Recent posts

#21

General Discussion / Re: UDP Broadcast Relay

Last post by meschmesch - January 01, 2026, 06:00:27 PM

I've been out of luck to use this amazing UDP Broadcast Relay for WS-Discovery across VLANS...

It works well for mDNS with my chromecasts

But for WS-Discovery, no matter what source IP I use, "empty", "1.1.1.1" or "1.1.1.2" it just does not manage to let WS-Discovery work from one vlan/subnet to another.

In fact, with "empty", it almost works : probe requests reached the other subnet, that answsers with a probe-match. But Windows has the good idea to see the probe-match packet, but since the source IP is outside it's subnet, it doesn't try to resolve it...

I would like/need this UDP to act like a proxy for WS-discovery, and replace do something similar to NAT, which I thought could be the 1.1.1.1 or 1.1.1.2 source, but in fact sadly no...

Would you be willing to look at the ws-discovery protocol and implement some other mechanism to be able to act as a ws-discovery proxy (lots of documentation show this is allowed by the protocol but I could find no implementation of this anywhere).

Thanks in advance for your reading.

Hello, is there any solution to this issue? I confirm that with UDP Broadcast relay on Port 3702 and Broadcast Address 239.255.255.250 Windows does receive the packets, but for whathever reasons they are disregarded - indeed probably they originate from the wrong subnet...

Thanks!

#22

25.7, 25.10 Series / Re: Tried DNSCrypt-Proxy ... s...

Last post by ChrisChros - January 01, 2026, 05:57:59 PM

Hi, normally port 5353 is used for Multicast DNS (MDNS). I think this is the reason why the service will not start.

#23

General Discussion / Re: VLAN support on bridges fr...

Last post by pfry - January 01, 2026, 05:28:04 PM

Currently you can bridge VLAN interfaces but not the other way round.[...]

Ah, I missed the intent. The original VLAN assignment scheme was not a limitation/inconvenience for me. The value added by the new scheme seems limited, as it only provides a more traditional bridge-like configuration with no (apparent) added functionality. Not that I can say much about that, as I treat my firewall like a bridge and my bridges like port expanders, but I could use either method with little modification. (I actually prefer the old method, as some of my equipment is only manageable from VLAN 1, so isolating it would be potentially inconvenient.)

[I think its irresponsible for OPNsense]

#24

25.7, 25.10 Series / Re: Why can't you host the ISO...

Last post by gspannu - January 01, 2026, 04:58:37 PM

Here's the reason:

My home internet is 400down/30-35 up. My computers pretty fast, but to get fiber internet means we have to trust AT&T to dig up and fix THEIR cable, and charge me the same for the same bandwidth I get on my cloud. If AT&T did fix their cable, the physical cable in clay would easily break again and I'd lose connection due to their failure to protect the cable to cut corners.

I have a cloud server that's got 8c/16t (AMD Ryzen 7 3800X), 500Mbps up and down, and 128GB RAM, but the baremetal server runs 128GB of RAM. I have 3 IPs, and I don't want to run only 3 virtual machines on it.

I think its irresponsible for OPNsense to expect us to not provide a direct iso link when there's plenty of mirrors I can cancel, and turn around and copy link/paste. Heck, I could get a Windows ISO on my hypervisor faster than I could OPNSense.

I don't think such strong language is warranted for this supposed issue

#25

General Discussion / Re: VLAN support on bridges fr...

Last post by Rene78 - January 01, 2026, 04:31:54 PM

Currently you can bridge VLAN interfaces but not the other way round.

E.g. with FreeBSD 14:

igc0.1 - VLAN 1 on igc0
igc0.2 - VLAN 2 on igc0
igc1.1 - VLAN 1 on igc1
igc1.2 - VLAN 2 on igc1

bridge1 - members igc0.1, igc1.1
bridge2 - members igc0.2, igc2.2

This works well but is complicated and error prone to set up.

With FreeBSD 15:

bridge0 - members igc0, igc1

bridge0.1 - VLAN 1 on all bridge ports
bridge0.2 - VLAN 2 on all bridge ports


HTH,
Patrick

Will this also be implemented in OPNsense? Not sure if all FreeBSD options are also implemented in OPNsense

#26

General Discussion / Re: TUI for viewing and analys...

Last post by allddd - January 01, 2026, 04:06:08 PM

Did you experiment with the ports being in color and/or the direction being bold or in color?

The styling library I use supports adaptive styles, so you can define separate color schemes for light and dark backgrounds (even using different colors for 256-color and truecolor terminals). I wasted so much time trying to find the perfect color scheme, only to find out that half the terminals report the wrong background color... After that, I tried using just bold and faint styles, but even faint doesn't work on light backgrounds...

I've now added colors to ports and IPs in v0.7.0, which should hopefully make it more readable. No fancy adaptive styles though, I'm just using 2 colors that should work on both light and dark backgrounds (and don't look that bad on dark).

I also changed the direction indicators to I/O (with space), and it's indeed much more readable. Thanks for the suggestion!

You cannot view this attachment.

#27

Documentation and Translation / Re: Section(s) repeated twice ...

Last post by vimage22 - January 01, 2026, 03:44:27 PM

BTW, just wanted to re-mention this.

#28

General Discussion / (Solved) Re: Remove a service ...

Last post by vimage22 - January 01, 2026, 03:38:44 PM

Excellent, thank you. I will google 'menu override files'. It is not security related, I just find myself clicking on the wrong service.

I modified 2 files. They will not survive updates, but I'm good with that.
comment lines 127-133
/usr/local/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml
comment lines 3-13
/usr/local/opnsense/mvc/app/models/OPNsense/Dnsmasq/Menu/Menu.xml
execute
/usr/local/etc/rc.configure_plugins

Thanks again.

#29

General Discussion / Re: Remove a service from GUI ...

Last post by franco - January 01, 2026, 03:31:51 PM

Well, the right way would be to add a user with limited privileges. Admin + exclusions are not possible. I know that's a churn for "almost everything", but that's also not a typical use case.

You can also remove pages from the menu for everyone via adding menu override files, but the URLs are still accessible manually so only do this if you're not trying to improve security.


Cheers,
Franco

#30

25.7, 25.10 Series / Re: Why can't you host the ISO...

Last post by franco - January 01, 2026, 03:24:41 PM

> I think its irresponsible for OPNsense to expect us to not provide a direct iso link

I think it irresponsible to ask for direct bandwidth for uncompressed ISOs that are going to be abused by every cloud provider out there offering a "show me an iso and I'll boot your VM".

You'd think someone would be smart enough to allow decompression in their infinite wisdom. But I'm sure they know how not to support mirror maintainers at all. So a compressed iso is the best we've all got and can offer.  :D


Cheers,
Franco