"Recent posts
#21
General Discussion / Re: Gateway Monitoring and Pac...
Last post by OPNenthu - Today at 08:16:13 AMThe chart is showing delay in seconds, so 0.002 means 2ms.
#22
25.7, 25.10 Series / Re: PPPoE link only comes up a...
Last post by ToasterPC - Today at 07:02:53 AMBump
#23
25.7, 25.10 Series / Re: WAN load balancing behavio...
Last post by OPNenthu - Today at 06:12:40 AMI might be asking my question the wrong way or presenting too much detail.
tldr; I have two active VPN gateways that each work on their own, but when put into a load balancing group only one seems to be in use the majority of the time. When I first set this up (sometime before 25.7.6, I think) the load balancing was working, so I don't know if something changed in recent versions or if the "problem exists between keyboard and chair" as they say.
Appreciate any tips on what to look into.
tldr; I have two active VPN gateways that each work on their own, but when put into a load balancing group only one seems to be in use the majority of the time. When I first set this up (sometime before 25.7.6, I think) the load balancing was working, so I don't know if something changed in recent versions or if the "problem exists between keyboard and chair" as they say.
Appreciate any tips on what to look into.
#24
Hardware and Performance / Re: [solved] Intel i226 Firmwa...
Last post by OPNenthu - Today at 06:02:29 AMIt Just Works™ in Linux. Nothing needed besides the NIC driver (built in) and userspace tools like NetworkManager.
I have an i225-v on my client PC and I'm not having any issue with vlan and bridge interfaces for sharing a tagged trunk between my host and some guest VMs.
I have an i225-v on my client PC and I'm not having any issue with vlan and bridge interfaces for sharing a tagged trunk between my host and some guest VMs.
Code Select
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq state DOWN group default qlen 1000
link/ether 78:xx:xx:xx:xx:55 brd ff:ff:ff:ff:ff:ff
3: enp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether 24:xx:xx:xx:xx:cd brd ff:ff:ff:ff:ff:ff
4: enp10s0.20@enp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br20 state UP group default qlen 1000
link/ether 24:xx:xx:xx:xx:cd brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 24:xx:xx:xx:xx:cd brd ff:ff:ff:ff:ff:ff
inet 172.21.30.100/24 brd 172.21.30.255 scope global dynamic noprefixroute br0
valid_lft 62774sec preferred_lft 62774sec
inet6 2601:xx:xxxx:xxxx:944a:5d1:1c72:95a2/64 scope global temporary dynamic
valid_lft 86390sec preferred_lft 19546sec
inet6 2601:xx:xxxx:xxxx:xxxx:xxxx:xxxx:c3d/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 86390sec preferred_lft 86390sec
inet6 fe80::xxx:xxxx:xxxx:fb89/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: br20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a2:xx:xx:xx:xx:5a brd ff:ff:ff:ff:ff:ff
7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:xx:xx:xx:xx:76 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
#25
General Discussion / Re: PSA: recent Comcast firmwa...
Last post by OPNenthu - Today at 05:51:21 AMQuote from: allan on December 13, 2025, 12:45:57 AMIPv6-PD is not commonly used and it is not actively monitored-at least by Tier 1 support since they told me their diagnostics all show green.If that's the case for business accounts... then the fact that IPv6-PD works at all for my home connection is something of a miracle and I'm on my own.
Great.
#26
25.7, 25.10 Series / Re: How to prevent outside use...
Last post by Redmond - Today at 05:23:24 AMFair.
Thats all I see if i filter for the translated prefix.
I setup Tayga with https://docs.opnsense.org/manual/how-tos/tayga.html . I'm trying to go IPv6-Mostly, so I do use Tayga as a CLAT on my desktop for 464XLAT.
It isn't just ICMPv6 messages getting in. But Live View doesn't show it.
Thats all I see if i filter for the translated prefix.
I setup Tayga with https://docs.opnsense.org/manual/how-tos/tayga.html . I'm trying to go IPv6-Mostly, so I do use Tayga as a CLAT on my desktop for 464XLAT.
It isn't just ICMPv6 messages getting in. But Live View doesn't show it.
#27
25.7, 25.10 Series / Re: How to prevent outside use...
Last post by Maurice - Today at 04:07:13 AMThe screenshot shows a packet passing the nat64 interface. That's an internal virtual interface connecting Tayga to the kernel. In this context, "let out anything" means "allow the kernel to send packets to Tayga".
Do you only see such matches for ICMPv6? The default rules allow certain inbound ICMPv6 types on all interfaces, like Destination Unreachable or Time Exceeded.
Do you maybe use Tayga as a CLAT?
Cheers
Maurice
Do you only see such matches for ICMPv6? The default rules allow certain inbound ICMPv6 types on all interfaces, like Destination Unreachable or Time Exceeded.
Do you maybe use Tayga as a CLAT?
Cheers
Maurice
#28
German - Deutsch / Re: Von ISC- zu KEA DHCP wechs...
Last post by meyergru - Today at 01:51:57 AMQuote from: Patrick M. Hausen on December 13, 2025, 08:56:04 PMUnd damit stehe ich nicht allein ;-)
Rischtisch. Ich denke, ungeachtet von Kea vs. DNSmasq ist das Hauptproblem bei DHCPv6 mit dynamischen Adressen in jedem Fall, dass DHCP eben ein Pull-Ansatz ist: Bevor der Client nicht selbst fragt, bekommt er keine neue IPv6-Adresse, auch, wenn er sie aufgrund des geänderten Präfixes bräuchte. Bis zum Ablauf des Lease ist er dann offline.
Deswegen setze ich im IPv6-HOWTO auf SLAAC, wo der neue Präfix gepusht wird, sowie er sich ändert.
#29
German - Deutsch / Re: Von ISC- zu KEA DHCP wechs...
Last post by MarroniJohny - Today at 01:24:51 AMAh sehr cool, WAN geht, 2 Interfaces und 13 VLAN eingerichtet. Bezieht alles brav die Adressen. Danke mal soweit. Ist ganz schöne Sträflingsarbeit, zum Glück muss ich das nicht jeden Tag machen. Der ESXi mit dem getaggten vSwitch hat mir die Arbeit auch sehr erleichtert. Wenn ich das alles an den physischen Switches mit 1-2 Laptops durchtesten hätte müssen, wär mein Bart noch länger geworden, als er eh schon ist. Das wär ja super mühsam.
Switches einrichten wird dann auch spannend. Bin bislang getagged auf den/die Switches gefahren, aber vom Switch nur untagged weiter. Oder halt direkt getagged von der Sense auf einen ESXi. Aber da mit forbidden Tags oder wie das heisst, um überall nur mit den gewünschten VLANs wieder raus aus dem Switch zu gehen, das habe ich noch nie gemacht. Die Theorie steht schon mal, Praxis wird sich dann zeigen. Ich frag Euch dann wieder, wenn ich am Berg stehe.
Switches einrichten wird dann auch spannend. Bin bislang getagged auf den/die Switches gefahren, aber vom Switch nur untagged weiter. Oder halt direkt getagged von der Sense auf einen ESXi. Aber da mit forbidden Tags oder wie das heisst, um überall nur mit den gewünschten VLANs wieder raus aus dem Switch zu gehen, das habe ich noch nie gemacht. Die Theorie steht schon mal, Praxis wird sich dann zeigen. Ich frag Euch dann wieder, wenn ich am Berg stehe.
#30
25.7, 25.10 Series / Re: How to prevent outside use...
Last post by Redmond - December 13, 2025, 11:48:20 PMWatching Live View though it seems that an auto rule is passing it back out. The src is not one of mine. I don't see anything in regards to the in direction.
