Recent posts

#1

26.1 Series / Re: Multiple static IP address...

Last post by nero355 - Today at 04:29:29 PM

Especially when a device can communicate via different interfaces and should be assigned different IP addresses for the same MAC address.

IMHO that's a matter of configuring Static IP Addresses on the Host and not a task for your DHCP Server :)

#2

26.1 Series / Re: Kea DHCPv4 How to remove d...

Last post by nero355 - Today at 04:21:37 PM

I haven´t tried, but it's not an easy workaround for a medium network, because one would have to connect the new machine to the "no-leases" VLAN and then to the device's destination VLAN, which is not always feasible. Plus the existence of that "no-leases" VLAN in all the infrastructure (wired and wireless).

I would imagine it to work a bit like a RADIUS 802.11r Enabled network but with the difference that you manually do the move to the right VLAN :)

#3

General Discussion / Shaper Rules not hitting.

Last post by Steps - Today at 04:21:13 PM

Hello Everyone, im having trouble creating a shaper rule that hits.
I created a pipe and a rule that should hit almost all traffic (any any any)
but I can't seem to get a hit on it.
All I want to do eventually is tag my outgoing DNS traffic with a DSCP value.
Hope someone can help me.
Thanks in advance,
Steven

#4

General Discussion / Re: Wildcards in domain names:...

Last post by nero355 - Today at 04:13:49 PM

I've generally found that blocking anything related to outlook.com will break stuff your users need.

Blocking the "Is Windows Online ?" Service/Pinger URL or disabling it via regedit is known for causing Office related software like Word and Excel to become extremely slow/sluggish in the past, so yeah : Don't play with all that stuff too much if you don't want weird unexpected issues !!

#5

General Discussion / c-state tunable not working

Last post by Lucid1010 - Today at 04:01:46 PM

You cannot view this attachment.


For optimal performance, I configured the settings as shown in the image and rebooted. However, when verifying via the `sysctl `command, it shows up as `C1`.

n100 cpu, opnsense 26.1

#6

General Discussion / Re: The OPNsense Plugins Syste...

Last post by nero355 - Today at 03:59:03 PM

Maybe OPNsense should have something like 'Don't Break Debian' @ https://docs.opnsense.org/ ?! :)

#7

General Discussion / Re: VLAN with Synology RT600AX...

Last post by nero355 - Today at 03:51:29 PM

Can I just confirm, you made it work with the RT6600AX as AP?

I made it work for a Wired VLAN but if I would add a SSID to that VLAN then it would work too for sure!

From what I can tell in many places, people in general have problems with the VLAN tagging for this AP.

What is so special about it ?!

Give me a link to a Manual PDF of the thing and I will take a look for you for fun :)

And maybe I should add, I only want VLAN for wireless devices, anything wired goes to my main LAN. So I guess I need to tag the VLAN 10 and have VLAN 1 untagged from the AP through the switch to opnsense, according to my logic (so I can use the "standard" LAN wirelessly as well)?

To be honest : I don't know if ANY Wireless Accesspoint works like that ?!
_{(Excluding those Consumer level Mesh things and such here...)}

Usually the Native VLAN (Untagged) is only transported to it so you can Manage the thing either via it's webGUI or some kind of Controller and any SSID on it is done via VLAN Tagging.

After a few more hours of testing, I'm pretty sure everything inside opnsense is correctly configured. However, the VLAN 10 network still has full access to my primary LAN, since I can ping anything from the phone on this network, so my tests have failed. Anyway, thanks for trying to help me out here.

Then your Firewall Rules are not configured properly :)

The RT6600AX as AP doesn't have much settings, just a name and a VLAN, and of course an SSID for the network.
And some "advanced settings" as seen in the picture, probably not relevant to my problems.

FYI Side note : DTIM for 2.4 GHz should be either 1 or 3 for compatibility so 4 is a weird value IMHO.

#8

General Discussion / Re: Automation to update BIND ...

Last post by fargeleggingssider - Today at 03:34:11 PM

This is a really helpful discussion on OPNsense — I like how members are breaking down firewall configuration and best practices step by step. Real-world feedback like this makes it easier for newcomers to understand what works and why. For moments when I'm juggling tech tasks and family time, I also turn to simple creative resources like the printable coloring pages on fargeleggingssider.com to keep the kids happily occupied while I read threads like this.

#9

German - Deutsch / Re: WebGUI via WAN nicht mögli...

Last post by Patrick M. Hausen - Today at 03:29:47 PM

Und reply-to deaktivieren, wenn der PC, von dem aus man zugreifen möchte, im selben Netz hängt wie die WAN Schnittstelle.

Firewall: Settings: Advanced

#10

26.1 Series / What to do with "Rules" now? T...

Last post by senseOPN - Today at 02:37:16 PM

After migration, I still see "Rules [new]" and "Rules".
Within "Rules" there are still 9 automatically added rules - and I am not sure if that means they now exist double, in the old and in the new rules.

A clear way would be to remove the "Rule" and rename "Rules [new]" to simply "Rules".

Can I do this somehow?
Will this be added later?

As there are still rules listed with in the old rules (), this is not just cosmetic.
It is quite confusing :-)

Also, even as I deleted all "Floating Rules" they are still listed for other Interfaces, see the screenshot.