"Recent posts
#81
25.7, 25.10 Series / Re: Planing to Change from IpF...
Last post by teclis22 - January 03, 2026, 05:09:50 PMohh thats good input
thank you very much.
going to dig myself into those :)
thank you very much.
going to dig myself into those :)
#82
25.7, 25.10 Series / Re: VLANs almost working on te...
Last post by viragomann - January 03, 2026, 04:56:04 PMQuote from: Maurice on January 02, 2026, 08:04:53 PMVLANs should be configured on the VM host (Proxmox), not in the guest (OPNsense). The guest should have a dedicated interface for each VLAN.
Quote from: silmaril on January 03, 2026, 03:24:29 PMThe setup should be as close as possible to the actual use case in hardware I want to simulate.
This depends on the use case in my opinion.
I also run my OPNsense virtualized. To one of the host NICs the wifi AP is connected with five VLANs running over it. It makes no sense to me to configure these on the host and add five NICs to the VM in this case.
So I have all VLANs terminated in OPNsense and this works flawlessly.
#83
25.7, 25.10 Series / Re: VLANs almost working on te...
Last post by silmaril - January 03, 2026, 04:00:14 PMFound it!
It was a very simple configuration error, which I managed to not notice many times.
The non-working VLANs were assigned to the WAN interface instead of LAN.
After changing this to the correct interface, everything works as expected.
Why do computers always do what I tell them to do, instead of what I want them to do? ;-)
It was a very simple configuration error, which I managed to not notice many times.
The non-working VLANs were assigned to the WAN interface instead of LAN.
After changing this to the correct interface, everything works as expected.
Why do computers always do what I tell them to do, instead of what I want them to do? ;-)
#84
25.7, 25.10 Series / Re: Planing to Change from IpF...
Last post by pfry - January 03, 2026, 03:57:54 PMHave you looked at the OPNsense Documentation? Specifically Security Zones. I don't recall specifics from IPFire, so the concepts may not be precisely comparable. Also, Tutorials and FAQs here.
#85
General Discussion / Re: Wireguard requires manual ...
Last post by Patrick M. Hausen - January 03, 2026, 03:32:00 PMQuote from: chemlud on January 03, 2026, 02:31:28 PMGolden rule of FOSS: If not everybody can reproduce, it's YOUR bug. Sorry, that's the way it is.
Various WG tunnels here, no problems with reboots for years...
Same here: various tunnels across multiple locations - all starting at boot just fine. Never had a problem with WG. I moved all site to site IPsec connections where I control both ends to WG years ago.
#86
Zenarmor (Sensei) / Re: CVE-2025-14847 vulnerabili...
Last post by Patrick M. Hausen - January 03, 2026, 03:28:39 PMAs @sy wrote MongoDB is unsupported by ZA now and you should remove it from your security product. Which also solves the issue.
#87
25.7, 25.10 Series / Re: VLANs almost working on te...
Last post by silmaril - January 03, 2026, 03:24:29 PMMaybe you're right. The setup should be as close as possible to the actual use case in hardware I want to simulate.
This means activating VLAN awareness on the bridge in Proxmox and setting the interface to one of the VLAN tags.
I added one network device to the client VM for each VLAN, so I can test all of them at the same time.
Doing it this way shows the same behaviour as before:
Without a VLAN tag on the interface, I get a connection to the LAN interface on OPN.
With VLAN tag 10, I get a connection to this VLAN.
With the other VLAN tags, no connection can be established.
So I'm basically at the same point I was yesterday: One VLAN is working fine and the others aren't and I can't find what I have configured differently.
Does anyone have any idea, what could be causing this?
This means activating VLAN awareness on the bridge in Proxmox and setting the interface to one of the VLAN tags.
I added one network device to the client VM for each VLAN, so I can test all of them at the same time.
Doing it this way shows the same behaviour as before:
Without a VLAN tag on the interface, I get a connection to the LAN interface on OPN.
With VLAN tag 10, I get a connection to this VLAN.
With the other VLAN tags, no connection can be established.
So I'm basically at the same point I was yesterday: One VLAN is working fine and the others aren't and I can't find what I have configured differently.
Does anyone have any idea, what could be causing this?
#88
25.7, 25.10 Series / Planing to Change from IpFire ...
Last post by teclis22 - January 03, 2026, 03:17:42 PMHi all.
I have used IPCop for a while then moved to IpFire when IpCop closed down.
I very mmuch enjoy the simplicity of it for a home lab environment.
But always needed more interfaces then the 4 zones offered by ipFire. And that option is likely only to be intorudiced in 3.x wich might take years to be released.
So i am looking at opnsense.
My question at this point:
Is there like a recommended tutorial to set up an ipfire like network ? I know the "zones" term is not really industry standard. but its just practical.
any resource you can recommend to a opnsense beginner to get a ipfire like set up configured and running ?
thankj you very much
best regards
me
I have used IPCop for a while then moved to IpFire when IpCop closed down.
I very mmuch enjoy the simplicity of it for a home lab environment.
But always needed more interfaces then the 4 zones offered by ipFire. And that option is likely only to be intorudiced in 3.x wich might take years to be released.
So i am looking at opnsense.
My question at this point:
Is there like a recommended tutorial to set up an ipfire like network ? I know the "zones" term is not really industry standard. but its just practical.
any resource you can recommend to a opnsense beginner to get a ipfire like set up configured and running ?
thankj you very much
best regards
me
#89
General Discussion / Re: Clients use wrong IPv6 Gat...
Last post by simonmicro - January 03, 2026, 02:49:18 PMFYI... I just decided to use a workaround of a more loose "Allow IPv6 Internet" firewall rule, which is now still bound to the LAN interface, but does not actually check the sources address anymore, like under IPv4. I know this is not perfect, but this allows the clients to randomly choose an IPv6 address, prefix and gateway and to more equally distribute across the OPNsense instances.
One should keep in mind, that this only works here, as both OPNsense IPv6 prefix delegations are originating from the same /56 IPv6-prefix. With different IPv6-prefixes, one would indeed need to create a locally administered prefix and perform e.g. NPT with RA-CARPs...
One should keep in mind, that this only works here, as both OPNsense IPv6 prefix delegations are originating from the same /56 IPv6-prefix. With different IPv6-prefixes, one would indeed need to create a locally administered prefix and perform e.g. NPT with RA-CARPs...
#90
25.7, 25.10 Series / Re: Which is the way to go ? -...
Last post by Monviech (Cedrik) - January 03, 2026, 02:47:18 PMQuote from: Patrick M. Hausen on January 03, 2026, 02:20:29 PMI would not base my enterprise firewall product on a single person project hosted on a private server.
Without sounding salty, the whole modern IT infrastructure is based on a huge chain of dependencies who knows who maintains for free as single entities.
Framing dnsmasq in this way - which runs on millions of CPE devices - is not very nice.
Dnsmasq it has its usecases, most prominently fixing operational IPv6 issues for CPE that are not in the scope of KEA.
HA are operational enterprise requirements that are not in the scope of Dnsmasq.
Both tools have their own identity, nobody forces you to use anything else than KEA in enterprise.
