"Recent posts
#1
General Discussion / Re: 2nd LAN Port has no Intern...
Last post by stefanpf - Today at 04:29:26 AMHi,
It sounds like a DHCP range is missing for the second LAN interface.
Take a look at the relevant sections in Dnsmasq.
Also check the interface binding settings for Dnsmasq and Unbound.
I'm not entirely sure about this, but you might need to add a rule for the DNS destination "this firewall" on UDP port 53 on the second interface.
It sounds like a DHCP range is missing for the second LAN interface.
Take a look at the relevant sections in Dnsmasq.
Also check the interface binding settings for Dnsmasq and Unbound.
I'm not entirely sure about this, but you might need to add a rule for the DNS destination "this firewall" on UDP port 53 on the second interface.
#2
26.1, 26,4 Series / Re: 26.1.6_2 Destination NAT ...
Last post by lmoore - Today at 02:29:46 AMQuote from: OPNsense4ever on April 26, 2026, 11:47:58 PMWhat should be used for Redirect Target Port? The first port in the range? 1630? any?
In your case you would enter 1630, which is the base port number for the range.
Connections arriving within you port range of 1630-1641 will be redirected to ports 1630-1641 at the redirected address.
If you set your Redirect Target Port to 20630, the connections arriving within the port range of 1630-1641, will be redirected to 20630-20641.
If you wanted to use multiple but not sequential ports, you would set up a Port Alias with the port numbers and use the Port Alias in the Destination Port and Redirect Target Port fields.
[Edit] Using "any" simply redirects to the port numbers within the range.
#3
26.1, 26,4 Series / Re: 26.1.6_2 Destination NAT ...
Last post by SonicJoe - Today at 01:13:16 AMI'm pretty sure destination NAT is one to one. You would need 2 rules, one for port 1630 and one for port 1631 if you need both redirected.
Edit: Oops, just realized you have 12 ports to 1641. So it would be 12 rules. I could be wrong, but that's what I did for the redirects i need.
Edit: Oops, just realized you have 12 ports to 1641. So it would be 12 rules. I could be wrong, but that's what I did for the redirects i need.
#4
General Discussion / 2nd LAN Port has no Internet /...
Last post by kc9joy - Today at 12:59:07 AM Setup is a dell computer with 2 network cards each dual nic and the default onboard nic. I have one set (wan, lan) working just fine. I added another port into the setup as a second lan connection with its own ip address and dhcp. Made sure to add a rule for pass in the fire wall. So where I am running into the issue is that the second lan does not have internet access. It does issue the ip correctly to the machines that are connected. Not sure what I am missing.
#5
26.1, 26,4 Series / 26.1.6_2 Destination NAT - ho...
Last post by OPNsense4ever - April 26, 2026, 11:47:58 PMHello,
I am trying to redirect ports TCP/UDP ports 1630-1641 to a host on my LAN. I can use the "Single port or range" drop-down for the Destination Port, but there is nothing similar for Redirect Target Port. I looked at the docs here, but I don't see anything.
What should be used for Redirect Target Port? The first port in the range? 1630? any?
Thank you!
I am trying to redirect ports TCP/UDP ports 1630-1641 to a host on my LAN. I can use the "Single port or range" drop-down for the Destination Port, but there is nothing similar for Redirect Target Port. I looked at the docs here, but I don't see anything.
What should be used for Redirect Target Port? The first port in the range? 1630? any?
Thank you!
#6
26.1, 26,4 Series / Re: 26.1.6_2 Multiple Pugins S...
Last post by eliteharbinger - April 26, 2026, 10:14:25 PMHi,
I ran the command advised however this did not resolve the matter.
Therefore I took the drastic option of upgrading to the next dev version 26.7.a_475 and this resolved the matter albeit probably not the best way to resolve the issue.
Many thanks for all your help.
I ran the command advised however this did not resolve the matter.
Therefore I took the drastic option of upgrading to the next dev version 26.7.a_475 and this resolved the matter albeit probably not the best way to resolve the issue.
Many thanks for all your help.
#7
26.1, 26,4 Series / Re: This makes me want to cry!...
Last post by nero355 - April 26, 2026, 09:11:21 PMQuote from: roohoo on April 26, 2026, 03:06:02 PMI installed Sophos firewall to see how it fared. For the first 15 hours, it worked perfectly, then all internet access stopped. It had dropped the connection to my (Gigaclear) fibre modem. Rebooting the VM had no effect. Only physically turning off the machine and turning it back on worked.Weird stuff... :(
I'm starting to think that my wildly unlikely hypotheses that something on my network - or Gigaclear's - is sending malformed packets that can kill a router might actually be the case.
So no results from any of your OPNsense machines at that friends house for now ??
#8
German - Deutsch / Re: OPNSense bekommt keine IPv...
Last post by meyergru - April 26, 2026, 08:25:26 PMVersuch bitte mal "Request Prefix only" zu aktivieren und in der "Optional prefix ID" eine ID, die ungleich der verwendeten IDs in allen VLANs ist.
Die Präfixlänge /56 ist korrekt.
Ich gehe davon aus, dass Du bei DG die Betriebsart "eigener Router" gewählt hast? Das ist Grundvoraussetzung - normalerweise machen die irgendeinen Quatsch mit AFTR, soweit ich weiß. Siehe auch hier: https://forum.opnsense.org/index.php?topic=49000.0
"Skipping gateway" ist ein Folgefehler: Ohne IPv6 auf dem WAN gibt es auch kein IPv6-Gateway.
Die Präfixlänge /56 ist korrekt.
Ich gehe davon aus, dass Du bei DG die Betriebsart "eigener Router" gewählt hast? Das ist Grundvoraussetzung - normalerweise machen die irgendeinen Quatsch mit AFTR, soweit ich weiß. Siehe auch hier: https://forum.opnsense.org/index.php?topic=49000.0
"Skipping gateway" ist ein Folgefehler: Ohne IPv6 auf dem WAN gibt es auch kein IPv6-Gateway.
#9
26.1, 26,4 Series / Re: OpenVPN - Via UDP no routi...
Last post by viragomann - April 26, 2026, 07:48:47 PMQuote from: PotatoCarl on April 26, 2026, 12:12:16 PMI tried already multiple times to "just make a new UDP VPN" with the new config, but I do not even get a connection yetSo you have to troubleshoot it.
Quote from: PotatoCarl on April 26, 2026, 12:12:16 PMSo currently trying to get the "old" config back to work.Then you have to troubleshoot the legacy server and later after migration to new, you have to troubleshoot the new connection.^^
Makes no sense to me.
Quote from: PotatoCarl on April 26, 2026, 12:12:16 PMI tried a Laptop with Linux and an Android phone to work:Tried with the phone using the mobile connection, not the wifi?
Quote from: PotatoCarl on April 26, 2026, 12:13:48 PMIf you mean a route in the OpenVPN Rules "Source" OpenVPN Network to any, I have this. Does not change anything.Just a simple allow-any rule on the OpenVPN.
Are you able to ping the virtual IP of the server then?
#10
German - Deutsch / Re: OPNSense bekommt keine IPv...
Last post by gothbert - April 26, 2026, 07:43:23 PMTja, geht nicht... :-(
Habe das Genexis vom Strom genommen und wieder verbunden. Die OpnSense bekommt dann gleich wieder eine IPv4-Adresse auf dem WAN-Interface igb9, bettelt aber regelmäßig um eine IPv6-Adresse. Auch nach 30 Minuten kein Erfolg, auch nicht nach mehrmaligen Reload im GUI.
So schaut es im Log aus:
"Skipping gateway WAN_DHCP6" sieht verdächtig aus.
Habe das Genexis vom Strom genommen und wieder verbunden. Die OpnSense bekommt dann gleich wieder eine IPv4-Adresse auf dem WAN-Interface igb9, bettelt aber regelmäßig um eine IPv6-Adresse. Auch nach 30 Minuten kein Erfolg, auch nicht nach mehrmaligen Reload im GUI.
Code Select
ifctl -6pi igb9 zeigt nichts.Code Select
ifconfig igb9 zeigtCode Select
igb9: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: WAN (wan)
options=48500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,HWSTATS,MEXTPG>
ether 7c:5a:1c:57:15:05
inet 100.84.160.102 netmask 0xffff0000 broadcast 100.84.255.255
inet6 fe80::7e5a:1cff:fe57:1505%igb9 prefixlen 64 scopeid 0xa
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>So schaut es im Log aus:
Code Select
2026-04-26T19:40:56 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:39:39 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:39:02 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:43 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:34 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:29 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:27 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:26 Notice dhcp6c Sending Solicit on igb9
2026-04-26T19:38:26 Notice dhcp6c restarting
2026-04-26T19:38:26 Notice dhcp6c rtsold_script: reloading dhcp6c
2026-04-26T19:38:21 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : wireguard_sync())
2026-04-26T19:38:21 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : webgui_configure_do(,[wan]))
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : vxlan_configure_do())
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : unbound_configure_do(,[wan]))
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : openssh_configure_do(,[wan]))
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : opendns_configure_do())
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure newwanip:rfc2136 (1,[wan])
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : ntpd_configure_do())
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : dhcrelay_configure_if(,[wan],inet))
2026-04-26T19:38:20 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure newwanip (,[wan],inet)
2026-04-26T19:38:19 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : wireguard_configure_do())
2026-04-26T19:38:19 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : openvpn_configure_do(,[wan]))
2026-04-26T19:38:19 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : ipsec_configure_do(,[wan]))
2026-04-26T19:38:19 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure vpn (,[wan],inet)
2026-04-26T19:38:18 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dns (execute task : unbound_configure_do(1))
2026-04-26T19:38:18 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dns (execute task : dnsmasq_configure_do(1))
2026-04-26T19:38:18 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dns (1)
2026-04-26T19:38:18 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dhcp (execute task : radvd_configure_dhcp(1))
2026-04-26T19:38:18 Warning opnsense /usr/local/etc/rc.configure_interface: dhcpd_dhcp6_configure() found no suitable IPv6 address on lan(bridge0)
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure monitor (execute task : dpinger_configure_do(,[WAN_DHCP,UDM]))
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure monitor (,[WAN_DHCP,UDM])
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: ROUTING: setting inet default route to 100.84.0.1
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: ROUTING: configuring inet default gateway on wan
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: ROUTING: setting inet interface route to 10.21.1.1 via igb9
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dhcp (execute task : dhcpd_dhcp_configure(1))
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure dhcp (1)
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure ipsec (execute task : ipsec_configure_do(1,wan))
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure ipsec (1,wan)
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: The required WAN_DHCP6 IPv6 interface address could not be found, skipping.
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: Skipping gateway WAN_DHCP6 due to empty 'gateway' property.
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: Skipping gateway WAN_DHCP6 due to empty 'monitor' property.
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.newwanip: ROUTING: entering configure using wan
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure monitor (execute task : dpinger_configure_do(1,[WAN_DHCP6,WAN_DHCP,UDM]))
2026-04-26T19:38:17 Notice opnsense /usr/local/etc/rc.configure_interface: plugins_configure monitor (1,[WAN_DHCP6,WAN_DHCP,UDM])
2026-04-26T19:38:17 Error opnsense /usr/local/etc/rc.configure_interface: ROUTING: refusing to set inet gateway on addressless wan(igb9)
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: ROUTING: refusing to set interface route on addressless wan(igb9)
2026-04-26T19:38:17 Warning opnsense /usr/local/etc/rc.configure_interface: ROUTING: refusing to set interface route on addressless wan(igb9)
2026-04-26T19:38:16 Notice opnsense /usr/local/etc/rc.newwanip: IP renewal starting (new: 100.84.160.102, old: 100.84.160.102, interface: wan, device: igb9, force: yes)"Skipping gateway WAN_DHCP6" sieht verdächtig aus.
