Recent Posts

Pages: 1 ... 7 8 [9] 10

24.7 Production Series / Is my WAN IPv6 different from my /48 fixed prefix?

« Last post by JamesFrisch on Today at 07:53:35 am »

Hi guys

Probably stupid question but I could not find an answer online.
Is it possible that my WAN IPv6 is in a different subnet than my static /48 prefix?

I currently have IPv4 WireGuard on OPNsense. Now I want to make my WG dual stack.
I get the static IPv6 /48 prefix of lets say 1234:1234:1234::/48
Because of that, my VLANs use
1234:1234:1234:10::/64
1234:1234:1234:20::/64
and so on with track interface.

When I go to the interfaces overview, I see that it used the some (I think random) MAC for all VLAN.
1234:1234:1234:10:4444:4444:4444:4444/64
1234:1234:1234:20:4444:4444:4444:4444/64

also each interface gets a link local fe80::4444:4444:4444:4444/64

This far I can follow. What irritates me me is the WAN interface.

1234:1234:2222:29:4444:4444:4444:4448/64
1234:1234:2222:29::1f/128
fe80::4444:4444:4444:4448/64

The ending with "8" I can understand. This is because the WAN NIC has a slightly different MAC from the LAN NIC.

What I don't understand is the 2222:29. Since I have the static prefix 1234:1234:1234::/48 assigned, is it possible that for my WAN I get two IPv6 that are not in this subnet?

Is there any documentation about the differences between these two IPv6?
First one does not seam to be a privacy extended IPv6, so why even have two?

24.7 Production Series / Re: OPNsense needs periodic reboot since updated to 24.7.9_1-amd64

« Last post by bongo on Today at 07:34:21 am »

i think i found the reason why my setup was running stable for 5 days, and then the issue popped up again and the uplink always failed after a few hours:
during these 5 days, i had my uplink connected to a switch that only supports 100M. afther this time, i was confident that everything is working fine again and i removed all the unneeded stuff, and the uplink was running at 1G again.
then i had the issue again.
i tried to force my uplink to 100M by OPNsense settings, but this does not help. now i added the switch again to get the link down to 100M, and it works stable for almost 2 days now.
the only strange thing is, that i did not have this issue before updating to the latest version of OPNsense.

Virtual private networks / Re: IPSec Tunnel with Dual WAN Failover GW_Group

« Last post by Monviech (Cedrik) on Today at 06:26:44 am »

I guess if both sides have two ISPs you will need something like this:

https://docs.opnsense.org/manual/how-tos/dynamic_routing_ospf.html#ipsec-failover-with-vti-and-ospf

This works very well.

General Discussion / My VM's traffic not passing thur OPNsense

« Last post by smnaqvee on Today at 05:34:56 am »

Hi !

I set up OPNsense on proxmox with these network settings attached in image .
However not sure how to setup all VM's nrwork so that all VM's traffic route thru opnsense forewall where I can implement rules on traffic or use zenarmor.

Can anyone guide as my proxmox server has one NIC do I need 1 more ? Can opnsense work with attached settings and start routing traffic of all VM's through opnsnse . Any help appreciated thanks

Do I need to attach same 3 network interfaces to all VM;s as well.

Virtual private networks / TOR Plugin questions

« Last post by fbeye on Today at 05:11:42 am »

Hello

So, I see quite a few links on google and here about configuring etc, but what really is it used for? Is it beneficial beyond me already having NordVPN+OpenVPN config or my Wireguard [really just for home use]? Is it something I should use?
Just casually curious of peoples usages and thoughts on it.

24.7 Production Series / Re: DEC2752: Getting switch online

« Last post by Flattery6100 on Today at 04:49:56 am »

As they say, problems that go away on their own come back on their own. I can restart the firewall and get it working for a time, but it keeps breaking and needing a restart. Any ideas? Any logs to look at?

Zenarmor (Sensei) / Re: Tutorial: How to Configure DoT on OPNsense Firewall?

« Last post by Mpegger on Today at 04:36:59 am »

Speaking of man-in-the-middle, in my case, I prefer using DNS-over-TLS with Cloudflare because of thier no-tracking/logging policies, but also because it it's one less way my ISP (Verizon) can track the home usage.

For those who have similar ISPs that love to log everything and sell customer data, DoT could be useful.

General Discussion / Re: Unexpected traffic when network is idle

« Last post by Temperance on Today at 04:33:26 am »

Thanks for your reply, cookiemonster.

Yes, the PC is the source of the traffic, I have no doubt of that; what I wonder is if all this traffic originating from it is a sign of malware on the PC. The only other firewall I have experience with (a Sonicwall appliance) does not have an equivalent to the Live View, so I'm not sure what to expect.

Regards,
Temperance

Virtual private networks / Re: IPSec Tunnel with Dual WAN Failover GW_Group

« Last post by ludarkstar99 on Today at 04:13:25 am »

Hi Monviech (Cedrik),
the gateway switching trick works well if i have one ISP in the HQ, and two ISPs in the branch office.
When the branch office ISP 1 goes down, it will reconnect using the backup isp to reach to HQ.
But... if both sites have 2 ISPs, when HQ ISP1 goes down, there's a lot of retransmissions due to dpd action, and eventually it trows away the half open connection, and keep failing at retransmissions until give up.

Hardware and Performance / Re: Q20331G9 high cpu usage at 10Gb/s

« Last post by alexandre.dulche on Today at 03:33:21 am »

Test 3 :
Checksum offloading : enabled
LRO/TSO : disabled (=default)
VLAN offloading : enabled
vm.pmap.pti= 1 -> 0
hw.ibrs_disable= 0 -> 1
--> Load ~ 13.0 (~95% system) & ~9 Gb/s

No change compared to test #2 where hardware offloading seems to have helped quite a bit.

Pages: 1 ... 7 8 [9] 10