Recent posts

Pages1 2 3 ... 10
#1
26.1, 26,4 Series / Re: SSH Connection refused
Last post by meyergru - May 16, 2026, 10:34:05 PM
Well, obviously whatever id_rsa file you created is not accessible, but that is a pure client problem. Maybe the path is incorrect. You could always use password-based authentication instead.

Apart from that, port 22 on 192.168.1.1 cannot be reached, so either the IP is wrong, or SSH is not enabled or some firewall rule prevents you from accessing the SSH port.
#2
26.1, 26,4 Series / SSH Connection refused
Last post by nme34 - May 16, 2026, 10:28:08 PM
I have had OPNsense installed before on this PC I have now in the past and SSH worked fine. I tried the instructions on the OPNsense site and that did not work. Port 22 was refused.

I read this: https://www.derekseaman.com/2021/04/how-to-adding-ssh-keys-to-opnsense.html

and tried:
ssh -i id_rsa root@192.168.1.1

and received:
Warning: Identity file id_rsa not accessible: No such file or directory.
ssh: connect to host 192.168.1.1 port 22: Connection refused

The OPNsense install is new and default except for the above attempted setup.

Can someone point me in the right direction?
#3
General Discussion / Re: NUT is Broken After Udatin...
Last post by kiekar - May 16, 2026, 09:32:18 PM
Quote from: Patrick M. Hausen on May 16, 2026, 07:16:40 PM
Code Select
opnsense-revert -r 26.1.7 nut
pkg lock nut

It worked. Thanks
#4
26.1, 26,4 Series / Re: How to pin a Host to a Gat...
Last post by zartoz - May 16, 2026, 09:26:09 PM
I have success!  I configured a LAN Interface rule for the specific Host, but specified the Destination as an Inverse of "LAN net" and then pointed to my LTE Gateway.  I did have to do 2 rules, both in and out rules for the Host with the specified gateway.
#5
German - Deutsch / Re: Unbound unter OpenVPN
Last post by viragomann - May 16, 2026, 09:13:20 PM
Quote from: trixter on May 15, 2026, 09:16:38 PMNun möchte ich aber auf dem WAN den DNS abschalten - klar könnte man das auch per Regel blocken, das ist nur ein Workaround. Macht man bei den Regeln einen Fehler, ist wieder alles offen.
Ich denke, da hast die eine falsche Sichtweise. Natürlich sind Regeln hier das geeignet Mittel, um Zugriffe zu beschränken.

Die Interfaces, die man in Unbound auswählt, sind lediglich jene, auf welche Unbound lauscht. Ihn auf die Interface IP lauschen zu lassen ist komfortabel in Verbindung mit einem DHCP Server, weil dieser die Interface IP automatisch auch gleich an die Clients als DNS verteilt. Als Zugriffsbeschränkung ist das aber gar nicht geeignet.
Clients am LAN könnten eben so gut ihre DNS-Anfragen an die Management-IP richten. Wenn da ein DNS läuft und die Firewall-Regen den Zugriff erlauben, werden sie eine Antwort erhalten.
Das gilt natürlich auch für alle anderen Services, die auf OPNsense laufen.
Firewall-Regeln sind also in jedem Fall das Werkzeug der Wahl, um unerwünschte Zugriffe zu unterbinden.

Quote from: trixter on May 15, 2026, 09:16:38 PM>>Möchte meinen VPN-lern die internen Servernamen mitgeben, die den Rest der Welt nichts angehen!
In der OpenVPN Server-Konfiguration musst du ohnehin einen DNS-Server eintragen. Das kann dann auch die LAN-IP oder sonst eine sein, auf der Unbound lauscht. Wenn die Clients nur die Hostnamen, nicht den gesamten FQDN, auflösen können sollen, musst du die lokale Domäne auch als Suchdomänen pushen.
Erlaube den Zugriff ggf. noch mit einer Regel, dann sollten die Clients Namen auflösen können.
#6
Virtual private networks / Re: Forcing Outbound VPN Conne...
Last post by viragomann - May 16, 2026, 08:43:11 PM
Quote from: cardblower on May 16, 2026, 11:46:32 AMis there a way of forcing my outbound VPN connection to use a specific gateway rather than the default one?

I've tried a firewall rule (LAN and floating) to force destination traffic for the vpn endpoint to a specific gateway
On LAN?
If you're talking about a VPN client running on a LAN device, yes, this would be the proper way and should work.

But if want to force a connection from a client running on OPNsense itself to a certain gateway, you can only do this with a policy-routing rule for outbound traffic on the WAN.
#7
26.1, 26,4 Series / Re: Intermittent upload collap...
Last post by dare - May 16, 2026, 08:37:59 PM
I've checked the thread you're referring to, the task is non-trivial to say the least :D .
I will definitely keep it in mind and will probably update the firmware regardless, but I want to see what protectli support have to say about this problem first.

I will update this thread as soon as I get protectli's feedback.

Thank you so much for taking the time to answer and suggesting a path forward. I honestly felt pretty lost.
#8
26.1, 26,4 Series / Re: Intermittent upload collap...
Last post by meyergru - May 16, 2026, 07:33:42 PM
Who knows, maybe older kernels keep the hardware more busy? The problem occurs when the device goes into low power states - enabling them only provides the possibility to do just that.

You can also update the firmware of your I226 chips, there is a thred about it in the tutorial section, but IDK if updating it helps any further.
#9
26.1, 26,4 Series / Re: 26.1.8 breaks Firewall Rul...
Last post by IsaacFL - May 16, 2026, 07:33:23 PM
I opened a bug in GitHub

 Firewall: Rules [new] - Unable to Filter Out Floating rules #10313

#10
26.1, 26,4 Series / [RESOLVED] Re: ping: sendto: I...
Last post by ajr - May 16, 2026, 07:20:41 PM
Code Select
Stupid netmask error.
Sorry for the noise,
ajr

[quote author=ajr link=msg=266678 date=1778348248]
    inet 192.168.178.12 netmask 0xffffffff broadcast 192.168.178.12
 
[/quote]
Pages1 2 3 ... 10