"Recent posts
#21
25.7, 25.10 Series / Re: Adding a VLAN takes 26 cli...
Last post by pfry - November 22, 2025, 06:11:02 PMQuote from: mtlynch on November 22, 2025, 04:57:30 PMWhat is the correct way for OPNsense customers to give feedback? [...]
Personally, I think the forum is the place to start. Naturally, in an ideal world everyone would research their issue and incorporate prior discussion and work, but this isn't always realistic, for a number of reasons. For myself, I like to throw stuff out and get feedback, and then perhaps open an issue on github if I think it actually has merit. I try to see the legacy and direction of the project, but I don't always succeed, of course.
As far as your suggestions, they don't strike me as significant. That is, filling in some default values would make no difference to me, just as a lots of clicking and typing to set up a VLAN doesn't bother me. Oh, and I care little for/about wizards, and I'm not likely to use the API. My $.02, and worth every penny.
Quote from: franco on November 22, 2025, 09:05:07 AM[...] I don't enjoy starting at the "but what if we just did it this way". [...]
Understandable. All I can say is "Y'all keep up the good work", because occasionally I'm going to have this great idea that I can't believe y'all haven't considered...
#22
25.7, 25.10 Series / Re: Adding a VLAN takes 26 cli...
Last post by Monviech (Cedrik) - November 22, 2025, 05:44:02 PMYou dont have to input anything into the vlan field, the name gets auto generated if you leave it empty.
#23
German - Deutsch / Re: Opnsense DNS Warum funktio...
Last post by Monviech (Cedrik) - November 22, 2025, 05:32:01 PM #24
25.7, 25.10 Series / Re: [Solved] Monitoring gatewa...
Last post by julsssark - November 22, 2025, 05:31:58 PMNotifications using HomeAssistant to Amazon Echo is genius! Thank you for sharing. I'm going to add that.
I'm really impressed with Uptime Kuma's abilities and UX for up/down monitoring in my homelab. I am using Uptime Kuma to monitor opnsense gateway and opnsense services (api/core/service/search Query:$exists(rows[running=0]) Expected Value:false). I looked at Zabbix for the "fun" of it, but I really don't "need" to monitor with that level of granularity.
I am using Graylog/Grafana for log monitoring, but I am nearly done switching over to Alloy/Loki/Grafana.
I'm really impressed with Uptime Kuma's abilities and UX for up/down monitoring in my homelab. I am using Uptime Kuma to monitor opnsense gateway and opnsense services (api/core/service/search Query:$exists(rows[running=0]) Expected Value:false). I looked at Zabbix for the "fun" of it, but I really don't "need" to monitor with that level of granularity.
I am using Graylog/Grafana for log monitoring, but I am nearly done switching over to Alloy/Loki/Grafana.
#25
German - Deutsch / Re: Opnsense DNS Warum funktio...
Last post by Gh0sti - November 22, 2025, 05:26:45 PMHallo, ich sehe hier sehr wohl Handlungsbedarf für die GUI. Mit KEA findet man die Reservations in KEA DHCP v4. Fürs Workflow gehört das aber in Leases DHCP v4. Und die möglichkeit in den Leases mit einem + direkt einen Client zu den Reservations hinzuzufügen fehlt auch. Beim vorherigen DHCP war das wesentlich besser.
Man will ja schnell mal einen Client wählen und dem dann z.B. eine andere IP zuweisen oder die DNS für den Client festlegen. Ich nutzte z.B. Lancache und weise daher meinen PCs den Lancache als DNS zu und meinen Handys aber die OpnSense.
Wäre gut wenn das wieder so komfortabel wird wie früher...
Man will ja schnell mal einen Client wählen und dem dann z.B. eine andere IP zuweisen oder die DNS für den Client festlegen. Ich nutzte z.B. Lancache und weise daher meinen PCs den Lancache als DNS zu und meinen Handys aber die OpnSense.
Wäre gut wenn das wieder so komfortabel wird wie früher...
#26
25.7, 25.10 Series / Re: Adding a VLAN takes 26 cli...
Last post by mtlynch - November 22, 2025, 04:57:30 PMQuote from: franco on November 22, 2025, 09:05:07 AM> but I think one of the important pieces here is that OPNsense in a lot of places asks the user to manually enter data when OPNsense already knows the answer:
I don't agree and the past discussions are all over the forum and GitHub to read through. I don't enjoy starting at the "but what if we just did it this way". This is not how projects work when they span multiple decades in total.
What is the correct way for OPNsense customers to give feedback?
I've searched for Github issues and forum discussions, and I can't find any discussion about why the user is required to input a specific prefix name for VLANs or why OPNsense doesn't offer a default IP range for an IPv4 subnet.
I'm not arguing that my preferred flow is correct. I'm just giving a datapoint as an OPNsense customer of 4 years that this is really confusing and I don't see any reason for it. I get why in different scenarios, other OPNsense users might want something different than my expected defaults (e.g., defaulting the VLAN to enabled), but I have a hard time understanding why anyone would want to manually type a specific prefix into the UI when the UI already knows what it must be.
You summarized my feedback as me asking for a wizard, and I was clarifying that that wasn't entirely what I was saying.
QuoteIf you're using clicks, you're not a modern OPs.
Its not a Windows Machine where you Click anything and hopefully not build a SecurityFlaw....
If you wan't to administer OPNSense over a modern Way (like API) I suggest to read the Manual.
There's a way to use the API for that (that's how I do it with versioning and a Git repo in my local Network only for this task).
It Takes 2-3 Minutes and voila a new VLAN is there.
I have pretty simple needs, so the value of OPNsense to me is that it offers a web UI to cover my needs.
The example you shared doesn't seem to achieve the same thing I shared in the video in that it doesn't enable DHCP or assign an IP range. I'm sure I could do it with more scripting, but if I'm going to write custom code to manage VLANs, I feel like I'm probably better off using FreeBSD/OpenBSD and scripting on top of pf directly rather than try to manage pf indirectly through a thick OPNsense layer.
#27
German - Deutsch / Re: Routing-Performance
Last post by sternchen45 - November 22, 2025, 04:38:06 PMQuote from: meyergru on November 22, 2025, 03:25:26 PMWie und von wo aus gemessen? Nicht von der OpnSense selber messen, immer "drüber". iperf mit -Pn nutzen.von/zu Ubuntu-VM in LAN <-> Ubuntu-Host in WAN (WAN ist bei mir das eigentliche LAN), outgoing NAT ist für das hier gemeinte LAN aus.
Ich habe mit iperf3 -c <IIP> -t 20 -P 4 getestet. Die VM ist vermutlich nicht so performant und Gigabit mit paravirtualisierten Netzwerktreibern. Aber das Ergebnis war vergleichbar zum Windows-Host (weswegen ich den ganzen Käse mit Subnetting überhaupt mache).
Quote from: meyergru on November 22, 2025, 03:25:26 PMRahmenbedingungen: IDS/IPS aktiv oder reines Routing?Zenarmor installiert, aber meines Wissens kein Blocking darüber konfiguriert, emulierter NMAP-Treiber.
Update: Crowdsec war noch installiert. In den Settings habe ich IDS/IPS dafür disabled. Verbessert auch nichts.
Quote from: meyergru on November 22, 2025, 03:25:26 PMRSS aktiv?denke schon (sh. Tuneables-Screenshot)
Quote from: meyergru on November 22, 2025, 03:25:26 PMHardware-Offloading konsequent aus?ich hatte es der Anleitung entsprechend ausgemacht, jetzt gerade ist es wieder an. Hat aber keinen Unterschied gemacht.
Sollte das nicht besser an sein? Ein kurzer Blick schien auch zu zeigen, dass TSO usw. Zenarmor gar nicht groß stört, jedenfalls vielleicht, wenn man nichts darüber blocken möchte.
Vor zwei Tagen hatte ich auch noch die Netzwerkkabel ausgetauscht (nicht, dass die alten Kabel 2,5Gbps nicht zuverlässig machen; bei genauerer Beobachtung schien der RTL8125 vom Windows-Host zu flappen) gg. CAT8.
Gerade eben bin ich noch dem Thread mit dem Firmwareupdate für die i226-V gefolgt und habe auf 2.32 geupdatet. Keine Änderung.
#28
Web Proxy Filtering and Caching / Re: HAProxy to home server not...
Last post by satcomjimmy - November 22, 2025, 04:31:57 PMI think it may be something on the TLS negotiation, I'm seeing a tls1.3 "change cipher spec" from the client and then a reset form the server(firewall) in packet captures.
#29
Hardware and Performance / Re: Dec740 connected to a USW-...
Last post by DEC670airp414user - November 22, 2025, 04:28:01 PMwhat in addition to https://store.ui.com/us/en/category/accessories-modules-fiber/collections/accessories-pro-direct-attach-cables/products/10gbps-direct-attach-cable?variant=uacc-dac-sfp10-1m
would I need for 10G Lan purposes.
port 9 on the switch which is SPF+ that cable would go to X0 on the OPnsense router.
would I need for 10G Lan purposes.
port 9 on the switch which is SPF+ that cable would go to X0 on the OPnsense router.
#30
German - Deutsch / Re: VOIP mit SWN NEumünster, F...
Last post by derMike - November 22, 2025, 04:10:24 PMHallo Maurice, trotz Forwaring in UNbound bekomme ich den DNS Fehler in Fritzbox angezeigt.
Anmeldung der Internetrufnummer 41111111 war nicht erfolgreich. Ursache: DNS-Fehler
Hatte mir schon eine 2te OPNSense mit den Standardeisntellungen ohne Plugins, alles auf ANY. Da sollte der DNS über SWN zugewiesen werden, da die EINWAHL über PPPOE gemacht wird.
Irgendwo habe ich nen Denkfehler sonst würde VOIP ja laufen.....
Gruß der Mike
Anmeldung der Internetrufnummer 41111111 war nicht erfolgreich. Ursache: DNS-Fehler
Hatte mir schon eine 2te OPNSense mit den Standardeisntellungen ohne Plugins, alles auf ANY. Da sollte der DNS über SWN zugewiesen werden, da die EINWAHL über PPPOE gemacht wird.
Irgendwo habe ich nen Denkfehler sonst würde VOIP ja laufen.....
Gruß der Mike
