Recent posts

#91

Virtual private networks / Re: Need WireGuard Peers with ...

Last post by mattlach - December 09, 2025, 09:55:06 PM

You wrote quite an essay there.

The model comma separates values automatically. Just enter a range without comma, press tab, enter the next range without comma, and so on.

Thank you for your response.

You are correct.  I was mistaken.

I must have gone too fast and just used a comma to separate the IP fields, causing the frontend to reject it.   If I do not use a comma it allows me to save the configuration.

Sadly, it still does not work.    I had assumed that my problems were due to an "Allowed IP's" overlap, but it turns out that this is only a problem within the same instance.  I have two separate instances, so this should not be an issue.

Something else weird is going on.

I'll be humming along with wg0 working just fine connected to my external server and routing all traffic through it.    Then as soon as I click "enable" and "apply" on wg1, a wireguard server for my roadwarrioir hpone setup, wg0 shits a brick.

Connectivity becomes intermittent and slow, and things just fall apart.

The funny part is wg1 works just fine.  My phone can connect and access both my internal LAN and the external internet exiting via wg0.

I don't think it is an MTU issue, as the two tunnels are independent of each other, so there is no double encapsulation.    With routing disabled in the instance, it also should not be a routing issue.

But I can't for the life of my figure out why enabling wg1 harms wg0.

Any suggestions?

"Disable Route

#92

25.7, 25.10 Series / Re: Unwanted route that keeps ...

Last post by abenaou - December 09, 2025, 09:51:59 PM

If the DHCP server in LAN98 sends a default gateway that is the cause for your static route. Don't use DHCP or any dynamic configuration for anything but WAN.

This was indeed the solution to the problem, thank you so much.
But why is it that only one single host has this issue and the others work just fine?

#93

German - Deutsch / Re: Umbau Netzwerk/Rules

Last post by meyergru - December 09, 2025, 09:10:36 PM

Das sieht allerdings seltsam aus, weil die beiden IPs mumaßlich im selben Subnetz 10.20.1.0/24 und offenbar auch auf dem selben Interface liegen. Ich nehme außerdem an, dass die Interface-Gruppe local_vlans das vlan20 enthält. Dann ist es allerdings so, dass dieser Traffic die OpnSense nicht passieren dürfte.

Du schriebst allerdings eingangs etwas von /16, das passt ja nicht so ganz.

#94

German - Deutsch / GeoIP (Maxmind) nicht mehr fun...

Last post by kosta - December 09, 2025, 09:01:56 PM

Hallo,

hab meine Hardware geändert, erfolgreich migriert und alles, es scheint aktuell keine Probleme zu geben, bis auf eins: GeoIP.
Irgendwie scheinbar egal was ich eingebe in GeoIP settings, wird nicht angenommen und zeigt mir immer:
"In order to use GeoIP, you need to configure a source in the GeoIP settings tab"
Ich habe mich auf die offizielle Anleitung angelehnt:
https://docs.opnsense.org/manual/how-tos/maxmind_geo_ip.html
Auch neuen Key angelegt im Maxmind Portal. Und den zusammengebastelten Link bei GeoIP angegeben.
Kann wer helfen?

Danke

#95

German - Deutsch / Re: Umbau Netzwerk/Rules

Last post by kosta - December 09, 2025, 08:57:08 PM

Wenn Du individuelle Interface-Regeln brauchst, dann musst Du sie entweder im Interface oder in den Floating Rules machen.

Die Priorität ist ja in der offiziellen Dokumentation erläutert. Floating Regeln sind ganz vorne, dann kommen Interface Gruppen, dann Interfaces.

Entsprechend muss man die Regeln auch positionieren. In den Floating Rules kommt das, was mehr oder weniger für alle gilt - übrigens kann man dort auch Interface Gruppen verwenden.

Wenn Dir das zu unübersichtlich ist, kannst Du auch alle Regeln in den Floating Rules belassen, dann übersiehst Du nichts.

Ich habe das Gefühl dass mein Post nicht verstanden wurde.
Es kommt zum Blocking in demselben Netzwerk, was gegen jegliche Firewall-Technologie spricht. Siehe mein Screenshot. Ich denke eindeutiger wird es nicht.

Die Prioritäten von Floating vs Intf ist mir klar. Intf Gruppen bin ich neu, noch nie verwendet. Aber das ist auch komplett unabhängig davon, zumindest in meinem Szenario, ob es sich um Intf Gruppen handelt oder nicht. So lange der falsche VLAN - also der von dem Adapter, drin ist, blockt es in demselben Netzwerk.

Ich könnte es auf Wunsch weiterhin testen.

#96

25.7, 25.10 Series / Re: DNSMasq Two Ranges One Sta...

Last post by Monviech (Cedrik) - December 09, 2025, 08:37:34 PM

Yeah just enable the advanced mode in the range and change the scope of the domain to interface, in the one range you configure. (you dont need two ranges)

#97

General Discussion / Re: TUI for viewing and analys...

Last post by allddd - December 09, 2025, 08:32:48 PM

I've thought about this, and the main issue is sorting the entries since I can't load everything into memory. ... I need a reliable way to order them, and using file names/creation times isn't reliable because users can rename/move files.

Wouldn't it be enough to read the first and the last line(s) of a file, determine the time stamps of these entries and you'd know the order of the files?

Good idea, the best approach is probably a mix of your suggestion and checking the file creation time.

I'm still not sure how well this will work though since the filter log directory can contain >30GB of files. If indexing takes 10-20 (or more) seconds, it's not something I would consider usable.

#98

German - Deutsch / Re: 10G Hardware Empfehlungen

Last post by ChrisChros - December 09, 2025, 08:30:02 PM

Hab mir jetzt die klassische kleine schwarze Mini-PC Kiste mit 2 SFP+ Ports gekauft.

Hast du einen Link zu der "Kiste"?

#99

General Discussion / Re: Port Forwarding issue insi...

Last post by viragomann - December 09, 2025, 08:07:43 PM

As the live view shows, the traffic is passed through OPNsense.
To get sure, you can run a packet capture on the LAN. Presumably the packets from the PC are going out there, but nothing is coming back.
If so, it's not on OPNsense.

You can try to hairping the restive traffic on the LAN interface and see if it helps.

#100

25.7, 25.10 Series / DNSMasq Two Ranges One Static ...

Last post by EFaden - December 09, 2025, 08:06:57 PM

Trying to figure out the correct way to do this coming from ISC DHCPv4.  In ISC I had the dynamic range set to 192.168.0.200-192.168.0.254 and all of my statics below that.  They all got the same domain name lan.mydomain.com.  All worked great.  The issue I am running into is trying to replicate that.  It seems like in DNSMasq you generally place the statics within the range and DHCP just assigned things to the unassigned addresses.  I don't really want that....

I somewhat have it working by just assigning the statics NOT within the range, but the issue is that doesn't set the domain name.  I don't really want to manually set the domain name for each static host, but I cannot seem to figure out how to set a range that is ONLY used for setting the domain name. .... My thought was to have two ranges... one that basically just sets the domain and the other is used for dynamic.  Didn't seem to work.

Any help?