"Recent posts
#81
German - Deutsch / Re: IPv6 am PON-Anschluss von ...
Last post by mbr89 - December 20, 2025, 05:57:36 PMQuote from: Maurice on December 20, 2025, 05:20:19 PMPPPoE-Session kann nicht aufgebaut werden?
2025-12-20T17:56:00 Notice opnsense /interfaces.php: Chose to bind WAN_PPPOE on 100.101.177.83 since we could not find a proper match.
2025-12-20T17:56:00 Notice opnsense /interfaces.php: plugins_configure monitor (execute task : dpinger_configure_do(,[WAN_PPPOE,FairNetzIPv6GW,WAN_SLAAC]))
2025-12-20T17:56:00 Notice opnsense /interfaces.php: plugins_configure monitor (,[WAN_PPPOE,FairNetzIPv6GW,WAN_SLAAC])
2025-12-20T17:56:00 Notice opnsense /interfaces.php: ROUTING: keeping inet6 default route to fe80::XXXX:XXXX:XXXX:XXXX%pppoe0
2025-12-20T17:55:50 Notice opnsense /usr/local/etc/rc.newwanipv6: ROUTING: keeping inet6 default route to fe80::XXXX:XXXX:XXXX:XXXX%pppoe0
2025-12-20T17:55:49 Notice opnsense /usr/local/etc/rc.newwanipv6: IP renewal starting (address: misconfigured, interface: wan, device: pppoe0)
2025-12-20T17:55:47 Notice opnsense /usr/local/etc/rc.newwanip: Chose to bind WAN_PPPOE on 100.101.177.83 since we could not find a proper match.
2025-12-20T17:55:46 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure monitor (execute task : dpinger_configure_do(,[WAN_PPPOE]))
2025-12-20T17:55:46 Notice opnsense /usr/local/etc/rc.newwanip: plugins_configure monitor (,[WAN_PPPOE])
2025-12-20T17:55:44 Notice opnsense /usr/local/etc/rc.newwanip: IP renewal starting (new: 100.101.177.83, old: 100.101.176.51, interface: wan, device: pppoe0, force: yes)
2025-12-20T17:55:43 Notice opnsense /interfaces.php: Chose to bind WAN_PPPOE on 100.101.177.83 since we could not find a proper match.
2025-12-20T17:55:43 Notice opnsense /interfaces.php: plugins_configure monitor (execute task : dpinger_configure_do(,[WAN_PPPOE,FairNetzIPv6GW,WAN_SLAAC]))
2025-12-20T17:55:43 Notice opnsense /interfaces.php: plugins_configure monitor (,[WAN_PPPOE,FairNetzIPv6GW,WAN_SLAAC])
2025-12-20T17:55:43 Notice opnsense /interfaces.php: ROUTING: setting inet6 default route to fe80::XXXX:XXXX:XXXX:XXXX%pppoe0
2025-12-20T17:55:42 Notice ppp ppp-linkup: executing on pppoe0 for inet6
2025-12-20T17:55:42 Notice ppp [wan] IFACE: Rename interface ng0 to pppoe0
2025-12-20T17:55:41 Notice ppp ppp-linkup: executing on pppoe0 for inet
2025-12-20T17:55:41 Notice kernel <6>[99309] ng0: changing name to 'pppoe0'
2025-12-20T17:55:41 Notice ppp [wan_link0] PPPoE: connection successful
2025-12-20T17:55:41 Notice ppp PPPoE: rec'd ACNAME "frnk1-bng3"
2025-12-20T17:55:41 Notice ppp [wan_link0] PPPoE: Connecting to ''
2025-12-20T17:55:39 Error dhcp6c invalid interface(pppoe0): Device not configured
2025-12-20T17:55:02 Warning opnsense /interfaces.php: The required WAN_PPPOE IPv4 interface address could not be found, skipping.
2025-12-20T17:55:02 Warning opnsense /interfaces.php: Skipping gateway WAN_PPPOE due to empty 'gateway' property.
2025-12-20T17:55:02 Warning opnsense /interfaces.php: Skipping gateway WAN_PPPOE due to empty 'monitor' property.
2025-12-20T17:55:02 Notice opnsense /interfaces.php: plugins_configure monitor (execute task : dpinger_configure_do(,[FairNetzIPv6GW,WAN_PPPOE]))
2025-12-20T17:55:02 Notice opnsense /interfaces.php: plugins_configure monitor (,[FairNetzIPv6GW,WAN_PPPOE])
2025-12-20T17:55:02 Warning opnsense /interfaces.php: ROUTING: refusing to set interface route on addressless wan(pppoe0)
2025-12-20T17:55:01 Warning rtsold <rtsock_input_ifannounce> interface pppoe0 removed
2025-12-20T17:54:59 Warning opnsense /usr/local/etc/rc.newwanipv6: Interface 'wan' (pppoe0) is disabled or empty, nothing to do.
2025-12-20T17:54:59 Notice ppp [wan_link0] PPPoE: connection closed
2025-12-20T17:54:59 Notice ppp [wan] IFACE: Rename interface pppoe0 to pppoe0
2025-12-20T17:54:58 Warning opnsense /usr/local/etc/rc.newwanip: Interface 'wan' (pppoe0) is disabled or empty, nothing to do.
2025-12-20T17:54:58 Notice ppp ppp-linkdown: executing on pppoe0 for inet6
2025-12-20T17:54:58 Notice ppp [wan] IFACE: Removing IPv4 address from pppoe0 failed: Can't assign requested address
2025-12-20T17:54:58 Notice ppp ppp-linkdown: executing on pppoe0 for inet
#82
German - Deutsch / Re: IPv6 am PON-Anschluss von ...
Last post by mbr89 - December 20, 2025, 05:50:38 PMQuote from: Maurice on December 20, 2025, 05:20:19 PM"Sonst aber nichts" heißt was?
Das bezieht sich auf das NOKIA G-010G-R ONT, man kommt also weder per SSH oder Telnet auf die Büchse.
#83
German - Deutsch / Re: IPv6 am PON-Anschluss von ...
Last post by Maurice - December 20, 2025, 05:20:19 PMQuote from: mbr89 on December 19, 2025, 10:02:49 AMDas ONT ist ein NOKIA G-010G-R - Ping auf der 192.168.100.1 geht, sonst aber nichts."Sonst aber nichts" heißt was? PPPoE-Session kann nicht aufgebaut werden? Es wird keine IPv4-Adresse zugewiesen? Es wird keine IPv6-Adresse zugewiesen? DHCPv6 Prefix Delegation funktioniert nicht? ...
Ein /56 per DHCPv6 Prefix Delegation zu bekommen ist hierzulande eigentlich Standard, dazu solltest Du nicht extra etwas beantragen müssen. Zusätzlich ein /64 per Router Advertisement ist bei PPPoE auch gängig.
Ein delegiertes Präfix siehst Du in Interfaces / Overview / Details von WAN / Dynamic IPv6 prefix received.
Ggfs. auch mal das Log-Level des DHCPv6-Clients hochdrehen (Interfaces / Settings) und ins Log schauen.
Und mit deinem ISP klären, welche Spezifikationen der Anschluss eigentlich hat.
Grüße
Maurice
#84
German - Deutsch / Re: Dual WAN Setup mit IPv6 Pr...
Last post by Maurice - December 20, 2025, 04:53:22 PMQuote from: martine on December 20, 2025, 09:42:50 AMdas verhalten habe ich gefixt.Ja, nun werden die Screenshots angezeigt.
An meiner Empfehlung - getrennte (V)LANs einrichten - ändert sich jedoch nichts. Mit nur einem LAN hast Du eine ganze Reihe von Problemen:
- Du müsstest tendenziell SLAAC deaktivieren, denn...
- ... mit SLAAC ist es nicht möglich, einzelnen Hosts gezielt ein bestimmtes Präfix zuzuweisen. Du müsstest daher IPv6 Outbound NAT für eines der WANs verwenden.
- ... Privacy Extensions verhindern die einfache Identifizierung einzelner Hosts in Firewall-Regeln. Du müsstest MAC-Address-Aliase verwenden, was wiederum andere Nachteile mit sich bringt.
- Ohne SLAAC bist Du darauf angewiesen, dass alle Hosts DHCPv6 unterstützen, was in der Praxis nicht der Fall ist. Manche Hosts hätten daher absehbar gar keine IPv6-Konnektivität.
- Sind die Präfixe dynamisch wird es zudem schwierig bis unmöglich, in OPNsense einen DHCPv6-Server entsprechend zu konfigurieren.
Mit getrennten (V)LANs ist es dagegen einfach: LAN1 trackt WAN1, LAN2 trackt WAN2. Bei der Adresszuweisung gibt es keine Besonderheiten zu beachten. Du benötigst lediglich auf einem der LANs Firewall-Regeln für das Policy Routing.
Mit einem geeigneten Switch und AP kannst Du die Zuordnung von Geräten zu VLANs auch dynamisch anhand der MAC-Adresse lösen, benötigst also nicht unbedingt dedizierte Switch-Ports oder SSIDs.
#85
General Discussion / Re: Seemingly straightforward ...
Last post by Seimus - December 20, 2025, 03:17:26 PMI use NPM for a lot of services.
Basically anything for HTTPs, including Jellyfin etc.
The way how I have the deployment done is a bit over the top, lets say.. As NPM is in its own VLAN/network.
So lets see an example where a Host, PC wants to connect to Jellyfin;
PC > NPM > Jellyfin
All those 3 devices are in their own VLANs. So All 3 devices need to have rules;
PC - IN Rule to reach NPM over HTTPs + IN Rule to reach DNS
NPM - IN Rule to reach Jellyfin + IN Rule to reach DNS
Jellyfin - No Rules needed to reach PC or NPM, because this is a server e.g destination
On NPM additionally I have ACL deployed to allow only specific devices per service.
This works totally fine.
Regards,
S.
Basically anything for HTTPs, including Jellyfin etc.
The way how I have the deployment done is a bit over the top, lets say.. As NPM is in its own VLAN/network.
So lets see an example where a Host, PC wants to connect to Jellyfin;
PC > NPM > Jellyfin
All those 3 devices are in their own VLANs. So All 3 devices need to have rules;
PC - IN Rule to reach NPM over HTTPs + IN Rule to reach DNS
NPM - IN Rule to reach Jellyfin + IN Rule to reach DNS
Jellyfin - No Rules needed to reach PC or NPM, because this is a server e.g destination
On NPM additionally I have ACL deployed to allow only specific devices per service.
This works totally fine.
Regards,
S.
#86
German - Deutsch / Re: Router Advertisement am P...
Last post by mbr89 - December 20, 2025, 02:47:18 PMhttps://apps.db.ripe.net/db-web-ui/query?searchtext=2a00:e180:14:b487::/64&rflag=true&source=RIPE&bflag=false
... da steht ja auch schon vitroconnect broadband ND ... Neighbor Discovery
Kann man sich da jetzt nicht einfach ein 56-Präfix rauslassen ?
... da steht ja auch schon vitroconnect broadband ND ... Neighbor Discovery
Kann man sich da jetzt nicht einfach ein 56-Präfix rauslassen ?
#87
25.7, 25.10 Series / Re: [solved] 25.7.10 update f...
Last post by keeka - December 20, 2025, 01:55:45 PMThanks @Maurice.
Out of curiosity, I rolled back my virtualized install to 25.7.9_7 and, this time, did a health audit before updating.
Some package versions (python libraries IIRC) were incorrect according to the audit. I think I applied the prior update (to 25.7.9) via the serial console and may have missed warnings.
As suggested, I've re-run the update and all looks to be current.
Thanks.
Out of curiosity, I rolled back my virtualized install to 25.7.9_7 and, this time, did a health audit before updating.
Some package versions (python libraries IIRC) were incorrect according to the audit. I think I applied the prior update (to 25.7.9) via the serial console and may have missed warnings.
As suggested, I've re-run the update and all looks to be current.
Thanks.
#88
25.7, 25.10 Series / rdr and nat rules
Last post by dunxd - December 20, 2025, 01:40:12 PMSince updating to 25.7.10 two days ago I am seeing rdr and nat rules showing up in the Firewall pie chart on the dashboard that i dont recall from before. They all have my pppoe address as the destination.
Is this something I might expect to see due to something changed in the update?
Is this something I might expect to see due to something changed in the update?
#89
25.7, 25.10 Series / Re: [solved] 25.7.10 update f...
Last post by Maurice - December 20, 2025, 01:17:21 PMUpdating is a multi step process.
First, all updated packages get downloaded.
Then the packages get installed.
Then the base and kernel sets get downloaded (if an update is available, which isn't always the case).
Then base and kernel get installed and the system reboots.
So by the time base and kernel get downloaded, the package updates are already completed. This is how you can end up in a situation where all packages get updated but base and kernel don't (if downloading them fails). That's harmless though, just try again.
First, all updated packages get downloaded.
Then the packages get installed.
Then the base and kernel sets get downloaded (if an update is available, which isn't always the case).
Then base and kernel get installed and the system reboots.
So by the time base and kernel get downloaded, the package updates are already completed. This is how you can end up in a situation where all packages get updated but base and kernel don't (if downloading them fails). That's harmless though, just try again.
#90
Hardware and Performance / Re: DEC750 Questions
Last post by ProximusAl - December 20, 2025, 12:32:49 PMQuote from: DEC670airp414user on December 20, 2025, 12:08:59 AMTo the original poster.
The appliance came with a 180 dollar business licenses that last a year.
Why did you decide to wipe and go to the community version?
I don't need business edition, and these 750s are replacing devices already running CE.
I considered using BE, but then I have just increased my annual running costs x 4.
I've had zero issues running CE for the last 5 or so years, so why change.
Plus...CE gets cool things sooner than BE.
