"Recent posts
#1
Tutorials and FAQs / OPNsense under Proxmox - Why O...
Last post by spetrillo - Today at 01:16:36 AMI am still struggling with this. I have made major changes to my VLAN structure but this still is not working. So let me step through my setup.
VLANs:
VLAN 2: Network devices and APs
VLAN 3: Servers
VLAN 10: Home wireless
VLAN 12: IoT wireless
VLAN 20: Streaming
My Proxmox server has an onboard 1 gig NIC. I have added a two port 10 gig PCIe adapter, as well as a USB 2.5 gig adapter. Proxmox UI is on USB adapter(vmbr0.2). OPNsense VLANs are on the 10 gig ports(vmbr1 and vmbr2). OPNsense WAN is on the onboard NIC(vmbr3).
My Proxmox networking config is as follows:
iface enp2s0f0 inet manual
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp2s0f0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2,3,20
#FW 2,3,20
iface enp2s0f1 inet manual
auto vmbr2
iface vmbr2 inet manual
bridge-ports enp2s0f1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 10,12
#FW 10,12
iface eno1 inet manual
auto vmbr3
iface vmbr3 inet dhcp
bridge-ports eno1
bridge-stp off
bridge-fd 0
#FW WAN
iface enx6c1ff70ad1e0 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports enx6c1ff70ad1e0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2,3
#VMs 2,3
auto vmbr0.2
iface vmbr0.2 inet static
address 192.168.1.66/26
gateway 192.168.1.65
#Mgmt
My OPNsense VM config is attached. I have a managed 1 gig switch I am testing with. Port 1 of the switch is connected to my PC and is configured for vlan 2 untagged. Port 2 of the switch is connected to the first port of the 10 gig adapter and both vlan2/3 are set to tagged. VLAN 2 is the LAN side of my OPNsense VM, with an IP of 192.168.1.1/26. I configure my PC side for 192.168.1.10/26 and assign the adapter to VLAN 2 also. When I try to ping 192.168.1.1 from my PC(192.168.1.10) I get nothing. I fully expected the LAN side of the OPNsense firewall to respond, but it is not.
Have I done anything incorrect? I believe the networking is correct but I do not know for sure.
Thanks,
Steve
VLANs:
VLAN 2: Network devices and APs
VLAN 3: Servers
VLAN 10: Home wireless
VLAN 12: IoT wireless
VLAN 20: Streaming
My Proxmox server has an onboard 1 gig NIC. I have added a two port 10 gig PCIe adapter, as well as a USB 2.5 gig adapter. Proxmox UI is on USB adapter(vmbr0.2). OPNsense VLANs are on the 10 gig ports(vmbr1 and vmbr2). OPNsense WAN is on the onboard NIC(vmbr3).
My Proxmox networking config is as follows:
iface enp2s0f0 inet manual
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp2s0f0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2,3,20
#FW 2,3,20
iface enp2s0f1 inet manual
auto vmbr2
iface vmbr2 inet manual
bridge-ports enp2s0f1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 10,12
#FW 10,12
iface eno1 inet manual
auto vmbr3
iface vmbr3 inet dhcp
bridge-ports eno1
bridge-stp off
bridge-fd 0
#FW WAN
iface enx6c1ff70ad1e0 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports enx6c1ff70ad1e0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2,3
#VMs 2,3
auto vmbr0.2
iface vmbr0.2 inet static
address 192.168.1.66/26
gateway 192.168.1.65
#Mgmt
My OPNsense VM config is attached. I have a managed 1 gig switch I am testing with. Port 1 of the switch is connected to my PC and is configured for vlan 2 untagged. Port 2 of the switch is connected to the first port of the 10 gig adapter and both vlan2/3 are set to tagged. VLAN 2 is the LAN side of my OPNsense VM, with an IP of 192.168.1.1/26. I configure my PC side for 192.168.1.10/26 and assign the adapter to VLAN 2 also. When I try to ping 192.168.1.1 from my PC(192.168.1.10) I get nothing. I fully expected the LAN side of the OPNsense firewall to respond, but it is not.
Have I done anything incorrect? I believe the networking is correct but I do not know for sure.
Thanks,
Steve
#2
General Discussion / 25.7.9 update - xorgproto: 202...
Last post by Modom001 - Today at 01:11:05 AMI got this when I did todays update. I restarted the up and all it some needing a update is the need to update xorgproto: 2023.2 -> 2024.1 [SunnyValley] again. Any advise?
***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7.9 (amd64) at Wed Dec 10 17:49:14 CST 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking for upgrades (68 candidates): .......... done
Processing candidates (68 candidates): . done
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
xorgproto: 2023.2 -> 2024.1 [SunnyValley]
Number of packages to be upgraded: 1
[1/1] Upgrading xorgproto from 2023.2 to 2024.1...
[1/1] Extracting xorgproto-2024.1: .......... done
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/applewmproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/bigreqsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/compositeproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/damageproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dmxproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dpmsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dri2proto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dri3proto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/fixesproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/fontsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/glproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/inputproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/kbproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/presentproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/randrproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/recordproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/renderproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/resourceproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/scrnsaverproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/videoproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xcmiscproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xextproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86bigfontproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86dgaproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86driproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86vidmodeproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xineramaproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xwaylandproto.pc
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/LICENSE
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/MIT
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/catalog.mk
Child process pid=11889 terminated abnormally: Segmentation fault
Starting web GUI...done.
Partial update failure detected: attempting automatic cleanup.
No further actions will be taken. Please restart the update now.
***DONE***
***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7.9 (amd64) at Wed Dec 10 17:49:14 CST 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking for upgrades (68 candidates): .......... done
Processing candidates (68 candidates): . done
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
xorgproto: 2023.2 -> 2024.1 [SunnyValley]
Number of packages to be upgraded: 1
[1/1] Upgrading xorgproto from 2023.2 to 2024.1...
[1/1] Extracting xorgproto-2024.1: .......... done
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/applewmproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/bigreqsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/compositeproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/damageproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dmxproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dpmsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dri2proto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dri3proto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/fixesproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/fontsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/glproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/inputproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/kbproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/presentproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/randrproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/recordproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/renderproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/resourceproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/scrnsaverproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/videoproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xcmiscproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xextproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86bigfontproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86dgaproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86driproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86vidmodeproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xineramaproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xwaylandproto.pc
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/LICENSE
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/MIT
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/catalog.mk
Child process pid=11889 terminated abnormally: Segmentation fault
Starting web GUI...done.
Partial update failure detected: attempting automatic cleanup.
No further actions will be taken. Please restart the update now.
***DONE***
#3
General Discussion / Re: still see traffic going ou...
Last post by robertkwild - Today at 12:30:00 AMthanks RamSense
doing this command on my opnsense
tcpdump -i vtnet0 port 853
should i replace vtnet0 with my lan or wan interface?
thats very wierd i made a floating rule to block 53 and it worked as i couldnt access any websites anymore but when i did a tcpdump on my lan interface on 53 i could see loads of activity so somethings wierd, so it looks like my DoT isnt working
thanks,
rob
doing this command on my opnsense
tcpdump -i vtnet0 port 853
should i replace vtnet0 with my lan or wan interface?
thats very wierd i made a floating rule to block 53 and it worked as i couldnt access any websites anymore but when i did a tcpdump on my lan interface on 53 i could see loads of activity so somethings wierd, so it looks like my DoT isnt working
thanks,
rob
#4
Q-Feeds (Threat intelligence) / q-feeds feedback
Last post by mokaz - December 10, 2025, 11:44:11 PMHi there,
I tested the free plugin and it works according to plan, thanks!
A few items though:
- I guess that with the Community - Self-Provisioned licensing scheme, the provided threat feeds include OSINT only. Are you intending to list what is included within your OSINT package? I.E: all the Q-Feeds triggering threats here were part of my next in line ingress policy object which is the IPSUM_L1 threat intelligence feed.
- I may think that the plugin does not release/give control back to OPNsense once the inactive administrative session timeout has been reached. One may still click on the three Q-Feeds menus. Although, while nothing refreshes within the Q-Feeds menus, once you click anywhere else within the GUI, you're routed to the usual OPNsense login page, which is the normal behavior under these circumstances.
- Why the "Security" new menuitem? why not simply within the "Services > Q-Feeds Connect" menu directly? Perhaps there are other unknown to me plugins that uses the "Security" menuitem although if you're the only one, I don't see the point TBH.
Let me know,
Thanks
I tested the free plugin and it works according to plan, thanks!
A few items though:
- I guess that with the Community - Self-Provisioned licensing scheme, the provided threat feeds include OSINT only. Are you intending to list what is included within your OSINT package? I.E: all the Q-Feeds triggering threats here were part of my next in line ingress policy object which is the IPSUM_L1 threat intelligence feed.
- I may think that the plugin does not release/give control back to OPNsense once the inactive administrative session timeout has been reached. One may still click on the three Q-Feeds menus. Although, while nothing refreshes within the Q-Feeds menus, once you click anywhere else within the GUI, you're routed to the usual OPNsense login page, which is the normal behavior under these circumstances.
- Why the "Security" new menuitem? why not simply within the "Services > Q-Feeds Connect" menu directly? Perhaps there are other unknown to me plugins that uses the "Security" menuitem although if you're the only one, I don't see the point TBH.
Let me know,
Thanks
#5
25.7, 25.10 Series / Re: MIgrating IPsec Legacy to ...
Last post by thorstenR - December 10, 2025, 11:34:05 PManyone?!?
#6
German - Deutsch / Re: Probleme mit DNS + VLAN + ...
Last post by mfreudenberg - December 10, 2025, 11:24:39 PMQuote from: mfreudenberg on December 10, 2025, 11:23:27 PM...
Jupp, der wars. Anscheinend war der Wireguard-VPN irgendwie falsch konfiguriert, sodass der den kompletten Traffic geblockt hat - uff.
Ich hab als Tunneladresse die 10.10.0.0/24 angegeben. Ich vermute, dass das der Fehler war.
#7
German - Deutsch / Re: Probleme mit DNS + VLAN + ...
Last post by mfreudenberg - December 10, 2025, 11:23:27 PMQuote from: mfreudenberg on December 10, 2025, 11:19:57 PMMoment, mir fällt gerade ein, dass ich den Wireguard-VPN abgeschaltet habe, da ich den immer in den Firewall-Logs gesehen hatte. Ich schalte den mal wieder ein und versuche es dann nochmal.
Jupp, der wars. Anscheinend war der Wireguard-VPN irgendwie falsch konfiguriert, sodass der den kompletten Traffic geblockt hat - uff.
#8
Web Proxy Filtering and Caching / Question on the logs?
Last post by killmasta93 - December 10, 2025, 11:21:22 PMHi i was wondering if someone could shed some light, Currently on the logs on the webGUI shows a bit different on the logs though ssh any ideas why?
as im trying to see users in real time
https://imgur.com/2kR9Os5
https://imgur.com/2kR9Os5
Thanks
as im trying to see users in real time
https://imgur.com/2kR9Os5
https://imgur.com/2kR9Os5
Thanks
#9
German - Deutsch / Re: Probleme mit DNS + VLAN + ...
Last post by mfreudenberg - December 10, 2025, 11:19:57 PMQuoteAm Client Gerät, nehm ich an?
Ja genau.
Ich hab jetzt mal einen trace über Diagnostics und Packet Capture gemacht. Ich sehe im prinzip das gleiche Bild. Eine menge TCP SYN in Richtung Internet. Nach einiger Zeit kommen dann ganz viele TCP Retransmissions.
Ich habe jetzt mal den curl auf heise im Terminal einige Zeit mal laufen lassen. Plötzlich hat curl am Terminal was ausgegeben. Ich hab danach mal im Browser heise.de versucht und plötzklich komme ich ins Internet??
Ich bin ein wenig irritiert, da ich meines Wissens nichts verändert habe.
Der Speedtest gibt mir auch mehr oder weniger die Bandbreite meines DSLs zurück - ich verstehe das nicht.
Moment, mir fällt gerade ein, dass ich den Wireguard-VPN abgeschaltet habe, da ich den immer in den Firewall-Logs gesehen hatte. Ich schalte den mal wieder ein und versuche es dann nochmal.
#10
25.7, 25.10 Series / Re: Blocking traffic? what am ...
Last post by Patrick M. Hausen - December 10, 2025, 11:13:47 PMIt isn't and it is well documented, although one could argue that the "NAT before filtering" is a bit surprising.
https://docs.opnsense.org/manual/firewall.html#processing-order
https://docs.opnsense.org/manual/firewall.html#processing-order
