"Recent posts
#1
26.1 Series / Re: I created a NAT Rule and i...
Last post by Monviech (Cedrik) - Today at 06:05:41 PMPress on the magnifying glass of the rule, it will redirect you to where the option is set. An arrow will point to it.
#2
26.1 Series / Re: I created a NAT Rule and i...
Last post by Buzzammo - Today at 06:00:53 PMTrying to get rid of this:
#3
26.1 Series / Re: firewall needs reboot to h...
Last post by nero355 - Today at 05:39:03 PMSounds like : https://forum.opnsense.org/index.php?topic=50940.0 ?!
Have you tried : https://forum.opnsense.org/index.php?topic=50940.msg261068#msg261068 ??
Have you tried : https://forum.opnsense.org/index.php?topic=50940.msg261068#msg261068 ??
#4
26.1 Series / Re: move anti-lockout rules to...
Last post by nero355 - Today at 05:22:27 PMQuote from: grb on February 22, 2026, 08:40:13 PMRight, thanks for screenshot, that will help a lot.You are welcome!
Only I forgot to mention : ThuisLAN = Home Network = Always allowed to access LAN which I only use as Management Network :)
And yes, I could assign only a couple of Client IP Addresses but things do not need to be that strict to be honest...
QuoteI was trying to replicate those 3 rules, in Destination NAT. Having in mind that, they exists for a reason.IMHO there is no reason to create those since I am using the above for something like 6 to 8 months now without any issue !!
I understand that I could block myself If I will forward 443 or 80 then I could block myself.
This is what I'm struggling with to recreate.
I can not even remember what the default rules looked like to be honest :)
#5
General Discussion / Re: Support AmneziaWG
Last post by nero355 - Today at 05:14:13 PMQuote from: Patrick M. Hausen on Today at 12:46:15 PMThe funny thing is that at least in the EU your ISP is way more trustworthy than any so called "VPN provider". With a commercial "VPN" you hand all your communication metadata to a single entity, frequently a company located not in the EU. While your ISP is bound by GDPR and strong consumer protection laws and all hell will break loose should they ever get caught sniffing.Actually there is no right choice there :
- VPN Company = Often someone you don't really know...
Even tho I know that at least two of them are "serious bastards" when it comes to their demands when they rent their servers from a hosting company : Private Internet Access and Mullvad.
- You can't trust your ISP either because (at least in The Netherlands) they are forced to allow the Police/Government to sniff/monitor their network whenever they want...
So the only option left is maybe some Server or VPS hosted in a country your own country has no connections to and host your own VPN there... hopefully...
The whole Tor VPN thing is also one big unknown for most people so even there the question is if you can trust it...
#WeAreAllSooScrewed!!! ^_^
#6
General Discussion / Re: sophos utm9 migration to O...
Last post by nero355 - Today at 05:04:33 PMQuote from: Monviech (Cedrik) on Today at 10:52:13 AMIt's always better to bind to the ANY interface since the service will always reliably start.Actually I have done some research about that lately and it seems for example that both the webGUI and SSH also bind to the Localhost and Link-Local IP Adresses when you (in my case) just select the LAN Interface as the interface to bind to ?!
A couple of old posts on the forum made by mainly @franco also confirm this design choice ?!
#7
26.1 Series / Re: 26.1.2 updated media Fresh...
Last post by franco - Today at 04:52:00 PMYes true because during testing we've constantly run into random errors with the UFS installer not working without a proper destroy.
https://github.com/opnsense/installer/commit/805d33dff20b
I can relax that to not make it a hard error (destroying a destroyed disk is debatable as an error code but it is what it is), but there will be no new images. The 26.1 one is still available as well.
Cheers,
Franco
https://github.com/opnsense/installer/commit/805d33dff20b
I can relax that to not make it a hard error (destroying a destroyed disk is debatable as an error code but it is what it is), but there will be no new images. The 26.1 one is still available as well.
Cheers,
Franco
#8
26.1 Series / Re: [Help] Multi-WAN Reply-to ...
Last post by metacyx - Today at 04:39:35 PMQuote from: ftani on February 22, 2026, 10:33:10 PMSorry for being a little bit off topic here, but in the original post it was said "Internal AmneziaWG service hosted in the LAN.", can you share some details about how did you implemented it? I'm very interested in having AmneziaWG running on my network.So, I've got my OPNsense running as a VM on Proxmox (PVE). Alongside it, I spun up an Alpine LXC container right on PVE and compiled `amneziawg-go` and `amneziawg-tools` inside it. Boom—instant AmneziaWG server/client setup!
If you wanna tinker with deploying AmneziaWG yourself, you can check out the project over on GitHub: https://github.com/amnezia-vpn/amneziawg-go
#9
26.1 Series / Re: Tripped up at the first hu...
Last post by franco - Today at 04:32:07 PMWhew, ok, great :)
#10
26.1 Series / Re: OPNsense 26: DHCPv6 PD kee...
Last post by franco - Today at 04:31:22 PMMake sure you are on 26.1.2 or later. If it's still happening turn of dhcp6c. We're are of this issue in dhcp6c, but it only does that if there's nothing to get from your ISP anyway.
https://github.com/opnsense/dhcp6c/issues/45
Cheers,
Franco
https://github.com/opnsense/dhcp6c/issues/45
Cheers,
Franco
