"Recent posts
#41
German - Deutsch / Re: Portforwarding 80
Last post by meyergru - Today at 03:31:51 PMAha. Die 10 Tage waren eine Ente, die ich mal - vor der Korrektur auf 47 Tage - in diesem Heise-Artikel gelesen hatte. Die Verkürzung geht in Stufen nur auf 47 Tage, was immer noch genug Zeit bei Problemen in der Automation gibt und auch die Limits nicht unrealistisch niedrig erscheinen lässt...
#42
Zenarmor (Sensei) / Re: I just had a Zenarmor ad *...
Last post by Greg_E - Today at 03:15:51 PMI would be ironic if it were from a site that you can set to blocked.
#43
General Discussion / Re: Hardening DHCP
Last post by verfluchten - Today at 02:23:14 PMNot really looking for design suggestions ATM, only for the answers to the original questions.
#44
Tutorials and FAQs / Re: [HOWTO] Configure IPv6 in ...
Last post by meyergru - Today at 02:19:16 PMJust guessing here, because you do not tell what IPs your WAN clients use or what you configured in Chrony instead of '::/0':
1. You must supply Chrony wth a range of IPs it listens to. If you don't, then it won't listen at all. So, you either have to provide '::/0' or 'fc00::/7' and the clients either are with the same subnets or use inbound NAT.
2. fc00::/7 is an ULA IPv6 address range, which serves the same purpose as RFC1918 for IPv4, i.e. it is not routed on the internet. If your WAN clients do not use a sender IP from the same range, they will only get through with a routeable IP. In that case, you will have to have Chrony accept those.
1. You must supply Chrony wth a range of IPs it listens to. If you don't, then it won't listen at all. So, you either have to provide '::/0' or 'fc00::/7' and the clients either are with the same subnets or use inbound NAT.
2. fc00::/7 is an ULA IPv6 address range, which serves the same purpose as RFC1918 for IPv4, i.e. it is not routed on the internet. If your WAN clients do not use a sender IP from the same range, they will only get through with a routeable IP. In that case, you will have to have Chrony accept those.
#45
German - Deutsch / Re: Portforwarding 80
Last post by meyergru - Today at 02:07:07 PMJens, Du hast vollkommen recht. Mit den kommenden Verkürzungen müssten diese Beschränkungen aber heftig angepasst werden, zudem dann tatsächlich Verlängerungen ggf. sogar jeden Tag passieren müssten (mal ganz abgesehen von der höheren Last bei den ACME-CAs).
Ich habe da mal angefragt: https://community.letsencrypt.org/t/how-will-lets-encrypt-deal-with-the-effects-of-shorter-certificate-lifetimes/237293, bin gespannt...
Ich habe da mal angefragt: https://community.letsencrypt.org/t/how-will-lets-encrypt-deal-with-the-effects-of-shorter-certificate-lifetimes/237293, bin gespannt...
#46
Tutorials and FAQs / Re: [HOWTO] Configure IPv6 in ...
Last post by Kets_One - Today at 02:01:12 PMHi,
I currently have a few local virtual IPv6 addresses created under 'interfaces', namely: fd07::1/128 and fd08::1/128 that i use to serve NTP time to WAN users.
This is instead of forwarding the WAN NTP requests to my physical LAN NTP servers.
However, even though i have put NAT and FW rules in place to route this traffic to these addresses as well as update chrony config i still need to include ::/0 as client address range in the chrony config to get them to work. What am i missing here?
I currently have a few local virtual IPv6 addresses created under 'interfaces', namely: fd07::1/128 and fd08::1/128 that i use to serve NTP time to WAN users.
This is instead of forwarding the WAN NTP requests to my physical LAN NTP servers.
However, even though i have put NAT and FW rules in place to route this traffic to these addresses as well as update chrony config i still need to include ::/0 as client address range in the chrony config to get them to work. What am i missing here?
#47
25.1, 25.4 Production Series / OPNsense 25.1.6_2-amd64 bad ...
Last post by pasha-19 - Today at 01:49:40 PMI converted from ISC DHCPv4 to DNSMASQ DHCPv4 successfully I believe then I tried to add some IPv6 entries. It appears I messed up something and have disabled dnsmasq completely. I know I need to fix whatever is in line 139 and other things like it using probably the WEB GUI. However; it would be nice to see what is in line 139 of /usr/local/etc/dnsmasq.c so I can do something other than deleting all the IPv6 stuff I tried to add (learning nothing) to recover from the problem, This is not my working router this is a test environment.
Thanks for any suggestions. I have read through many forum entries indicating manual editing config files will not work and that is not an issue as far as I am concerned. My desire is only to determine the contents of line 139 of /usr/local/etc/dnsmasq.c to know what to remove or change in the web gui.
#48
General Discussion / Re: Can't connect to Unraid se...
Last post by cookiemonster - Today at 01:05:26 PM> Unraid is on 192.168.10.80. I am on a laptop with 192.168.10.39. I cannot ping 192.168.10.80, SMB does not work and now on Unraid, I am unable to refresh dockers either.
Devices on the same network i.e. 192.168.10.X/24 won't go through your router, unless you have a misconfiguration. They talk to each other via the switch only.
Devices on the same network i.e. 192.168.10.X/24 won't go through your router, unless you have a misconfiguration. They talk to each other via the switch only.
#49
25.1, 25.4 Production Series / Re: ACME client - send email ...
Last post by keeka - Today at 11:54:01 AMI do something similar with icinga. The OP wants a notification when the cert has renewed.
I noticed in the acme automation options that there was not an option to run an adhoc local script.
But it just dawned on me, you could use 'remote command via ssh' to localhost to achieve the same.
I noticed in the acme automation options that there was not an option to run an adhoc local script.
But it just dawned on me, you could use 'remote command via ssh' to localhost to achieve the same.
#50
25.1, 25.4 Production Series / Does OPNsense Support PAP Auth...
Last post by Cipher - Today at 11:49:52 AMHi everyone,
We're planning to migrate a customer from pfSense to OPNsense and are currently validating compatibility for their setup.
We've successfully tested PPPoE on OPNsense, but we need to confirm if PAP (Password Authentication Protocol) is supported and working reliably in this context.
This is important for us before moving forward with the migration.
Has anyone used PAP authentication on OPNsense? Any known issues or limitations?
Thanks in advance!
We're planning to migrate a customer from pfSense to OPNsense and are currently validating compatibility for their setup.
We've successfully tested PPPoE on OPNsense, but we need to confirm if PAP (Password Authentication Protocol) is supported and working reliably in this context.
This is important for us before moving forward with the migration.
Has anyone used PAP authentication on OPNsense? Any known issues or limitations?
Thanks in advance!
