"Recent posts
#21
25.7, 25.10 Series / Re: Lost web mgmt. on 25.7.9 u...
Last post by Jose - Today at 12:05:59 AMI've also updated from 25.7.8 to 25.7.9 today trough the Dashboard [System:Firmware] and everything went fine, though never experienced this Dashboard hiccups(I use Firefox) but wondering why some users are reporting this issue after updates.
However I've experienced this problems in the past with some Rpi/ARM distributions running from bare slow USB/SDCard media, but that's expected unless the system is loaded/running from RAM disk, and/or when testing on older hardware with limited resources.
Regards
However I've experienced this problems in the past with some Rpi/ARM distributions running from bare slow USB/SDCard media, but that's expected unless the system is loaded/running from RAM disk, and/or when testing on older hardware with limited resources.
Regards
#22
German - Deutsch / Re: Routing Frage
Last post by meyergru - December 04, 2025, 11:39:08 PMIch verstehe offen gesagt nicht, wieso Du so pikiert reagierst. Du hast anfangs nicht genau gesagt, was Du eigentlich tust. Ich schrieb Dir dann, dass Deine Frage, wie der Switch das Routing zwischen Server 2 und 3 übernehmen kann mit "gar nicht" beantwortet werden muss, weil beide im selben VLAN liegen und somit kein Routing erfolgt.
Danach sagtest Du, dass Du den Switch nutzen willst, um direkt zwischen dem VLAN für den Mac und dem für die Server zu routen und habe lediglich gefragt, wozu Du dann die OpnSense noch benötigst. Das primär deswegen, weil die OpnSense dann eben genau bislang wirksame Netztrennung der VLANs nicht mehr gewährleistet - so langsam das aktuell auch sein mag. Ein solcher Hinweis ist doch wohl legitim, wenn Du selbst sagst, dass Du kein Netzwerkprofi bist.
Finde ich auch schade, aber ich nehme wahr, dass Du offenbar keine weiteren Hinweise mehr möchtest.
Danach sagtest Du, dass Du den Switch nutzen willst, um direkt zwischen dem VLAN für den Mac und dem für die Server zu routen und habe lediglich gefragt, wozu Du dann die OpnSense noch benötigst. Das primär deswegen, weil die OpnSense dann eben genau bislang wirksame Netztrennung der VLANs nicht mehr gewährleistet - so langsam das aktuell auch sein mag. Ein solcher Hinweis ist doch wohl legitim, wenn Du selbst sagst, dass Du kein Netzwerkprofi bist.
Finde ich auch schade, aber ich nehme wahr, dass Du offenbar keine weiteren Hinweise mehr möchtest.
#23
General Discussion / Re: use traffic shaper in fire...
Last post by saleh - December 04, 2025, 11:24:56 PMThank you so much Seimus and Franco for your support and assistance.
I hope the issue will be fixed in the upcoming release.
Best regards,
Saleh
I hope the issue will be fixed in the upcoming release.
Best regards,
Saleh
#24
General Discussion / Re: Port forwarding never reac...
Last post by viragomann - December 04, 2025, 11:12:32 PMQuote from: gigagames on December 03, 2025, 09:16:07 PMBut noting is received by the 10.30.0.80 machine. If i run `tcpdump -ni vlan0.30 port 62217` on Opnsense I also see no traffic.Did you verify this with a tcpdump on the destinations server?
#25
25.7, 25.10 Series / Re: OPNsense dies every 24th h...
Last post by TomasL - December 04, 2025, 10:26:05 PMWill probably go for ROXY9 and AIF, at the end.
#26
25.7, 25.10 Series / Re: OPNsense dies every 24th h...
Last post by Patrick M. Hausen - December 04, 2025, 10:21:50 PMQuote from: TomasL on December 04, 2025, 10:10:42 PMWell, other NICS is out, there is not enough space and only one slot on the MB.
Since it worked W/O any problem with CENTOS, well, it has to be an OPNsense issue and not an HW-isue.
Not debating that fact. But then probably a Linux based firewall would be preferable? Why not OpenWRT? Or IPFire?
#27
25.7, 25.10 Series / Re: OPNsense dies every 24th h...
Last post by franco - December 04, 2025, 10:17:53 PMYes, I already told you I have my doubts about reliability in FreeBSD with both the in-tree and the vendor driver.
Cheers,
Franco
Cheers,
Franco
#28
25.7, 25.10 Series / Re: Changing NIC caused me a w...
Last post by franco - December 04, 2025, 10:16:06 PMQuote from: jonm on December 04, 2025, 09:53:06 PMHow should I have done this properly?
For an inline replacement: Make a backup of your latest config. Make sure your new NICs work and are numbered correctly (perhaps using a live media boot to inspect this). Boot the old system again (with the old NICs plugged again). Change /conf/config.xml interface instances like suggested here already. Shut down (not reboot). Switch NICs if needed. Boot up.
Cheers,
Franco
#29
25.7, 25.10 Series / Re: OPNsense dies every 24th h...
Last post by TomasL - December 04, 2025, 10:10:42 PMWell, other NICS is out, there is not enough space and only one slot on the MB.
Since it worked W/O any problem with CENTOS, well, it has to be an OPNsense issue and not an HW-isue.
Since it worked W/O any problem with CENTOS, well, it has to be an OPNsense issue and not an HW-isue.
#30
Virtual private networks / Configuration Wireguard Tunnel...
Last post by eXcoRe - December 04, 2025, 10:10:17 PMDear OPNsense community,
first of all, I want to say that I really enjoy using OPNsense. It is a great project that supports many extensions and allows configuring a wide range of scenarios. I am just an enthusiastic user who is here to learn more and gain a better overall understanding. Any support is most welcome — and please be kind, as I do not have 10+ years of networking experience :)
I have already set up OPNsense with working WireGuard connections. The goal is to configure the WireGuard tunnels using Proton DNS without any DNS leakage, while also running Unbound DNS on the firewall.
Only the WireGuard clients (e.g., 192.168.1.90–192.168.1.91) should use the WireGuard tunnel including its DNS, and all other internal clients (e.g., 192.168.1.100–192.168.1.101) should use the Unbound DNS service — in other words, a split DNS configuration.
The OPNsense firewall is configured with Unbound DNS over TLS (port 853), and clients use, for example, Cloudflare (1.1.1.1), Google (8.8.8.8), or Quad9 (9.9.9.9).
Additionally, my configuration currently has a working Squid web proxy, which some VLAN clients and some LAN clients use to access the internet.
For testing purposes, I also deactivated it on the LAN interface, but it still did not work as expected.
Current situation:
The WireGuard clients are routed through the tunnel and receive the Proton IPs. However, during DNS testing, Proton DNS is not displayed — instead, the Unbound DNS appears. Testing was done using https://www.dnsleaktest.com
Traceroute result:
1 <1 ms <1 ms <1 ms OPNsense.localdomain [192.168.1.1]
2 18 ms 15 ms 15 ms 10.2.0.1 --> Proton WG tunnel active and working; my IP address is showing from the VPN
3 16 ms 16 ms 16 ms 205.xxx.xx.xxx --> Proton Server
4 16 ms 16 ms 16 ms vl221.ams-eq6-core-2.cdn77.com [79.127.194.82] --> this is what I want to avoid for WG clients
5 17 ms 17 ms 17 ms 142.250.163.178
6 17 ms 16 ms 16 ms 74.125.243.81
7 15 ms 16 ms 15 ms 209.85.240.100
8 17 ms 16 ms 17 ms 108.170.238.127
9 22 ms 22 ms 23 ms 192.178.75.29
10 24 ms 26 ms 25 ms 209.85.252.76
11 21 ms 21 ms 21 ms 108.170.238.3
12 21 ms 21 ms 21 ms 142.250.214.195
13 22 ms 22 ms 22 ms fra24s07-in-f3.1e100.net [142.250.186.131]
Unbound DNS is maybe "overwriting" or my WG clients are just passing around tunnel, not sure...
But I am quite sure that some firewall rules — and especially NAT — may not be configured correctly. I have not yet been able to identify what exactly is wrong.
Before overloading this post with to many pictures, I have created an extract of my current set up, see below picture:
You cannot view this attachment.
If you need anything more specific to identify this issue, just let me know.
I guess my problem should be clear, so looking forward to your valueable feedbacks.
Thanks
first of all, I want to say that I really enjoy using OPNsense. It is a great project that supports many extensions and allows configuring a wide range of scenarios. I am just an enthusiastic user who is here to learn more and gain a better overall understanding. Any support is most welcome — and please be kind, as I do not have 10+ years of networking experience :)
I have already set up OPNsense with working WireGuard connections. The goal is to configure the WireGuard tunnels using Proton DNS without any DNS leakage, while also running Unbound DNS on the firewall.
Only the WireGuard clients (e.g., 192.168.1.90–192.168.1.91) should use the WireGuard tunnel including its DNS, and all other internal clients (e.g., 192.168.1.100–192.168.1.101) should use the Unbound DNS service — in other words, a split DNS configuration.
The OPNsense firewall is configured with Unbound DNS over TLS (port 853), and clients use, for example, Cloudflare (1.1.1.1), Google (8.8.8.8), or Quad9 (9.9.9.9).
Additionally, my configuration currently has a working Squid web proxy, which some VLAN clients and some LAN clients use to access the internet.
For testing purposes, I also deactivated it on the LAN interface, but it still did not work as expected.
Current situation:
The WireGuard clients are routed through the tunnel and receive the Proton IPs. However, during DNS testing, Proton DNS is not displayed — instead, the Unbound DNS appears. Testing was done using https://www.dnsleaktest.com
Traceroute result:
1 <1 ms <1 ms <1 ms OPNsense.localdomain [192.168.1.1]
2 18 ms 15 ms 15 ms 10.2.0.1 --> Proton WG tunnel active and working; my IP address is showing from the VPN
3 16 ms 16 ms 16 ms 205.xxx.xx.xxx --> Proton Server
4 16 ms 16 ms 16 ms vl221.ams-eq6-core-2.cdn77.com [79.127.194.82] --> this is what I want to avoid for WG clients
5 17 ms 17 ms 17 ms 142.250.163.178
6 17 ms 16 ms 16 ms 74.125.243.81
7 15 ms 16 ms 15 ms 209.85.240.100
8 17 ms 16 ms 17 ms 108.170.238.127
9 22 ms 22 ms 23 ms 192.178.75.29
10 24 ms 26 ms 25 ms 209.85.252.76
11 21 ms 21 ms 21 ms 108.170.238.3
12 21 ms 21 ms 21 ms 142.250.214.195
13 22 ms 22 ms 22 ms fra24s07-in-f3.1e100.net [142.250.186.131]
Unbound DNS is maybe "overwriting" or my WG clients are just passing around tunnel, not sure...
But I am quite sure that some firewall rules — and especially NAT — may not be configured correctly. I have not yet been able to identify what exactly is wrong.
Before overloading this post with to many pictures, I have created an extract of my current set up, see below picture:
You cannot view this attachment.
If you need anything more specific to identify this issue, just let me know.
I guess my problem should be clear, so looking forward to your valueable feedbacks.
Thanks
