"Recent posts
#1
General Discussion / GeoIP not working
Last post by buckey96 - Today at 09:30:05 PMI have been unable to get Maxmind, nor IPinfo to work with the alias.
This is the error I get when I use any service, not just the 2 listed above
"In order to use GeoIP, you need to configure a source in the GeoIP settings tab"
I have followed all the instructions for both on how to include the license key and it downloads fine when I go to the URL, but gives me that error everytime when I hit apply.
I already have the alias setup and changed the table size to accomidate the larger table, still no luck.
I'm on 25.7.11 and have been reading all the documentation with zero luck
This is the error I get when I use any service, not just the 2 listed above
"In order to use GeoIP, you need to configure a source in the GeoIP settings tab"
I have followed all the instructions for both on how to include the license key and it downloads fine when I go to the URL, but gives me that error everytime when I hit apply.
I already have the alias setup and changed the table size to accomidate the larger table, still no luck.
I'm on 25.7.11 and have been reading all the documentation with zero luck
#2
25.7, 25.10 Series / Re: New site PPPoE PMTU woes
Last post by ToasterPC - Today at 09:27:36 PMQuote from: meyergru on Today at 05:21:26 PMI would probably first try to make sure that the problematic downstream devices also use an MTU of 1492 bytes.Okay, sounds reasonable.
At the moment, I haven't tried setting DHCP option 26, but trying to ping while explicitly setting the ping from the VirtIO bridge is successful until an MTU of 1464:20/80.294/0.787 ms
Code Select
ping -c 10 -M do -s 1464 kindleforpc.s3.us-east-1.amazonaws.com
PING kindleforpc.s3.us-east-1.amazonaws.com (52.217.120.18) 1464(1492) bytes of data.
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=1 ttl=246 time=78.8 ms
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=2 ttl=246 time=79.1 ms
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=3 ttl=246 time=78.1 ms
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=4 ttl=246 time=79.4 ms
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=5 ttl=246 time=80.3 ms
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=6 ttl=246 time=79.7 ms
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=7 ttl=246 time=79.7 ms
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=8 ttl=246 time=78.0 ms
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=9 ttl=246 time=78.0 ms
1472 bytes from s3-us-east-1-r-w.amazonaws.com (52.217.120.18): icmp_seq=10 ttl=246 time=78.2 ms
--- kindleforpc.s3.us-east-1.amazonaws.com ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9002ms
rtt min/avg/max/mdev = 77.965/78.920/80.294/0.787 msAttempting to do the same from a Windows client yields the following results:
Code Select
ping -n 10 -l 1464 8.8.8.8 ─╯
Pinging 8.8.8.8 with 1464 bytes of data:
Reply from 8.8.8.8: bytes=1464 time=11ms TTL=119
Reply from 8.8.8.8: bytes=1464 time=9ms TTL=119
Reply from 8.8.8.8: bytes=1464 time=9ms TTL=119
Reply from 8.8.8.8: bytes=1464 time=8ms TTL=119
Reply from 8.8.8.8: bytes=1464 time=8ms TTL=119
Reply from 8.8.8.8: bytes=1464 time=9ms TTL=119
Reply from 8.8.8.8: bytes=1464 time=8ms TTL=119
Reply from 8.8.8.8: bytes=1464 time=8ms TTL=119
Reply from 8.8.8.8: bytes=1464 time=12ms TTL=119
Reply from 8.8.8.8: bytes=1464 time=9ms TTL=119
Ping statistics for 8.8.8.8:
Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 12ms, Average = 9msThough neither of them is receiving any instructions to set the MTU to anything in particular, and trying to set the NIC in Windows to any of the aforementioned values doesn't make a difference.
Assuming then that the problem is in communicating the proper MTU to every device, what would be the proper place to set this network-wide (e.g. in OPNsense, for example)?
#3
German - Deutsch / OPNsense & Unifi 16 Pro Max VL...
Last post by cunfused_kiwi - Today at 09:16:39 PMIch brauche mal Hilfe mit dem Verständnis und oder der Konfiguration meiner OPNsense und meinem Unifi Switch. Ich habe eine firewall mit 4 NICs und einen unifi 16 pro max poe switch sowie einen pc auf dem proxmox läuft, auf diesem läuft eine debian VM mit dem unifi controller in einem Docker container. Ich habe das [LAN] interface vom installer auf eine NIC des firewall mini pc gepackt und das dann in den unconfigurierten switch gesteckt, sowie meine beiden Laptops. Ich habe die WAN config jetzt hinbekommen und bekomme auch eine IP-Adresse und kann darüber ins Internet. Zusätzlich hat die adoption meines Switches und meiner 3 unifi APs gut funktioniert. Ich möchte jetzt aber VLANs aufsetzen und komme damit nicht klar und ich glaube ich habe auch einige Verständnis Probleme. Ich habe auf der OPNsense meine VLANs erstellt und jeweils DHCPv4 aktiviert, sowie sie assigned und in der firewall port 67-68 sowie dns und allen traffic in die Firewall erlaubt und dann die VLANs auf eine andere Netzwerkarte der Firwall gepackt. Jetzt kann man aber im unifi controller die switchports nicht in trunk oder access wechseln sondern nur das Native VLAN ändern oder VLANS da hinzufügen. Ich habe also das VLAN 100 (meine management VLAN) als nativ für den port an dem die OPNsense hängt gesetzt, sowie alle anderen als tagged. Dann auf einem anderen Switchport das Native VLAN als 100 gesetzt und dann einen Laptop an diesen Port angeschlossen. Diese bekommt jedoch keine IP Adresse und ich kann auch nicht die OPNsense pingen, also die statische IPV4 adresse des VLANs 100.
Ich habe folgende Fragen:
1. gibt es hier ein grundlegendendes Verständnids Problem?
2. bekommt der Switch und die APs dann die IP-Adresse durch untagged traffic auf dem jeweiligen switchport und kann ich somit den 4 Geräten eine statische IP über die OPNsense geben?
3. kann mir jemand gute Anleitungen verlinken, oder mir das ganze bitte mal erklären ich bin hier am verzweifeln
Vielen Dank im Vorraus!
Ich habe folgende Fragen:
1. gibt es hier ein grundlegendendes Verständnids Problem?
2. bekommt der Switch und die APs dann die IP-Adresse durch untagged traffic auf dem jeweiligen switchport und kann ich somit den 4 Geräten eine statische IP über die OPNsense geben?
3. kann mir jemand gute Anleitungen verlinken, oder mir das ganze bitte mal erklären ich bin hier am verzweifeln
Vielen Dank im Vorraus!
#4
General Discussion / Replicating DD-WRT DNS lookup ...
Last post by Frotz - Today at 07:56:43 PMI'm trying to migrate a DD-WRT setup to OPNsense 25.7 and there's one final hitch -- DNS lookups. Under the DD-WRT setup, a client on the internal network would get the correct result when looking up each of these:
The host-internal hosts are assigned IPs through DHCP. Some of them are handed static addresses. The host-external hosts are VMs at hosting services. When I try to get OPNsense to handle this, some work and some don't. Exactly which does and doesn't changes depending on what parameters I tweak or services I use. Frustrated with this, I tried using ChatGPT and had the same problem. Note: in "System: Settings: General", the domain is set to "mydomain.com". Some of the rabbit holes I went down with ChatGPT suggested that KeaDHCP would do what I want, but that functionality is not exposed in the OPNsense user interface. Meanwhile I keep getting suggestions of how to trick OPNsense into doing what I want, but these keep going in circles. How do I get this working?
- host-internal.mydomain.com
- host-internal
- host-external.mydomain.com
- host-external
The host-internal hosts are assigned IPs through DHCP. Some of them are handed static addresses. The host-external hosts are VMs at hosting services. When I try to get OPNsense to handle this, some work and some don't. Exactly which does and doesn't changes depending on what parameters I tweak or services I use. Frustrated with this, I tried using ChatGPT and had the same problem. Note: in "System: Settings: General", the domain is set to "mydomain.com". Some of the rabbit holes I went down with ChatGPT suggested that KeaDHCP would do what I want, but that functionality is not exposed in the OPNsense user interface. Meanwhile I keep getting suggestions of how to trick OPNsense into doing what I want, but these keep going in circles. How do I get this working?
#5
25.7, 25.10 Series / Re: After upgrade, cannot ping...
Last post by Amicably6896 - Today at 07:51:53 PMSorry for the late reply. I fixed it by switching my docker network from IPVLAN to MACVLAN and adding DHCP reservations for each container MAC in the router DHCP table.
#6
25.7, 25.10 Series / Re: Interfaces: Neighbors: Aut...
Last post by schasj - Today at 07:32:31 PMI just ran into the same issue and I'm surprised that this is the only post I can find on the subject.
#7
26.1 Series / Re: Kea IPv6, random allocatio...
Last post by Aerowinder - Today at 06:22:06 PMfranco,
I enabled this option when it became available, but I mistakenly thought the option was moved/removed/set to default in 26.1, because I forgot where it was hiding. I thought it was somewhere else. My mistake, thank you for the correction.
I enabled this option when it became available, but I mistakenly thought the option was moved/removed/set to default in 26.1, because I forgot where it was hiding. I thought it was somewhere else. My mistake, thank you for the correction.
#8
26.1 Series / Re: Track interface / Identity...
Last post by Aerowinder - Today at 06:16:50 PMfranco,
I have sent via PM the interface dump and my AT&T PD script (it's the same as posted in the GitHub issue linked). I bypass the AT&T device altogether, so I have access to all PDs (16), but only use a handful.
This does very much seem like a validation error. I can go into the interface settings and change something unrelated to IPv6, and I still get the error saying the PD is already in use. I know that it's in use - it's supposed to be.
I have sent via PM the interface dump and my AT&T PD script (it's the same as posted in the GitHub issue linked). I bypass the AT&T device altogether, so I have access to all PDs (16), but only use a handful.
This does very much seem like a validation error. I can go into the interface settings and change something unrelated to IPv6, and I still get the error saying the PD is already in use. I know that it's in use - it's supposed to be.
#9
General Discussion / IPv6 and Android Google play s...
Last post by NetworkNitwit - Today at 06:01:31 PMNot long configured my first proxmox opnsense firewall router(newbie). Using v25.7.x and its been working well. Last night I noticed my Samsung phone had 20 odd apps that needed to updated ,bit surprised ,so I tried & they all kept failing with pending...timeout.
After a lot of wailing and gnashing of teeth I gave the samsung a static IPv4 with DNS 8.8.8.8 and updates started to work.
So google told me its a IPV6 issue and I turned it off on the interaces and put the samsung back on DHCP and yes it works.
Now I dont really know why but I would like IPV6 working maybe its the future!
I'm using .internal as my domain is this ok & how can I see where its falling down when I try to update apps? I looked in firewall logs and couldn't see an issue, during the process I turned off my firewall & IPS completely.
I'm using DNSmasq and Unbound as OPNsense documentation suggests for default install 2026. Any pointers to other logs which could highlight a DNS/DHCP issue I would be appreciative.
Dan
After a lot of wailing and gnashing of teeth I gave the samsung a static IPv4 with DNS 8.8.8.8 and updates started to work.
So google told me its a IPV6 issue and I turned it off on the interaces and put the samsung back on DHCP and yes it works.
Now I dont really know why but I would like IPV6 working maybe its the future!
I'm using .internal as my domain is this ok & how can I see where its falling down when I try to update apps? I looked in firewall logs and couldn't see an issue, during the process I turned off my firewall & IPS completely.
I'm using DNSmasq and Unbound as OPNsense documentation suggests for default install 2026. Any pointers to other logs which could highlight a DNS/DHCP issue I would be appreciative.
Dan
#10
General Discussion / Re: ISC-DHCP to KEA Migration ...
Last post by Sheridan Computers - Today at 05:42:42 PMQuote from: franco on Today at 11:15:44 AMSince Sam mentioned it we've made the GUI consistent https://github.com/opnsense/plugins/commit/14a130188
But more tools are certainly nice :)
Thanks,
Franco
It was a good learning experience at least 😀
