Recent posts

[activated that host header]

#1

26.1, 26,4 Series / Re: [Solved] Problem Reverse P...

Last post by Ronny1978 - Today at 05:22:08 AM

You configured the host header as linked by me and activated that host header in your handler configuration under "Transport"?

Yes, I have.

Caddy kommt mit sehr vernünftigen Standardeinstellungen.

This is, why Caddy will be recommend very often.

Thanks Patrick. At the moment it is only an error in the log. The streams of Jellyfin works fine. But I want to understand the error message and want to try to fix it. It is my personal target. 😁

Have a nice weekend.

#2

General Discussion / Re: DNS, DoH, DoT, DoQ, DNSCry...

Last post by OPNenthu - Today at 03:45:33 AM

Are you sure it's not a False Positive ?!

Today it's working, so either the node was removed from a list I am using, or I got routed to a different one this time.  It's very rare for that to happen so that's why I was surprised.

I guess this also illustrates the difficultly with DoH filtering.  Any servers that are found to provide DNS get added to the list, but in some cases those same IPs serve other purposes and/or web content.  So you have a tough choice: unblock or not.

In fact when Pi-hole v6.x.x got released somewhere around February 2025 I was seriously 'STOKED!' as they say :
- No more LigHTTPd.
- No more PHP.
- CivetWeb does almost everything now and is part of the whole FTLDNS package.
- C++ is now the way forward.
- DNSmasqd is ofcourse still part of FTLDNS.
- The API is also still available.
- Super Sweet New webGUI that's a 1:1 translation of the pihole.toml config file which is in a league of it's own when you see how nicely commented it is via SSH when you edit it via nano or vi :)

Good updates, although what's curiously still missing from the list is native DoT forwarder support in Unbound.  I get this out of the box with OPNsense (no custom add-ons like 'stubby' or 'dnscrypt-proxy' needed).

IIRC, the devs have a philosophy that recursive resolution with Unbound is the best thing since sliced bread and not worth using anything else.  They must be EU based and trust their ISP not to hoover plain DNS over the wire (or they tunnel it) :)

Serious question: what's the killer functionality of Pi-hole that Unbound in OPNsense (as of 26.1) doesn't have?  Besides, I guess, data retention period for reports which is rather limited in OPNsense.

#3

General Discussion / Re: Help needed, LAN to LAN co...

Last post by Beehive-guy - Today at 01:01:54 AM

I presume, your clients and servers have internet access?

Consider that the devices might run their own firewalls, which usually blocks access from outside of their subnets. If so you need to configure them properly to permit access from the respective other subnet.

Yes they both have internet access, I just tried completely disabling the firewall on my server (systemctl disable firewalld.service and rebooted) but my desktop still can't ping the server

When you install OPNsense the Default LAN has Firewall Rules that ALLOW traffic to ANY destination.

If you then create your LAN2 correctly as the next step, you could then copy that firewall rule from LAN to LAN2 and have two networks that can talk to each other.

Thanks for the tip, I recreated the original LAN rules so on ipv4 and ipv6 (although I don't use v6) allow any protocol from the LAN to any destination and the same for LAN2, but still can't ping or access any other ports on the server and the server still also can't ping the 192.168.1.1 gateway. Maybe I didn't create LAN2 properly? Basically to sum up what I did to create LAN2 is in interfaces I assigned igc2 to LAN2 enabled LAN2 and set the IPv4 Configuration Type to static ipv4 and gave it the ipv4 address of 192.168.2.1/24 in services under DNSmasq DNS & DHCP I added LAN2 to the interfaces in general, added a DHCP range and that's it. If there is any other configuration that I have missed to get different LAN's and or VLAN's to be able to communicate with each other please tell me

I assume you want to set up a bridge with LAN and LAN2. Follow the Offizials docs, them it will work.

I believe I don't want to use a bridge, since that would place all devices on the same subnet. Instead, I'd prefer to restrict communication so that only a few specific ports are open between my desktop and the server—and similarly for my phone
I'm also considering creating a separate LAN or VLAN (since I have a managed switch) for IoT devices, with one-way access from a trusted LAN to those devices
If anyone's wondering why I'm currently messing with separate LANs instead of VLANs: ideally, I want both my server and desktop to take advantage of the 2.5 Gbit ports on my mini PC. My switch is limited to a mere 1 Gbit :) so using VLANs there would bottleneck the connection

#4

26.1, 26,4 Series / Re: [SOLVED] Telemetry widget ...

Last post by UserRory - Today at 12:45:07 AM

Solved the issue.

As noted, the sensor_info.py script did succeed, but took 2 minutes 30 seconds to execute, which exceeded the 120 second timeout.

Running the script as "python3 -m trace --trace ./sensor_info.py" showed that the culprit was:

connection.py line 73 sock.connect(sa), which paused for 2 minutes and 30 seconds before succeeding.

This indicated to me that it was likely that the script was first trying to connect with IPv6, timing out, and reverting to IPv4.

I do not run IPv6 on my internal networks, so I found the (new?) setting under system>settings>general to "prefer IPv4 over IPv6" when both are present.

Note that m ISP supports both IPv4 and IPv6, so apparently the fact that the WAN interface had an IPv6 address, even though the LAN interface did not configure IPv4 was enough for the software to consider IPv6 was configured and to try to use that address.

Selecting "prefer IPv4 over IPv6" solved the issue.

#5

25.7, 25.10 Legacy Series / Re: Cant Login, even after pas...

Last post by leafy - April 16, 2026, 11:38:59 PM

Franco that was the first thing I tried if that worked, I wouldn't have made the post.

What did fix it was deleting the blank top flag from the config.xml

#6

26.1, 26,4 Series / Re: Multi WAN load balancing v...

Last post by dash - April 16, 2026, 11:38:12 PM

On my side, with OpenWRT, I could get the working setup as with Sophos UTM, incoming traffic to one interface going out to the same one despite load-balancer. Don't understand why it's not possible with OpnSense.

#7

26.1, 26,4 Series / Re: Is there anywhere to see L...

Last post by pseudonym3k - April 16, 2026, 11:29:39 PM

There are tools like ntopng or netflow that give you the observability you'd like.

I will take a look at these. Thanks.

#8

26.1, 26,4 Series / Re: Is there anywhere to see L...

Last post by Patrick M. Hausen - April 16, 2026, 11:17:26 PM

There are tools like ntopng or netflow that give you the observability you'd like.

My (personal) recommendation for netflow is to use a dedicated off-firewall collector. I have no experience with ntopng.

#9

26.1, 26,4 Series / Re: [Solved] Problem Reverse P...

Last post by Patrick M. Hausen - April 16, 2026, 11:15:35 PM

Automatically, without any specific setting?

Yes! That's the point. Caddy comes with very reasonable defaults.

#10

26.1, 26,4 Series / Re: [Solved] Problem Reverse P...

Last post by viragomann - April 16, 2026, 11:12:54 PM

Automatically, without any specific setting?
I'm excited!

However, none of my services at home actually need ws.