"Recent posts
#21
German - Deutsch / Re: IPv6 am PON-Anschluss von ...
Last post by Maurice - December 20, 2025, 05:20:19 PMQuote from: mbr89 on December 19, 2025, 10:02:49 AMDas ONT ist ein NOKIA G-010G-R - Ping auf der 192.168.100.1 geht, sonst aber nichts."Sonst aber nichts" heißt was? PPPoE-Session kann nicht aufgebaut werden? Es wird keine IPv4-Adresse zugewiesen? Es wird keine IPv6-Adresse zugewiesen? DHCPv6 Prefix Delegation funktioniert nicht? ...
Ein /56 per DHCPv6 Prefix Delegation zu bekommen ist hierzulande eigentlich Standard, dazu solltest Du nicht extra etwas beantragen müssen. Zusätzlich ein /64 per Router Advertisement ist bei PPPoE auch gängig.
Ein delegiertes Präfix siehst Du in Interfaces / Overview / Details von WAN / Dynamic IPv6 prefix received.
Ggfs. auch mal das Log-Level des DHCPv6-Clients hochdrehen (Interfaces / Settings) und ins Log schauen.
Und mit deinem ISP klären, welche Spezifikationen der Anschluss eigentlich hat.
Grüße
Maurice
#22
German - Deutsch / Re: Dual WAN Setup mit IPv6 Pr...
Last post by Maurice - December 20, 2025, 04:53:22 PMQuote from: martine on December 20, 2025, 09:42:50 AMdas verhalten habe ich gefixt.Ja, nun werden die Screenshots angezeigt.
An meiner Empfehlung - getrennte (V)LANs einrichten - ändert sich jedoch nichts. Mit nur einem LAN hast Du eine ganze Reihe von Problemen:
- Du müsstest tendenziell SLAAC deaktivieren, denn...
- ... mit SLAAC ist es nicht möglich, einzelnen Hosts gezielt ein bestimmtes Präfix zuzuweisen. Du müsstest daher IPv6 Outbound NAT für eines der WANs verwenden.
- ... Privacy Extensions verhindern die einfache Identifizierung einzelner Hosts in Firewall-Regeln. Du müsstest MAC-Address-Aliase verwenden, was wiederum andere Nachteile mit sich bringt.
- Ohne SLAAC bist Du darauf angewiesen, dass alle Hosts DHCPv6 unterstützen, was in der Praxis nicht der Fall ist. Manche Hosts hätten daher absehbar gar keine IPv6-Konnektivität.
- Sind die Präfixe dynamisch wird es zudem schwierig bis unmöglich, in OPNsense einen DHCPv6-Server entsprechend zu konfigurieren.
Mit getrennten (V)LANs ist es dagegen einfach: LAN1 trackt WAN1, LAN2 trackt WAN2. Bei der Adresszuweisung gibt es keine Besonderheiten zu beachten. Du benötigst lediglich auf einem der LANs Firewall-Regeln für das Policy Routing.
Mit einem geeigneten Switch und AP kannst Du die Zuordnung von Geräten zu VLANs auch dynamisch anhand der MAC-Adresse lösen, benötigst also nicht unbedingt dedizierte Switch-Ports oder SSIDs.
#23
General Discussion / Re: Seemingly straightforward ...
Last post by Seimus - December 20, 2025, 03:17:26 PMI use NPM for a lot of services.
Basically anything for HTTPs, including Jellyfin etc.
The way how I have the deployment done is a bit over the top, lets say.. As NPM is in its own VLAN/network.
So lets see an example where a Host, PC wants to connect to Jellyfin;
PC > NPM > Jellyfin
All those 3 devices are in their own VLANs. So All 3 devices need to have rules;
PC - IN Rule to reach NPM over HTTPs + IN Rule to reach DNS
NPM - IN Rule to reach Jellyfin + IN Rule to reach DNS
Jellyfin - No Rules needed to reach PC or NPM, because this is a server e.g destination
On NPM additionally I have ACL deployed to allow only specific devices per service.
This works totally fine.
Regards,
S.
Basically anything for HTTPs, including Jellyfin etc.
The way how I have the deployment done is a bit over the top, lets say.. As NPM is in its own VLAN/network.
So lets see an example where a Host, PC wants to connect to Jellyfin;
PC > NPM > Jellyfin
All those 3 devices are in their own VLANs. So All 3 devices need to have rules;
PC - IN Rule to reach NPM over HTTPs + IN Rule to reach DNS
NPM - IN Rule to reach Jellyfin + IN Rule to reach DNS
Jellyfin - No Rules needed to reach PC or NPM, because this is a server e.g destination
On NPM additionally I have ACL deployed to allow only specific devices per service.
This works totally fine.
Regards,
S.
#24
German - Deutsch / Re: Router Advertisement am P...
Last post by mbr89 - December 20, 2025, 02:47:18 PMhttps://apps.db.ripe.net/db-web-ui/query?searchtext=2a00:e180:14:b487::/64&rflag=true&source=RIPE&bflag=false
... da steht ja auch schon vitroconnect broadband ND ... Neighbor Discovery
Kann man sich da jetzt nicht einfach ein 56-Präfix rauslassen ?
... da steht ja auch schon vitroconnect broadband ND ... Neighbor Discovery
Kann man sich da jetzt nicht einfach ein 56-Präfix rauslassen ?
#25
25.7, 25.10 Series / Re: [solved] 25.7.10 update f...
Last post by keeka - December 20, 2025, 01:55:45 PMThanks @Maurice.
Out of curiosity, I rolled back my virtualized install to 25.7.9_7 and, this time, did a health audit before updating.
Some package versions (python libraries IIRC) were incorrect according to the audit. I think I applied the prior update (to 25.7.9) via the serial console and may have missed warnings.
As suggested, I've re-run the update and all looks to be current.
Thanks.
Out of curiosity, I rolled back my virtualized install to 25.7.9_7 and, this time, did a health audit before updating.
Some package versions (python libraries IIRC) were incorrect according to the audit. I think I applied the prior update (to 25.7.9) via the serial console and may have missed warnings.
As suggested, I've re-run the update and all looks to be current.
Thanks.
#26
25.7, 25.10 Series / rdr and nat rules
Last post by dunxd - December 20, 2025, 01:40:12 PMSince updating to 25.7.10 two days ago I am seeing rdr and nat rules showing up in the Firewall pie chart on the dashboard that i dont recall from before. They all have my pppoe address as the destination.
Is this something I might expect to see due to something changed in the update?
Is this something I might expect to see due to something changed in the update?
#27
25.7, 25.10 Series / Re: [solved] 25.7.10 update f...
Last post by Maurice - December 20, 2025, 01:17:21 PMUpdating is a multi step process.
First, all updated packages get downloaded.
Then the packages get installed.
Then the base and kernel sets get downloaded (if an update is available, which isn't always the case).
Then base and kernel get installed and the system reboots.
So by the time base and kernel get downloaded, the package updates are already completed. This is how you can end up in a situation where all packages get updated but base and kernel don't (if downloading them fails). That's harmless though, just try again.
First, all updated packages get downloaded.
Then the packages get installed.
Then the base and kernel sets get downloaded (if an update is available, which isn't always the case).
Then base and kernel get installed and the system reboots.
So by the time base and kernel get downloaded, the package updates are already completed. This is how you can end up in a situation where all packages get updated but base and kernel don't (if downloading them fails). That's harmless though, just try again.
#28
Hardware and Performance / Re: DEC750 Questions
Last post by ProximusAl - December 20, 2025, 12:32:49 PMQuote from: DEC670airp414user on December 20, 2025, 12:08:59 AMTo the original poster.
The appliance came with a 180 dollar business licenses that last a year.
Why did you decide to wipe and go to the community version?
I don't need business edition, and these 750s are replacing devices already running CE.
I considered using BE, but then I have just increased my annual running costs x 4.
I've had zero issues running CE for the last 5 or so years, so why change.
Plus...CE gets cool things sooner than BE.
#29
General Discussion / Re: Wireguard requires manual ...
Last post by novel - December 20, 2025, 11:22:33 AMQuote from: franco on March 20, 2024, 10:12:24 PMCoincidentally, a patch was added to 24.1.3 that addressed this sort of problem. ;)
Cheers,
Franco
I have the same problem
#30
Virtual private networks / Re: Restart Wireguard after WA...
Last post by novel - December 20, 2025, 11:20:42 AMQuote from: franco on September 09, 2023, 03:36:36 PM23.7.4
Is there permantly solution for that?
Quote from: franco on September 09, 2023, 03:36:36 PMThat fix is going to be on 23.7.4.
Cheers,
Franco
I have the same issue. I use 25.7.9-amd64. I force to make a script to run after reboot.
