"Recent posts
#1
High availability / Unexpected CARP transitions: h...
Last post by JimIFN - Today at 05:20:04 AMHi all:
I have a failover pair of OPNsense routers running in my small ISP. I use CARP+pfsync for all my user-facing networks. My backup node is a bit weaker than my primary (working on hardware upgrades), and my demand has grown quickly (a good problem to have!) such that my backup node can't quite keep up. So if my primary is functional, I do want it handling all the traffic.
Recently, my backup node has on its own changed its CARP priority to -240, which of course makes it master. The primary router was at a priority of 0 at all times.
entering carp maintenance mode, then exiting on the secondary node did cause it to change to a priority of 0, which caused it to become the backup as expected.
What causes a CARP node to change its priority to -240 without human input? How can I get logs/troubleshooting details on that?
Thanks!
--Jim
I have a failover pair of OPNsense routers running in my small ISP. I use CARP+pfsync for all my user-facing networks. My backup node is a bit weaker than my primary (working on hardware upgrades), and my demand has grown quickly (a good problem to have!) such that my backup node can't quite keep up. So if my primary is functional, I do want it handling all the traffic.
Recently, my backup node has on its own changed its CARP priority to -240, which of course makes it master. The primary router was at a priority of 0 at all times.
entering carp maintenance mode, then exiting on the secondary node did cause it to change to a priority of 0, which caused it to become the backup as expected.
What causes a CARP node to change its priority to -240 without human input? How can I get logs/troubleshooting details on that?
Thanks!
--Jim
#2
Virtual private networks / Re: [SOLVED] simple WireGuard ...
Last post by Erutan409 - Today at 05:09:26 AMQuote from: Greelan on June 14, 2021, 06:53:31 AMI bet after adding your interface without defining IPs that you didn't stop and start WG, right? Without doing that, yes IPs aren't assigned. But once you do stop and start WG, the IPs are there.
This was actually exactly the step I missed. I wish I could set this something to do this for me automatically. But, yes - I needed to toggle the enabled state.
#3
25.7, 25.10 Series / Re: DHCP Not working on Unifi ...
Last post by Thorium - Today at 04:56:00 AMSorry to revive this thread, but I just setup OPnsense and have a Unifi switch incoming.
I will make the untagged/VLAN 1 my management VLAN.
But I'm not wrapping my head around the best way to implement the links between OPNsense and Unifi switch, given the warnings out there around mixing untagged/tagged on same interface. And I'm not a networking guy so apologies.
My OPNsense is a Proxmox VM running on a device with 6 physical network interfaces:
(4) Intel I226 2.5gbe, (2) 10gb Intel X710.
I initially set up the VM with two virtual NIC:
Eth0 (physical NIC 1 - 2.5gbe) = vtnet0 = WAN
Eth4 (physical NIC 5 - 10gbe) = vtnet1 = LAN
Since I have plenty of NIC what's the best plan for this homelab setup?
1) Ignore the mixing tagged/untagged warnings, use the "LAN" interface for the untagged mgmt VLAN and all my device VLANs children of LAN?
Or
2) somehow use a separate NIC in Opnsense configured to only do the untagged network, and another for only the tagged VLANs?
If #2 I need some pointers on exactly how to do this since the initial OPnsense configuration is working like #1.
Thanks for your expertise.
I will make the untagged/VLAN 1 my management VLAN.
But I'm not wrapping my head around the best way to implement the links between OPNsense and Unifi switch, given the warnings out there around mixing untagged/tagged on same interface. And I'm not a networking guy so apologies.
My OPNsense is a Proxmox VM running on a device with 6 physical network interfaces:
(4) Intel I226 2.5gbe, (2) 10gb Intel X710.
I initially set up the VM with two virtual NIC:
Eth0 (physical NIC 1 - 2.5gbe) = vtnet0 = WAN
Eth4 (physical NIC 5 - 10gbe) = vtnet1 = LAN
Since I have plenty of NIC what's the best plan for this homelab setup?
1) Ignore the mixing tagged/untagged warnings, use the "LAN" interface for the untagged mgmt VLAN and all my device VLANs children of LAN?
Or
2) somehow use a separate NIC in Opnsense configured to only do the untagged network, and another for only the tagged VLANs?
If #2 I need some pointers on exactly how to do this since the initial OPnsense configuration is working like #1.
Thanks for your expertise.
#4
General Discussion / Re: git@git@url
Last post by thoth - Today at 03:59:00 AMthe answer is to remove the 'git@' and set the URL to: ssh://10.1.1.21:4222/user1/opnsense.git
#5
General Discussion / git@git@url
Last post by thoth - Today at 03:57:47 AMupon setting an url like this for backup:
ssh://git@10.1.1.21:4222/user1/opnsense.git
click Test, it will complain about User Name not being set, so fill in User Name with 'git'
then you'll get errors about
```
it-backup authentication failure (git@git@10.1.1.21: Permission denied (publickey).\x0d fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. )
```
why ask for a full URL if we aren't going to obey the username portion?
ssh://git@10.1.1.21:4222/user1/opnsense.git
click Test, it will complain about User Name not being set, so fill in User Name with 'git'
then you'll get errors about
```
it-backup authentication failure (git@git@10.1.1.21: Permission denied (publickey).\x0d fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. )
```
why ask for a full URL if we aren't going to obey the username portion?
#6
General Discussion / Re: Please help getting starte...
Last post by Hollywood - Today at 02:05:52 AMQuote from: Maurice on Today at 01:15:18 AMQuote from: Hollywood on December 18, 2025, 11:44:28 PMThe WAN is now 192.168.10.72 and the LAN is 192.168.10.71.You cannot use the same subnet for WAN and LAN. Just keep the default settings - WAN as DHCP client (so it'll get an address from your Asus router) and LAN as static IPv4 192.168.1.1/24.
Maurice,
Everything you helped with was spot on! Some of it I knew, some I was just trying because I was guessing. I did another opnsense reset so that there would be no old settings confusing things. On a hunch, I swapped the LAN and WAN cables on the opnsense PC as auto-configuring the WAN IP was taking so long. It turned out to be the solution/problem.
Now my desktop PC sees the opnsense PC on the ethernet port and I have internet and could logon to opnsense (without being on that wifi network).
I would also like to thank you for not bashing me for writing DCHP instead of DHCP :) It actually may have let you know my (lack of) skill level. Anyway, the opnsense PC is now a basic router and I can install it in my rack, and do the rest as I have time and watch some youtube videos.
Your help and hints where to look solved this and is greatly appreciated!
THANK YOU!
#7
General Discussion / Re: Please help getting starte...
Last post by Maurice - Today at 01:15:18 AMQuote from: Hollywood on December 18, 2025, 11:44:28 PMThe WAN is now 192.168.10.72 and the LAN is 192.168.10.71.You cannot use the same subnet for WAN and LAN. Just keep the default settings - WAN as DHCP client (so it'll get an address from your Asus router) and LAN as static IPv4 192.168.1.1/24.
Quote from: Hollywood on December 18, 2025, 08:52:13 PMMy ultimate goal is 3 or 4 vlans, secure, IoT, VPN, and guest.That'll be a bit of a learning curve.
#8
General Discussion / krab3
Last post by VincentWousa - Today at 12:24:23 AMКак продавец хочу рассказать историей работы. Перевели свой собственный некрупный бизнес через <a href="https://xn--rab3-fb5a.cc">krab3.at</a> полгода назад. Инструментарий для поставщиков на этой площадке действительно качественные: понятный интерфейс, подробная статистика. Переход осуществилась гладко. Существенный момент — чтобы зайти к кабинету продавца нужно применять именно <a href="https://xn--rab3-fb5a.cc">krab3at вход</a>, вместо основной. В общем, приток клиентов стабильный, комиссии приемлемые. Сайт улучшается, и это заметно.
#9
25.7, 25.10 Series / Re: FreeBSD Vulnerability when...
Last post by klamath - December 18, 2025, 11:44:45 PMAnything that can be pulled in for Business Edition?
#10
General Discussion / Re: Please help getting starte...
Last post by Hollywood - December 18, 2025, 11:44:28 PMQuote from: Maurice on December 18, 2025, 10:15:24 PMIt seems you mixed up the ports. By default (unless you assigned them manually), igc0 is LAN and igc1 is WAN.You are correct. It was intentional, but I was wrong. I have poor concentration and did not visualize it properly.
Cheers
Maurice
I did an opnsense reset and assigned the IP's with DCHP. The WAN is now 192.168.10.72 and the LAN is 192.168.10.71.
On my desktop PC, ipconfig still does not show a gateway. (but), IF I connect to the temporary Asus router's WiFi, ipconfig shows the gateway as 192.168.10.1 and my browser connects to opnsense with 192.168.10.71 and I can view webpages, so the big picture is that the system is seeing the opnsense PC. (other then that my head is spinning!)
My assumption is that since the opnsense PC LAN port is plugged into my desktop PC, I should get a gateway and at least be able to access opnsense with a browser, but as I stated, I can only do this if I connect with wifi to the temporary Asus router.
I know I am missing something, but I am at a loss. I am one step closer thanks to you and I hope an opnsense gateway and internet access will be an also simple fix.
Thanks again and also to anyone else that can help.
