"Recent posts
#81
26.1 Series / Re: 26.1 is out!!!
Last post by franco - Today at 11:26:14 AMNo worries. The upgrade path is live now. :)
Cheers,
Franco
Cheers,
Franco
#82
German - Deutsch / Re: Kann DMZ aus LAN nicht err...
Last post by SMG - Today at 11:24:16 AMDa scheint wohl der Fehler zu liegen. Den Host hatte ich als Fehlerquelle ausgeschlossen da der Ping aus dem Wireguard Netz funktioniert hat.....
-wieder mal was gelernt
Der Host (alpine linux frisch aufgesetzt) hat zwei NICs
1x lan 192.168.0.13
1x dmz 192.168.10.4
Da wird wohl die Antwort über den "LAN NIC" geroutet und die OPNsense bekommt eine Antwort von der falschen IP, oder es wird gar keine Antwort gesendet (im Paket-Trace wird ja gar kein Reply angezeigt). Kennst du einen Befehl der hier etwas mehr Licht ins Dunkel bringen könnte?
Ping aus dem LAN
Ping aus dem Wireguard Netz
-wieder mal was gelernt
Der Host (alpine linux frisch aufgesetzt) hat zwei NICs
1x lan 192.168.0.13
1x dmz 192.168.10.4
Da wird wohl die Antwort über den "LAN NIC" geroutet und die OPNsense bekommt eine Antwort von der falschen IP, oder es wird gar keine Antwort gesendet (im Paket-Trace wird ja gar kein Reply angezeigt). Kennst du einen Befehl der hier etwas mehr Licht ins Dunkel bringen könnte?
Ping aus dem LAN
Code Select
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
08:00:30.852217 eth0 In IP 192.168.0.48 > 192.168.10.4: ICMP echo request, id 1, seq 170, length 64
08:00:31.876194 eth0 In IP 192.168.0.48 > 192.168.10.4: ICMP echo request, id 1, seq 171, length 64
Ping aus dem Wireguard Netz
Code Select
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
08:01:52.427354 eth0 In IP 10.10.10.4 > 192.168.10.4: ICMP echo request, id 19, seq 4, length 64
08:01:52.427479 eth0 Out IP 192.168.10.4 > 10.10.10.4: ICMP echo reply, id 19, seq 4, length 64
08:01:52.772358 eth0 In IP 192.168.0.48 > 192.168.10.4: ICMP echo request, id 1, seq 250, length 64
08:01:53.457374 eth0 In IP 10.10.10.4 > 192.168.10.4: ICMP echo request, id 19, seq 5, length 64
#83
26.1 Series / Re: 26.1 is out!!!
Last post by zerwes - Today at 11:16:39 AMOh - sorry and thanks for the hint (those who can read have a clear advantage aka. wlkikiV)
#84
Hardware and Performance / Re: console on OPNsense hardwa...
Last post by Seimus - Today at 11:16:28 AMSSH access and web GUI (HTTP/s) access are two different things.
If you want to disable the default "root" account on GUI you need to disabled it in the GUI settings.
But before that create a new admin account.
Regards,
S.
If you want to disable the default "root" account on GUI you need to disabled it in the GUI settings.
But before that create a new admin account.
Regards,
S.
#85
25.1, 25.4 Series / Re: default hw.vtnet.csum_disa...
Last post by jauling - Today at 10:59:33 AMBecause I'm a n00b and wanted to confirm. Thanks, and apologies.
#86
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by franco - Today at 10:46:04 AMYay, thanks! <3
#87
25.7, 25.10 Series / Re: 25.7.11_1 host discovery i...
Last post by franco - Today at 10:45:06 AMThis was fixed in today's 25.7.11_9 hotfix.
Cheers,
Franco
Cheers,
Franco
#88
26.1 Series / Re: Clarification on os-isc-dh...
Last post by franco - Today at 10:43:11 AM> Yes, exactly.
It's important to know that all configuration exists within config.xml and a component moving to plugins simply keeps reading the same information.
> As I understand it, you don't need to change anything manually. The "Track Interface" option is still there (marked as "legacy" thoguh), and works as expected.
There may be use cases where you want "Identity association" with ISC-DHCP. This is analogous to using the " Allow manual adjustment of DHCPv6 and Router Advertisements" option in "Track interface". At some point both IPv6 modes may start to drift feature-wise, but at the moment that's not the case either.
Specifically the problem with "Track interface" was just that it was closely tied to ISC-DHCPv6/Radvd auto-configuration which is different now that we have Dnsmasq DHCPv6+RA and Kea DHCPv6+Radvd as viable options we don't want to also manage automatically anymore. Even Dnsmasq DHCPv6+Radvd can be a viable option.
Cheers,
Franco
It's important to know that all configuration exists within config.xml and a component moving to plugins simply keeps reading the same information.
> As I understand it, you don't need to change anything manually. The "Track Interface" option is still there (marked as "legacy" thoguh), and works as expected.
There may be use cases where you want "Identity association" with ISC-DHCP. This is analogous to using the " Allow manual adjustment of DHCPv6 and Router Advertisements" option in "Track interface". At some point both IPv6 modes may start to drift feature-wise, but at the moment that's not the case either.
Specifically the problem with "Track interface" was just that it was closely tied to ISC-DHCPv6/Radvd auto-configuration which is different now that we have Dnsmasq DHCPv6+RA and Kea DHCPv6+Radvd as viable options we don't want to also manage automatically anymore. Even Dnsmasq DHCPv6+Radvd can be a viable option.
Cheers,
Franco
#89
Announcements / Re: OPNsense 25.7.11 released
Last post by franco - Today at 10:34:52 AMA hotfix release was issued as 25.7.11_9:
o interfaces: host discovery: make sure the full dump includes NDP output on fallback
o firewall: improve GeoIP alias expiry condition
o firewall: escape selector in rule_protocol
o dnsmasq: fix log conditions
o firmware: add upgrade hint and fingerprint for 26.1 plus isc-dhcp plugin migration
o isc-dhcp: check if device we try to configure exists in the system
o openvpn: account for CARP status in start and restart cases as well
o ports: hostwatch 1.0.6 with community tested improvements
o interfaces: host discovery: make sure the full dump includes NDP output on fallback
o firewall: improve GeoIP alias expiry condition
o firewall: escape selector in rule_protocol
o dnsmasq: fix log conditions
o firmware: add upgrade hint and fingerprint for 26.1 plus isc-dhcp plugin migration
o isc-dhcp: check if device we try to configure exists in the system
o openvpn: account for CARP status in start and restart cases as well
o ports: hostwatch 1.0.6 with community tested improvements
#90
General Discussion / Re: (Newbie) Internet speeds h...
Last post by bevisjame - Today at 10:16:19 AMQuote from: railswrack on October 27, 2024, 09:21:38 AMI just recently changed to a new modem (Arris S33) and a protectli vault with OPNsense. Also using a switch and wireless access point.It sounds like UPnP might be the issue since your old router had it enabled. Check your OPNsense settings to ensure UPnP is activated and that your gaming devices can use it. Also, consider adjusting your NAT settings, as different modes can impact P2P connections. Good luck!
I did this to fix fluctuating and constant speed drops that my old modem/router was giving me. (Netgear C7000v2). This has completely fixed my internet speeds by not only making them more stable but also faster.
However despite my improved speeds, my connection in online gaming is worse than before. This is the 2nd OPNsense router I have tried (thought the first one had faulty hardware or something) but the same thing is happening on my new one.
The game I'm playing uses p2p stickman hook (peer to peer) connections between players. Not a dedicated server, so connections are based on the "host" player with the other players feeding off the host's connection.
I'm not sure how to go about fixing it, but from my research I think it might have something to do with UPnP or NAT.
My old router had UPnP enabled and did not have this issue.
I'm not sure how to go about fixing this or what settings to change. If someone could please help me I'd appreciate it! All my OPNsense settings are currently default except I changed my LAN ip from 192.168.1.1 to a static ip.
By the way I game on PC and it is hard wired to my switch (not WiFi). Thank you!
