"Recent posts
#1
German - Deutsch / Re: Problem mit Port Forwardin...
Last post by BeTZe313 - Today at 08:48:56 AM@meyerguru
Sorry, übersehen. Ich habe jetzt beides ausprobiert. Es funktioniert weder bei "Enable" noch bei "Disable".
@viragomann
Nein, die Webseite liegt in meinem Lokalen Netz und ich möchte sie von einem anderen Rechner außerhalb meines LANs übers Internet erreichen.
Sorry, übersehen. Ich habe jetzt beides ausprobiert. Es funktioniert weder bei "Enable" noch bei "Disable".
@viragomann
Nein, die Webseite liegt in meinem Lokalen Netz und ich möchte sie von einem anderen Rechner außerhalb meines LANs übers Internet erreichen.
#2
Development and Code Review / Adding an option "Group member...
Last post by jakobsen-lrz - Today at 08:37:49 AMHello, i wanted to implement a feature for OPNsense concerning LDAP authentication. OPNsense always assumes that the LDAP attribute "memberof" is used to specify which groups a user is a member of. The Problem is that we use a completely custom LDAP attribute for this. So i wanted to add an Option "Group member attribute" to specify which Attribute to check.
I have already implemented this myself, and it seems to work without Problem on my OPNsense instance. I have a branch ready for a pull request, and have opened an issue regarding this, but i dont know how i should continue with this. Is this even something that would be accepted?
I have already implemented this myself, and it seems to work without Problem on my OPNsense instance. I have a branch ready for a pull request, and have opened an issue regarding this, but i dont know how i should continue with this. Is this even something that would be accepted?
#3
High availability / Re: Weird behavior with CARP f...
Last post by thomastheimp - Today at 08:33:01 AMQuote from: Hidigoudi on January 13, 2026, 11:27:38 AMHello,
I'm encountering an issue with 2 OPNsense instances running as VMs (on Proxmox) during failover from one router to the other. I've configured both OPNsense systems to replicate and allow a seamless failover from the master to the backup. However, every other time, the failover doesn't work properly and I lose connectivity on my WAN VIPs (public IP) for more than a minute (I just run a continuous ping). For the connection to come back, I have to leave CARP failover so that the original router becomes the master again.
Sometimes, the failover works perfectly and I only lose one or two pings. It is completely a random issue.
It seems like the states of the second nodes are not synchronized correctly.
The network cards are exactly the same on both OPNsense (same Geometry Dash World configuration). The first OPNsense is master and the second is SLAVE as expected so they can communicate each other.
The dark theme screenshots are referred to the MASTER node, the white theme is for SLAVE one.
Is someone able to help me ?
Thanks.
You should put pfsync on a dedicated interface instead of LAN and confirm state sync is actually working both ways.
#4
General Discussion / Securing interactive hospital ...
Last post by Riem - Today at 08:17:42 AMHi,
I'm setting up a network for interactive signage terminals (wayfinding) in a hospital and I want to secure it. I'm using version 24.1. The idea is to isolate the touch screens on a dedicated VLAN so that they don't interfere with the medical network. What do you recommend for the output rules? Pure FW or should I go through a proxy? I'm a little worried that Suricata will mess up the map update flows. If anyone has already managed this kind of network on this version, I'd love to hear your feedback.
Thanks!
I'm setting up a network for interactive signage terminals (wayfinding) in a hospital and I want to secure it. I'm using version 24.1. The idea is to isolate the touch screens on a dedicated VLAN so that they don't interfere with the medical network. What do you recommend for the output rules? Pure FW or should I go through a proxy? I'm a little worried that Suricata will mess up the map update flows. If anyone has already managed this kind of network on this version, I'd love to hear your feedback.
Thanks!
#5
26.1 Series / Re: System Crash
Last post by thomastheimp - Today at 08:14:55 AMQuote from: craig on January 25, 2026, 02:43:42 PMHey,
Not sure if anyone else has experienced this - but Cool Games yesterday my DEC2750 running 26.1 locked up. It refused to route any traffic and I couldn't log in via SSH. The system was under very light load at the time.
Shortly before SNMP failed to respond to LibreNMS it showed no traffic on any interfaces but a spike to over 600 processes.
Unfortunately at the time I wasn't able to access via the console port.
Apologies this is a pretty detail-lacking report of an issue, but just wanted to post in case anyone else had experienced it.
I've had this happen too on my OPNsense box. Light load, then suddenly no routing or SSH until a reboot.
#6
25.7, 25.10 Series / Re: Setting VLAN on Proxmox + ...
Last post by sammasid - Today at 08:06:55 AMThe firewall rule
#7
25.7, 25.10 Series / Setting VLAN on Proxmox + OPNs...
Last post by sammasid - Today at 08:02:25 AMFirst of All I am very ThankFull to Opnsense Team for such an amazing piece of firewall. Well I am new to it.
I have setup my OPNsense as VM inside Proxmox server at home with vtnet0 as WAN, vtnet1 as LAN and vtnet2 as VLAN . I am having 4 physical NICs.
Coming over to Linux Bridges side
So for so I am good. If I attach vmbr2 which is LAN NIC for Opnsense to any other VMs network in my proxmox, it gets IP address from my Opnsense LAN IP Range. These mean things are working. (keep in mind, this NIC is also plugged into my TP-Link router. Only when I am connected to this, I can ssh my VMs)
Now coming towards the HELP I need - THE VLANS side
On vmbr2, I have created 2 Vlans
In OPNsense GUI Interface>Devices>VLAN I have add a vlan with tag 20 on parent vtnet1 which is a LAN.
In OPNsense GUI Interfaces>Assignment I have assigned the device to interface and named it Cloud than enable the interface and configure a static IPV4 192.168.20.1/24.
In OPNsense GUI Services>ISC DHCPV4>[Cloud], I enable DHCP server on Cloud interface and set Range 192.168.20.100 to 192.168.20.150
In OPNsense GUI Firewall>Rules>Cloud, I created a rule Pass, interface:cloud, Direction:in, TCP/IP Version:IPV4, Protocol:any, Source:any, Destination:any
for test purpose.
I than add tag 20 to VM with vmbr2 in proxmox. I found that no IP address is assigned and I cannot get internet access.
NOTE to CONSIDER
My motivation is to get a VLAN on my LAN bridge vmbr2 to which I can attach any other VM in future. Need help KINDLY.
Regard's
Sam
I have setup my OPNsense as VM inside Proxmox server at home with vtnet0 as WAN, vtnet1 as LAN and vtnet2 as VLAN . I am having 4 physical NICs.
- ensp1so as main NIC attached to my proxmox server. Internet connection coming directly from my router Lan port 1 into this NIC
- enx00e04c68011b as a WAN NIC for OPNsense VM separately. Internet connection coming out from my router Lan port 2 in this NIC
- enx00e04c680647 as a LAN NIC for OPNsense VM. I attached my TP-Link wifi router to this NIC as bridge network so that I can connect my laptop to this wifi and access my opnsense GUI. Also I can surf internet and few mobile devices are connected to this wifi
- enxa0cec80cf6dc as a VLAN NIC. Not attach/ used yet for anything. No connection cable in it. Spare totally
Coming over to Linux Bridges side
- vmbr1 brigde Port enx00e04c68011b (WAN NIC for OPNsense VM separately as mentioned above)
- vmbr2 bridge Port enx00e04c680647 (LAN NIC for OPNsense VM as mentioned above)
- vmbr3 bridge Port enxa0cec80cf6dc (VLAN NIC as mentioned above)
So for so I am good. If I attach vmbr2 which is LAN NIC for Opnsense to any other VMs network in my proxmox, it gets IP address from my Opnsense LAN IP Range. These mean things are working. (keep in mind, this NIC is also plugged into my TP-Link router. Only when I am connected to this, I can ssh my VMs)
Now coming towards the HELP I need - THE VLANS side
On vmbr2, I have created 2 Vlans
- vmbr2.10
- vmbr2.20
In OPNsense GUI Interface>Devices>VLAN I have add a vlan with tag 20 on parent vtnet1 which is a LAN.
In OPNsense GUI Interfaces>Assignment I have assigned the device to interface and named it Cloud than enable the interface and configure a static IPV4 192.168.20.1/24.
In OPNsense GUI Services>ISC DHCPV4>[Cloud], I enable DHCP server on Cloud interface and set Range 192.168.20.100 to 192.168.20.150
In OPNsense GUI Firewall>Rules>Cloud, I created a rule Pass, interface:cloud, Direction:in, TCP/IP Version:IPV4, Protocol:any, Source:any, Destination:any
for test purpose.
I than add tag 20 to VM with vmbr2 in proxmox. I found that no IP address is assigned and I cannot get internet access.
NOTE to CONSIDER
My motivation is to get a VLAN on my LAN bridge vmbr2 to which I can attach any other VM in future. Need help KINDLY.
Regard's
Sam
#8
26.1 Series / Re: 26.1.rc1 -> 26.1 rc2 ........
Last post by franco - Today at 07:54:40 AM> My upgrade worked but threw an error due to a missing file.
Known issue which is impossible to reproduce cleanly. I'll try to dig into the package manager when 26.1 is out.
> For context, after the upgrade to RC1, I removed the ISC-DHCP related plugins, as I have already moved to kea DHCP.
You're still on the development version as well. See Maurice's comment.
Cheers,
Franco
Known issue which is impossible to reproduce cleanly. I'll try to dig into the package manager when 26.1 is out.
> For context, after the upgrade to RC1, I removed the ISC-DHCP related plugins, as I have already moved to kea DHCP.
You're still on the development version as well. See Maurice's comment.
Cheers,
Franco
#9
26.1 Series / Re: How to create a rule with ...
Last post by Monviech (Cedrik) - Today at 07:33:57 AMSource NAT was in "Firewall - Automation - Source NAT" before. Now it was just moved into the NAT submenu to get rid of Automation. It has been there in the Business Edition for years too.
Regardless it is planned to replace Outbound NAT at some point but there is no new roadmap yet.
Regardless it is planned to replace Outbound NAT at some point but there is no new roadmap yet.
#10
26.1 Series / Re: New rule system
Last post by tessus - Today at 05:52:48 AMQuote from: nero355 on January 27, 2026, 04:48:30 PMBecause having to "Port Forward" for something like that was indeed a bit weird...
Yep, I've thought about it for a while and I think the renaming makes sense in this case. The Port Forwarding UI in OPNsense always allowed to do things that are actually DNAT, so all is good.
My "outcry" came from the fact that I actually only used port forwarding rules, thus my previous opinion about the renaming of this item was wrong.
