"Recent posts
#91
26.1 Series / Re: Noob Questions
Last post by nicholaswkc - Today at 07:42:29 AMInteresting that you want opnsense forum questions.
#92
26.1 Series / Re: Something in 2.61 breaks O...
Last post by nicholaswkc - Today at 07:37:22 AMSSL Certificate may cause this errors.
#93
26.1 Series / Re: Unbound DNS issue
Last post by nicholaswkc - Today at 07:35:45 AMWhat wrong? Can you explain so that others can avoid?
#94
26.1 Series / Re: 25.7.11_9 can;t upgrade to...
Last post by nicholaswkc - Today at 07:34:37 AMTry using 5G network and see.
#95
German - Deutsch / Re: NVM subsystem reliability ...
Last post by stulpinger - Today at 07:25:43 AMHabe unterm System/Settings/Miscellaneous
/var/log RAM disk
/tmp RAM disk
aktiviert
weiters unter Reporting/Settings
Round-Robin-Database deaktiviert
werde weiter beobachten
/var/log RAM disk
/tmp RAM disk
aktiviert
weiters unter Reporting/Settings
Round-Robin-Database deaktiviert
werde weiter beobachten
#96
26.1 Series / Re: Unbound DNS issue
Last post by choopyat25 - Today at 06:31:08 AMDear Team ,
Could you please delete or close this question , it's my mistake.
Thank you for understanding .
Opyat'
Could you please delete or close this question , it's my mistake.
Thank you for understanding .
Opyat'
#97
General Discussion / If you change the IP address o...
Last post by syuhei - Today at 05:48:06 AMI have set up two OPNsense machines and connected multiple networks.
In OPNsense8 and OPNsense7, DHCP is running on the LAN side interface.
When the IP address on LAN8(192.168.8.254) of OPNsense7 is obtained via DHCP, it works as expected.
Pings can be sent to all IP addresses from 192.168.7.100, and the Internet can be accessed.
However, if you statically assign the IP of LAN8 (192.168.8.254) on OPNsense7, communication will not be possible.
When statically assigning an IP, 192.168.8.1 is registered as the upstream gateway in the system gateway, and is also recognized as the DefaultGateway in the status.
The ping results are as follows:
192.168.7.100 -> 192.168.8.100 OK
192.168.7.100 -> 192.168.8.1 OK
192.168.7.100 -> 192.168.0.8 OK
192.168.7.100 -> 192.168.0.100 NG
192.168.7.100 -> 192.168.0.1 NG
In OPNsense8 and OPNsense7, DHCP is running on the LAN side interface.
When the IP address on LAN8(192.168.8.254) of OPNsense7 is obtained via DHCP, it works as expected.
Pings can be sent to all IP addresses from 192.168.7.100, and the Internet can be accessed.
However, if you statically assign the IP of LAN8 (192.168.8.254) on OPNsense7, communication will not be possible.
When statically assigning an IP, 192.168.8.1 is registered as the upstream gateway in the system gateway, and is also recognized as the DefaultGateway in the status.
The ping results are as follows:
192.168.7.100 -> 192.168.8.100 OK
192.168.7.100 -> 192.168.8.1 OK
192.168.7.100 -> 192.168.0.8 OK
192.168.7.100 -> 192.168.0.100 NG
192.168.7.100 -> 192.168.0.1 NG
#98
Virtual private networks / IPSEC S2S VPN
Last post by Wendo - Today at 05:36:20 AMHi All
I feel like I'm going crazy here. I'm looking to setup an IPSEC S2S tunnel from an OPNsense firewall to potentially a number of other firewalls. I appear to be running the "new" UI for this and all the docs I can find talk about a legacy mode, and the documentation for legacy mode makes sense. It talks about Phase 1 and Phase 2, it talks about proposals, shared secrets, IKE and ESP and all the normal IPSEC things.
This new UI doesn't even have most of that. I can see you can select proposals when seeing up a new connection, but there appears to be no place to edit or add to the predefined ones. Lifetimes _may_ be under the advanced section of the connection but aren't called lifetimes, instead they are, I'm guessing, Re-auth time and Rekey time. No mention of PFS anywhere.
I get this might all just be trying to make it easier for beginner users, but wow does this not look like any IPSEC setup I've ever encountered (and I've been in networking for a couple of decades)
Am I on the right path here? Can we just not create our own proposals (not to mention what exactly _is_ the default proposal)? Is PFS supported anywhere?
This is about the most useful piece of docs I've found but there are... gaps
Thanks
PS. Sorry for the frustrated tone, but this is, well, frustrating :)
I feel like I'm going crazy here. I'm looking to setup an IPSEC S2S tunnel from an OPNsense firewall to potentially a number of other firewalls. I appear to be running the "new" UI for this and all the docs I can find talk about a legacy mode, and the documentation for legacy mode makes sense. It talks about Phase 1 and Phase 2, it talks about proposals, shared secrets, IKE and ESP and all the normal IPSEC things.
This new UI doesn't even have most of that. I can see you can select proposals when seeing up a new connection, but there appears to be no place to edit or add to the predefined ones. Lifetimes _may_ be under the advanced section of the connection but aren't called lifetimes, instead they are, I'm guessing, Re-auth time and Rekey time. No mention of PFS anywhere.
I get this might all just be trying to make it easier for beginner users, but wow does this not look like any IPSEC setup I've ever encountered (and I've been in networking for a couple of decades)
Am I on the right path here? Can we just not create our own proposals (not to mention what exactly _is_ the default proposal)? Is PFS supported anywhere?
This is about the most useful piece of docs I've found but there are... gaps
Thanks
PS. Sorry for the frustrated tone, but this is, well, frustrating :)
#99
Japanese - 日本語 / Re: NTT Cross, XE-100NE and OP...
Last post by syuhei - Today at 05:31:23 AMHi ChristianVirtual
If you are not using Hikari Telephone, it is possible to remove the NTT XG-100NE and attach a high-performance router to the ONU.
However, it is unclear whether OPNsense supports Japan's IPv4 over IPv6 standard.
Also, I don't think the NTT XG-100NE is the cause of the WiFi connection interruptions.
If you are not using Hikari Telephone, it is possible to remove the NTT XG-100NE and attach a high-performance router to the ONU.
However, it is unclear whether OPNsense supports Japan's IPv4 over IPv6 standard.
Also, I don't think the NTT XG-100NE is the cause of the WiFi connection interruptions.
#100
26.1 Series / 25.7.11_9 can;t upgrade to 26....
Last post by wuwzy - Today at 05:06:00 AMOPNsense 25.7.11_9-amd64
FreeBSD 14.3-RELEASE-p7
OpenSSL 3.0.18
long time .....
FreeBSD 14.3-RELEASE-p7
OpenSSL 3.0.18
long time .....
