"Recent posts
#1
25.7, 25.10 Series / Re: Error popup: The release t...
Last post by franco - Today at 09:08:26 AMWhich is also documented and therefore intended.
Cheers,
Franco
Cheers,
Franco
#2
German - Deutsch / Re: GeoIP (Maxmind) nicht mehr...
Last post by viragomann - Today at 09:04:14 AMHmmm. Wenn der URL gesetzt ist und im Browser funktioniert, sollte er eigentlich auch in OPNsense funktionieren.
Und ja, Maxmind funktioniert schon noch. "Last updated" zeigt gestriges Datum: 2025-12-09T07:50:02
Wenn ich einen neuen Geo-Alias anlege, bekomme ich sofort die Länderauswahl.
Findet sich etwa im System Log ein Hinweis auch ein Problem?
Und ja, Maxmind funktioniert schon noch. "Last updated" zeigt gestriges Datum: 2025-12-09T07:50:02
Wenn ich einen neuen Geo-Alias anlege, bekomme ich sofort die Länderauswahl.
Findet sich etwa im System Log ein Hinweis auch ein Problem?
#3
General Discussion / still see traffic going out vi...
Last post by robertkwild - Today at 08:43:57 AMhi all,
enabled DNS over TLS via here
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-dot-on-opnsense
getting stuck when i create my own fw rules and nat to stop 53 out
as i have a few fw rules, should i create the block for 53 at the bottom so its first or at the top
thanks,
rob
enabled DNS over TLS via here
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-dot-on-opnsense
getting stuck when i create my own fw rules and nat to stop 53 out
as i have a few fw rules, should i create the block for 53 at the bottom so its first or at the top
thanks,
rob
#4
Russian - Русский / Re: x2ray + tun2socks. Сделал ...
Last post by Serg - Today at 07:16:01 AMДелал такую связку.
Не сразу завелось, но заработало благодаря всем тут отписавшимся.
Но в этой связке нужно следить за двумя сервисами(службами).
Проще использовать sing-box. Будет при этом один сервис(служба).
Он может работать как просто прокси, так и сразу создавать интерфейс на который можно настроить переадресацию.
Вот ссыль на гитхаб, где можно взять установщик для OPNSense и pfSense.
Не сразу завелось, но заработало благодаря всем тут отписавшимся.
Но в этой связке нужно следить за двумя сервисами(службами).
Проще использовать sing-box. Будет при этом один сервис(служба).
Он может работать как просто прокси, так и сразу создавать интерфейс на который можно настроить переадресацию.
Вот ссыль на гитхаб, где можно взять установщик для OPNSense и pfSense.
#5
25.7, 25.10 Series / Re: Group information via RADI...
Last post by jerryhze - Today at 06:43:32 AMSame issue here. I have created a issue on Github but no update yet.
https://github.com/opnsense/core/issues/9286
https://github.com/opnsense/core/issues/9286
#6
25.1, 25.4 Series / Re: IPsec Group Authentication
Last post by jerryhze - Today at 06:42:58 AMI have the same issue. I have created a issue on Github but no update yet.
https://github.com/opnsense/core/issues/9286
https://github.com/opnsense/core/issues/9286
#7
General Discussion / Re: Zoraxy Reverse Proxy does ...
Last post by Monviech (Cedrik) - Today at 06:17:21 AMI mean you could still use caddy which is more mature in general which will fix most pain points you will have.
It also supports Authentik and I know quite some people using it that way.
If Zoraxy is your personal quest though to improve, go ahead. Not much I can do though.
If I remember the debug logging in lighttpd was also a major pita for me, I disabled syslogging and manually started it and looked at stdout in the console.
It also supports Authentik and I know quite some people using it that way.
If Zoraxy is your personal quest though to improve, go ahead. Not much I can do though.
If I remember the debug logging in lighttpd was also a major pita for me, I disabled syslogging and manually started it and looked at stdout in the console.
#8
Tutorials and FAQs / Re: [HOWTO] OpnSense under vir...
Last post by renew - Today at 05:47:35 AMHi,
I am attempting to create a opnsense router on proxmox. I just got my X ONU SFPP today. I Have it in a 10Gtek SFP+ card. I am attempting to install it into a proxmox / opnsense machine. My network is 192.168.1.1, the XONU is at 192.168.11.1 (11 not 1) I have my promox box as 192.168.1.50. I have another computer I connect to the proxmox box through another NIC. Can you please walk me through the way to connect to the SFP+ on the "11" network? I need to set it up so it becomes my WAN into Opnsense. I am new to opnsense, and yes, I need to learn alot. Please be precise on how to connect/bridge or however I need to make the connection. And hopefully be kind. Thanks!
I am attempting to create a opnsense router on proxmox. I just got my X ONU SFPP today. I Have it in a 10Gtek SFP+ card. I am attempting to install it into a proxmox / opnsense machine. My network is 192.168.1.1, the XONU is at 192.168.11.1 (11 not 1) I have my promox box as 192.168.1.50. I have another computer I connect to the proxmox box through another NIC. Can you please walk me through the way to connect to the SFP+ on the "11" network? I need to set it up so it becomes my WAN into Opnsense. I am new to opnsense, and yes, I need to learn alot. Please be precise on how to connect/bridge or however I need to make the connection. And hopefully be kind. Thanks!
#9
25.7, 25.10 Series / Re: No WAN Connectivity with M...
Last post by dhanson - Today at 04:21:24 AMI had a similar situation, but different circumstances with the same symptoms. Adding my situation to this post because this was one of the few that I found that matched the symptoms I was seeing.
Upgraded to a new firewall and did a fresh install shortly after fiber became available in my neighborhood. Had the new system set up, but with 2 WAN connections since my xfinity line was still active, and added the new fiber line from Metronet.
A week after getting it set up and it was running fine, I got a static IP address from Metronet. I changed the interface for that line to use the static IP address, but when I changed the gateway setting for it, nothing could travel through it. Especially weird was that I could ssh to the opnsense system, and will just the Metronet/static IP line connected, I could ping IP addresses from the WAN, but nothing in my LAN could ping outside of the LAN.
The solution for me was to create a new gateway in opnsense specifically for the static IP address instead of editing the existing DHCP gateway and changing it to a static. Once I did that and changed the interface to use the new gateway rule instead of the edited one, it worked just fine.
Upgraded to a new firewall and did a fresh install shortly after fiber became available in my neighborhood. Had the new system set up, but with 2 WAN connections since my xfinity line was still active, and added the new fiber line from Metronet.
A week after getting it set up and it was running fine, I got a static IP address from Metronet. I changed the interface for that line to use the static IP address, but when I changed the gateway setting for it, nothing could travel through it. Especially weird was that I could ssh to the opnsense system, and will just the Metronet/static IP line connected, I could ping IP addresses from the WAN, but nothing in my LAN could ping outside of the LAN.
The solution for me was to create a new gateway in opnsense specifically for the static IP address instead of editing the existing DHCP gateway and changing it to a static. Once I did that and changed the interface to use the new gateway rule instead of the edited one, it worked just fine.
#10
General Discussion / Re: Port Forwarding issue insi...
Last post by Land_Strider - Today at 04:20:23 AMQuote from: viragomann on December 09, 2025, 08:07:43 PMAs the live view shows, the traffic is passed through OPNsense.
To get sure, you can run a packet capture on the LAN. Presumably the packets from the PC are going out there, but nothing is coming back.
If so, it's not on OPNsense.
You can try to hairping the restive traffic on the LAN interface and see if it helps.
I tried to capture the packet traffic from both ends via Wireshark and OPNsense interface, but I'm not sure how to make sense of it at the moment.
Looks like SNAT/DNAT works, but there is some other problem causing no response to be received by PC for the packets it keeps re-sending. The ISP router could be dropping the packets, but as far as the NAT goes the packets should look requested ones, right?
Attaching the filtered pcap files.
