Recent posts

#81

Tutorials and FAQs / Re: OPNsense aarch64 firmware ...

Last post by franco - November 26, 2025, 09:27:16 PM

Hrm, maybe we should remove the "pin" feature and default to your server... would you mind syncing bogons.txz and changelog.txz plus sigs to your server?


Cheers,
Franco

#82

Tutorials and FAQs / Re: OPNsense aarch64 firmware ...

Last post by franco - November 26, 2025, 09:23:01 PM

If it's pinning the architecture we can also pin the hostname then. BRB!

#83

25.7, 25.10 Series / Re: New skin "flexcolor"

Last post by franco - November 26, 2025, 09:17:03 PM

Nice work, thank you :)

#84

German - Deutsch / Re: Verständnisfrage zu Portfo...

Last post by Patrick M. Hausen - November 26, 2025, 09:14:01 PM

Dass das bei einem Hoster ist, hattest du nicht geschrieben. 🙄 Natürlich kann das am Uplink liegen, dass die zweite IP-Adresse noch nicht richtig geroutet wird.

#85

German - Deutsch / Re: Verständnisfrage zu Portfo...

Last post by awado - November 26, 2025, 09:12:18 PM

Es mag nicht klappen. Die virtuelle IP ist richtig gesetzt. Ich habe den Eindruck, dass der Traffic der zweiten WAN IP gar nicht ankommt. Allerdings gibt es beim Provider (Hetzner, dedicated) nichts, was dafür spricht. Die Firewall vom Hetzner lässt alles rein/raus unter beiden WAN IPs. In OPNsense habe ich nun Ping auf WAN erlaubt. Die erste WAN IP reagiert, die Neue nicht.

#86

25.7, 25.10 Series / Re: KEA IPv6 Leases

Last post by Patrick M. Hausen - November 26, 2025, 09:04:05 PM

Thanks. The IPv4 Web-GUI shows them "correct".

I meant probably all these leases ARE in the LAN interface. Can you tell for sure they belong anywhere else?

#87

General Discussion / Re: Amazon Warehouse Services ...

Last post by Monviech (Cedrik) - November 26, 2025, 08:53:48 PM

I run a Fritzbox before my OPNsense too, but I do not NAT on the OPNsense.

I do static routing of the internal networks to the OPNsense and let only the Fritzbox do the NAT.

I dont seem to have issues accessing any websites.

#88

Tutorials and FAQs / Re: OPNsense aarch64 firmware ...

Last post by Maurice - November 26, 2025, 08:34:30 PM

@Franco Changing the CORE_PACKAGESITE worked, but it has a side effect - changelogs and bogons can't be downloaded anymore.

We had a similar issue before (there is no aarch64 path on pkg.opnsense.org); you then hardcoded amd64 for downloading these:
https://github.com/opnsense/core/commit/f35db24e

But later, you replaced the hardcoded pkg.opnsense.org with opnsense-update -X:
https://github.com/opnsense/core/commit/b8b3da07

Result after changing CORE_PACKAGESITE:
Fetching changelog information, please wait... fetch: https://opnsense-update.walker.earth/FreeBSD:14:amd64/25.7/sets/changelog.txz: Not Found

Ideas?

#89

25.7, 25.10 Series / 25.7.8 Unbound blocklist sourc...

Last post by gpfountz - November 26, 2025, 08:28:30 PM

After upgrading to 25.7.8, I configured unbound's blocklist's source nets to include my LAN and IoT networks, excluding my GUEST network.  The problem is as soon as someone on the guest network does a lookup of a blocked domain, that domain's IP lookup is cached. After this, that blocked domain's IPs are served to my LAN.

Is there a solution for this?  I know I can use a different DNS server for my GUEST network. That is what I was doing before the source nets feature was added to 25.7.8.

Thanks in advance!

#90

25.7, 25.10 Series / Re: KEA IPv6 Leases

Last post by rjopn - November 26, 2025, 08:27:22 PM

Many IoT devices only support SLAAC, if they support IPv6 at all.

Other than that, you have to select the correct RA mode to instruct devices to use DHCPv6 for all interfaces where you want it.

To me, it does not make much sense to use DHCPv6, even if you want to identify devices, because with IPv6 privacy extensions and randomized MACs these days, you cannot effectively do that anyway. Therefore, I prefer to use SLAAC only: https://forum.opnsense.org/index.php?topic=45822.0

Thanks. I will have a look at it...