r/opnsense

Hello, everybody. I upgraded to 26.1.7 a couple of weeks ago but only today I noticed that the Rules (New) does not show a single rule. I checked the Old Rules menu and I see the rules and I also checked from the console by running pfctl -sr and all rules are in there.

Upgraded to 26.1.8 today expecting that the rules will come back and nada. Wanted to ask if someone has also come across such thing that the rules work but don't show in the GUI?

Hi,

I was searching how to point Opnsense to pihole and found the following post:

https://www.reddit.com/r/opnsense/comments/1sogc2n/pihole_261/

Can I just add a second entry under options for 8.8.8.8 incase my pihole is down?

Thanks

Just wondering if there's a limit to the number of connections/tunnels I can run simultaneously? I'm hoping to set up PBR and then set up different devices and PCs connecting to different VPNs.

I'm wondering how close I am to saturating my 1 gig Fios plan. I know there are reports within OPNsense but I'm not really sure how to use them. Is there a way I can see things like average bandwidth and bandwidth spikes?

Hi guys,

I bought ONT stick that should have support for web admin running on IP 192.168.101.1, problem is, I am not able to figure out, how to configure OPNsense so I can access it from my personal PC.

My PC is on IP *.*.1.123 on LAN interface. I have ONT stick in another SFP+ cage that is not part of LAN interface.

So far i have tried to assign new interface to this SFP+ cage with ONT stick in it called ONT. Enabled it and assigned static ipv4 192.168.101.2 (so *.*.101.1 is free). I have also tried to add Default pass all trafic in firewall, but still cant access web admin.

Can anyone help me what I am doing wrong and how to set up OPNsense?

Thanks for help

So apparently the EU launched this new age verification system to “protect minors online,” but people quickly figured out you can literally bypass it with a VPN. Now there’s talk about tighter VPN regulations and honestly this feels kinda wild. I travel a lot for work and public Wi-Fi is straight up sus sometimes. VPN is basically the only thing keeping my accounts from getting yoinked at airports and cafés. What’s annoying is that governments keep treating VPNs like they’re only used for bypassing restrictions, when a lot of normal people use them for privacy, security, streaming, remote work, etc. Imagine paying for a legit VPN subscription then suddenly needing ID verification just to use it That kinda defeats the whole privacy point ngl. Anybody else think this is getting outta hand or am I trippin’?

Hi All. I'm new to opnsense and saw this great them:

https://forum.opnsense.org/index.php?topic=47102.0

I ran the repo install instructions via ssh but not sure how to apply the theme.

Steps:

fetch -o /usr/local/etc/pkg/repos/unsense.conf https://pkg.froggle.org/unsense-repo/unsense.conf pkg update

Under themes I only see the two opnsense ones.

Coming back on this topic after some time fighting things (other similar post some time ago)

I set up a different LAN for IoT (had an extra port to the router itself, no switch here), put IPv6 into SLAAC, configured Router Advertisements into the dedicated Services tab to that IoT LAN and to be Unmanaged, no dnsmasq or DHCPv6 setup and no new firewall rules for IPv6, just for IPv4 to allow internet and block inter-LAN comms (but allowd the main LAN to comm to this IoT one); devices get IPv6 fe or fd addresses. Everything needed for what I want to achieve hardware-wise will be inside this IoT LAN and no cross LAN needed, so no repeater at all

From opnsense, I pun an old dlink dir600 router in access point mode, than passed that to the Home Assistant machine after setting up a wifi for it

Now, I installed everything needed in Home Assistant for Matter over Thread, tried pairing an Ikea device with a phone on the Wifi created within this LAN and the connection fails. I suspect mDNS, but I don't know how to check it or how else to set it up for this secondary LAN. Home Assistant says Network is unreachable in the logs for the Matter server, but Home Assistant has functional internet overall

Please, any thoughts?

Is it a firewall thing?? I am suspecting the dlink router to some extent, but I am out of ideas

Sorry for the long post

I am getting ready to swap a quad port 2.5G NIC in my Lenovo 920Q for a quad port 10G SPF+ NIC. I assume the interface names will change when I do this - does this also require that the Opnsense config be rebuilt, or is there a way to preserve the config during this process?

[ Removed by Reddit on account of violating the content policy. ]

https://preview.redd.it/0u7xezi4802h1.png?width=1670&format=png&auto=webp&s=3133d40db2552fd6fa0813f8c4387638eddaf305

The RFC1918 alias is

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

Any tips appreciated

I have a static IP block, and some of those IPs setup as Virtual IPs in OPNsense. I've created Destination NAT rules to port-forward 80, 443, and a few UDP ones for a project I'm working on, to a local IP.

On the Dest NAT rule, if I use the WAN VIP typed out explicitly as the 'destination', the rule works locally. That is: from a LAN machine (behind OPNsense), I can resolve the web service using the VIP (or a DNS name pointing to that VIP), as intended.

On the other hand... if I put that same exact WAN VIP first into an OPNsense alias (as type 'host' or 'network'), and use that in the Dest NAT 'destination' field - all of the traffic on the LAN towards the VIP gets looped back around (hairpins) to OPNsense itself - and the OPNsense login page. The web app is not reachable.

I don't know why this is happening. But wrapping a destination IP address in an alias, should not route traffic differently as far as I'm concerned. Right?

As the title says

I backup to Google drive and went it yesterday to notice the file was empty.

So I remade the project in Google API with the same results thinking it was a Google issue

I get two messages when manually trying to make up first one is with the password blank, second is with a password to encrypt the file

Fist message basically says everything is fine and it uploads a file all be it blank.

Second message says: remote backup returned no files

The official guide doesn't work. AI has no idea. I've spent hours trying to troubleshoot this.

How do you make it work?

I'm using static ipv6 with a /56

I can ping 2606:4700:4700:1111 from the opensense nodes, but I cannot get any connectivity to devices on any vlans.

Hey,

some of my network devices have a manually set static IP (not DHCP reservations). With ISC DHCP I only set a smaller DHCP range for dynamically assigned IP addresses (e.g. 192.168.1.30 - 192.168.1.220) so there was some space left for DHCP reservations and static IPs.

According to the docs Dnsmasq should however have DHCP reservations be a part of the DHCP range which in my case would include the static IPs as well (e.g. if I have a device with a static IP 192.168.1.225 and a DHCP reservation for 192.168.1.230 then expanding the DHCP range to include the reservation will obviously include the static IP too) and I'm afraid it could cause issues since I believe DHCP would not be aware of the IP being used in this case.

How do I handle this please? Assuming the devices cannot be changed to DHCP reservations and I would like to avoid having to change the static IPs.

Thanks!

It's in the title. Looking for something that is approved for use in the USA / Canada that meets strict government requirements and has lower chances of chinese spying. Thank you!

Hey r/opnsense,

Like many of you, I was relying on a mix of free blocklists to harden my firewall. They do the job to a point, but the quality and freshness of the data vary widely, and most major threat intelligence providers are extremely costly.

That's why we built Q-Feeds, a European CTI feed service providing regularly updated IP, URL and DNS blocklists, built and processed entirely within the EU.

We've built a plugin for OPNsense together with Deciso, this makes the integration straightforward, no manual list management and feeds update automatically.

What's in the feeds:

• Malicious IPs and domains (C2, botnets, scanners, etc.)
• Phishing and malware domains
• Dark web and OSINT-derived indicators

I've included a screenshot of our Threat Intelligence Portal to give you a feel for what the data looks like.

There's a free tier if you want to try it out. Feel free to share your experiences!

We are happy to answer any questions about the feeds, the data sources, or how any other question you have!

Q-Feeds Threat Intelligence Portal