"Recent posts
#1
25.7, 25.10 Series / Re: IPv6 erratically broken fr...
Last post by rmayr - Today at 10:37:30 PMThe issue still happens, although it seems to be harder to reproduce / takes longer to trigger now. I am not sure if having two (non-quick) rules that allow the same traffic from the respective VLAN to WAN makes it less likely that packets don't match? It also seems like the more traffic an IPv6 address has already created, the more quickly it triggers the condition. But as before, I am completely stumped on what could cause these symptoms and am not closer to solving it (though I have reduced complexity somewhat by, e.g., shutting down the backup firewall for the time being). Any other hints on how to debug further would be greatly appreciated.
#2
Virtual private networks / Re: Tailscale - Site-to-Site S...
Last post by eimann - Today at 10:30:53 PMI've got the same issue, unfortunately without a solution.
Tailscale ACL works, traffic also works on Linux (with disabled auto-SNAT as I want to preserve source IP).
However, when deploying on OPNsense, it breaks.
ping von freeradius => wlc tut (sehe icmp auf dem ts-sidecar in beide richtungen, auf der opnsense tailscale0 gar nix, auf dem lan interface aber schon)
ping von wlc => freeradius nicht, sehe icmp auf der opnsense tailscale0 ausgehen, auf ts-sidecar eingehend + ausgehend
ping from LAN A to LAN B
traffic outgoing on OPNsense TS interface => incoming+outgoing on TS other subnet router <=> incoming+outgoing on LAN other Subnet Router
ping from LAN B to LAN A
incoming on LAN other subnet router => outgoing on TS interface other Subnet Router => traffic NOT incoming on OPNsense TS interface
Firewall rules permit everything between these hosts/subnets. And of course with NAT it works, but as said before, losing source IPs which I need.
Tailscale ACL works, traffic also works on Linux (with disabled auto-SNAT as I want to preserve source IP).
However, when deploying on OPNsense, it breaks.
ping von freeradius => wlc tut (sehe icmp auf dem ts-sidecar in beide richtungen, auf der opnsense tailscale0 gar nix, auf dem lan interface aber schon)
ping von wlc => freeradius nicht, sehe icmp auf der opnsense tailscale0 ausgehen, auf ts-sidecar eingehend + ausgehend
ping from LAN A to LAN B
traffic outgoing on OPNsense TS interface => incoming+outgoing on TS other subnet router <=> incoming+outgoing on LAN other Subnet Router
ping from LAN B to LAN A
incoming on LAN other subnet router => outgoing on TS interface other Subnet Router => traffic NOT incoming on OPNsense TS interface
Firewall rules permit everything between these hosts/subnets. And of course with NAT it works, but as said before, losing source IPs which I need.
#3
German - Deutsch / Re: Interface auf Dual-Netzwer...
Last post by Classic89 - Today at 09:43:55 PMSuper, vielen Dank euch beiden :)
#4
General Discussion / Re: TUI for viewing and analys...
Last post by allddd - Today at 09:43:51 PMQuote from: Monviech (Cedrik) on January 04, 2026, 05:45:37 PM@allddd
I think you could create a PR here that adds it to the opnsense sub directory:
https://github.com/opnsense/ports/tree/master/opnsense
If you need inspiration check out recently added ports there (eg ndp-proxy-go or hostwatch)
https://github.com/opnsense/ports/pull/252
I hope I've gotten everything right, it builds and installs without issue in a clean FreeBSD VM.
#5
25.7, 25.10 Series / Re: Adguard stopped responding...
Last post by Patrick M. Hausen - Today at 09:37:26 PMAGH logs? Test with dig/drill/nslookup on the command line.
#6
German - Deutsch / Re: Interface auf Dual-Netzwer...
Last post by Patrick M. Hausen - Today at 09:36:46 PMQuote from: Classic89 on Today at 09:33:22 PMAlso sollte ein Einbau der identischen Karte sogar out of the Box funktionieren?
Natürlich.
#7
German - Deutsch / Re: Interface auf Dual-Netzwer...
Last post by Classic89 - Today at 09:33:22 PMQuote from: meyergru on Today at 09:18:48 PMJa, die bekommen bei gleichem Typ die selben Bezeichnungen.
Also sollte ein Einbau der identischen Karte sogar out of the Box funktionieren?
#8
25.7, 25.10 Series / Adguard stopped responding to ...
Last post by hooter - Today at 09:24:43 PMRunning the latest Adguard on OPNsense 25.7.10-amd64, Protectli VP2430
Clean install of OPNsense. Added the community plug-in for Adguard, configured with Unbound as per the how-to here. Updated to the latest Adguard via the Adguard admin page.
Ran fine for a few weeks, then one night it just stopped responding to DNS requests from clients on my network. I tried re-booting, then finally disabled it altogether and moved Unbound back to port 53.
I'd really like to get it working again. Any suggestions where I should look?
Clean install of OPNsense. Added the community plug-in for Adguard, configured with Unbound as per the how-to here. Updated to the latest Adguard via the Adguard admin page.
Ran fine for a few weeks, then one night it just stopped responding to DNS requests from clients on my network. I tried re-booting, then finally disabled it altogether and moved Unbound back to port 53.
I'd really like to get it working again. Any suggestions where I should look?
#9
German - Deutsch / Re: Interface auf Dual-Netzwer...
Last post by meyergru - Today at 09:18:48 PMJa, die bekommen bei gleichem Typ die selben Bezeichnungen.
#10
German - Deutsch / Re: Interface auf Dual-Netzwer...
Last post by Classic89 - Today at 09:17:38 PMQuote from: meyergru on Today at 08:38:29 PMSollte nicht, aber bei diesen Billigartikeln braucht ja nur eine kalte Lötstelle einen Wackler produzieren.
Dann schaue ich mir das mal an. Für den Fall dass die Karte bzw. der NIC hin sein sollte. Kann man die Karte problemlos austauschen? Ich muss ja dann vermutlich zumindest das LAN-Interface an dem Gerät neu konfigurieren, damit ich wieder an das Web-Interface aus dem LAN komme. Geht das ohne dass die Einstellungen überschrieben werden?
