"Recent posts
#21
25.7, 25.10 Series / Re: New skin "flexcolor"
Last post by franco - November 26, 2025, 09:17:03 PMNice work, thank you :)
#22
German - Deutsch / Re: Verständnisfrage zu Portfo...
Last post by Patrick M. Hausen - November 26, 2025, 09:14:01 PMDass das bei einem Hoster ist, hattest du nicht geschrieben. 🙄 Natürlich kann das am Uplink liegen, dass die zweite IP-Adresse noch nicht richtig geroutet wird.
#23
German - Deutsch / Re: Verständnisfrage zu Portfo...
Last post by awado - November 26, 2025, 09:12:18 PMEs mag nicht klappen. Die virtuelle IP ist richtig gesetzt. Ich habe den Eindruck, dass der Traffic der zweiten WAN IP gar nicht ankommt. Allerdings gibt es beim Provider (Hetzner, dedicated) nichts, was dafür spricht. Die Firewall vom Hetzner lässt alles rein/raus unter beiden WAN IPs. In OPNsense habe ich nun Ping auf WAN erlaubt. Die erste WAN IP reagiert, die Neue nicht.
#24
25.7, 25.10 Series / Re: KEA IPv6 Leases
Last post by Patrick M. Hausen - November 26, 2025, 09:04:05 PMQuote from: rjopn on November 26, 2025, 08:18:25 PMThanks. The IPv4 Web-GUI shows them "correct".
I meant probably all these leases ARE in the LAN interface. Can you tell for sure they belong anywhere else?
#25
General Discussion / Re: Amazon Warehouse Services ...
Last post by Monviech (Cedrik) - November 26, 2025, 08:53:48 PMI run a Fritzbox before my OPNsense too, but I do not NAT on the OPNsense.
I do static routing of the internal networks to the OPNsense and let only the Fritzbox do the NAT.
I dont seem to have issues accessing any websites.
I do static routing of the internal networks to the OPNsense and let only the Fritzbox do the NAT.
I dont seem to have issues accessing any websites.
#26
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by Maurice - November 26, 2025, 08:34:30 PM@Franco Changing the CORE_PACKAGESITE worked, but it has a side effect - changelogs and bogons can't be downloaded anymore.
We had a similar issue before (there is no aarch64 path on pkg.opnsense.org); you then hardcoded amd64 for downloading these:
https://github.com/opnsense/core/commit/f35db24e
But later, you replaced the hardcoded pkg.opnsense.org with opnsense-update -X:
https://github.com/opnsense/core/commit/b8b3da07
Result after changing CORE_PACKAGESITE:
Fetching changelog information, please wait... fetch: https://opnsense-update.walker.earth/FreeBSD:14:amd64/25.7/sets/changelog.txz: Not Found
Ideas?
We had a similar issue before (there is no aarch64 path on pkg.opnsense.org); you then hardcoded amd64 for downloading these:
https://github.com/opnsense/core/commit/f35db24e
But later, you replaced the hardcoded pkg.opnsense.org with opnsense-update -X:
https://github.com/opnsense/core/commit/b8b3da07
Result after changing CORE_PACKAGESITE:
Fetching changelog information, please wait... fetch: https://opnsense-update.walker.earth/FreeBSD:14:amd64/25.7/sets/changelog.txz: Not Found
Ideas?
#27
25.7, 25.10 Series / 25.7.8 Unbound blocklist sourc...
Last post by gpfountz - November 26, 2025, 08:28:30 PMAfter upgrading to 25.7.8, I configured unbound's blocklist's source nets to include my LAN and IoT networks, excluding my GUEST network. The problem is as soon as someone on the guest network does a lookup of a blocked domain, that domain's IP lookup is cached. After this, that blocked domain's IPs are served to my LAN.
Is there a solution for this? I know I can use a different DNS server for my GUEST network. That is what I was doing before the source nets feature was added to 25.7.8.
Thanks in advance!
Is there a solution for this? I know I can use a different DNS server for my GUEST network. That is what I was doing before the source nets feature was added to 25.7.8.
Thanks in advance!
#28
25.7, 25.10 Series / Re: KEA IPv6 Leases
Last post by rjopn - November 26, 2025, 08:27:22 PMQuote from: meyergru on November 25, 2025, 09:26:01 PMMany IoT devices only support SLAAC, if they support IPv6 at all.
Other than that, you have to select the correct RA mode to instruct devices to use DHCPv6 for all interfaces where you want it.
To me, it does not make much sense to use DHCPv6, even if you want to identify devices, because with IPv6 privacy extensions and randomized MACs these days, you cannot effectively do that anyway. Therefore, I prefer to use SLAAC only: https://forum.opnsense.org/index.php?topic=45822.0
Thanks. I will have a look at it...
#29
Hardware and Performance / Re: N150 / N355 good fits?
Last post by Seimus - November 26, 2025, 08:20:05 PMQuote from: Greg_E on November 26, 2025, 05:26:02 PMCurrently on a Xeon E3-1230v5 4 core 8 thread processor in the "high efficiency" or low TDP class from Intel (old Supermicro server repurposed). With a gigabit connection to a 2gb ISP I get around 500-600mbps download due to filtering, get around 900mbps upload (uploads are not filtered by ZA).
I can get ~1.7-1.8G routed throughput on a N100 with my tunings.
Regards,
S.
#30
25.7, 25.10 Series / Re: KEA IPv6 Leases
Last post by rjopn - November 26, 2025, 08:18:25 PMQuote from: Patrick M. Hausen on November 25, 2025, 08:59:56 PMApparently there are no IPv6 leases on any other interface?
Thanks. The IPv4 Web-GUI shows them "correct".
