"Recent posts
#21
Tutorials and FAQs / Re: OPNsense + PROXMOX + VLANs...
Last post by spetrillo - December 17, 2025, 08:09:02 PMStill does not work...
My PC's port is set to both vlan 1 and vlan 2 untagged. Do I need to delete the vlan 1 reference from the switch port or just set the PVID to 2?
My PC's port is set to both vlan 1 and vlan 2 untagged. Do I need to delete the vlan 1 reference from the switch port or just set the PVID to 2?
#22
25.7, 25.10 Series / Web GUI Issue after upgrading
Last post by svendsen - December 17, 2025, 08:00:49 PMHi guys,
After upgrading to 25.7, I've started to see odd behaviour on the Web UI.
I'm getting many jquery console errors fx:
Uncaught SyntaxError: Unexpected token '+' (at jquery-3.5.1.min.js:2:82465)
And many more. This result in many broken UI items (textboxes that should have been dropdown, etc.)
Is this a known issue? I planned to roll back to an earlier release, but wanted to check here first.
Thanks!
After upgrading to 25.7, I've started to see odd behaviour on the Web UI.
I'm getting many jquery console errors fx:
Uncaught SyntaxError: Unexpected token '+' (at jquery-3.5.1.min.js:2:82465)
And many more. This result in many broken UI items (textboxes that should have been dropdown, etc.)
Is this a known issue? I planned to roll back to an earlier release, but wanted to check here first.
Thanks!
#23
25.7, 25.10 Series / Re: 26.1 Release Question
Last post by franco - December 17, 2025, 07:51:09 PMHmm, but
% git tag --contains def59b6038
25.7.8
;)
Code Select
commit def59b6038a13583b159d102deef7190cd9c3701
Author: Bhosale, Yogeshnull <nullyogesh.bhosale@intel.com>
Date: Tue Aug 19 16:19:07 2025 +0200
ix/ixv: Add support for new Intel Ethernet E610 family devices% git tag --contains def59b6038
25.7.8
;)
#24
Tutorials and FAQs / Re: OPNsense + PROXMOX + VLANs...
Last post by Patrick M. Hausen - December 17, 2025, 07:42:30 PMIf the port on the switch is VLAN 2 untagged, don't set a VLAN on the PC.
#25
General Discussion / Re: block cameras to internet
Last post by chemlud - December 17, 2025, 07:12:55 PMHi, I see different problems with your BLOCK rule:
- You want to block ipv6 traffic for ipv4 adresses (in your cam alias)? What is the status for ipv6 on your LAN? Place a general block ipv6 above your block rule and reduce the existing block rule to ipv4 protocols.
- Do your cams get reserved (static mapping, always identical) IPs (based on MAC) via DHCP? Only in this case the block rule will block the cams reliably.
Cheers (noisy in here... hohoho)
- You want to block ipv6 traffic for ipv4 adresses (in your cam alias)? What is the status for ipv6 on your LAN? Place a general block ipv6 above your block rule and reduce the existing block rule to ipv4 protocols.
- Do your cams get reserved (static mapping, always identical) IPs (based on MAC) via DHCP? Only in this case the block rule will block the cams reliably.
Cheers (noisy in here... hohoho)
#26
General Discussion / Re: block cameras to internet
Last post by meyergru - December 17, 2025, 07:11:54 PMWhy we do that? Because in networking, everything is either true or false. When I see something that is false - especially when false advice is given - I correct it, nothing personal, you only take it for that. These topics are mostly security-relevant, so we should exercise some care.
So now for the OPs problem:
I understand AllInt is an interface group for all internal interfaces. OpnSense's rule processing order is documented here:
https://docs.opnsense.org/manual/firewall.html#processing-order
The order is floating rules > interface group rules > interface rules. Since your block rule is way up top in the interface group rules, it should work unless there were floating allow rules that allow outbound access.
How do you know that your cameras can still connect outside? Unless - I see you also have IPv6-related rules. Could it be the case that they open outbound connections via IPv6?
Your block rule only applies to IPv4, even if it incorrectly says IPv4+IPv6.
If that is your problem, you probably can block your devices only via their MAC - you would have to create a MAC alias containing both MACs and use that in a second IPv6 rule to block access to "any". You probably cannot use IPv6 aliases directly, if your IPv6 prefixes change.
So now for the OPs problem:
I understand AllInt is an interface group for all internal interfaces. OpnSense's rule processing order is documented here:
https://docs.opnsense.org/manual/firewall.html#processing-order
The order is floating rules > interface group rules > interface rules. Since your block rule is way up top in the interface group rules, it should work unless there were floating allow rules that allow outbound access.
How do you know that your cameras can still connect outside? Unless - I see you also have IPv6-related rules. Could it be the case that they open outbound connections via IPv6?
Your block rule only applies to IPv4, even if it incorrectly says IPv4+IPv6.
If that is your problem, you probably can block your devices only via their MAC - you would have to create a MAC alias containing both MACs and use that in a second IPv6 rule to block access to "any". You probably cannot use IPv6 aliases directly, if your IPv6 prefixes change.
#27
General Discussion / Re: block cameras to internet
Last post by coffeecup25 - December 17, 2025, 06:41:55 PMmeyergru, the football keeps on being moved a bit at a time. Eventually you will sneak it across the goal if nobody notices the sneak.
Shut Down the app - check
Block specific addresses from the lan- check
Conflating RFC1918 with errant devices - check
Internet Leakage - still an unsolved mystery
Everything else is only sneaking the football down the pitch. Why do you old pros always do that? All it does is chase people away. OK, you remain one of the princes here who apparently could use a refresher course in networking fundamental along with making an effort to stop changing the subject a little at a time so you are never wrong. That's annoying and not uncommon. I doubt you're fooling anyone except the other princes. Don't argue with me like I'm your wife.
Now, fix his problem. Don't walk away after all this. I mean fix it, not offer some incomplete techno-babble.
Here's an overkill solution. Build a new subnet using an open port. (Please dear god ignore the VLANs. they aren't needed and won't add value.) Hang a spare access point off of it or off of a simple switch attached to it. Put the bad devices on that subnet. Block the subnet from the WAN. Weirdly complicated and massive overkill, but fixed. My favorite solution is simply to unplug it.
Shut Down the app - check
Block specific addresses from the lan- check
Conflating RFC1918 with errant devices - check
Internet Leakage - still an unsolved mystery
Everything else is only sneaking the football down the pitch. Why do you old pros always do that? All it does is chase people away. OK, you remain one of the princes here who apparently could use a refresher course in networking fundamental along with making an effort to stop changing the subject a little at a time so you are never wrong. That's annoying and not uncommon. I doubt you're fooling anyone except the other princes. Don't argue with me like I'm your wife.
Now, fix his problem. Don't walk away after all this. I mean fix it, not offer some incomplete techno-babble.
Here's an overkill solution. Build a new subnet using an open port. (Please dear god ignore the VLANs. they aren't needed and won't add value.) Hang a spare access point off of it or off of a simple switch attached to it. Put the bad devices on that subnet. Block the subnet from the WAN. Weirdly complicated and massive overkill, but fixed. My favorite solution is simply to unplug it.
#28
25.7, 25.10 Series / Re: 26.1 Release Question
Last post by spetrillo - December 17, 2025, 06:36:00 PMThanks all...I just wanted to understand when the E610 will become useable in FreeBSD, without the need to compile. Not going down that road! If I had one wish it would be if support for the E610 could be added into 14.3 but that is not really your call.
#29
Tutorials and FAQs / Re: OPNsense + PROXMOX + VLANs...
Last post by spetrillo - December 17, 2025, 06:33:58 PMOk I have a managed 1 gig switch I am using. The config is as follows:
1) PC connected to port 5, with the port set to vlan 2 untagged. I have also set the vlan to 2 on the PC NIC.
2) Server connected to port 6, with the port set to vlan 2/3/20 tagged.
3) Server connected to port 7, with the port set to vlan 10/12 tagged.
VLAN 2 is my LAN interface on OPNsense. I hard coded my PC NIC to 192.168.1.10/26. When I try to ping 192.168.1.1 I get nothing. I then re-configured the PC NIC and removed the vlan from the NIC. I try to ping 192.168.1.1 again and get nothing. Ok what am I doing wrong here?
1) PC connected to port 5, with the port set to vlan 2 untagged. I have also set the vlan to 2 on the PC NIC.
2) Server connected to port 6, with the port set to vlan 2/3/20 tagged.
3) Server connected to port 7, with the port set to vlan 10/12 tagged.
VLAN 2 is my LAN interface on OPNsense. I hard coded my PC NIC to 192.168.1.10/26. When I try to ping 192.168.1.1 I get nothing. I then re-configured the PC NIC and removed the vlan from the NIC. I try to ping 192.168.1.1 again and get nothing. Ok what am I doing wrong here?
#30
General Discussion / Re: block cameras to internet
Last post by robertkwild - December 17, 2025, 06:33:30 PMheres my "allint" i have grouped all my local LAN interfaces
LAN_HOME - my tp link cameras sit here
DMZ
openvpn
wg1
wg0
heres my full set of rules
https://postimg.cc/3d9xSHDG
LAN_HOME - my tp link cameras sit here
DMZ
openvpn
wg1
wg0
heres my full set of rules
https://postimg.cc/3d9xSHDG
