"Recent posts
#21
Web Proxy Filtering and Caching / Caddy and DDNS
Last post by spetrillo - Today at 06:21:48 PMMy OPNsense firewall is behind my ISP router and setup as a DMZ host. I have setup DDNS on the ISP router, since it has the public WAN IP. This has been working for over 2 years. I now want to put a web server behind my OPNsense firewall, but I would like to use Caddy on the OPNsense firewall, for proxy and certificate management. Would it be advisable to use HTTP or DDNS for certificate issuance and management? In my mind's eye I would like to register the domain name, in this case *.petrilloconsulting.net, to Caddy and then use subdomains to identify the actual web services.
#22
25.7, 25.10 Series / Re: What is the official migra...
Last post by opnsense-user123 - Today at 06:10:42 PMI typically ask more questions here than answer them, so take any of this below as half 'tip' and half question (as in, am I correct about what I'm saying?).
I just made the swtich on my 25.7.11_9 system. I have three LANs so I thought I'd try one or two before changing the final one that has many more hosts on it. That was unsuccessful because, even though in ISC DHCPv4 config I unchecked the box for those two LANs, ISC seemed to still be bound to port 67 on those LANs. So I had to do all three at once and make sure ISC was really stopped.
Then I noticed in the Kea error logs that the "Control Agent" is deprecated. So though I at first checked the box to turn it on in that page, I later went back and turned it off.
It was easy to export a CSV fie of the reservations from ISC, one for each LAN. I could import those into Kea after I created the three LANs in the Subnets tab (after having of course selected the three interfaces in Settings > General > Interfaces). Reservations should be within the subnet (obviously) but outside the 'pool' allocation.
I'm using the default of raw sockets and did check the box to create standard firewall rules for communications.
I did not have to reboot.
I'm not seeing errors in the Kea log and I am seeing hosts starting to appear in the 'Leases DHCPv4' panel. Early going, but so far so good. Hoping for a smooth update to v26 when the openssl patch comes out which I'm hoping is soon.
I just made the swtich on my 25.7.11_9 system. I have three LANs so I thought I'd try one or two before changing the final one that has many more hosts on it. That was unsuccessful because, even though in ISC DHCPv4 config I unchecked the box for those two LANs, ISC seemed to still be bound to port 67 on those LANs. So I had to do all three at once and make sure ISC was really stopped.
Then I noticed in the Kea error logs that the "Control Agent" is deprecated. So though I at first checked the box to turn it on in that page, I later went back and turned it off.
It was easy to export a CSV fie of the reservations from ISC, one for each LAN. I could import those into Kea after I created the three LANs in the Subnets tab (after having of course selected the three interfaces in Settings > General > Interfaces). Reservations should be within the subnet (obviously) but outside the 'pool' allocation.
I'm using the default of raw sockets and did check the box to create standard firewall rules for communications.
I did not have to reboot.
I'm not seeing errors in the Kea log and I am seeing hosts starting to appear in the 'Leases DHCPv4' panel. Early going, but so far so good. Hoping for a smooth update to v26 when the openssl patch comes out which I'm hoping is soon.
#23
General Discussion / Re: DNS bind error when access...
Last post by patrick3000 - Today at 06:06:37 PMThanks, Patrick M. Hausen. I will do one of those when I have some time. Both look rather complicated to set up, although NAT reflection perhaps a bit less so. Still, when I have some time in a couple of weeks, I will do one or the other because it's a hassle to manage this at the browser level.
#24
General Discussion / Re: The pledge of the Network ...
Last post by Maurice - Today at 05:57:25 PMAmen.
#25
General Discussion / Re: The pledge of the Network ...
Last post by Greg_E - Today at 05:55:20 PMYou should add in mindlessly paste from AI.
#26
Hardware and Performance / Re: CPU recommendations for gi...
Last post by Greg_E - Today at 05:54:18 PMYou could step up to an HP T740, or move over to an n150 or n305 based system. I'm not sure the T740 with Zenarmor will handle a full gigabit, I haven't tested it. My similar performance Intel E series Xeon does not give me full gigabit with Zenarmor, but the clock speed is also lower than the AMD v1756b that's in the T740.
Note that if you go with a T740 or T755 there is something you must change or it will not boot. I have a thread on the changes you need to make in here somewhere.
Kind of a long read https://forum.opnsense.org/index.php?topic=38921.msg190577#msg190577 with most of the info at the bottom of the first page and into the second page (I think).
Note that if you go with a T740 or T755 there is something you must change or it will not boot. I have a thread on the changes you need to make in here somewhere.
Kind of a long read https://forum.opnsense.org/index.php?topic=38921.msg190577#msg190577 with most of the info at the bottom of the first page and into the second page (I think).
#27
26.1 Series / Re: os-isc-dhcp-1.0_3 failed t...
Last post by Quirk7272 - Today at 05:51:39 PMHad the same issue today after upgrade from 25.7. After the upgrade found out that the os-isc-dhcp wasn't updated to version 1.0_3. Had to manual update the package.
After the update dhcp services failed to start. I have a lot of static mappings configured.
After removing, installing the plugin and a reboot the services started running again.
After the update dhcp services failed to start. I have a lot of static mappings configured.
After removing, installing the plugin and a reboot the services started running again.
#28
Hardware and Performance / Re: Starting homelab network -...
Last post by Greg_E - Today at 05:48:25 PMThe Netgear AV Line of switches are pretty solid, they were pointed towards the NDI video and Dante audio market, both of which have some timing requirements that are met by these two lines of switches. M4250 and M4350 are the two model lines, not exactly cheap though. I have a 4250 at work and it was doing fine when we were using it with NDI video streams at roughly 140mbps per stream, 10gb to the computer doing the work.
If you decide to look at Mikrotik, find the datasheet for the speeds, you should find 3 different ratings depending on router, bridge, or switch OS, as long as you keep things within your operational limits based on the functions you need, they are fine.
And yes I have seen quad port i226 based cards, I think they were going for around $100 on ebay. I went a different way and tracked down a couple quad x710 cards for my faster needs, they integrate into my lab better because a lot of things are SHP+ on DAC or fiber, and gigabit SFP modules are cheap if I only need gigabit.
If you decide to look at Mikrotik, find the datasheet for the speeds, you should find 3 different ratings depending on router, bridge, or switch OS, as long as you keep things within your operational limits based on the functions you need, they are fine.
And yes I have seen quad port i226 based cards, I think they were going for around $100 on ebay. I went a different way and tracked down a couple quad x710 cards for my faster needs, they integrate into my lab better because a lot of things are SHP+ on DAC or fiber, and gigabit SFP modules are cheap if I only need gigabit.
#29
26.1 Series / Re: ISC-DHCP not starting afte...
Last post by m2nis - Today at 05:38:57 PMQuote from: towa on January 30, 2026, 02:10:21 PMconfirm
After a second restart of OPNsense 26.1 the service is up again.
Same problem, good solution. Thanks !
#30
Tutorials and FAQs / Re: [HOWTO] Reach your ONT or ...
Last post by Patrick M. Hausen - Today at 05:28:27 PMCisco IOS has a Null interface - the idea to do it on OPNsense with Loopback did not occur to me.
