OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Recent Posts

Recent Posts

Pages: 1 ... 8 9 [10]
91
24.7 Production Series / Re: Is my WAN IPv6 different from my /48 fixed prefix?
« Last post by JamesFrisch on Today at 09:55:59 am »
Hi Bart.

Thanks you for your input, but that does not really answer any question and only repeats what I already stated.
English is not my native language, maybe there is a language barrier on my end.
I will try to phrase it differently.


I have a NGINX webserver running in VLAN 50.
I can reach that webserver by NATing my WAN IPv4 1.1.1.1 to a local IPv4 10.0.50.2.
I can also reach that webserver by IPv6 1234:1234:1234:50::2 (which is part of my static 1234:1234:1234/48 prefix, VLAN 50 interface has the setting track interface with 50, so I get a 1234:1234:1234::50/64 subnet)

That makes my NGINX webserver dual stack.
Now I would like the achieve the same for my WireGuard instance on OPNsense.
The IPv4 part is easy and working.
But I struggle with the IPv6.
How can I achieve dualstack WG for OPNsense?
92
French - Français / Re: [CADDY] Reverse proxy page blanche / Reverse proxy blank page
« Last post by Drakonash on Today at 09:51:43 am »
Bon nous avons décider d'utiliser un autre plugin (Nginx) avec lesquels nous avons réussi à fonctionner comme
attendue.


So we decided to use another plugin (Nginx) which worked as expected.
93
Virtual private networks / Re: TOR Plugin questions
« Last post by bartjsmit on Today at 09:35:52 am »
It's a case of whom you trust:

- I trust my ISP, which means I only need a VPN for remote access (inbound)
- I trust my VPN provider, which means I use their VPN to hide my traffic from my ISP
- I trust nobody, so I use TOR to hide my traffic from everybody outside my house

Needless to say, performance gets worse down that list as well.

For me, commercial VPN providers are only an answer to geo-blocking.

Bart...
94
General Discussion / Re: My VM's traffic not passing thur OPNsense
« Last post by bartjsmit on Today at 09:31:40 am »
Change the default gateway of the VM' s to OPNsense LAN IP address, same as (presumably) your DHCP clients are set to.
95
24.7 Production Series / Re: No reboot when updating to OPNsense 24.10.1
« Last post by bartjsmit on Today at 09:30:07 am »
Yeah, it used to be that crowdsec was bad for that. Uninstall plugin, update, reboot, install plugin.

That's fixed now. You may get away with stopping monitrc before updating.
96
24.7 Production Series / Re: PING -S can't work
« Last post by Patrick M. Hausen on Today at 09:22:02 am »
Some IPs might have a firewall and not answer to ping - like Windows - and some might not  ;)
97
General Discussion / Re: radvd | prefix length should be 64 for ix0
« Last post by Patrick M. Hausen on Today at 09:18:51 am »
No. No interface ever has anything but a /64 in IPv6. If you create OPT1, OPT2, ... and set them to "track" they will get different /64s from your /60.

"/60" is just a way to write "you get 16 /64 from your ISP."
98
24.7 Production Series / No reboot happening when updating to OPNsense 24.10.1
« Last post by Evert on Today at 09:02:44 am »
Hi,

When I updated to OPNsense 24.10.1 it appeared first all went as mentioned, but then I noticed that some of the services weren't running and that my unit hadn't actually rebooted.

Some searching on the console revealed that the reboot never happened because of a stuborn monitrc-process. As soon as I killed it, the reboot process commenced.

After the reboot all services started as they should, and all was well.

Has anyone else experienced this?
(Perhaps an idea to forcefully kill processes like monitrc if they don't go down gracefully?)
99
24.7 Production Series / Re: Is my WAN IPv6 different from my /48 fixed prefix?
« Last post by bartjsmit on Today at 08:56:50 am »
fe80 are link local addresses https://en.wikipedia.org/wiki/Link-local_address

IPv6 hosts can have many IP addresses. After all, saying that there are plenty available is an understatement. Many hosts do pick a random one for privacy. The servers they connect to won't then be able to track them by their client IP (they dump a wheelbarrow of cookies on you instead).

The WAN side can be completely different again. Your ISP will route your delegation to the internet and back. No guarantees that any of the hops along the way will be addresses you recognise. My WAN interface only has an fe80 address, and yet the little guy dances for me at https://www.kame.net/

Bart...
100
General Discussion / Re: spokes can't reach to each other through opnsense in the hub
« Last post by wshamroukh on Today at 08:45:17 am »
to close out this thread, I have just managed to get this to work.


A NAT rule was needed to get things to work as expected:


Thank you for your help and support
Pages: 1 ... 8 9 [10]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2