"Recent posts
#1
26.1 Series / Re: Identity Association IPv6 ...
Last post by tgurr - Today at 08:38:46 PMQuote from: bazineta on Today at 06:45:28 PMThis appears to work properly with the prefix delegation setup, and all the usual IPv6 tests pass, but this is usually the point where more learned individuals tell me that I'm being an idiot, so let's see what they have to say.
Sounds sensible to me, sent you a pm asking for details cause I'm interested to try to replicate your setup.
#2
25.7, 25.10 Series / Re: [SOLVED] hostwatch at 100%...
Last post by franco - Today at 08:29:47 PMThe .11 in 26.1_4 enforces the proper cleanup now. Just make sure to restart after update.
Cheers,
Franco
Cheers,
Franco
#3
German - Deutsch / VLAN und Rules
Last post by lurks - Today at 08:02:43 PMHallo zusammen,
ich habe ein Problem und zwar ich habe VLANS auf der opnsesne angelegt und ich komme per ip der VLANS nicht auf die OPNsense ausser wenn ich wie im Bild eine Floating rule anlege wenn ich diese Entferne funktioniert der Zugriff über das VLAN nicht mehr.
Auch ein Any Any geht nicht in den Vlan rules.
Werden VLANS anders behandelt?
Oder habe ich was Falsch verstanden ?
Danke und lg
ich habe ein Problem und zwar ich habe VLANS auf der opnsesne angelegt und ich komme per ip der VLANS nicht auf die OPNsense ausser wenn ich wie im Bild eine Floating rule anlege wenn ich diese Entferne funktioniert der Zugriff über das VLAN nicht mehr.
Auch ein Any Any geht nicht in den Vlan rules.
Werden VLANS anders behandelt?
Oder habe ich was Falsch verstanden ?
Danke und lg
#4
German - Deutsch / Re: letsencrypt DNS Problem
Last post by Simaryp - Today at 07:58:48 PMHat hier vlt. jemand noch einen Tipp für mich?
#5
25.7, 25.10 Series / Re: [SOLVED] hostwatch at 100%...
Last post by 0xd - Today at 07:37:32 PMI wasn't sure if the update clears the database so here is an attempt to save someone some time:
Web UI: System->Settings->Administration:
Check:
Enable Secure Shell
Permit root user login
Permit password login
Apply
ssh root@<yourgateway>
root@OPNsense:/var/db/hostwatch # ls -lh
total 207598624
-rw-r--r-- 1 hostd hostd 4.0M Jan 30 17:30 hosts.db
-rw-r--r-- 1 hostd hostd 393M Jan 30 18:05 hosts.db-shm
-rw-r--r-- 1 hostd hostd 198G Jan 30 18:05 hosts.db-wal
service hostwatch stop
rm -rf /var/db/hostwatch/*
Update to OPNsense 26.1_4:
exit
12) Update from console
Web UI: System->Settings->Administration:
Uncheck:
Enable Secure Shell
Permit root user login
Permit password login
Apply
Web UI: System->Settings->Administration:
Check:
Enable Secure Shell
Permit root user login
Permit password login
Apply
ssh root@<yourgateway>
root@OPNsense:/var/db/hostwatch # ls -lh
total 207598624
-rw-r--r-- 1 hostd hostd 4.0M Jan 30 17:30 hosts.db
-rw-r--r-- 1 hostd hostd 393M Jan 30 18:05 hosts.db-shm
-rw-r--r-- 1 hostd hostd 198G Jan 30 18:05 hosts.db-wal
service hostwatch stop
rm -rf /var/db/hostwatch/*
Update to OPNsense 26.1_4:
exit
12) Update from console
Web UI: System->Settings->Administration:
Uncheck:
Enable Secure Shell
Permit root user login
Permit password login
Apply
#6
25.7, 25.10 Series / Kea Leases API Endpoint
Last post by tbone - Today at 06:51:57 PMHi.
I'd like to query the actual leases from a client PC.
According to documentation https://docs.opnsense.org/development/api/core/kea.html the endpoint should be GET /api/kea/leases/search.
Other Kea endpoint do return values, but at this one I get "Endpoint not found".
But a POST request to the same endpoint returns "411 Length Required". Strange.
Can someone help me how to retieve the list of dhcp leases?
-Thomas
I'd like to query the actual leases from a client PC.
According to documentation https://docs.opnsense.org/development/api/core/kea.html the endpoint should be GET /api/kea/leases/search.
Other Kea endpoint do return values, but at this one I get "Endpoint not found".
But a POST request to the same endpoint returns "411 Length Required". Strange.
Can someone help me how to retieve the list of dhcp leases?
-Thomas
#7
26.1 Series / Re: Old rules deprecation
Last post by julsssark - Today at 06:47:39 PMI was looking for "rulenr" as displayed in the live-view details dialog. I use them in Grafana for log analysis of specific rules.
#8
26.1 Series / Re: Identity Association IPv6 ...
Last post by bazineta - Today at 06:45:28 PMQuote from: tgurr on Today at 06:11:02 PMWith that info I guess I'll stay on Dnsmasq+Track interface (legacy) for now then. It would be great if you could somehow release a tutorial / short howto then on how to configure these things for regular ISP usage then, as in "Configuration for just replacing my ISP Fritz!Box with OPNsense" as it's really hard to puzzle together everything, especially in this kind of constellations where things and certain combinations don't work at all.
Our setups are, I think, identical, and the best way to determine the optimal approach is to have someone excoriate you for doing it wrong, so I'll explain my approach, which is, you know, probably wrong.
So my ISP hands me a /56, which has not changed in ages, but that is by no means guaranteed, etc. As with your setup, I've always prefixed this into /64s for my internal networks, i.e., LAN is 0, GUEST is 1, etc. I've been migrated for months now from ISC to dnsmasq, and I'm happy with the dnsmasq setup, which I've had set to only do DHCP for v4.
Options appear to be two:
- I could configure IPv6 ranges in dnsmasq for each of the lan segments, turn on RA in dnsmasq, and have it hand out addresses.
- I can skip all that, and just turn on RA (Services -> Router Advertisements) for each of the segments, setting them to 'Unmanaged'.
Option 1 being seemingly the more complicated of the two, I went with option 2, which results dnsmasq doing IPv4 DHCP + DNS only, and IPv6 clients getting addresses purely via SLAAC.
I suspect but do not know for certain that this is more resilient to a renumbering when the /56 changes.
This appears to work properly with the prefix delegation setup, and all the usual IPv6 tests pass, but this is usually the point where more learned individuals tell me that I'm being an idiot, so let's see what they have to say.
#9
25.1, 25.4 Series / Re: Community to Business
Last post by PotatoCarl - Today at 06:38:59 PMI have the same subject here and just want to confirm that I am not running into some walls here:
- We run an older Deciso appliance with OPNSense Community edition and just upgraded to a brand new including business edition.
So, we can import the config of the 25.7. community into the 25.10. business? What about if we decide to do the community upgrade to 26.1 before we have the new appliance ready?
- We run an older Deciso appliance with OPNSense Community edition and just upgraded to a brand new including business edition.
So, we can import the config of the 25.7. community into the 25.10. business? What about if we decide to do the community upgrade to 26.1 before we have the new appliance ready?
#10
26.1 Series / Re: Old rules deprecation
Last post by OPNenthu - Today at 06:38:47 PMUnless I'm mistaken, I'm seeing that the rule UUIDs have changed since I migrated my rules to the new UI. They no longer match the UUIDs I had used in my Monit tests.
Do those UUIDs persist between config imports and OPNsense updates?
Do those UUIDs persist between config imports and OPNsense updates?
