"Recent posts
#1
Q-Feeds (Threat intelligence) / Womens From Your Town - No Ver...
Last post by scary_larry - Today at 05:13:07 AMPrivate Lady In Your Town - No Verify - Anonymous Sex Dating
https://privateladyescorts.com
Private Lady From Your City - Anonymous Sex Dating - No Selfie
https://privateladyescorts.com
Private Lady From Your City - Anonymous Sex Dating - No Selfie
#2
General Discussion / Re: Fresh install blocking mos...
Last post by Petski - Today at 04:19:25 AMAfter 4 full days of fighting this system I finally have it ALMOST working the way I want it. This shouldn't be this hard!
Obtained a Cisco SG300-20 switch. System is Cable modem <-> OPNsense PC <-> Cisco switch <-> All clients (plus many static addresses).
1) Tried using DHCP server in switch. No-Go. Subnet crossing issues always prevented accessing one of the two GUI interfaces or internet.
2) Set up ISC-DHCP server in OPNsense No-Go. None of the static addresses would bind. And, Yes, I only enabled one server at a time.
3) Set up dnsmasq server, No-Go. Same issue, no MAC address binding would work.
4) Set up KEA-DHCP server. Everything local worked but no internet access.
5) Went back to dnsmasq server, imported my exported bindings but none worked. This is where I discovered that the cable modem had to be power cycled each time I inserted and removed the OPNsense PC or it would refuse to pass anything through
6) I finally got the MAC address binding to work by deleting all reservations entered under the hosts tab and adding them back one at a time via the leases page add button.
7) Configured and enabled the blocklist option in dnsmask and it would not block anything! Even manually entered block domains went right through. Using the test tab feature showed every attempt passed so I went back to my PiHole server.
8) Another day of trying to get OPNsense to point to my PiHole server as the only DNS pathway. Now working... Almost..
My only remaining issue is that the OPNsense is sending all clients to 192.168.1.1 instead of the PiHole address. /etc/resolv.conf shows the PiHole
address but the clients are receiving the gateway address instead. It looks like all DNS requests are passing through OPNsense to get to PiHole.
Any ideas on how to get the DHCP server to advertise the PiHole address to clients?
Obtained a Cisco SG300-20 switch. System is Cable modem <-> OPNsense PC <-> Cisco switch <-> All clients (plus many static addresses).
1) Tried using DHCP server in switch. No-Go. Subnet crossing issues always prevented accessing one of the two GUI interfaces or internet.
2) Set up ISC-DHCP server in OPNsense No-Go. None of the static addresses would bind. And, Yes, I only enabled one server at a time.
3) Set up dnsmasq server, No-Go. Same issue, no MAC address binding would work.
4) Set up KEA-DHCP server. Everything local worked but no internet access.
5) Went back to dnsmasq server, imported my exported bindings but none worked. This is where I discovered that the cable modem had to be power cycled each time I inserted and removed the OPNsense PC or it would refuse to pass anything through
6) I finally got the MAC address binding to work by deleting all reservations entered under the hosts tab and adding them back one at a time via the leases page add button.
7) Configured and enabled the blocklist option in dnsmask and it would not block anything! Even manually entered block domains went right through. Using the test tab feature showed every attempt passed so I went back to my PiHole server.
8) Another day of trying to get OPNsense to point to my PiHole server as the only DNS pathway. Now working... Almost..
My only remaining issue is that the OPNsense is sending all clients to 192.168.1.1 instead of the PiHole address. /etc/resolv.conf shows the PiHole
address but the clients are receiving the gateway address instead. It looks like all DNS requests are passing through OPNsense to get to PiHole.
Any ideas on how to get the DHCP server to advertise the PiHole address to clients?
#3
25.7, 25.10 Series / Re: High CPU on Dashboard - So...
Last post by cyberfarer - Today at 12:08:38 AMThanks to all who replied, my issue was solved by this thread:
https://forum.opnsense.org/index.php?topic=47847.0
https://forum.opnsense.org/index.php?topic=47847.0
#4
25.1, 25.4 Series / Re: Web UI and PHP performance...
Last post by cyberfarer - Today at 12:05:32 AMWow. Just found this by following links. I find it strange that so many are experiencing this issue but it's so hard to find a good clue as to the issue. The odd thing is that I nuked IDS in trying to find the cause and rebooted and still it was there.
Then I read:
Well, that's helpful. My problem is now solved too.
Thanks.
Then I read:
Quote from: mweiskop on July 30, 2025, 04:00:57 PMI was experiencing a similar problem playing around with IDS/IPS rules.
Turns out even if you disable a rule, it keeps it in the config file.
Well, that's helpful. My problem is now solved too.
Thanks.
#5
German - Deutsch / Re: Hetzner Cloud Server Wire...
Last post by Patrick M. Hausen - December 28, 2025, 11:37:28 PMUnd die Cloud-IP ist doch mit dir verknüpft. Du hast doch ein Konto bei Hetzner mit Namen, Kreditkartennummer und sonst noch was ...
Hetzner weiß genau so viel über dich wie der Provider deines DSL-Anschlusses. Und Behördenoder wer auch immer, dann natürlich auch.
Hetzner weiß genau so viel über dich wie der Provider deines DSL-Anschlusses. Und Behördenoder wer auch immer, dann natürlich auch.
#6
German - Deutsch / Re: Hetzner Cloud Server Wire...
Last post by Peter68 - December 28, 2025, 11:33:52 PMDenke ich falsch? Man sieht doch nur die Cloud IP und nicht meine echte? Verbindung geht alles durch einen WG-Tunnel. Wie kann ich das mit meiner OPNsense im LAN besser hinbekommen? Ich war der Meinung über die Cloud und WG-Tunnel wäre Perfekt, nur für die DNS-Verbindung wollte ich meine OPNsense mit einbinden.
#7
German - Deutsch / Re: Hetzner Cloud Server Wire...
Last post by Patrick M. Hausen - December 28, 2025, 11:09:53 PMDu kannst natürlich den ganzen Traffic über einen WG-Tunnel durch den Cloud-Server routen. Da it bist du aber doch weniger anonym unterwegs als sonst. Der Cloud-Server hat schließlich feste IP-Adressen ...
#8
German - Deutsch / Re: Hetzner Cloud Server Wire...
Last post by Peter68 - December 28, 2025, 11:05:10 PMWerbung ist schon weg, DNS läuft auch. IP verschleiern wäre das, was ich möchte. Sowas wie ein eigener VPN. Mit dem Cloud Server wollte ich einfach etwas Testen, kostet auch nicht so viel und andere in der Familie, könnten auch ihren Nutzen haben.
Meine OPNsense möchte ich erstmal so lassen, hängt zu viel dran. Das mit Tor, wenn du das meinst, hab ich nie richtig zum laufen bekommen.
Plan ist, dass mal alles über die cloud läuft, habe aber schon bemerkt, dass sich ein paar wenige Seiten nicht öffnen.
Meine OPNsense möchte ich erstmal so lassen, hängt zu viel dran. Das mit Tor, wenn du das meinst, hab ich nie richtig zum laufen bekommen.
Plan ist, dass mal alles über die cloud läuft, habe aber schon bemerkt, dass sich ein paar wenige Seiten nicht öffnen.
#9
German - Deutsch / Re: Hetzner Cloud Server Wire...
Last post by knebb - December 28, 2025, 10:27:30 PMMoin,
mir ist nicht ganz klar, was Du erreichen willst?
Ich denke aber, dass Du ein wenig eine fahlsche Vorstellung hast, was Dir ein solcher Cloud-Server bringen kann... Du hast doch schon im LAN eine OPNSense, damit kannst Du doch eigentlich alles machen, dann braucht es doch keinen Cloud-Server mehr zusätzlich?
/KNEBB
mir ist nicht ganz klar, was Du erreichen willst?
- Werbung weg?
- IP verschleiern?
- DNS selbst hosten?
Ich denke aber, dass Du ein wenig eine fahlsche Vorstellung hast, was Dir ein solcher Cloud-Server bringen kann... Du hast doch schon im LAN eine OPNSense, damit kannst Du doch eigentlich alles machen, dann braucht es doch keinen Cloud-Server mehr zusätzlich?
/KNEBB
#10
General Discussion / Caddy Reverse Proxy + Firewall...
Last post by kiekar - December 28, 2025, 10:23:03 PMHello,
I'm having issues trying to acces home assistant using caddy plugin.
I have a home assistant device on my IoT network 192.168.30.0/24
I created a rule on my LAN network 10.10.0.0/24 to access home assistant with
Protocol: IPv4 TCP
Source: LAN net
Destination: 192.168.30.87
Port: 8123
Which work fine however if try with ha.mydomain.com it fails with ERR_CONNECTION_TIMED_OUT.
I decide to create an Allow All Any rule for testing.
After deleting all history in the browser I was able to get access to home assistant with ha.mydomain.com
however when trying to lock down the rule by first changing the protocol from any to tcp, deleting the browser history
I was no longer able to access home assistant with browser ERROR_CONNECTION_REFUSED.
Below is the config for caddy.
Any idea why I'm having issues with the rules.
Any help would be much appreciated.
I'm having issues trying to acces home assistant using caddy plugin.
I have a home assistant device on my IoT network 192.168.30.0/24
I created a rule on my LAN network 10.10.0.0/24 to access home assistant with
Protocol: IPv4 TCP
Source: LAN net
Destination: 192.168.30.87
Port: 8123
Which work fine however if try with ha.mydomain.com it fails with ERR_CONNECTION_TIMED_OUT.
I decide to create an Allow All Any rule for testing.
After deleting all history in the browser I was able to get access to home assistant with ha.mydomain.com
however when trying to lock down the rule by first changing the protocol from any to tcp, deleting the browser history
I was no longer able to access home assistant with browser ERROR_CONNECTION_REFUSED.
Below is the config for caddy.
Any idea why I'm having issues with the rules.
Any help would be much appreciated.
Code Select
# caddy_user=root
# Global Options
{
log {
output net unixgram//var/run/caddy/log.sock {
}
format json {
time_format rfc3339
}
level DEBUG
}
servers {
protocols h1 h2
}
grace_period 10s
skip_install_trust
import /usr/local/etc/caddy/caddy.d/*.global
}
# Reverse Proxy Configuration
ha.mydomain.com {
tls /usr/local/etc/caddy/certificates/692f47de03cb7.pem /usr/local/etc/caddy/certificates/692f47de03cb7.key {
}
handle {
reverse_proxy 192.168.30.87:8123 {
}
}
}
import /usr/local/etc/caddy/caddy.d/*.conf
