting rather than just reloading the services?
When it does I find a full reboot from SSH fixes it for me.
Have you tried rebooting rather than just reloading the services?
#5
25.7, 25.10 Series / Re: What is the best strategy ...
Last post by meyergru - Today at 12:27:47 PMIf your ISP uses dynamic IPv6 prefixes (many do), then you can create a "dynamic IPv6 host" alias using the EUI-64 and the interface it is on.
Of course, with dynamic prefixes, you also need a dynamic DNS service that allows you to use an IPv6 address that is using a predefined EUI-64 part. If it can only register the outbound IPv6, it will only see OpnSense's WAN IPv6, so you must be able to mix in the lower 64 bits if the target IP is not OpnSense itself.
Another way to do this is using a reverse proxy like Caddy, HAproxy or NGinx on OpnSense, in which case the dynamic DNS update gets easier, because OpnSense itself is the target, then. When you use that, you do not even have to use IPv6 for your internal web service, plus you do not need a specific firewall rule.
Of course, with dynamic prefixes, you also need a dynamic DNS service that allows you to use an IPv6 address that is using a predefined EUI-64 part. If it can only register the outbound IPv6, it will only see OpnSense's WAN IPv6, so you must be able to mix in the lower 64 bits if the target IP is not OpnSense itself.
Another way to do this is using a reverse proxy like Caddy, HAproxy or NGinx on OpnSense, in which case the dynamic DNS update gets easier, because OpnSense itself is the target, then. When you use that, you do not even have to use IPv6 for your internal web service, plus you do not need a specific firewall rule.
#6
25.7, 25.10 Series / Re: What is the best strategy ...
Last post by gunnarf - Today at 12:18:59 PMI must have chosen something wrong when I tries to make an alias, because it didn't like ipv6 addresses. Now it works Thanks
#7
25.7, 25.10 Series / Re: What is the best strategy ...
Last post by Patrick M. Hausen - Today at 12:05:57 PMA host alias takes an IPv6 address and you can then easily create a rule on WAN like:
direction: in
protocol: IPv6, TCP
source: any
destination: your web server alias
destination port: 443
action: allow
That's all. Works splendidly.
direction: in
protocol: IPv6, TCP
source: any
destination: your web server alias
destination port: 443
action: allow
That's all. Works splendidly.
#8
25.7, 25.10 Series / (SOLVED)What is the best strat...
Last post by gunnarf - Today at 12:00:33 PMThis is a small personal network. My ISP earlier let me get a ipv4 address that was routed, so I could reach my web server from the internet. I got a new address recently (standard good ipv4 address via DHCP) and it is not routed. However I can reach my server with ipv6 (tried ping).
What is the best strategy to let traffic in to the web server (only 443) via ipv6? I tried to make a rule and point out the servers ipv6 address, but in the alias section, there is no such possibility, it doesn't like ipv6 addresses. So what do I do?
The ipv6 address span is a /56 that I get from my IPS, and I give it out to four separate networks inside.
What is the best strategy to let traffic in to the web server (only 443) via ipv6? I tried to make a rule and point out the servers ipv6 address, but in the alias section, there is no such possibility, it doesn't like ipv6 addresses. So what do I do?
The ipv6 address span is a /56 that I get from my IPS, and I give it out to four separate networks inside.
#9
25.7, 25.10 Series / Re: Feature Request: DNS-01 Su...
Last post by Zwiebelhacker - Today at 11:42:05 AMThanks for the fast reply!
OK, That makes sense. I'll go ahead and try using the regular ACME plugin together with OPNWAF as you suggested.
Thanks again!
OK, That makes sense. I'll go ahead and try using the regular ACME plugin together with OPNWAF as you suggested.
Thanks again!
#10
German - Deutsch / Re: IPv6: Clients verlieren Ve...
Last post by bamf - Today at 11:36:28 AMKurze Rückmeldung zum Thema: Seit dem DSLAM Line-Reset ist das Problem vollständig verschwunden. Alles funktioniert seit Juli wieder einwandfrei.
Das Problem lag offensichtlich auf Seite der Telekom und nicht bei mir.
Das Problem lag offensichtlich auf Seite der Telekom und nicht bei mir.
