"Recent posts
#21
General Discussion / What I think is a simple quest...
Last post by coffeecup25 - Today at 12:43:17 AMSomeone please help. This should be a simple question but, surprisingly, my searches found no concise answer.
My pc / router has a couple of empty ports. I want to add a 2nd subnet to one. It needs internet access but no contact with the main LAN. It's for IoT items, like thermostats and light bulbs. I'll plug a dedicated wireless access point into it.
I have figured out the interface assignment and the DHCP and it works fine. The Firewall is the problem. I figured how to isolate the IoT subnet from the LAN but I can't get internet access to the IoT interface. Google searches are absolutely useless for this simple question.
I gave up trial and error after an OpnSense backup was needed to fix my firewall mistakes.
Google AI is incomplete with the firewall entries and often wrong when it offers advice. Lots of videos drone on never to the point and too vague in the early parts for me to watch to see if the end is just as pointless. Then people confuse subnets with VLANs. (I have a VLAN using a TP-LINK smart switch for isolation and discovered the switch is too unstable to depend on. Thus, the subnet approach.) I'm old enough to remember when YouTube videos were like taking a seminar, and not pointless vanity projects like today.
Can someone offer a simple cookbook recipe for this? Nobody else has, surprisingly.
Thanks in advance.
My pc / router has a couple of empty ports. I want to add a 2nd subnet to one. It needs internet access but no contact with the main LAN. It's for IoT items, like thermostats and light bulbs. I'll plug a dedicated wireless access point into it.
I have figured out the interface assignment and the DHCP and it works fine. The Firewall is the problem. I figured how to isolate the IoT subnet from the LAN but I can't get internet access to the IoT interface. Google searches are absolutely useless for this simple question.
I gave up trial and error after an OpnSense backup was needed to fix my firewall mistakes.
Google AI is incomplete with the firewall entries and often wrong when it offers advice. Lots of videos drone on never to the point and too vague in the early parts for me to watch to see if the end is just as pointless. Then people confuse subnets with VLANs. (I have a VLAN using a TP-LINK smart switch for isolation and discovered the switch is too unstable to depend on. Thus, the subnet approach.) I'm old enough to remember when YouTube videos were like taking a seminar, and not pointless vanity projects like today.
Can someone offer a simple cookbook recipe for this? Nobody else has, surprisingly.
Thanks in advance.
#22
25.1, 25.4 Production Series / Re: Unable to delete orphaned ...
Last post by Patrick M. Hausen - July 05, 2025, 11:41:23 PMOr download configuration backup, open the XML in an editor, carefully remove the entire HAproxy section, re-upload configuration.
#23
General Discussion / Re: Problems with bridge betwe...
Last post by Patrick M. Hausen - July 05, 2025, 11:39:13 PMThat's perfectly ok. Just make sure to never run more than one connection from your OPNsense bridge to your switch.
N.B. It was not STP that brought your network down but it's the other way round. STP would prohibit your network coming down even in case there is more than one connection. But the default for STP in FreeBSD is "disabled".
N.B. It was not STP that brought your network down but it's the other way round. STP would prohibit your network coming down even in case there is more than one connection. But the default for STP in FreeBSD is "disabled".
#24
High availability / mDNS / Apple AirPrint Flooding...
Last post by liceo - July 05, 2025, 11:32:04 PMHi all
I have notived that mDNS Traffic went up to 150Mbit/s in a school network (lot of Apple Gear) and saw that is was caused by mDNS. I could stop this by disable mDNS proxy on the passive HA node.
Maybe because of this, the switch "Enable CARP Failover" was introduced. The Problem: When i turn on "Enable CARP Failover" the mDNS Forwarder stops immediately. Does anyone experience the same issue?
You cannot view this attachment.
You cannot view this attachment.You cannot view this attachment.
I have notived that mDNS Traffic went up to 150Mbit/s in a school network (lot of Apple Gear) and saw that is was caused by mDNS. I could stop this by disable mDNS proxy on the passive HA node.
Maybe because of this, the switch "Enable CARP Failover" was introduced. The Problem: When i turn on "Enable CARP Failover" the mDNS Forwarder stops immediately. Does anyone experience the same issue?
You cannot view this attachment.
You cannot view this attachment.You cannot view this attachment.
#25
High availability / HA Sync Triggers CARP Failover...
Last post by liceo - July 05, 2025, 11:18:30 PMHi all
After upgrading to 25.1.10 performing a HA sync will cause a CARP failover. I didn't experienced this behaviour before. Does anyone else have this issue?
After upgrading to 25.1.10 performing a HA sync will cause a CARP failover. I didn't experienced this behaviour before. Does anyone else have this issue?
#26
25.1, 25.4 Production Series / Re: Unable to delete orphaned ...
Last post by bradz71 - July 05, 2025, 11:18:26 PM@MildDisaster
Just ran into something similar myself. Here is what worked for me. Based on your error message, you have an orphaned frontend from and old HAProxy installation. Foolproof way to fix is to reinstall HAProxy, then browse to the frontend configs. Delete the old frontend config. Check System: Trust: Certificates and remove old certificate. Uninstall HAProxy. Done :) Hope this helps.
Just ran into something similar myself. Here is what worked for me. Based on your error message, you have an orphaned frontend from and old HAProxy installation. Foolproof way to fix is to reinstall HAProxy, then browse to the frontend configs. Delete the old frontend config. Check System: Trust: Certificates and remove old certificate. Uninstall HAProxy. Done :) Hope this helps.
#27
General Discussion / Re: Problems with bridge betwe...
Last post by nsl_94 - July 05, 2025, 11:03:39 PMHello Patrick.
Thank you for taking time to answer my doubts.
After your explanation about STP, I found out that I had an older cable that doubled the connection between my firewall and my Switch in the office. STP was the reason why I lost the connection when I connected all cables in my firewall. Sorry about my distraction.
As for the reason that I use all my firewall ports as a bridge (all except one that is the WAN) is because I need all of them to connect to my network devices in my living room.
In my house, my internet access enters in my living room. My Internet router is configured as a bridge and connects to my opnsense WAN port. The remaining lan ports, configured as bridge, connect to my TV, to my main mesh access point and to my office Switch. In my office Switch I have my home PC, my NAS, my secondary mesh access point and my sons PC.
Is there any other way to configure my opnsense to allow all this connections? Or is this the best way?
Thank you, once again, for your help.
Nuno Lopes
Thank you for taking time to answer my doubts.
After your explanation about STP, I found out that I had an older cable that doubled the connection between my firewall and my Switch in the office. STP was the reason why I lost the connection when I connected all cables in my firewall. Sorry about my distraction.
As for the reason that I use all my firewall ports as a bridge (all except one that is the WAN) is because I need all of them to connect to my network devices in my living room.
In my house, my internet access enters in my living room. My Internet router is configured as a bridge and connects to my opnsense WAN port. The remaining lan ports, configured as bridge, connect to my TV, to my main mesh access point and to my office Switch. In my office Switch I have my home PC, my NAS, my secondary mesh access point and my sons PC.
Is there any other way to configure my opnsense to allow all this connections? Or is this the best way?
Thank you, once again, for your help.
Nuno Lopes
#28
German - Deutsch / Re: iPad 13 Pro M4 mit eSIM vo...
Last post by BüroMensch - July 05, 2025, 06:28:41 PMDanke
ich habe die Regel erstellt. Leider geht Wireguard immer noch nicht.
ich habe die Regel erstellt. Leider geht Wireguard immer noch nicht.
#29
German - Deutsch / Re: iPad 13 Pro M4 mit eSIM vo...
Last post by maclinuxfree - July 05, 2025, 06:07:47 PM #30
German - Deutsch / Re: iPad 13 Pro M4 mit eSIM vo...
Last post by BüroMensch - July 05, 2025, 06:03:42 PMunter Normalization kann ich leider nicht finden
