"Recent posts
#81
26.1 Series / Re: Rules [new] Sort order Seq...
Last post by Monviech (Cedrik) - February 04, 2026, 06:34:43 PMA loopback interface can have any IP address. I usually give them like 192.168.89.4/32 or something. Doesn't matter.
#82
General Discussion / Re: No internet to clients con...
Last post by darkencraft - February 04, 2026, 06:34:38 PMso, i wasn't able to fix the problem, and ended up buying TL-SG1016D (16-Port Switch).
My current setup is using 1 port to wan, 1 port to lan without any bridges, and remaining 4 ports being unused.
Now all my connections rely on the newly bought 16 port switch, including the wifi ap. with this setup, wifi devices do get internet connection.
My current setup is using 1 port to wan, 1 port to lan without any bridges, and remaining 4 ports being unused.
Now all my connections rely on the newly bought 16 port switch, including the wifi ap. with this setup, wifi devices do get internet connection.
#83
26.1 Series / Re: Management Interface openi...
Last post by meyergru - February 04, 2026, 06:33:30 PMI think what you see is probably an overlay of several misconfigurations. OpnSense does not have a basic authentication for starters.
Maybe what you see is the basic login of your ONT or modem, which often has a management IP of 192.168.100.1. For this very reason, the use of that specific subnet is discouraged here.
That being said, you should not have the ONT on your management network, because it much likely also is your WAN.
Maybe what you see is the basic login of your ONT or modem, which often has a management IP of 192.168.100.1. For this very reason, the use of that specific subnet is discouraged here.
That being said, you should not have the ONT on your management network, because it much likely also is your WAN.
#84
Hardware and Performance / Re: Drowning in (old) hardware...
Last post by OPNenthu - February 04, 2026, 06:33:03 PMMore storage doesn't help with IDP throughput, so I wouldn't waste money there unless you have a specific need (are you virtualizing)?
RAM helps with performance up to a point, but those larger systems are designed for capacity: very large number of users, policies/tables, VPNs, etc. Doesn't sound like that's your use case. I think 8-16 GB of DDR4 or better is good, dual-channel if you can. IIRC, both the DEC850 and the VP66xx are dual channel.
The CPU is the limiting factor. IDS/IDP is CPU bound and in many cases they are single-threaded applications. You need a CPU with high frequency in order to get the kind of throughput you are asking for, but as I'm not a user of those I would refer you to the respective forum sections for ZA and Intrusion Prevention.
I would drop an email to the vendor you are looking into and get their opinion of what kind of throughput you might expect for your use case.
RAM helps with performance up to a point, but those larger systems are designed for capacity: very large number of users, policies/tables, VPNs, etc. Doesn't sound like that's your use case. I think 8-16 GB of DDR4 or better is good, dual-channel if you can. IIRC, both the DEC850 and the VP66xx are dual channel.
The CPU is the limiting factor. IDS/IDP is CPU bound and in many cases they are single-threaded applications. You need a CPU with high frequency in order to get the kind of throughput you are asking for, but as I'm not a user of those I would refer you to the respective forum sections for ZA and Intrusion Prevention.
I would drop an email to the vendor you are looking into and get their opinion of what kind of throughput you might expect for your use case.
#85
26.1 Series / Re: Rules [new] Sort order Seq...
Last post by nero355 - February 04, 2026, 06:29:26 PMQuote from: Monviech (Cedrik) on February 04, 2026, 05:12:35 PMCheat via adding a loopback interface to some rules.What would be a good one to avoid future conflicts addressing wise ?
Since 127.0.1.1 for example exists for special purposes.
I am thinking about using it for two reasons :
- Bind the webGUI and OpenSSH to it to avoid unavailability of both when the Management NIC's Port is disconnected for whatever reason.
- For the Firewall Rules "Interfaces Group" workaround should I ever need it.
#86
26.1 Series / Re: Track Interface with 26.1
Last post by nero355 - February 04, 2026, 06:23:26 PMQuote from: franco on February 04, 2026, 05:26:12 PMin the future and Track interface will be phased out when ISC-DHCP is going to be removed which could be 2028 or so.But...
Maybe...
Just maybe...
It would be a good idea to start encouraging your users to already move to KEA/DNSmasqd/KEA+Radvd in combination with Identity Association to avoid a couple of things :
- ISC plug-in issues during future upgrades.
- A lot of misunderstanding about Track Interface vs. Identity Association and when to use which or why they both exist.
And minimize the amount of support needed for all of the above ?!
In my case I was kind of expecting things to go wrong with the ISC DHCP plug-in stuff so I have switched to KEA already in my 25.7.x install because I had a lot of bad experiences with this kind of upgrades in the past and wanted to avoid unnecessary issues in future updates/upgrades :)
(Sorry for showing a bit of lack of trust... LOL!)
#87
General Discussion / Re: Firewall Preventing Connec...
Last post by WhatAMess - February 04, 2026, 06:10:26 PMTraceroute showed it reaching the destination. Thanks for the reply.
Anyway, I browsed through all the configuration menus again and discovered in the NAT/Port Forwarding section a port 80 LAN rule to "redirect traffic to proxy". I edited it to "disable" and went back to the laptop and now everything works! Not sure what it was for, I know I didn't write it but it sure was a nuisance.
Anyway, I browsed through all the configuration menus again and discovered in the NAT/Port Forwarding section a port 80 LAN rule to "redirect traffic to proxy". I edited it to "disable" and went back to the laptop and now everything works! Not sure what it was for, I know I didn't write it but it sure was a nuisance.
#88
Hardware and Performance / Re: Starting homelab network -...
Last post by nero355 - February 04, 2026, 06:07:40 PMQuote from: bimbar on February 02, 2026, 10:50:53 AMWe've had terrible experiences with professional Netgear switches regarding port speeds and compatibilities.Any chance you remember the exact models ?
Even if it works, for the homeuser Netgear switches the interface is terrible.
So far I have not seen anything weird enough to put me off from buying any Switch from any brand webGUI wise :)
QuoteHPE Aruba might be on the expensive side.Depends on your wishes IMHO because overall HPE has/had a lot of Switches in their lineup for a very reasonable price.
Not the cheapest, but reasonable.
#89
26.1 Series / Management Interface opening w...
Last post by niwmik - February 04, 2026, 06:07:01 PMI have set up a Management Interface and assigned it to the "Listen Interfaces" in System: Settings: Administration. For testing purposes, I created a firewall rule for the Management Interface that passes to all destinations. I created a ISC DHCPv4 services and am able to get an i.p. of 192.168.100.50. I then try to open the web interface at 192.168.100.1, but instead of getting the form-based authentication page, I get a basic authentication prompt.
This has worked for me before in an older version of OPNsense, but I'm starting fresh with 26.1. Is there something else I need to set up to get this to work?
This has worked for me before in an older version of OPNsense, but I'm starting fresh with 26.1. Is there something else I need to set up to get this to work?
#90
26.1 Series / Re: Rules [new] Sort order Seq...
Last post by osmom - February 04, 2026, 06:03:15 PMSequence shall be between 1 and 999999, so the first Numer after the "." of Sort order looks like a specal definition?
