"Recent posts
#81
26.1 Series / Re: minor annoyance in Interfa...
Last post by franco - February 05, 2026, 02:58:08 PMShould be worth raising a ticket over. Not sure if we can find a good solution that fits all, but I remember the live log had similar issues before so that's why it has search filters there.
Cheers,
Franco
Cheers,
Franco
#82
26.1 Series / Re: Prefix delegations when PD...
Last post by staticznld - February 05, 2026, 02:51:07 PMEverything seems clear to me now! Thanks for the awesome support!
#83
26.1 Series / minor annoyance in Interfaces:...
Last post by dinguz - February 05, 2026, 02:44:55 PMIt looks like the search bar in Interfaces → Neighbors → Automatic Discovery does a partial match. Searching for 192.168.1.1 also shows 192.168.1.1xx. Is there any way to force an exact match search?
#84
26.1 Series / Re: Prefix delegations when PD...
Last post by Maurice - February 05, 2026, 02:41:35 PMQuote from: staticznld on February 05, 2026, 12:34:36 PMI thought that when "Manual configuration" is turned off, only radvd distributes IPv6 addresses.
Disabling "Manual configuration" enables the ISC DHCPv6 server in automatic mode.
If you don't want to use ISC DHCPv6, uninstall it (it's a plugin now) and use "Identity Association".
Cheers
Maurice
#85
26.1 Series / Issues with OPNsense on VM in ...
Last post by kubatron - February 05, 2026, 02:40:21 PMHello,
I have a Fujitsu S920 device with a built-in 1x1GB Ethernet card and an additional PCI Express card with 2x1Gb ports. I installed Proxmox on the Fujitsu S920 to manage all services, and I have set up OPNsense as the main firewall that should handle all traffic from the internet to the LAN.
I configured bridges in Proxmox associated with all ports without assigning them IP addresses. The configuration for OPNsense is as follows:
---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
IP: 10.0.xxx.90/24
Gateway: 10.0.xxx.1
192.168.1.1/24
---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
Diagram 1: Proxmox + OPNsense (without LAGG)
Diagram 2: Proxmox Bridges - OPNsense (in Proxmox)
FIREWALL is not disabled
My problem is that I cannot configure Proxmox and OPNsense correctly to work like my current simple setup:
ISP Modem -> TP Link ER605v2 (OpenWRT) -> TP Link SG108PE Switch -> IoT, PC, WiFi
In this setup, everything works without any issues.
In OPNsense, I diagnosed the problem through ping and was able to access WAN at some point, but only through ping. I checked NAT, firewall rules, and gateways, but I do not know where the problem lies.
I have read many threads on the OPNsense forum, Proxmox forum, and other services, as well as watched instructional videos on configuring, but unfortunately, nothing seems to work.
When connecting without OPNsense and only the MGMT cable with the assigned address of 192.168.1.2/24 in Proxmox, an IP address is assigned by the TP Link SG108PE and the TP Link ER605v2 (OpenWRT). However, when I disconnect the TP Link ER605v2 and replace it with the Fujitsu S920, the configuration does not work. It seems like the TP Link SG108PE switch treats the Fujitsu S920 as a PC and tries to assign it an IP address, while Proxmox with OPNsense does not function as a router or DHCP server.
I apologize in advance if I have frustrated anyone or if this issue has been covered elsewhere, but I genuinely appreciate any help you can provide.
Screenshots from Proxmox
Additionally, I would like the port labeled VLAN to function as a VLAN in the future, but I won't address that yet, even though I considered enabling VLAN on the TP Link SG108PE switch.
I have a Fujitsu S920 device with a built-in 1x1GB Ethernet card and an additional PCI Express card with 2x1Gb ports. I installed Proxmox on the Fujitsu S920 to manage all services, and I have set up OPNsense as the main firewall that should handle all traffic from the internet to the LAN.
I configured bridges in Proxmox associated with all ports without assigning them IP addresses. The configuration for OPNsense is as follows:
- enp0s0 -> vmbr0 as WAN -> vtnet0 (OPNsense)
- enp1s0f1 -> vmbr1 as VLAN (LAN) -> vtnet1 (OPNsense)
- enp0s0f1 -> vmbr2 as MGMT -> vtnet2 (OPNsense)
---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
- WAN (vtnet0) in OPNsense received an address from my ISP:
IP: 10.0.xxx.90/24
Gateway: 10.0.xxx.1
- LAN (vtnet1) in OPNsense received DHCP and has the address:
192.168.1.1/24
- MGMT (vtnet2) in OPNsense is currently not receiving any address.
---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
Diagram 1: Proxmox + OPNsense (without LAGG)
Diagram 2: Proxmox Bridges - OPNsense (in Proxmox)
FIREWALL is not disabled
My problem is that I cannot configure Proxmox and OPNsense correctly to work like my current simple setup:
ISP Modem -> TP Link ER605v2 (OpenWRT) -> TP Link SG108PE Switch -> IoT, PC, WiFi
In this setup, everything works without any issues.
In OPNsense, I diagnosed the problem through ping and was able to access WAN at some point, but only through ping. I checked NAT, firewall rules, and gateways, but I do not know where the problem lies.
I have read many threads on the OPNsense forum, Proxmox forum, and other services, as well as watched instructional videos on configuring, but unfortunately, nothing seems to work.
When connecting without OPNsense and only the MGMT cable with the assigned address of 192.168.1.2/24 in Proxmox, an IP address is assigned by the TP Link SG108PE and the TP Link ER605v2 (OpenWRT). However, when I disconnect the TP Link ER605v2 and replace it with the Fujitsu S920, the configuration does not work. It seems like the TP Link SG108PE switch treats the Fujitsu S920 as a PC and tries to assign it an IP address, while Proxmox with OPNsense does not function as a router or DHCP server.
I apologize in advance if I have frustrated anyone or if this issue has been covered elsewhere, but I genuinely appreciate any help you can provide.
Screenshots from Proxmox
Additionally, I would like the port labeled VLAN to function as a VLAN in the future, but I won't address that yet, even though I considered enabling VLAN on the TP Link SG108PE switch.
#86
25.7, 25.10 Series / Re: [SOLVED] Continual issues ...
Last post by franco - February 05, 2026, 02:39:42 PMWe'll likely pivot to curl use as well in the not so distant future.
Cheers,
Franco
Cheers,
Franco
#87
German - Deutsch / Re: Virtl. IP in Master Instan...
Last post by Patrick M. Hausen - February 05, 2026, 02:38:27 PMBist du nach der Dokumentation vorgegangen?
- pfsync (Firewall states) am besten per Multicast auf einem dedizierten Interface (Patchkabel)
- Firewall-Regel auf diesem Interface "allow any any"
- XML-Sync nur von Active auf Backup - auf dem Backup darf die andere Firewall nicht konfiguriert werden!
HTH,
Patrick
- pfsync (Firewall states) am besten per Multicast auf einem dedizierten Interface (Patchkabel)
- Firewall-Regel auf diesem Interface "allow any any"
- XML-Sync nur von Active auf Backup - auf dem Backup darf die andere Firewall nicht konfiguriert werden!
HTH,
Patrick
#88
26.1 Series / Re: Prefix delegations when PD...
Last post by franco - February 05, 2026, 02:33:59 PMIt's a hard-off for the automatic ISC-DHCPv6 and Radvd, yes.
Cheers,
Franco
Cheers,
Franco
#89
26.1 Series / Re: Firewall rules are sticky
Last post by franco - February 05, 2026, 02:32:36 PMStateful firewalls are one of the best inventions in firewalls so why doubt it?
I always find these "my test reveals that my assumptions are wrong but can you please change the behaviour to match my assumptions" are not as effective as bug reports as one might hope.
Cheers,
Franco
I always find these "my test reveals that my assumptions are wrong but can you please change the behaviour to match my assumptions" are not as effective as bug reports as one might hope.
Cheers,
Franco
#90
German - Deutsch / Virtl. IP in Master Instanz WA...
Last post by chrisfnf - February 05, 2026, 02:30:56 PMHallo in die Runde,
OPNsense Newbie hier. Beim Synchcronisieren der OPNsense Master Instanz auf die Backup Instanz ist mir ein mir nicht bewusster Fehler unterlaufen: nun steht in der Master Instanz wie virt. IP des WAN auf 'Backup' und die virt. IP des LAN auf 'Master', wodurch ich Probleme beim Synchronisieren habe.
Ich verwende OPNsense 26.1 mit folgendem Setup: VDSL > Switch > 2er OPNsense Cluster > LAN Switch; die zwei OPNsense Hardwaremodule haben vier 802.3 Interfaces, Synchronisation über das PFSYNC Interface.
Mir ist auch die richtige HA Konfiguration der Backup Instanz nicht ganz klar.
- am PFSYNC Interface beider OPNsense Instanz habe ich eine Firewall "In Regel" definiert damit die Instanzen miteinander kommunizieren
- User mit PW nur in HA Einstellungen des Masters
Synchronisiere ich, erscheinen beim Status der Master Instanz die Dienste, bei der Backup Instanz kommt die Fehlermeldung "Auf die Absicherungs-Firewall kann nicht zugegriffen werden (Benutzerberechtigungen prüfen)".
Der Missmatch der virt. IPs liegt wahrscheinlich daran dass ich die Backup Instanz kurz in den Wartungsmodus geschaltet habe.
Wie kann ich die virt. IP des WAN auf 'Master' zurück setzen? Was könnte eine eine mögliche Ursache der Berechtigungs Fehlermeldung sein? Eine Kommunikation zwischen den Instanzen findet ja statt, sonst würde die Amster Instanz ja statt der Dienste im HA Status einen Fehleranzeigen anzeigen?
Besten Dank für eure Hilfe vorab!
OPNsense Newbie hier. Beim Synchcronisieren der OPNsense Master Instanz auf die Backup Instanz ist mir ein mir nicht bewusster Fehler unterlaufen: nun steht in der Master Instanz wie virt. IP des WAN auf 'Backup' und die virt. IP des LAN auf 'Master', wodurch ich Probleme beim Synchronisieren habe.
Ich verwende OPNsense 26.1 mit folgendem Setup: VDSL > Switch > 2er OPNsense Cluster > LAN Switch; die zwei OPNsense Hardwaremodule haben vier 802.3 Interfaces, Synchronisation über das PFSYNC Interface.
Mir ist auch die richtige HA Konfiguration der Backup Instanz nicht ganz klar.
- am PFSYNC Interface beider OPNsense Instanz habe ich eine Firewall "In Regel" definiert damit die Instanzen miteinander kommunizieren
- User mit PW nur in HA Einstellungen des Masters
Synchronisiere ich, erscheinen beim Status der Master Instanz die Dienste, bei der Backup Instanz kommt die Fehlermeldung "Auf die Absicherungs-Firewall kann nicht zugegriffen werden (Benutzerberechtigungen prüfen)".
Der Missmatch der virt. IPs liegt wahrscheinlich daran dass ich die Backup Instanz kurz in den Wartungsmodus geschaltet habe.
Wie kann ich die virt. IP des WAN auf 'Master' zurück setzen? Was könnte eine eine mögliche Ursache der Berechtigungs Fehlermeldung sein? Eine Kommunikation zwischen den Instanzen findet ja statt, sonst würde die Amster Instanz ja statt der Dienste im HA Status einen Fehleranzeigen anzeigen?
Besten Dank für eure Hilfe vorab!
