"Recent posts
#1
Virtual private networks / Re: Run PostUp command when Wi...
Last post by Greelan - Today at 10:33:41 AM #2
26.1 Series / Re: Client is being assigned b...
Last post by meyergru - Today at 10:02:50 AMIf that is two different IPs from different subnets on WiFi and ethernet, then I guess your claim that there is no active DHCP server on the wired network is false. Setting DNS to port 0 may disable the actual DNS service for DNSmasq, but that does not say anything about what IP any DHCP server announces for the DNS service.
#3
Virtual private networks / Re: Tailscale - Site-to-Site S...
Last post by HardYeti162 - Today at 09:58:34 AMFirst time on the forum.
I am behind GNAT, OPNsense 26.1.1 Tailscale 1.94.1. I had this working since OPNsense 24.7
I can confirm you can disable the snat on the OPNsense plugin os-tailscale, you need to enable advance mode to show the option (VPN>Tailscale>Settings>) Top left (small toggle).
Also since that disables snat you need to make outbound nat rules for you TS-net and subnets, source IPv4 range is 100.64.0.0/10 source IPv6 range is fd7a:115c:a1e0::/48. You migth also need to enable ip forwarding base on your set up (System>Settings>Tunables) set this 2 values to 1, IPv4 net.inet.ip.forwarding and IPv6 net.inet6.ip6.fowarding. And you should have full site to site, I use site-to-vpn, never full site-to-site but besides adding a nat rule for each others subnets this should be it.
Also since Tailscale operates on the firewall itself, you wont normally see any traffic on the Tailscale interface, you might see it on the origin or destination interface.
I am behind GNAT, OPNsense 26.1.1 Tailscale 1.94.1. I had this working since OPNsense 24.7
I can confirm you can disable the snat on the OPNsense plugin os-tailscale, you need to enable advance mode to show the option (VPN>Tailscale>Settings>) Top left (small toggle).
Also since that disables snat you need to make outbound nat rules for you TS-net and subnets, source IPv4 range is 100.64.0.0/10 source IPv6 range is fd7a:115c:a1e0::/48. You migth also need to enable ip forwarding base on your set up (System>Settings>Tunables) set this 2 values to 1, IPv4 net.inet.ip.forwarding and IPv6 net.inet6.ip6.fowarding. And you should have full site to site, I use site-to-vpn, never full site-to-site but besides adding a nat rule for each others subnets this should be it.
Also since Tailscale operates on the firewall itself, you wont normally see any traffic on the Tailscale interface, you might see it on the origin or destination interface.
#4
Chinese - 中文 / 更新26版本后,在dnsmasq中定义的域名无法解析。
Last post by 流年易碎 - Today at 09:46:58 AM25版本还好好的,升级后出现无法解析。
具体是dnsmasq中域标签设置了xxx.com通过上游223.5.5.5解析,在主机中定义了几个本地域名解析a.xxx.com,b.xxx.com,c.xxx.com,本地解析正常,但是其它如d.xxx.com,xxx.com无法转发到上游dns解析,常规标签未勾选" 不转发系统定义DNS服务器",勾选了"顺序查询DNS服务器",日志显示:Warning dnsmasq ignoring nameserver 127.0.0.1 - local interface
具体是dnsmasq中域标签设置了xxx.com通过上游223.5.5.5解析,在主机中定义了几个本地域名解析a.xxx.com,b.xxx.com,c.xxx.com,本地解析正常,但是其它如d.xxx.com,xxx.com无法转发到上游dns解析,常规标签未勾选" 不转发系统定义DNS服务器",勾选了"顺序查询DNS服务器",日志显示:Warning dnsmasq ignoring nameserver 127.0.0.1 - local interface
#5
26.1 Series / Re: IPFire Domain Blocklist ( ...
Last post by tuto2 - Today at 09:27:40 AMQuote from: OPNenthu on February 18, 2026, 09:45:53 PMHowever, if I resolve subdomains like 'www.facebook.com' these are not blocked:
The blocklists will consider a domain as a wildcard if the domain starts with "*." in the downloaded list. In all other cases it does an exact match.
#6
Hardware and Performance / Re: OPNSense on Sophos XGS Har...
Last post by JayTee75 - Today at 08:47:21 AMMaybe this gives some hope:
https://github.com/albb0920/aqtion-freebsd-aq2
https://github.com/albb0920/aqtion-freebsd-aq2
#7
General Discussion / Re: [Request] NAT Setup guide ...
Last post by EchoMikeMike - Today at 07:30:56 AMFor anyone else following all these steps and still getting Type3 - set your PS to bypass Unbound DNS on Opnsense that is turned on by default. I set my PS5 to 1.1.1.1 and no restart immediately popped up with Type2 following these guys suggestions.
#8
Hardware and Performance / Beelink EQ14
Last post by BrandyWine - Today at 04:39:16 AMI am using this model for some other linux project, but I can say its a nifty quiet device.
N150, 16G ram, 500G nvme ssd, dual i226v, built-in wifi/bt, hdmi, USBs, and built-in psu.
Came with the latest Megatrends BIOS that has a ton of tweaks you can do.
The i226's needed updating.
Perhaps a smidge more money than others, but its nice, should be excellent fit for small office and home use OPNsense where it's just WAN/LAN or WAN/LAN.1q or LAN.1q/LAN.1q, obviously limited to 226 speeds.
N150, 16G ram, 500G nvme ssd, dual i226v, built-in wifi/bt, hdmi, USBs, and built-in psu.
Came with the latest Megatrends BIOS that has a ton of tweaks you can do.
The i226's needed updating.
Perhaps a smidge more money than others, but its nice, should be excellent fit for small office and home use OPNsense where it's just WAN/LAN or WAN/LAN.1q or LAN.1q/LAN.1q, obviously limited to 226 speeds.
#9
26.1 Series / Re: Client is being assigned b...
Last post by nero355 - Today at 03:27:24 AMQuote from: FarmServer on Today at 01:28:40 AMYet somehow this one pc keeps getting assigned an ip on 192.168.3.x as its primary dns. Its a corporate owned pc so I cant edit anything in its network settings to force it to use different dns name servers.Maybe it's a hardcoded IP address of the Corporate DNS Server ?!
What happens when you boot the PC without a network connection : Is the Primary DNS Server 192.168.3.41 still there ??
Try it a couple of times and check what happens...
#10
General Discussion / Please help me get connected t...
Last post by TrafficChaos - Today at 03:13:53 AMHello once again, I am making no progress in regard to connecting my OPNsense
router/firewall to the internet.
I have tried to get my OPNsense box to connect to the internet via my hotspot
which is bridged to my mobile phone, and had no success at all.
I have also connected a USB to WiFi adapter to my phone and connected
the ethernet end of the adapter to the WAN port on my OPNsense box and
have failed to make an internet connection using this method either.
I can connect the hotspot which is bridged to my mobile directly to a
computer and that computer can access the internet.
I can also connect the USB to WiFi adapter to my computer and also
rech out to the internet.
I truly have no idea why neither device when connected to my OPNsense
box's WAN port will not work.
There are so many settings under >Interfaces >WAN that I do not know wher to
start filling in the required details, or even what details are reauired.
Could someone please help me get this to work.
I connected both my USB to WiFi adapter and my Hotspot to my switch
and both allowed the devices connected to the switch to access the
internet, but this is not good as they do not go through the OPNsense
router/firewall.
But even this approach seems to only work sometimes.
I have no wired internet provider where I live, so am stuck with using
a mobile phone bridged to a hotspot which I can plug in via ethernet
cable to the OPNsense box, or similar setup using USB to WiFi adapter.
I attach the switch to the lan port on the OPNsense box and the other
devices am trying to access the internt with to the WAN port, I assume
this is the correct approach, did I at least get this right.
Thanks in advance to anyone who is able to help.
router/firewall to the internet.
I have tried to get my OPNsense box to connect to the internet via my hotspot
which is bridged to my mobile phone, and had no success at all.
I have also connected a USB to WiFi adapter to my phone and connected
the ethernet end of the adapter to the WAN port on my OPNsense box and
have failed to make an internet connection using this method either.
I can connect the hotspot which is bridged to my mobile directly to a
computer and that computer can access the internet.
I can also connect the USB to WiFi adapter to my computer and also
rech out to the internet.
I truly have no idea why neither device when connected to my OPNsense
box's WAN port will not work.
There are so many settings under >Interfaces >WAN that I do not know wher to
start filling in the required details, or even what details are reauired.
Could someone please help me get this to work.
I connected both my USB to WiFi adapter and my Hotspot to my switch
and both allowed the devices connected to the switch to access the
internet, but this is not good as they do not go through the OPNsense
router/firewall.
But even this approach seems to only work sometimes.
I have no wired internet provider where I live, so am stuck with using
a mobile phone bridged to a hotspot which I can plug in via ethernet
cable to the OPNsense box, or similar setup using USB to WiFi adapter.
I attach the switch to the lan port on the OPNsense box and the other
devices am trying to access the internt with to the WAN port, I assume
this is the correct approach, did I at least get this right.
Thanks in advance to anyone who is able to help.
