Recent posts

#21
26.1 Series / Re: updated to 26.1_4, exporte...
Last post by allenlook - Today at 06:15:26 PM
I thought the check mark was odd as well, and that it indicated the CSV had been parsed successfully, but I was looking for a "Go" or arrow or "Submit" button, but after a few seconds I clicked on the check mark and Bob was suddenly my uncle.
#22
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by Patrick M. Hausen - Today at 06:12:42 PM
Quote from: nero355 on Today at 06:05:45 PMBut if I understand you correctly then there is no issue in binding it on the Default LAN Interface since you are probably never ever going to change anything there anyway ?!

Unplug and replug LAN or reboot the switch it's connected to - UI access gone.
#23
26.1 Series / Re: updated to 26.1_4, exporte...
Last post by nero355 - Today at 06:11:02 PM
See : https://forum.opnsense.org/index.php?topic=50567.msg258716#msg258716

TL;DR : It's work in progress and there will be a lot of improvements to avoid misunderstandings :)
#24
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by nero355 - Today at 06:05:45 PM
Quote from: meyergru on Today at 05:44:05 PMBecause it does not work for interfaces that are created on-the-fly or change their IPs if the BIND is not done to the anonymous socket 0.0.0.0, which denotes "all" interfaces, including such that do not exist (yet).

Just try to use a VPN interface: It will seem to work, but on the next reboot, the service fails because it cannot bind to a non-existing interface.

So, the usual way is to bind services to "all" interfaces and block access using firewall rules.
But if I understand you correctly then there is no issue in binding it on the Default LAN Interface since you are probably never ever going to change anything there anyway ?!

And if you need access from a VPN or another network you can use firewall rules for those :)
#25
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by Patrick M. Hausen - Today at 05:54:00 PM
Must be some other rule, then.

QuoteExclude the impossible and what is left, however improbable, must be the truth.

-- Arthur Conan Doyle
#26
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by RamSense - Today at 05:50:04 PM
disabled the anti-lockout rule.
I checked Firewall: NAT: Destination NAT
and the two rules on top are gone.

still OPNsense gui reachable.
all dubbel checked, on 5g (wifi disabled), no vpn.
tried an other laptop with extrnal vpn to the wan ip and also gui reachable.
#27
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by meyergru - Today at 05:44:05 PM
Because it does not work for interfaces that are created on-the-fly or change their IPs if the BIND is not done to the anonymous socket 0.0.0.0, which denotes "all" interfaces, including such that do not exist (yet).

Just try to use a VPN interface: It will seem to work, but on the next reboot, the service fails because it cannot bind to a non-existing interface.

So, the usual way is to bind services to "all" interfaces and block access using firewall rules.

However:

I still do not understand how this could happen unless there is some other misplaced rule or - even more likely - the smartphone was connected via WiFi and that causes a false positive test.

As I said, I use the same settings including the reflection settings and see no such thing.
#28
General Discussion / Re: No internet to clients con...
Last post by darkencraft - Today at 05:40:03 PM
QuoteHave you checked the MAC addresses learned from ARP on each device? Actual values, not just presence. Looking for a problem proxy.
From ARP Table, I see:
192.168.1.1 → 58:9c:fc:10:e1:13 (OPN MAC)
192.168.1.134 → 22:b2:b5:e8:db:00 (Wifi Client)
192.168.1.99→ 3c:78:95:90:de:da (Wifi AP)

When I do packet capture, I see:
22:b2:b5:e8:db:00 ff:ff:ff:ff:ff:ff ARP, length 64: Request who-has 192.168.1.1 tell 192.168.1.134, length 50
58:9c:fc:10:e1:13 22:b2:b5:e8:db:00 ARP, length 46: Reply 192.168.1.1 is-at 58:9c:fc:10:e1:13, length 32 LAN

This is what you are advising me to check, correct?
#29
26.1 Series / Re: Nextcloud Backup creates m...
Last post by muchacha_grande - Today at 05:35:05 PM
+1

Quote from: Patrick M. Hausen on Today at 03:57:28 PMAt the very least use readable timestamps for which alphabetical and chronological order is identical like YYYY-MM-dd-hh:mm:ss or similar.

I had to disable the plugin too. Many files with meaningless names.

To me, lock to the previous version as Franco says can't be a long term solution, so I had to stop using it.
#30
26.1 Series / Re: Nextcloud Backup creates m...
Last post by meyergru - Today at 05:27:40 PM
+1

This "fix" should really be undone with the next release.


BTW: How do I roll that package back? "opnsense-revert -r 25.7.11 os-nextcloud-backup" fails with:

Fetching os-nextcloud-backup.pkg: ..[fetch: https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/MINT/25.7.9/latest/Latest/os-nextcloud-backup.pkg.sig: Not Found] failed