"Recent posts
#71
26.1 Series / Router Solicitation sometimes ...
Last post by yarn - February 06, 2026, 02:35:46 PMWhen I refresh the WAN connection in Interfaces - Overview, sometimes Router Solicitation is not sent, which caused the router to have no IPv6 address for itself. Why and can I fix this somehow?
My ISP expects routers to configure its address with SLAAC and request prefix through DHCPv6-PD, no address can requested via DHCPv6 or the gateway will reply with an error with no prefix given. The gateway also sends Router Advertisement very infrequently but responds to Router Solicitation.
My ISP expects routers to configure its address with SLAAC and request prefix through DHCPv6-PD, no address can requested via DHCPv6 or the gateway will reply with an error with no prefix given. The gateway also sends Router Advertisement very infrequently but responds to Router Solicitation.
#72
General Discussion / Re: If you change the IP addre...
Last post by patient0 - February 06, 2026, 02:33:41 PM> 192.168.0.100 -> 192.168.8.100 NG
192.168.0.100 is on the WAN of OPNsense8 and all traffic from LAN OPNsense8 192.168.8.0/24 will be NAT-ted to the OPNsense8 WAN IP 192.168.0.8. From the view of the "world (OPNsense8 WAN net and the rest of internet) 192.168.8.0/24 doesn't exist, only 192.168.0.0/24.
> 192.168.0.100 -> 192.168.7.100 NG
same as above, but even more not-visible
> 192.168.7.100 -> 192.168.0.100 NG
If there is really not NAT on OPNsense7 (what does "WAN disabled" mean?) then I don't know how it would work with DHCP.
OPNsense8 only knows about it's WAN net 192.168.0.0/24 and LAN net 192.168.8.0/24. If you have not added a static route on OPNsense8 to send traffic from 192.168.7.0/24 back to 192.168.8.<OPNsense7 WAN IP> then OPNsense doesn't know where to send traffic originating from 192.168.7.0/24 and will send it out OPNsense8 WAN (and the LAN firewal has to allow traffic from "other-than-LAN net").
If you have added the static route on OPNsense8 for OPNsense7 LAN, you will have to add firewall rules to allow such traffic on OPNsense8 and OPNsense7.
You can use tcpdump or package capture in OPNsense GUI to verify where the traffic goes.
192.168.0.100 is on the WAN of OPNsense8 and all traffic from LAN OPNsense8 192.168.8.0/24 will be NAT-ted to the OPNsense8 WAN IP 192.168.0.8. From the view of the "world (OPNsense8 WAN net and the rest of internet) 192.168.8.0/24 doesn't exist, only 192.168.0.0/24.
> 192.168.0.100 -> 192.168.7.100 NG
same as above, but even more not-visible
> 192.168.7.100 -> 192.168.0.100 NG
If there is really not NAT on OPNsense7 (what does "WAN disabled" mean?) then I don't know how it would work with DHCP.
OPNsense8 only knows about it's WAN net 192.168.0.0/24 and LAN net 192.168.8.0/24. If you have not added a static route on OPNsense8 to send traffic from 192.168.7.0/24 back to 192.168.8.<OPNsense7 WAN IP> then OPNsense doesn't know where to send traffic originating from 192.168.7.0/24 and will send it out OPNsense8 WAN (and the LAN firewal has to allow traffic from "other-than-LAN net").
If you have added the static route on OPNsense8 for OPNsense7 LAN, you will have to add firewall rules to allow such traffic on OPNsense8 and OPNsense7.
You can use tcpdump or package capture in OPNsense GUI to verify where the traffic goes.
#73
German - Deutsch / Re: NVM subsystem reliability ...
Last post by Patrick M. Hausen - February 06, 2026, 02:29:27 PMUnd wenn man Netflow verwenden möchte, auf gar keinen Fall auf der Firewall laufen lassen sondern in ein geeignetes System exportieren, was die OPNsense ganz prima kann.
#74
26.1 Series / Re: Something in 2.61 breaks O...
Last post by nero355 - February 06, 2026, 02:27:20 PMQuote from: allenlook on February 06, 2026, 01:46:49 PMAny Google-fu points to TLS 1.2 enablement on the PCs, but these are multiple workstations with TLS 1.2 enabled, and that have been working just fine all along until 26.1.Does this apply to your network : https://forum.opnsense.org/index.php?topic=50735.0 ??
What SSL certificate setting(s) would change on the firewall between 25.7 and 26.1?
Could you give me a link to this :
QuoteM365 Connectivity Test websiteJust in case I might need it for whatever reason...
#75
26.1 Series / Re: Issues with OPNsense on VM...
Last post by nero355 - February 06, 2026, 02:22:36 PMQuote from: kubatron on February 06, 2026, 08:57:46 AMIs there any point that I am stupid and don't understand how this works ? Or I do some stupid mistakes that is so easy to fix...You are not stupid, but you are simply missing knowledge/experience I think :)
For example in this case I would never use this kind of hardware for Proxmox : Just baremetal OPNsense.
IIRC most people use these Fujitsu things as following :
- Onboard NIC as Management Network.
- Additional 2-port or Quad Port NIC for actual Router/Firewall/VLAN stuff.
Should you ever buy something Intel based and more powerfull then I would recommend to VT-D the additional NIC to your Proxmox VM with OPNsense so you can avoid all the Bridging stuff :)
#76
26.1 Series / Re: RA with dnsmasq
Last post by yarn - February 06, 2026, 02:16:29 PMI understood it as "Setting Router Advertisement modes in DHCPv6 ranges will have no effect without this global option enabled."
In the DHCP ranges for IPv6 there are several modes, e.g. SLAAC, ra-stateless etc.
In the DHCP ranges for IPv6 there are several modes, e.g. SLAAC, ra-stateless etc.
Quote from: sorano on February 06, 2026, 11:48:21 AMWhat would be the correct way forward?I added an IPv6 range like this, not sure what the default for new installs is...
#77
26.1 Series / Re: ISO file problem
Last post by nero355 - February 06, 2026, 02:14:06 PMQuote from: sopex8260 on February 06, 2026, 12:28:24 PMDownloading the 26.1 dvd image (ISO) and importing it to Rufus works for you people?Check this recent similar topic https://forum.opnsense.org/index.php?topic=45085.0 for stuff you might have missed/forgotten since the last time you wrote an image to a USB Stick :)
#78
General Discussion / Re: Yet another Shaper questio...
Last post by stanps - February 06, 2026, 02:13:04 PMOkay! Got it figured out! It even honors the speed limits set on the pipe!
The Firewall > Settings > Advanced > Shared Forwarding option, to 'On' (checked).
Hope this helps someone.
-S
The Firewall > Settings > Advanced > Shared Forwarding option, to 'On' (checked).
Hope this helps someone.
-S
#79
German - Deutsch / Re: NVM subsystem reliability ...
Last post by meyergru - February 06, 2026, 02:12:10 PMAls ich meine erste DEC750 bekam, habe ich mich nach wenigen Wochen gewundert, wieso die SSD schon bei 2% lag. Ich habe dann auch gesehen, dass RRD und Logging viel schreiben. Natürlich habe ich dann mit RAM-Disk gearbeitet, aber das brachte weniger als erwartet. Das lag einerseits daran, dass RRD m.W. immer auf die SSD schreibt, was Du ja jetzt deaktiviert hast (gut!).
Andererseits war es aber so, dass die ZFS Commits suboptiomal waren. Das wurde dann mit 23.7.12 geändert - Franco hat mal was darüber geschrieben. Bei den später neu eingerichteten Instanzen war das Problem um Größenordnungen kleiner.
Eventuell auch mal vfs.zfs.txg.timeout (90) und vfs.zfs.dirty_data_sync_percent (5) checken.
Andererseits war es aber so, dass die ZFS Commits suboptiomal waren. Das wurde dann mit 23.7.12 geändert - Franco hat mal was darüber geschrieben. Bei den später neu eingerichteten Instanzen war das Problem um Größenordnungen kleiner.
Eventuell auch mal vfs.zfs.txg.timeout (90) und vfs.zfs.dirty_data_sync_percent (5) checken.
#80
