Recent posts

#1

25.7, 25.10 Series / Re: CALL FOR TESTING: IPv6 imp...

Last post by Greelan - Today at 04:56:14 AM

Just wanted to chime in to say kudos to Franco for having the courage to overhaul dhcp6c. It's been a long-neglected part of the nix/bsd universe and was in need of some tlc. It just staggers me that this hasn't happened already at an industry level

#2

German - Deutsch / IPV6 Tunnel mit Route64

Last post by Swtrse - Today at 02:46:02 AM

Hallo,

Ich bin am ende mit meinem Latein und Copilot schickt mich auch nur noch im Kreis ^^.

Ich habe ein Setup mit PPPoE. Mein "Steinzeit"-Provider (A1) Bietet kein IPv6 auf meinem Anschluss also habe ich einen GIF Tunnel mit Rout64 eingerichtet.
Mein Problem
Nach einem Reboot der Firewall funktioniert IPv6 ~120 Sekunden lang dann bekomme ich nur noch timeouts.

Was Copilot mir vorgeschlagen hat und umgesetzt wurde (ohne Erfolg):
Gateway monitoring deaktiviert
Statische Route gesetzt zur Endadresse von Rout64 (Weil ich nicht die eigenliche Tunneladresse verwende sondern das ebenfalls geroutete /56 subnetz)
Eine Allow All Rule auf dem Interace für den GIF Tunnel
Bei der Regel auf dem Wan Interface ür Protocol 41 ["Antwort-an" deaktivieren] angehackt und [Status-Typ] auf "Kein Zustand" gestellt.
MTU alles mögliche und MSS auch.

Sobald meine Pings nur noch timeouts werfen. Sehe ich selbst bei der Paketaufzeichnung nichts.

#3

Hardware and Performance / Re: [solved] Intel i226 Firmwa...

Last post by BrandyWine - Today at 02:44:48 AM

promox is debian linux, so you need the linux tool, not the freeBSD tool.
You can find the etrackID of your existing nvm, so find it and put that in cfg for replaces. Inventory and log using the util tool, in there it should show etrackID.

Make sure everything in cfg is correct and spelling is good.

#4

Hardware and Performance / Re: [HOWTO] Install OPNsense 2...

Last post by rumshot - Today at 02:17:46 AM

Hello Team,

I bought a EC-XS too and could figure out most of the steps, until arrive this thread.
My issue is due to the fact the device is not detecting my usb stick and im unable to boot from it and install opnsense.
I was wondering if someone face that or would have a tip to give me.
I could potentially install the opnsense in another computer with ec-xs hd, but i dont know if when i swap it back to ec-xs it will detect the interfaces and so on.
Any guidance its welcome.
ps.: im mac user, then maybe im struggling a little bit and not sure if my usb stick its really booting.

#5

26.1 Series / Re: KEH reservations

Last post by passeri - Today at 02:11:23 AM

Reservations remain as you would expect.

Are your reservations outside your dynamic pools?

Did you miss an Apply somewhere along the line?

#6

26.1 Series / Re: KEH reservations

Last post by nero355 - Today at 12:32:06 AM

Can't it save reservation between reboots?

I think your upgrade procedure wasn't the most optimal one...

You should have migrated to something else BEFORE upgrading to a release that moves ISC DHCP Server to the plug-in and then start the upgrades.
All your old DHCP Reservations could have been exported to .CSV files and imported into either KEA DHCP Server or DNSmasqd DHCP & DNS Server.

And all reservations should just stay where they are after a reboot! :)

[KEA DHCP]

#7

26.1 Series / Re: Register DHCP Static Mappi...

Last post by nero355 - Today at 12:27:03 AM

I need to participate here, because I'am struggling with the same issue. I have upgraded to 26.1 and now using KEA DHCP together with Unbound DNS, Dnsmasq DNS & DHCP is disabled.

Then you need to read this : https://docs.opnsense.org/manual/kea.html

From the link you provided I read that Dnsmasq is required as a connector.

That's not what it means...

But in Unbound I have enabled Register DHCP Static Mappings and I thought this does exactly what I wanted: Having hosts which got a DHCP lease from KEA will be served via DNS. ... but it's not working.

Because of this :

Kea has a hook to Unbound for static mappings only.

;)

Does KEA only have a hook towards Dnsmasq?

NOFI, but PLEASE READ the documentation first carefully before you decide to just configure something and then hope it works !!

OPNsense does some things different than you would expect so you need to take those differences in account when configuring services ;)

#8

26.1 Series / KEH reservations

Last post by unixpgmr - February 14, 2026, 11:03:32 PM

I was a couple of releases behind so I graded.  Well, the upgrade didn't go so well. It removed the ICS dhcp server, didn't migrate ANYTHING and didn't start the KEA dhcp server.  My whole network went down. I was more than a little miffed. I finally got in and setup KEA and started. Got my network back up. Today I started setting up my reservations. I rebooted the system. NONE of my reservations was preserved. WTH? I am sorry if I sound a bit angry, but I am. What is going on with KEA dhcp server? Can't it save reservation between reboots?

#9

26.1 Series / Re: Register DHCP Static Mappi...

Last post by LisaMT - February 14, 2026, 11:02:33 PM

unbound works great with Kea DHCP.  All devices are accessed by hostnames on the network.  For those few that the names are duplicates, I add them to the override list; such as when a server has multiple names for clarity.

Dnsmasq is a last resort for me; I've used it for many years when forced to, but the other issues with it are simply not worth using it.  True if we were still running with 56k modems it was great. 

#10

26.1 Series / Re: Destination NAT (port forw...

Last post by LisaMT - February 14, 2026, 10:52:52 PM

I'm still getting port forwarding messages in my log file that claim my 'Camera' network (which should be very isolated) has members trying to reach 8.8.8.8:53. 
The 'Camera' interface is NOT listed in the port forwarding rule.  Only the LAN and PHONE interfaces.  So why do the logs show the rule is acting on the 'Camera' interface?