"Recent posts
#1
26.1 Series / Re: Client is being assigned b...
Last post by nero355 - Today at 03:27:24 AMQuote from: FarmServer on Today at 01:28:40 AMYet somehow this one pc keeps getting assigned an ip on 192.168.3.x as its primary dns. Its a corporate owned pc so I cant edit anything in its network settings to force it to use different dns name servers.Maybe it's a hardcoded IP address of the Corporate DNS Server ?!
What happens when you boot the PC without a network connection : Is the Primary DNS Server 192.168.3.41 still there ??
Try it a couple of times and check what happens...
#2
General Discussion / Please help me get connected t...
Last post by TrafficChaos - Today at 03:13:53 AMHello once again, I am making no progress in regard to connecting my OPNsense
router/firewall to the internet.
I have tried to get my OPNsense box to connect to the internet via my hotspot
which is bridged to my mobile phone, and had no success at all.
I have also connected a USB to WiFi adapter to my phone and connected
the ethernet end of the adapter to the WAN port on my OPNsense box and
have failed to make an internet connection using this method either.
I can connect the hotspot which is bridged to my mobile directly to a
computer and that computer can access the internet.
I can also connect the USB to WiFi adapter to my computer and also
rech out to the internet.
I truly have no idea why neither device when connected to my OPNsense
box's WAN port will not work.
There are so many settings under >Interfaces >WAN that I do not know wher to
start filling in the required details, or even what details are reauired.
Could someone please help me get this to work.
I connected both my USB to WiFi adapter and my Hotspot to my switch
and both allowed the devices connected to the switch to access the
internet, but this is not good as they do not go through the OPNsense
router/firewall.
But even this approach seems to only work sometimes.
I have no wired internet provider where I live, so am stuck with using
a mobile phone bridged to a hotspot which I can plug in via ethernet
cable to the OPNsense box, or similar setup using USB to WiFi adapter.
I attach the switch to the lan port on the OPNsense box and the other
devices am trying to access the internt with to the WAN port, I assume
this is the correct approach, did I at least get this right.
Thanks in advance to anyone who is able to help.
router/firewall to the internet.
I have tried to get my OPNsense box to connect to the internet via my hotspot
which is bridged to my mobile phone, and had no success at all.
I have also connected a USB to WiFi adapter to my phone and connected
the ethernet end of the adapter to the WAN port on my OPNsense box and
have failed to make an internet connection using this method either.
I can connect the hotspot which is bridged to my mobile directly to a
computer and that computer can access the internet.
I can also connect the USB to WiFi adapter to my computer and also
rech out to the internet.
I truly have no idea why neither device when connected to my OPNsense
box's WAN port will not work.
There are so many settings under >Interfaces >WAN that I do not know wher to
start filling in the required details, or even what details are reauired.
Could someone please help me get this to work.
I connected both my USB to WiFi adapter and my Hotspot to my switch
and both allowed the devices connected to the switch to access the
internet, but this is not good as they do not go through the OPNsense
router/firewall.
But even this approach seems to only work sometimes.
I have no wired internet provider where I live, so am stuck with using
a mobile phone bridged to a hotspot which I can plug in via ethernet
cable to the OPNsense box, or similar setup using USB to WiFi adapter.
I attach the switch to the lan port on the OPNsense box and the other
devices am trying to access the internt with to the WAN port, I assume
this is the correct approach, did I at least get this right.
Thanks in advance to anyone who is able to help.
#3
26.1 Series / Re: Autoscroll in the update l...
Last post by nero355 - Today at 03:09:39 AMQuote from: vpx23 on February 18, 2026, 07:23:05 PMI can not exclude that my browser is the cause, I'm using LibreWolf with uBlock OriginI am currently exploring LibreWolf in combination with Debian 13.3 via the extrepo command and I think there is a great chance that some of the default settings or privacy related modifications could be indeed the issue...
Luckily I usually use Pale Moon for all my network hardware related tasks because it's a great browser for such tasks :)
(Really getting tired of Mozilla and the way they are treating Firefox the last couple of years so experimenting with LibreWolf now since it has a lot of annoying things removed from the code and/or some default configuration stuff that's more to my taste...
Pale Moon however is a browser that I have been using for something like 15 years or even longer without any issues so feel free to check it out!)
#4
26.1 Series / Re: 26.1.2 - crashed and reboo...
Last post by nero355 - Today at 02:49:26 AMQuote from: Comp User on February 17, 2026, 05:15:34 PMThe annoying thing is that every time I try to get it working, i get another file error.Please check your RAM and the health of your HDD/SSD in your Router and if both don't show anything weird then maybe do a fresh install ?!
Using cmd option 12 give me a list of 170 files to update, but crashed one time on the 10th file and another time on the 5th or the 33rd, so there is no logic or explanation for what is going wrong.
#5
26.1 Series / Re: NTP Redirect via DNAT
Last post by ddam191 - Today at 02:41:49 AMThanks for the suggestions. I realized that after modifying my DNAT rule that I needed to run a packet capture on the WAN interface, not the internal interfaces, to confirm that the rule was working, which it now is. The rule is truly transparent since each device thinks it's contacting its configured NTP server, but OPNsense is intercepting and redirecting the traffic.
Solved.
Solved.
#6
Hardware and Performance / Re: DEC750 realistic 10G expec...
Last post by nero355 - Today at 02:41:36 AMQuote from: Greg_E on February 18, 2026, 05:02:49 PMJealous of your 10g connections.
Quote from: patient0 on February 18, 2026, 07:14:47 PMYou only have to move to SwitzerlandAlso available in The Netherlands ;)
#7
26.1 Series / Client is being assigned bogus...
Last post by FarmServer - Today at 01:28:40 AMI have a computer that needs to connect to a corporate network via ipsec that is having issues connecting using its ipsec client. My opnsense firewall and zenarmor do not seem to be blocking any connections from this computer. The only suspect thing I can find with its connection issues is when this computer connects to my wifi sometimes the primary dns is assigned to 192.168.3.41 and the secondary is assigned to 192.168.1.1(the subnet this pc should be on).
192.168.3.x is a subnet I use for wired clients but none are broadcasting dhcp. 192.168.1.x is my wifi subnet broadcast over two access points. the access points are not configured to assign dhcp or dns, they are just antennas.
I am using dnsmasq for dhcp with a dns listen port of 0 which should disable dns as far as I understand. Dhcp ip ranges are defined in dnsmasq for each subnet, everything else is defaults.
I am using UnboundDNS for dns over tls. Its listening on port 53, nothing else is really configured except for cloudflare, quad9, and google dns servers.
No dns is assigned in system > settings > general.
Yet somehow this one pc keeps getting assigned an ip on 192.168.3.x as its primary dns. Its a corporate owned pc so I cant edit anything in its network settings to force it to use different dns name servers. None of my other clients on the wifi subnet are getting assigned anything more than 192.168.1.1. In fact, this one pc is the only pc getting assigned a primary and secondary dns. The other windows clients are only being assigned 192.168.1.1 as a primary dns and no secondary.
Im a bit stumped as to what could be assigning this dns address. Is there anywhere in opnsense I should look, or some setting to better force dns assignments to this client? It seems to need a more explicit declaration of primary/secondary dns but I cant do that without admin rights on the corporate pc, which I wont ever get.
Thanks for the help
192.168.3.x is a subnet I use for wired clients but none are broadcasting dhcp. 192.168.1.x is my wifi subnet broadcast over two access points. the access points are not configured to assign dhcp or dns, they are just antennas.
I am using dnsmasq for dhcp with a dns listen port of 0 which should disable dns as far as I understand. Dhcp ip ranges are defined in dnsmasq for each subnet, everything else is defaults.
I am using UnboundDNS for dns over tls. Its listening on port 53, nothing else is really configured except for cloudflare, quad9, and google dns servers.
No dns is assigned in system > settings > general.
Yet somehow this one pc keeps getting assigned an ip on 192.168.3.x as its primary dns. Its a corporate owned pc so I cant edit anything in its network settings to force it to use different dns name servers. None of my other clients on the wifi subnet are getting assigned anything more than 192.168.1.1. In fact, this one pc is the only pc getting assigned a primary and secondary dns. The other windows clients are only being assigned 192.168.1.1 as a primary dns and no secondary.
Im a bit stumped as to what could be assigning this dns address. Is there anywhere in opnsense I should look, or some setting to better force dns assignments to this client? It seems to need a more explicit declaration of primary/secondary dns but I cant do that without admin rights on the corporate pc, which I wont ever get.
Thanks for the help
#8
Virtual private networks / Run PostUp command when WireGu...
Last post by Greelan - Today at 01:07:35 AMI need to run a PostUp command when my Mullvad WG interface comes up (to implement quantum resistant tunnelling: https://mullvad.net/en/help/quantum-resistant-tunnels-with-wireguard#modify-config).
I've successfully built the Mullvad utility for FreeBSD, and it works fine on the command line to establish ephemeral peers over the established tunnel to negotiate a PSK.
However, this needs to be run each time the tunnel is established.
There isn't any PostUp (or PostDown, PreUp or PreDown) option in the WG UI in OPNsense to easily add this. I know OPNsense doesn't directly use wg-quick, but there is also no equivalent option.
Is there another good way to do so? Or do I need to look at implementing changes to the OPNsense code to add advanced options in the UI to facilitate this?
I've successfully built the Mullvad utility for FreeBSD, and it works fine on the command line to establish ephemeral peers over the established tunnel to negotiate a PSK.
However, this needs to be run each time the tunnel is established.
There isn't any PostUp (or PostDown, PreUp or PreDown) option in the WG UI in OPNsense to easily add this. I know OPNsense doesn't directly use wg-quick, but there is also no equivalent option.
Is there another good way to do so? Or do I need to look at implementing changes to the OPNsense code to add advanced options in the UI to facilitate this?
#9
General Discussion / Re: Deutsche Telekom - Glasfer...
Last post by Maurice - February 18, 2026, 11:15:03 PMYou can keep using the existing phone line / DSL, these won't get shut down anytime soon.
Deutsche Telekom sells two types of basic ONTs for about the same price: The "Glasfaser-Modem 2" with a 2.5 Gig Ethernet port and an SFP module named "Glasfasermodem Digitalisierungsbox" (actually a Zyxel PMG3000-D20B). Both are known to work just fine. There are some reports about compatibility issues with the SFP in certain NICs, but it works fine for me in a MikroTik device.
I'd highly recommend getting your home connected. Even if you don't currently need the speed, it's more reliable than DSL, upload speed is 50% of download, power consumption is lower. And if the fiber itself is from Deutsche Telekom, you can typically get contracts from Vodafone, o2, 1&1 etc., too. Just like with DSL.
Cheers
Maurice
Deutsche Telekom sells two types of basic ONTs for about the same price: The "Glasfaser-Modem 2" with a 2.5 Gig Ethernet port and an SFP module named "Glasfasermodem Digitalisierungsbox" (actually a Zyxel PMG3000-D20B). Both are known to work just fine. There are some reports about compatibility issues with the SFP in certain NICs, but it works fine for me in a MikroTik device.
I'd highly recommend getting your home connected. Even if you don't currently need the speed, it's more reliable than DSL, upload speed is 50% of download, power consumption is lower. And if the fiber itself is from Deutsche Telekom, you can typically get contracts from Vodafone, o2, 1&1 etc., too. Just like with DSL.
Cheers
Maurice
#10
Virtual private networks / "Duplicating" a subnet?
Last post by Morc - February 18, 2026, 11:08:44 PMHello everyone!
I've switched to OPNsense after nearly 10 years of using a now old Synology RT1900ac and I've been honestly enjoying it all. Having tailscale integrated in the router is truly amazing but there's just one thing I would want to know if is possible. My current local LAN subnet is 192.168.1.0/24, I have a bunch of devices on it and I don't really plan on moving from it yet. The tailscale network I am in thankfully doesn't have any multiple 192.168.1.0/24 subnet conflicts, but the networks I connect from are using the 192.168.1.0/24 subnet locally as well. I mostly mitigated it by switching the other networks to 192.168.2.0/24, but I was actually wondering if there would be any possible idea to like... duplicate or mirror the subnet?
Let's say it like this.
I get to keep 192.168.1.0/24 locally for all the devices on the LAN.
I make a new 10.5.1.0/24 subnet that would be "hidden" or just virtual or basically transparent to interfaces (?)
Tailscale would be switched to advertise 10.5.1.0/24 instead of 192.168.1.0/24
All devices would be mirrored? (eg. LAN 192.168.1.3 <-> 10.5.1.3 Tailscale both ways)
I hope I can manage to describe the whole idea properly, I feel like I am dumb at this point because I've been trying to look for this over the internet but to no avail.
I did try some stuff with one to one NAT or virtual IPs but I am genuinely lost in all of this, making it worse that I lack proper networking knowledge as well.
EDIT: ofc that after sending a post I did manage to find this blogpost: https://jrs-s.net/2020/01/19/static-routing-through-vpn-servers-in-opnsense/
it got me further because I can indeed ping devices but still not access any ports even though the firewall live log shows them as passed.
EDIT2: managed to get it to work! can do a writeup if anyone wants
I've switched to OPNsense after nearly 10 years of using a now old Synology RT1900ac and I've been honestly enjoying it all. Having tailscale integrated in the router is truly amazing but there's just one thing I would want to know if is possible. My current local LAN subnet is 192.168.1.0/24, I have a bunch of devices on it and I don't really plan on moving from it yet. The tailscale network I am in thankfully doesn't have any multiple 192.168.1.0/24 subnet conflicts, but the networks I connect from are using the 192.168.1.0/24 subnet locally as well. I mostly mitigated it by switching the other networks to 192.168.2.0/24, but I was actually wondering if there would be any possible idea to like... duplicate or mirror the subnet?
Let's say it like this.
I get to keep 192.168.1.0/24 locally for all the devices on the LAN.
I make a new 10.5.1.0/24 subnet that would be "hidden" or just virtual or basically transparent to interfaces (?)
Tailscale would be switched to advertise 10.5.1.0/24 instead of 192.168.1.0/24
All devices would be mirrored? (eg. LAN 192.168.1.3 <-> 10.5.1.3 Tailscale both ways)
I hope I can manage to describe the whole idea properly, I feel like I am dumb at this point because I've been trying to look for this over the internet but to no avail.
I did try some stuff with one to one NAT or virtual IPs but I am genuinely lost in all of this, making it worse that I lack proper networking knowledge as well.
EDIT: ofc that after sending a post I did manage to find this blogpost: https://jrs-s.net/2020/01/19/static-routing-through-vpn-servers-in-opnsense/
it got me further because I can indeed ping devices but still not access any ports even though the firewall live log shows them as passed.
EDIT2: managed to get it to work! can do a writeup if anyone wants
