"Recent posts
#1
26.1, 26,4 Series / Re: 26.1.6_2 Multiple Pugins S...
Last post by eliteharbinger - Today at 10:14:25 PMHi,
I ran the command advised however this did not resolve the matter.
Therefore I took the drastic option of upgrading to the next dev version 26.7.a_475 and this resolved the matter albeit probably not the best way to resolve the issue.
Many thanks for all your help.
I ran the command advised however this did not resolve the matter.
Therefore I took the drastic option of upgrading to the next dev version 26.7.a_475 and this resolved the matter albeit probably not the best way to resolve the issue.
Many thanks for all your help.
#2
26.1, 26,4 Series / Re: This makes me want to cry!...
Last post by nero355 - Today at 09:11:21 PMQuote from: roohoo on Today at 03:06:02 PMI installed Sophos firewall to see how it fared. For the first 15 hours, it worked perfectly, then all internet access stopped. It had dropped the connection to my (Gigaclear) fibre modem. Rebooting the VM had no effect. Only physically turning off the machine and turning it back on worked.Weird stuff... :(
I'm starting to think that my wildly unlikely hypotheses that something on my network - or Gigaclear's - is sending malformed packets that can kill a router might actually be the case.
So no results from any of your OPNsense machines at that friends house for now ??
#3
German - Deutsch / Re: OPNSense bekommt keine IPv...
Last post by meyergru - Today at 08:25:26 PMVersuch bitte mal "Request Prefix only" zu aktivieren und in der "Optional prefix ID" eine ID, die ungleich der verwendeten IDs in allen VLANs ist.
Die Präfixlänge /56 ist korrekt.
Ich gehe davon aus, dass Du bei DG die Betriebsart "eigener Router" gewählt hast? Das ist Grundvoraussetzung - normalerweise machen die irgendeinen Quatsch mit AFTR, soweit ich weiß. Siehe auch hier: https://forum.opnsense.org/index.php?topic=49000.0
"Skipping gateway" ist ein Folgefehler: Ohne IPv6 auf dem WAN gibt es auch kein IPv6-Gateway.
Die Präfixlänge /56 ist korrekt.
Ich gehe davon aus, dass Du bei DG die Betriebsart "eigener Router" gewählt hast? Das ist Grundvoraussetzung - normalerweise machen die irgendeinen Quatsch mit AFTR, soweit ich weiß. Siehe auch hier: https://forum.opnsense.org/index.php?topic=49000.0
"Skipping gateway" ist ein Folgefehler: Ohne IPv6 auf dem WAN gibt es auch kein IPv6-Gateway.
#4
26.1, 26,4 Series / Re: OpenVPN - Via UDP no routi...
Last post by viragomann - Today at 07:48:47 PMQuote from: PotatoCarl on Today at 12:12:16 PMI tried already multiple times to "just make a new UDP VPN" with the new config, but I do not even get a connection yetSo you have to troubleshoot it.
Quote from: PotatoCarl on Today at 12:12:16 PMSo currently trying to get the "old" config back to work.Then you have to troubleshoot the legacy server and later after migration to new, you have to troubleshoot the new connection.^^
Makes no sense to me.
Quote from: PotatoCarl on Today at 12:12:16 PMI tried a Laptop with Linux and an Android phone to work:Tried with the phone using the mobile connection, not the wifi?
Quote from: PotatoCarl on Today at 12:13:48 PMIf you mean a route in the OpenVPN Rules "Source" OpenVPN Network to any, I have this. Does not change anything.Just a simple allow-any rule on the OpenVPN.
Are you able to ping the virtual IP of the server then?
#5
German - Deutsch / Re: OPNSense bekommt keine IPv...
Last post by gothbert - Today at 07:43:23 PMTja, geht nicht... :-(
Habe das Genexis vom Strom genommen und wieder verbunden. Die OpnSense bekommt dann gleich wieder eine IPv4-Adresse auf dem WAN-Interface igb9, bettelt aber regelmäßig um eine IPv6-Adresse. Auch nach 30 Minuten kein Erfolg, auch nicht nach mehrmaligen Reload im GUI.
So schaut es im Log aus:
"Skipping gateway WAN_DHCP6" sieht verdächtig aus.
Habe das Genexis vom Strom genommen und wieder verbunden. Die OpnSense bekommt dann gleich wieder eine IPv4-Adresse auf dem WAN-Interface igb9, bettelt aber regelmäßig um eine IPv6-Adresse. Auch nach 30 Minuten kein Erfolg, auch nicht nach mehrmaligen Reload im GUI.
Code Select
ifctl -6pi igb9 zeigt nichts.Code Select
ifconfig igb9 zeigtCode Select
igb9: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: WAN (wan)
options=48500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,HWSTATS,MEXTPG>
ether 7c:5a:1c:57:15:05
inet 100.84.160.102 netmask 0xffff0000 broadcast 100.84.255.255
inet6 fe80::7e5a:1cff:fe57:1505%igb9 prefixlen 64 scopeid 0xa
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>So schaut es im Log aus:
Code Select
2026-04-26T19:40:56 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:39:39 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:39:02 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:43 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:34 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:29 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:27 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:26 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:26 Notice dhcp6c restarting
2026-04-26T19:38:26 Notice dhcp6c rtsold_script: reloading dhcp6c
2026-04-26T19:38:21 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : wireguard_sync())
2026-04-26T19:38:21 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : webgui_configure_do(,[wan]))
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : vxlan_configure_do())
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : unbound_configure_do(,[wan]))
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : openssh_configure_do(,[wan]))
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : opendns_configure_do())
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure newwanip:rfc2136 (1,[wan])
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : ntpd_configure_do())
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : dhcrelay_configure_if(,[wan],inet))
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (,[wan],inet)
2026-04-26T19:38:19 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : wireguard_configure_do())
2026-04-26T19:38:19 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : openvpn_configure_do(,[wan]))
2026-04-26T19:38:19 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : ipsec_configure_do(,[wan]))
2026-04-26T19:38:19 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure vpn (,[wan],inet)
2026-04-26T19:38:18 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dns (execute task : unbound_configure_do(1))
2026-04-26T19:38:18 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dns (execute task : dnsmasq_configure_do(1))
2026-04-26T19:38:18 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dns (1)
2026-04-26T19:38:18 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dhcp (execute task : radvd_configure_dhcp(1))
2026-04-26T19:38:18 Warning opnsense /usr/local/etc/rc.configure_interface: dhcpd_dhcp6_configure() found no suitable IPv6 address on lan(bridge0)
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure monitor (execute task : dpinger_configure_do(,[WAN_DHCP,UDM]))
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure monitor (,[WAN_DHCP,UDM])
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: ROUTING: setting inet default route to 100.84.0.1
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: ROUTING: configuring inet default gateway on wan
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: ROUTING: setting inet interface route to 10.21.1.1 via igb9
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(1))
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dhcp (1)
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure ipsec (execute task : ipsec_configure_do(1,wan))
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure ipsec (1,wan)
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: The required WAN_DHCP6 IPv6 interface address could not be found, skipping.
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: Skipping gateway WAN_DHCP6 due to empty 'gateway' property.
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: Skipping gateway WAN_DHCP6 due to empty 'monitor' property.
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: ROUTING: entering configure using wan
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure monitor (execute task : dpinger_configure_do(1,[WAN_DHCP6,WAN_DHCP,UDM]))
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure monitor (1,[WAN_DHCP6,WAN_DHCP,UDM])
2026-04-26T19:38:17 Error opnsense /usr/local/etc/rc.configure_interface: ROUTING: refusing to set inet gateway on addressless wan(igb9)
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: ROUTING: refusing to set interface route on addressless wan(igb9)
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: ROUTING: refusing to set interface route on addressless wan(igb9)
2026-04-26T19:38:16 Notice opnsense /usr/local/etc/rc.newwanip: IP renewal starting (new: 100.84.160.102, old: 100.84.160.102, interface: wan, device: igb9, force: yes)"Skipping gateway WAN_DHCP6" sieht verdächtig aus.
#6
General Discussion / Re: IPV6 bridge issue
Last post by Monviech (Cedrik) - Today at 07:22:30 PMAll directions meaning the bridge has a link local address too? Double check that.
#7
25.7, 25.10 Legacy Series / Re: OPNsense rejecting ipv4 RE...
Last post by sja1440 - Today at 05:10:53 PMI've now understood what happend and why.
OPNSense rejected the incoming responses on WAN, because there was no ARP entry for the VM's ip address so it really couldnt find the host. I checked because I noticed that the (ISC) DHCP lease table had a red plug symbol (offline) against it.
Why didnt the ARP table have and entry for the VM's ip address? Ah, well, in an attempt to dissuade the childrens' friends from connecting their PC's to the LAN (I prefer them to use wifi where they automatically get put onto their own vlan) I set to true within the ISC DHCP server the two flags:
* Deny unknown clients
* Enable Static ARP entries
It seems that something has changed within OPNSense because at one time, when I added a new ipv4, the static arp entry was created, now it isnt. So I unchecked the flags, restarted the DHCP server, checked the flags again, restarted the server and did a reboot for good measure. Hey presto, the arp entry was created and everything worked as should.
OPNSense rejected the incoming responses on WAN, because there was no ARP entry for the VM's ip address so it really couldnt find the host. I checked because I noticed that the (ISC) DHCP lease table had a red plug symbol (offline) against it.
Why didnt the ARP table have and entry for the VM's ip address? Ah, well, in an attempt to dissuade the childrens' friends from connecting their PC's to the LAN (I prefer them to use wifi where they automatically get put onto their own vlan) I set to true within the ISC DHCP server the two flags:
* Deny unknown clients
* Enable Static ARP entries
It seems that something has changed within OPNSense because at one time, when I added a new ipv4, the static arp entry was created, now it isnt. So I unchecked the flags, restarted the DHCP server, checked the flags again, restarted the server and did a reboot for good measure. Hey presto, the arp entry was created and everything worked as should.
#8
General Discussion / IPV6 bridge issue
Last post by mantissa - Today at 04:42:18 PM I have a ONT that connects to a router. I have a working IPV6 network until I insert an OPNsense bridge. IPv4 works fine on the Opnsense bridge but I cannot get any GUAs on the router with the bridge in place. I followed all the directions here https://docs.opnsense.org/manual/how-tos/lan_bridge.html but I just cant get an addresses downstream.
#9
General Discussion / Re: Device Monitor - a tool fo...
Last post by lnet.admin - Today at 04:29:59 PMQuote from: hacesoft on April 25, 2026, 08:09:40 PMGood day, I have released version 2.1. which supports Dnsmasq DNS & DHCP.
Again I look forward to your reactions :).
The link is:
https://github.com/hacesoft/opnsense-devicemonitor
Thank you for this, that's better - my Hostnames are now correct.
#10
25.7, 25.10 Legacy Series / OPNsense rejecting ipv4 RESPON...
Last post by sja1440 - Today at 04:02:43 PMI have OPNsense 25.10.
This problem has me completely stumped. It only occurs when the the ipv4 request (eg TCP SYN, ICMP..) originates from any VM on my Fedora workstation. It does not happen when the request originates from my workstation or from a VM in a PRoxmox server.
I have taken captures from the workstation and the LAN and WAN interfaces on OPNsense.
This is what I see on the WAN interface:
* If I execute 'wget 142.251.209.46' from my workstation I see the traffic you would expect.
* If I execute 'wget 142.251.209.46' from the Debian VM I see an incoming SYN,ACK followed immediately by OPNSENSE sending out an icmp Host Unavailable.
I can see no discernible difference between the two ipv4 requests.
The issue is clearly being caused from within OPNSense, but where and why?
Why should OPNSense reject a protocol response when the firewall has already let the outgoing ipv4 message pass?
Anybody have some ideas on how I can diagnose this?
This problem has me completely stumped. It only occurs when the the ipv4 request (eg TCP SYN, ICMP..) originates from any VM on my Fedora workstation. It does not happen when the request originates from my workstation or from a VM in a PRoxmox server.
I have taken captures from the workstation and the LAN and WAN interfaces on OPNsense.
This is what I see on the WAN interface:
* If I execute 'wget 142.251.209.46' from my workstation I see the traffic you would expect.
* If I execute 'wget 142.251.209.46' from the Debian VM I see an incoming SYN,ACK followed immediately by OPNSENSE sending out an icmp Host Unavailable.
I can see no discernible difference between the two ipv4 requests.
The issue is clearly being caused from within OPNSense, but where and why?
Why should OPNSense reject a protocol response when the firewall has already let the outgoing ipv4 message pass?
Anybody have some ideas on how I can diagnose this?
