"Recent posts
#1
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by RamSense - Today at 02:55:20 PMI've tried the OPNsense web Gui and it is reachable. It was always disabled for WAN. In OPNSense I had, and still have, System -> Settings : Listen Interfaces ALL (recommended).
Looks like I have to change this to LAN and Wireguard only(?) although it is not recommended?
Can you reproduce?
I have not made any rules for the OPNsense gui to be reachable on wan
Im on OPNsense 26.1_4-amd64
and migrated to the rules (new) and deleted the old rules.
Looks like I have to change this to LAN and Wireguard only(?) although it is not recommended?
Can you reproduce?
I have not made any rules for the OPNsense gui to be reachable on wan
Im on OPNsense 26.1_4-amd64
and migrated to the rules (new) and deleted the old rules.
#2
German - Deutsch / Re: OPNsense hinter einer DS-l...
Last post by W0nderW0lf - Today at 02:43:14 PMIch hatte vor Ewigkeiten mal ipv6 auch über die OPNsense eingerichet, aber aus irgendeinem Grund wieder verbannt.
Also einrichten könnte ich das bestimmt wieder, aber was bräuchte ich sonst noch?
Müsste ich im Grunde nur mein DynDNS auf v6 umstellen, oder bräuchte ich noch diese AFTR bzw das ds-lite interface?
Also einrichten könnte ich das bestimmt wieder, aber was bräuchte ich sonst noch?
Müsste ich im Grunde nur mein DynDNS auf v6 umstellen, oder bräuchte ich noch diese AFTR bzw das ds-lite interface?
#3
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by meyergru - Today at 02:38:37 PMHow would that work? The anti-lockout rules are for the LAN interface as source only. Did you actually see those two ports open from the WAN side?
#4
German - Deutsch / Re: ACME Plugin DNS-01 Challan...
Last post by ChrisChros - Today at 02:35:41 PM #5
Hardware and Performance / Re: Starting homelab network -...
Last post by TheRealDoug - Today at 02:33:39 PMI am running the VP2430 as my main router with 8G of ram and multiple vlans. I use the default LAN for my house stuff (wife's computer and all wireless); then I use port 3 run directly to my office with two vlans. A vlan for my main stuff (work computer, personal workstation, and my nas), then another vlan that runs to a VP6650 running a virtual OPNSense and all of my home services (*ARR, Plex, etc) and my actual lab (4 DMZ networks that is 100% virtual).
I have had zero performance issues from the VP2430. System runs around 0.16 load average and around 1G system memory usage and about 2G for ARC.
I went with the all in one solution (Protectli) lab network to be stable, and my network lab to be easily rebuildable (virtualized).
I have had zero performance issues from the VP2430. System runs around 0.16 load average and around 1G system memory usage and about 2G for ARC.
I went with the all in one solution (Protectli) lab network to be stable, and my network lab to be easily rebuildable (virtualized).
#6
German - Deutsch / Re: OPNsense hinter einer DS-l...
Last post by Patrick M. Hausen - Today at 02:14:10 PMDu müsstest auf jeden Fall durchgehend IPv6 implementieren, da du ja grundsätzlich per IPv4 nicht erreichbar bist. Hast du denn ein statisches IPv6-Prefix?
#7
26.1 Series / Crowdsec service wont autostar...
Last post by Siarap - Today at 02:10:14 PM...im launching it in dashboard.
#8
26.1 Series / Anti-Lockout Rule (Destination...
Last post by RamSense - Today at 02:06:54 PMI just noticed on https://pentest-tools.com/network-vulnerability-scanning/port-scanner-online-nmap
that the auto generated Anti-Lockout Rules (Destination NAT) for port 22 and port 444 (my opnsense gui) are both opened on WAN and can be reached.
Is this my fault and should those 2 Anti-Lockout rules be deleted after installing 26.1 or is this something to look at? I cant see a delete option in the Destination NAT list.
that the auto generated Anti-Lockout Rules (Destination NAT) for port 22 and port 444 (my opnsense gui) are both opened on WAN and can be reached.
Is this my fault and should those 2 Anti-Lockout rules be deleted after installing 26.1 or is this something to look at? I cant see a delete option in the Destination NAT list.
#9
26.1 Series / Re: os-isc-dhcp-1.0_3 failed t...
Last post by franco - Today at 01:20:06 PM> This is rather important to me, because I am using ISC DHCP and a lot of static mappings as well.
I'm not aware of a static mappings issue (yet).
Cheers,
Franco
I'm not aware of a static mappings issue (yet).
Cheers,
Franco
#10
26.1 Series / Re: os-isc-dhcp-1.0_3 failed t...
Last post by iorx - Today at 01:00:31 PMHi!
And great that you had logs on it. Because... I was not telling everything here, I did the upgrade from _10.
Now I tried again, bumped to latest 25.7.11 first. Restart. Went to 26.1_4 with the console option.
No problems this time.
The only "oddity" I "may" experience was a bit longer delay in getting an IP-address (Windows on wifi is a not a stable platform when loosing gw, dns and internet for a moment... it disconnect and starts hunting for other networks...)
I've attached the upgrade logs here.
Snippet:
And great that you had logs on it. Because... I was not telling everything here, I did the upgrade from _10.
Now I tried again, bumped to latest 25.7.11 first. Restart. Went to 26.1_4 with the console option.
No problems this time.
The only "oddity" I "may" experience was a bit longer delay in getting an IP-address (Windows on wifi is a not a stable platform when loosing gw, dns and internet for a moment... it disconnect and starts hunting for other networks...)
I've attached the upgrade logs here.
Snippet:
Code Select
...
Processing candidates (217 candidates): .......... done
Checking integrity... done (1 conflicting)
- os-isc-dhcp-1.0_3 [OPNsense] conflicts with opnsense-25.7.11_9 [installed] on /usr/local/etc/dhcpd.opnsense.d/README
Checking integrity... done (0 conflicting)
...
Installed packages to be UPGRADED:
dhcp6c: 20250513 -> 20260122 [OPNsense]
hostwatch: 1.0.6 -> 1.0.11 [OPNsense]
opnsense: 25.7.11_9 -> 26.1_4 [OPNsense]
opnsense-lang: 25.7.4 -> 26.1 [OPNsense]
opnsense-update: 25.7.11 -> 26.1 [OPNsense]
os-ddclient: 1.28 -> 1.29 [OPNsense]
os-isc-dhcp: 0.1 -> 1.0_3 [OPNsense]
os-net-snmp: 1.6 -> 1.6_1 [OPNsense]
...
Configuring cron...done.
Configuring system logging...done.
[211/212] Reinstalling isc-dhcp44-server-4.4.3P1_2...
===> Creating groups
Using existing group 'dhcpd'
===> Creating users
Using existing user 'dhcpd'
[211/212] Extracting isc-dhcp44-server-4.4.3P1_2: .......... done
[212/212] Upgrading os-isc-dhcp from 0.1 to 1.0_3...
[212/212] Extracting os-isc-dhcp-1.0_3: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
