Recent posts

#1
26.1, 26,4 Series / kea dhcp option for debian pre...
Last post by cybermcm - Today at 05:14:43 PM
hello,
 I recently switched to kea and was able to use my debian preseed file with the following option in 'manual config mode'
        "client-classes": [
            {
            "name": "deb-preseed",
            "test": "substring(option[vendor-class-identifier].text,0,3) == 'd-i'",
            "boot-file-name": "https://xyz.net/preseed.cfg"
            }
        ],
I noticed that it is now possible to set options via gui but it doesn't work for me.
I tried option 124 with hex code 642d69 for (d-i), see screenshot but if I set this option and inspect kea-dhcp4.conf it only shows
"client-classes": [
            {
                "name": "22e436d9-2826-445b-ab48-d7b68058ca8f",
                "test": "option[124].hex == 0x642D69"
            }
        ]

Any ideas?
#2
Tutorials and FAQs / Re: [HOWTO] Sonos speaker in m...
Last post by kbthomelab88 - Today at 05:11:13 PM
How do you do the Sonos pass on on lan firewall rules?
#3
General Discussion / Re: Help with GeoIP and csv fo...
Last post by IPinfo - Today at 04:17:55 PM
I work for IPinfo. We are the most accurate IP geolocation data provider out there. The IP to Country data integration we have with Opnsense is the full accuracy version of it even though it is free. So, if you need country-level geolocation for free, it does not get better than this, which also includes paid data.

Another aspect is that we are active in the community. So, you can always ping me and ask questions about our data. Cheers.

— Abdullah | DevRel, IPinfo
#4
26.1, 26,4 Series / Re: KEA is still a mess IMHO
Last post by meyergru - Today at 03:55:49 PM
Pardon me for my ignorance, but isn't all of that besides the point?

If indeed two devices in the same broadcast domain do have the same MAC for whatever reason, you will be out of luck anyway, because both will use the same ethernet header and that is independent of IPv4 with ARP or IPv6 with NDP.
#5
26.1, 26,4 Series / Re: KEA is still a mess IMHO
Last post by lilsense - Today at 03:27:11 PM
Quote from: Patrick M. Hausen on May 08, 2026, 10:50:30 PM
Quote from: lilsense on May 08, 2026, 07:07:27 PMI must be the only one here who's seen many dupe macs on laptops and pc's.
I'm a network engineer for more than three decades and I have never seen a single duplicate MAC address. 🤷�♂️
Four decades here, sounds super old... I have seen it as recent as in last 10yrs with the same manufacturer with diff NICs one on a laptop and other on a PC. Dupe MACs are here to happen is a fact. Reliance on them as an IPv6 is a crap shoot that I will not recommend losing job over. :D

To elaborate, the IPv6 should include at least the vlanID .
#6
Looks good as do your rules. I'd bring the big tools - packet trace/tcpdump.
#7
Virtual private networks / Re: Firewall rules to allow co...
Last post by beneix - Today at 03:11:57 PM
In the client peer definition, it's 0.0.0.0/0. On the OPNSense side, it's 192.168.5.2/32.
#8
26.1, 26,4 Series / Re: KEA is still a mess IMHO
Last post by Patrick M. Hausen - Today at 02:04:57 PM
OK, I implied duplicate in the same broadcast domain.
#9
26.1, 26,4 Series / Re: Unbound TCP drops every 7....
Last post by nero355 - Today at 01:26:06 PM
Quote from: Multiplex on Today at 08:58:52 AM- `edns-packet-max=1232` on Pi-hole — reduces TCP usage but does not eliminate it
That should be included in your Pi-Hole configuration by default AFAIK ?!

IMHO the easiest fix for this is just run Unbound on your Pi-Hole directly instead of using the one on your OPNsense : https://docs.pi-hole.net/guides/dns/unbound/

I am using it for many years now like that and the Warning/Error you are talking about only appears once in a while maybe :)
In general it's not a real issue and you could also just simply ignore it...
#10
26.1, 26,4 Series / Re: KEA is still a mess IMHO
Last post by nero355 - Today at 01:16:34 PM
Quote from: lmoore on Today at 03:02:36 AMThe only time I would expect to see the same MAC address used more than once, is if the interface is configured with VLAN's.
As in VLAN Interfaces ? I would too :)