"Recent posts
#1
General Discussion / Re: Cannot get an interface up
Last post by ati - Today at 03:38:32 PMThe modem is an Arris TG1682P. However, I have tried connecting my laptop and a switch directly to the port and nothing worked. I know the modem supports 1000Mb, as I connected my laptop directly to it and that is what auto-negotiated.
The interface has a very generic configuration at the moment.
You cannot view this attachment.
The interface has a very generic configuration at the moment.
You cannot view this attachment.
#2
26.1, 26,4 Series / [CALL FOR TESTING] Kea DHCPv6 ...
Last post by Monviech (Cedrik) - Today at 02:54:49 PMHello,
after spending months with our KEA implementation, improving it with lots features that were highly requested, the natural conclusion of this development cycle arrived with the biggest feature.
We implemented a new option "Dynamic Prefix" which provides these new functionality:
- DHCPv6 Subnets can be marked as "Dynamic", which will automatically "track" the IA_NA pool and optionally the DNS server option
- DHCPv6 PD Pools can be attached to a dynamic prefix subnet, offering an automatically "tracked" IA_PD pool
The big difference to ISC here is that multiple WANs are supported, as well as multiple internal interfaces can all provide a IA_NA and IA_PD pool (if your dynamic prefix(es) are large enough to split them)
The documentation how it works has been updated here:
https://github.com/opnsense/docs/blob/master/source/manual/kea.rst#prefix-delegation-ia-pd
The code itself is currently on master, so you either need a development version with the latest core.git or install in a running 26.1.8 using the patch method:
# opnsense-patch 91093f3344 5b7c8e6a2f 5c51ecdee11
References:
https://github.com/opnsense/core/commit/91093f3344
https://github.com/opnsense/core/commit/5b7c8e6a2f
https://github.com/opnsense/core/commit/5c51ecdee11
Thank you for any feedback,
Monviech
after spending months with our KEA implementation, improving it with lots features that were highly requested, the natural conclusion of this development cycle arrived with the biggest feature.
We implemented a new option "Dynamic Prefix" which provides these new functionality:
- DHCPv6 Subnets can be marked as "Dynamic", which will automatically "track" the IA_NA pool and optionally the DNS server option
- DHCPv6 PD Pools can be attached to a dynamic prefix subnet, offering an automatically "tracked" IA_PD pool
The big difference to ISC here is that multiple WANs are supported, as well as multiple internal interfaces can all provide a IA_NA and IA_PD pool (if your dynamic prefix(es) are large enough to split them)
The documentation how it works has been updated here:
https://github.com/opnsense/docs/blob/master/source/manual/kea.rst#prefix-delegation-ia-pd
The code itself is currently on master, so you either need a development version with the latest core.git or install in a running 26.1.8 using the patch method:
# opnsense-patch 91093f3344 5b7c8e6a2f 5c51ecdee11
References:
https://github.com/opnsense/core/commit/91093f3344
https://github.com/opnsense/core/commit/5b7c8e6a2f
https://github.com/opnsense/core/commit/5c51ecdee11
Thank you for any feedback,
Monviech
#3
26.1, 26,4 Series / Re: DS-Lite (PPPoE|DHCPv6-PD) ...
Last post by Dark-Sider - Today at 02:01:03 PMHi Franco,
yeah some more user friendly option to setup AFTR configuration would help a lot of M-Net users who would like to use opnSense but are not willing to pay for Dual-Stack or do a manual GIF-tunnel setup.
thanks,
Fabian
Quote from: franco on May 19, 2026, 09:58:11 PMEventually I'd like to add some from of automatic AFTR setup and now I see that Uwe is offering a testbed :)
yeah some more user friendly option to setup AFTR configuration would help a lot of M-Net users who would like to use opnSense but are not willing to pay for Dual-Stack or do a manual GIF-tunnel setup.
thanks,
Fabian
#4
26.1, 26,4 Series / Re: One of the networks stops ...
Last post by mooh - Today at 01:25:13 PMQuote from: opnseeker on May 19, 2026, 03:31:04 PMI have one NIC for LAN and one for WAN on the mini PC I am using. So, I unfortunately cannot separate tagged and untagged networks.This can be solved by making all local network VLANs and not configuring the physical interface.
#5
General Discussion / Re: Updater update?
Last post by franco - Today at 12:42:33 PM #6
26.1, 26,4 Series / DNSMasq - how to steer hosts t...
Last post by endurium - Today at 12:41:57 PMHi all,
I have three dhcp pools in DNSMasq, pool A and pool A both serve static addresses with different ranges, pool C serves dynamic addresses and uses ADGuard for DNS filtering and so is tagged as "dnsfilter". How do I configure dnsmasq so that hosts that don't get static addresses are directed to pool C for their non-static ip address and use Adguard for DNS?
Is it possible to create a host entry without an IP address and specify just the MAC address and the "dnsfilter" tag? If the above is possible then that seems to be the way to do whaat I'm after. Also, is there a built-in tag called "known" that's invisibly applied to hosts defined in the Hosts tab?
I have three dhcp pools in DNSMasq, pool A and pool A both serve static addresses with different ranges, pool C serves dynamic addresses and uses ADGuard for DNS filtering and so is tagged as "dnsfilter". How do I configure dnsmasq so that hosts that don't get static addresses are directed to pool C for their non-static ip address and use Adguard for DNS?
Is it possible to create a host entry without an IP address and specify just the MAC address and the "dnsfilter" tag? If the above is possible then that seems to be the way to do whaat I'm after. Also, is there a built-in tag called "known" that's invisibly applied to hosts defined in the Hosts tab?
#7
General Discussion / Re: Updater update?
Last post by DEC740airp414user - Today at 11:59:43 AMmy business appliance has a small Business edition update as well. I wondered what it was about
#8
26.1, 26,4 Series / Re: A firewalll rule pattern t...
Last post by opnseeker - Today at 11:50:29 AMSorry about the late reply. I somehow missed your reply asking for more details.
I am still troubleshooting the issue. I found the issue in one of the cases and fixed it. It was to do with rule tags which were used to prevent bypassing VPN by creating a kill switch rule.
In the other case, it is not consistent. It works sometimes and not at others. In this case there is no kill switch being used.
There is also a case where it constantly seem to work.
I will post the details later in the day.
I am still troubleshooting the issue. I found the issue in one of the cases and fixed it. It was to do with rule tags which were used to prevent bypassing VPN by creating a kill switch rule.
In the other case, it is not consistent. It works sometimes and not at others. In this case there is no kill switch being used.
There is also a case where it constantly seem to work.
I will post the details later in the day.
#9
Zenarmor (Sensei) / Re: Zenarmor performance expec...
Last post by jaykumar2005 - Today at 10:59:23 AMSure, done
#10
26.1, 26,4 Series / Re: Virtual IP
Last post by Seimus - Today at 10:35:18 AMPersonally I like to use VRRP where I can.
Reason is, I am more used to it and it has extra tracking statements, for example via scripts, as I have on the git repo example. But you can track as well, processes, files etc.
https://manpages.debian.org/trixie/keepalived/keepalived.conf.5.en.html
To me it feels contra-intuitive to have failover only due to a device failure or port failure.
Because you can run into a situation where the Device + Port is UP, but the process/application for which you have the redundancy setup in the first place could be down. In this case no failover would happen and you have an outage.
At least my deployment strategy for redundancy is to track dynamically where I can.
Regards,
S.
Reason is, I am more used to it and it has extra tracking statements, for example via scripts, as I have on the git repo example. But you can track as well, processes, files etc.
https://manpages.debian.org/trixie/keepalived/keepalived.conf.5.en.html
To me it feels contra-intuitive to have failover only due to a device failure or port failure.
Because you can run into a situation where the Device + Port is UP, but the process/application for which you have the redundancy setup in the first place could be down. In this case no failover would happen and you have an outage.
At least my deployment strategy for redundancy is to track dynamically where I can.
Regards,
S.
