"Recent posts
#91
Tutorials and FAQs / Re: ndp-proxy-go: Proxy ISP pr...
Last post by Patrick M. Hausen - November 29, 2025, 09:07:32 PMCorrect - to pull that link to the FreeBSD source from that other thread so you don't need to go on a scavenger hunt:
https://cgit.freebsd.org/src/tree/sys/netinet6/ip6_input.c?h=releng/14.3#n765
FreeBSD *should* categorically refuse to send a packet with source ::1 to anything but the loopback interface itself if I read that code correctly.
https://cgit.freebsd.org/src/tree/sys/netinet6/ip6_input.c?h=releng/14.3#n765
FreeBSD *should* categorically refuse to send a packet with source ::1 to anything but the loopback interface itself if I read that code correctly.
#92
Tutorials and FAQs / Re: ndp-proxy-go: Proxy ISP pr...
Last post by meyergru - November 29, 2025, 09:01:53 PMReally? I just tried and it did not work for me like that.
I used ::1 as redirect target and used: "nslookup -query=A www.google.de 2001:4860:4860::8888" and got a communications error from a Linux client. The same thing works when I use a routeable IPv6 alias for OpnSense as a redirect target. Note that by using Google's DNS IPv6 explicitely, I force the IPv6 forwarding rule to be applied.
I recently had a dicussion with Patrick over this where he was surprised as well that it did not work.
His posting is here and OpnSense seems to adhere to RFC4291: https://forum.opnsense.org/index.php?msg=246585
Maybe you got an answer over a redundant DNS over IPv4?
I used ::1 as redirect target and used: "nslookup -query=A www.google.de 2001:4860:4860::8888" and got a communications error from a Linux client. The same thing works when I use a routeable IPv6 alias for OpnSense as a redirect target. Note that by using Google's DNS IPv6 explicitely, I force the IPv6 forwarding rule to be applied.
I recently had a dicussion with Patrick over this where he was surprised as well that it did not work.
His posting is here and OpnSense seems to adhere to RFC4291: https://forum.opnsense.org/index.php?msg=246585
Maybe you got an answer over a redundant DNS over IPv4?
#93
Virtual private networks / Wireguard Local Traffic only
Last post by hagensieker - November 29, 2025, 08:35:10 PMI had set up WireGuard successfully a year or three ago on Opnsense. Then one day it just stopped working. I have filled the hole with Tailscale but I need to get rolling with WG again.
I did manage while I was away this weekend to set up a new WG instance and peer. Connecting works and had a handshake issue. I have a pass rule set up for the WG instance under Firewall > Rules.
All I am getting is local traffic only. And that's fine. When I travel I want access to my Home Assistant, TrueNAS, QNAP, etc. It works perfect. I am not able to pass internet traffic though.
Only problem there is on another device (GL.Inet) travel router. I need the magic firewall rule or setting to accomplish. Somebody please let me know what I'm missing. Peer on Wireguard client:
Again this passes local traffic. I deleted DNS and have played with a few entries.
Pretty sure I need to tweak a firewall rule but not sure
I did manage while I was away this weekend to set up a new WG instance and peer. Connecting works and had a handshake issue. I have a pass rule set up for the WG instance under Firewall > Rules.
All I am getting is local traffic only. And that's fine. When I travel I want access to my Home Assistant, TrueNAS, QNAP, etc. It works perfect. I am not able to pass internet traffic though.
Only problem there is on another device (GL.Inet) travel router. I need the magic firewall rule or setting to accomplish. Somebody please let me know what I'm missing. Peer on Wireguard client:
Code Select
[Interface]
PrivateKey = redacted=
ListenPort = 51820
Address = 10.10.10.2/24
[Peer]
PublicKey = redacted=
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = 195.252.xxx.xxx:51820
PersistentKeepalive = 25
Again this passes local traffic. I deleted DNS and have played with a few entries.
Pretty sure I need to tweak a firewall rule but not sure
#94
German - Deutsch / Re: Verständnisfrage zu Portfo...
Last post by awado - November 29, 2025, 08:26:02 PMInzwischen bin ich zu einer ähnlichen Erkenntnis gekommen. Es ist viel zu aufwändig für ein temporäres Szenario. Ich werde mir die Mühe machen und die vorhandene Wordpress-VM so weit kastrieren, dass sie von meinem Reverse Proxy angesteuert werden kann. Aber dennoch danke für Euren Input. Hab viel dazugelernt. Sollte mir noch ein Lichtlein aufgehen, werde ich es natürlich hier posten.
#95
Tutorials and FAQs / Re: ndp-proxy-go: Proxy ISP pr...
Last post by Monviech (Cedrik) - November 29, 2025, 08:13:23 PMAlso I just tried the port forward and it works for me without any tricks:
it might not be RFC conform but "hey it works I guess xD"
EDIT: DOESNT WORK!
it might not be RFC conform but "hey it works I guess xD"
EDIT: DOESNT WORK!
#96
Tutorials and FAQs / Re: ndp-proxy-go: Proxy ISP pr...
Last post by Monviech (Cedrik) - November 29, 2025, 07:59:26 PMTWIMC: https://github.com/Monviech/ndp-proxy-go/issues/3
I got the proxy working now for PPPoE interfaces as well.
I got the proxy working now for PPPoE interfaces as well.
#97
25.7, 25.10 Series / Re: Help Needed: Branding & UI...
Last post by Maurice - November 29, 2025, 07:18:45 PMSeems
They'll need it. And don't forget plugins, documentation, release notes, ports like opnsense-update (and their man pages), ...
🤣
Quote from: Patrick M. Hausen on November 29, 2025, 12:13:03 PMGood luck.
They'll need it. And don't forget plugins, documentation, release notes, ports like opnsense-update (and their man pages), ...
🤣
#98
General Discussion / Re: new setup cannot reach lin...
Last post by muusemuuse - November 29, 2025, 07:15:35 PMThe board sucking is mostly about obnoxious IOMMU grouping and not getting past POST if a flash drive is connected to the front USB ports. It does have AMDv enabled and the CPU type is host.
#99
Tutorials and FAQs / Re: ndp-proxy-go: Proxy ISP pr...
Last post by Maurice - November 29, 2025, 07:00:01 PMMy general recommendation for setups which are a little more advanced is to bind services like DNS to loopback interfaces:
- Interfaces: Devices: Loopback, create a loopback interface, name it e.g. "Unbound".
- Assign the interface and configure it with static IP addresses (/128 ULA and /32 RFC1918 is fine).
- Services: Unbound DNS: General, set "Network Interfaces" to this loopback interface (only).
- In the DHCP / RA configuration, set the DNS server addresses to the loopback interface's addresses.
- Optional: If you want to force all DNS traffic to Unbound, forward port 53 to the loopback interface's addresses.
Cheers
Maurice
- Interfaces: Devices: Loopback, create a loopback interface, name it e.g. "Unbound".
- Assign the interface and configure it with static IP addresses (/128 ULA and /32 RFC1918 is fine).
- Services: Unbound DNS: General, set "Network Interfaces" to this loopback interface (only).
- In the DHCP / RA configuration, set the DNS server addresses to the loopback interface's addresses.
- Optional: If you want to force all DNS traffic to Unbound, forward port 53 to the loopback interface's addresses.
Cheers
Maurice
#100
25.7, 25.10 Series / Re: (Solved?) Freeradius - can...
Last post by TechnologyGeek - November 29, 2025, 06:41:09 PMI had the same issue after upgrading to 25.7.8, and for some reason unbound DNS wasn't working correctly. If I rebooted my network would come up, my Firestick would get to the homepage, sound would play automatically, and then it would all start dropping off again. Hulu and other apps wouldn't load, then the 'Home is not available, check your network settings' message on the Firestick. Same issue on my hardwired LAN PC. I started migrating to DNSMasq based on reading what some users were saying, and I was having issues getting it working correctly. I'm using TLS via Quad9 with unbound, and I setup the query forward to DNSMasq, configured everything, but was still having issues getting leases assigned with DNSMasq. I could NSlookup, Signal and some apps were working fine on my wired PC, but I couldn't ping out. I didn't want to mess with it anymore as my wife was home from work and wanted to watch Stranger things, so I restored my backup config from July of this year and the issue was completely resolved. Still using unbound with ISC DHCP and am on the 25.7.8 update. The funny thing is that the reason I restored that config was to start over working on the DNSMasq migration thinking I screwed a step up. I wasn't expecting the config restore to resolve the problem that started when I updated. Definitely something getting messed up from the upgrade, putting my old config files back resolved.
