"Recent posts
#71
German - Deutsch / Re: von Extern eigene OPNSense...
Last post by Pitti3303 - July 17, 2025, 10:12:54 AMMoin, wie im Titel geschrieben von Extern - anderes WAN ungleich meinem Anschluss. Zu den geöffneten Ports muss ich ergänzen, dass meine Telefonanlage (Fritz!Box in einem VLAN hinter der OPNSense) mit meinem Provider (VDSL 1&1) spricht - klappt alles bestens. Die Fritz!Box macht nur Telefonie, alles andere übernehmen weitere Geräte.
Zur Topologie: VDSL-> Vigor167 mit PPPoE passthrough -> WAN-Port OPNNSense -> 10Gbit Fiber VLAN 1 bis x tagged an Switch (Zyxel XMG1915-18EP).
Zur Topologie: VDSL-> Vigor167 mit PPPoE passthrough -> WAN-Port OPNNSense -> 10Gbit Fiber VLAN 1 bis x tagged an Switch (Zyxel XMG1915-18EP).
#72
German - Deutsch / Re: OPN zu OPN per Wireguard V...
Last post by Bob.Dig - July 17, 2025, 10:05:05 AMQuote from: Patrick M. Hausen on July 16, 2025, 01:36:44 PM@Bob.Dig muss nicht. Bei einer P2P-Verbindung ist es tatsächlich wurst. Wenn ich einen Stern habe, kann ich z.B. in der Zentrale überall /32 eintragen und in den Niederlassungen /24 - dann können die auch miteinander sprechen.Danke, wieder was "gelernt".
#73
General Discussion / Re: Duplicate menu entry OpenV...
Last post by Patrick M. Hausen - July 17, 2025, 09:23:44 AMYou have one automatically created interface group. The rules on that apply to all OpenVPN instances you might have configured. The second entry is a manually assigned interface for that specific instance. It can be removed in Interfaces > Assignments.
#74
General Discussion / Duplicate menu entry OpenVPN u...
Last post by Dieter - July 17, 2025, 09:07:35 AMMoin community,
version: OPNsense 25.1.10-amd64
We have exactly one OpenVPN [legacy] server configured and active.
After disabling and re-enabling this server all traffic had been blocked through the OpenVPN-interface.
The cause was that the interface "openvpn" had been disabled by disabling the legacy server as well.
After re-enabling the interface we have two entries "OpenVPN" under Firewall-Rules:
- One entry contains all the rules we had created as expected. (Mouse over shows: if=openvpn)
- The second entry contains only 13 automatically generated rules and is not needed. (Mouse over shows: if=opt1)
Opt1 is the "internal identifier" of the interface [openvpn].
My question:
Is there any chance to remove this new entry?
Could it be removed automatically after a restart? Even if I do not expect this :-)
Is it possible that in former versions the entry under rules had been created with "interface name" and in later versions with the "internal identifier"?
Thank you for your help and yes I've already searched the forum and other sources for a solution :-)
Dieter
version: OPNsense 25.1.10-amd64
We have exactly one OpenVPN [legacy] server configured and active.
After disabling and re-enabling this server all traffic had been blocked through the OpenVPN-interface.
The cause was that the interface "openvpn" had been disabled by disabling the legacy server as well.
After re-enabling the interface we have two entries "OpenVPN" under Firewall-Rules:
- One entry contains all the rules we had created as expected. (Mouse over shows: if=openvpn)
- The second entry contains only 13 automatically generated rules and is not needed. (Mouse over shows: if=opt1)
Opt1 is the "internal identifier" of the interface [openvpn].
My question:
Is there any chance to remove this new entry?
Could it be removed automatically after a restart? Even if I do not expect this :-)
Is it possible that in former versions the entry under rules had been created with "interface name" and in later versions with the "internal identifier"?
Thank you for your help and yes I've already searched the forum and other sources for a solution :-)
Dieter
#75
25.1, 25.4 Production Series / Upgrade fail from 25.1.10 to 2...
Last post by VTOLfreak - July 17, 2025, 09:05:40 AMAnyone ran into this before? First time I had an upgrade fail to boot up. (This is a VM in Proxmox BTW)
I can provide the config file if needed but rather not throw it onto a public forum as it might contain passwords.
I can provide the config file if needed but rather not throw it onto a public forum as it might contain passwords.
#76
25.1, 25.4 Production Series / Re: Upgrade fails from 24.7.12...
Last post by Patrick M. Hausen - July 17, 2025, 08:44:47 AM #77
25.1, 25.4 Production Series / Re: Prefix delegation size in ...
Last post by franco - July 17, 2025, 08:22:17 AMClick "details" on the right in the respective overview row. It's listed there as "Dynamic IPv6 prefix received".
Cheers,
Franco
Cheers,
Franco
#78
25.1, 25.4 Production Series / Re: Upgrade fails from 24.7.12...
Last post by franco - July 17, 2025, 08:19:10 AMfts_read() is a function for traversing the file system... to some degree there appears to be glitch on it.
I'm not sufficient in ZFS with regard to error correction so someone else can help shed light on it (zfs clear/scrub maybe).
Technically, I think the script is correct not to proceed not knowing what the underlying problem could be.
Cheers,
Franco
I'm not sufficient in ZFS with regard to error correction so someone else can help shed light on it (zfs clear/scrub maybe).
Technically, I think the script is correct not to proceed not knowing what the underlying problem could be.
Cheers,
Franco
#79
German - Deutsch / Re: von Extern eigene OPNSense...
Last post by meyergru - July 17, 2025, 08:17:28 AMMeine NI sagt: Glaskugel ist kaputt, zu wenig Information.
Unter Voraussetzung wahrscheinlicher Annahmen (nämlich: Du hast aus Deinem LAN den Scan gestartet und nicht von der WAN-Seite aus) würde ich vermuten, dass die standardmäßig auf dem LAN-Interface vorhandene Allow-Any-Regel den Zugriff auf alle Ports auf der OpnSense erlaubt.
Dieser Scan kann eigentlich kaum von außen stattgefunden haben, da Du mutmaßlich nur eine öffentliche IPv4 (hast Du die gescannt?) hast und outbound NAT jeden Zugriff verhindert, falls keine Portweiterleitungen eingerichtet wurden, was Du ja ausschließt.
Wenn Du das doch von außen gemacht hast, stellen sich Fragen: Was für ein WAN-Anschluss ist das, wie ist die Topologie?
Unter Voraussetzung wahrscheinlicher Annahmen (nämlich: Du hast aus Deinem LAN den Scan gestartet und nicht von der WAN-Seite aus) würde ich vermuten, dass die standardmäßig auf dem LAN-Interface vorhandene Allow-Any-Regel den Zugriff auf alle Ports auf der OpnSense erlaubt.
Dieser Scan kann eigentlich kaum von außen stattgefunden haben, da Du mutmaßlich nur eine öffentliche IPv4 (hast Du die gescannt?) hast und outbound NAT jeden Zugriff verhindert, falls keine Portweiterleitungen eingerichtet wurden, was Du ja ausschließt.
Wenn Du das doch von außen gemacht hast, stellen sich Fragen: Was für ein WAN-Anschluss ist das, wie ist die Topologie?
#80
25.1, 25.4 Production Series / Prefix delegation size in web ...
Last post by DavidGA - July 17, 2025, 07:17:24 AMWhere is the received WAN IPv6 prefix delegation size displayed in the web UI? I can't find it.
I know that I can see it by doing "cat /tmp/*_prefixv6" on the command line, but the web UI, for example on the dashboard or in the interfaces overview, only shows prefixes assigned to LANs, and not the prefix length received from the ISP.
I know that I can see it by doing "cat /tmp/*_prefixv6" on the command line, but the web UI, for example on the dashboard or in the interfaces overview, only shows prefixes assigned to LANs, and not the prefix length received from the ISP.
