Topics

After update 25.7.9_7 and 25.7.10 system is still on 25.7.9.
Packages were updated but core system stays on 25.7.9.

When I'm checking update on GUI:

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 25.7.9 (amd64) at Fri Dec 19 07:39:30 CET 2025
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 928 packages processed.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: ..... done
Processing entries: ..... done
SunnyValley repository update completed. 49 packages processed.
All repositories are up to date.
pkg: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
Checking for upgrades (4 candidates): .... done
Processing candidates (4 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

Code Select Expand

opnsense-version
OPNsense 25.7.9 (amd64)

Code Select Expand

cat /usr/local/opnsense/version/core
{
    "CORE_VERSION": "25.7.9",
    "CORE_HASH": "0fba32ed2",
    "CORE_PKGVERSION": "25.7.9",
    ...
}
Health audit shows base/kernel mismatch:

Code Select Expand

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 25.7.9 (amd64) at Fri Dec 19 07:46:15 CET 2025
>>> Check installed kernel version
Version 25.7.8 is correct.
>>> Check installed base version
Version 25.7.8 is correct.
>>> Check for core packages consistency
Core package "opnsense" not known to package database.
***DONE***
Repository query confirms 25.7.10 is available:

Code Select Expand

pkg rquery -r OPNsense '%n-%v' opnsense
opnsense-25.7.10
Attempting update:

Code Select Expand

opnsense-update -t opnsense -f
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
OPNsense is up to date.
pkg-static: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
The following packages will be fetched:
New packages to be FETCHED:
opnsense: 25.7.10 (6 MiB: 100.00% of the 6 MiB to download)
Fetching opnsense-25.7.10.pkg: 100%    6 MiB   6.1MB/s    00:01
pkg-static: No package(s) matching opnsense
The package downloads but fails to install with "No package(s) matching opnsense".

System shows:
- GUI: 25.7.9
- Base: 25.7.8
- Kernel: 25.7.8
- Core version file: 25.7.9
- Core package: missing from pkg database

Last issue was pkg related: https://forum.opnsense.org/index.php?topic=50009.0
Could this be related to the database version mismatch (37 vs 36)?

How can I properly update to 25.7.10?

Hi, after upgrading to OPNsense 25.7.9 I started seeing repeated crashes of pkg with signal 11 on my firewall and I am not sure what is going on.

System log (repeating every minute):

Code Select Expand

<13>1 2025-12-06T07:00:05+01:00 fw.sloto.space kernel - - [meta sequenceId="32"] <6>[21705] pid 39394 (pkg), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
<13>1 2025-12-06T07:01:07+01:00 fw.sloto.space kernel - - [meta sequenceId="1"] <6>[21768] pid 1476 (pkg), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
<13>1 2025-12-06T07:02:05+01:00 fw.sloto.space kernel - - [meta sequenceId="2"] <6>[21825] pid 49670 (pkg), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
<13>1 2025-12-06T07:03:05+01:00 fw.sloto.space kernel - - [meta sequenceId="3"] <6>[21885] pid 88108 (pkg), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
pkg update output:

Code Select Expand

Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
pkg: Failed to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.7/16d2de42-0612-444d-84cd-9da99e66f1f9/data.pkg: Not found
pkg: Failed to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/25.7/16d2de42-0612-444d-84cd-9da99e66f1f9/data.txz: Not found
SunnyValley repository is up to date.
All repositories are up to date.
Child process pid=4711 terminated abnormally: Segmentation fault


Right now the firewall seems to work, but the segmentation fault happens every time pkg update runs and clutters the logs. I am just trying to understand if this is a known issue with 25.7.9 / the new kernel, or something broken on my installation only.

Could you please advise what might be wrong or what additional diagnostics I should provide?

Thank you in advance.

Hi, I have a problem with packet drops.

When monitoring packets on ixl0 (with 17 VLANs) and 9 WireGuard interfaces, I see dev.netmap.iflib_rx_miss counter growing continuously.
During high traffic by thousands per minute.

My config: OPNsense 25.7.5-amd64, LAN - Intel X710 ixl0 parent interface, Zenarmor 2.1 routed mode with native netmap driver.

Packet drops dev.netmap.iflib_rx_miss with standard tunables:

Code Select Expand

dev.netmap.buf_num="1000000"
dev.netmap.buf_size="2048"
dev.netmap.ring_size="36864"
dev.ixl.0.iflib.override_nrxds="1024"
I tried to increase descriptor rings from 1024 to 2048 because the default 1024 was insufficient for the combination of high-throughput traffic, netmap, and VLANs. Larger rings provide more space for packet buffering at the NIC level, resulting in fewer drops.

Code Select Expand

dev.ixl.0.iflib.override_nrxds="2048"
dev.ixl.0.iflib.override_ntxds="2048"

When changing dev.netmap.buf_num or dev.netmap.buf_size, Zenarmor crashes on WireGuard interfaces with loop:

Code Select Expand

generic_netmap_attach: Emulated adapter for wg* created
generic_netmap_dtor: Emulated netmap adapter for wg* destroyed
Tested (all failed):

Code Select Expand

8M buffers + buf_size 4096
8M buffers + buf_size 2048
4M buffers + buf_size 2048
6M buffers + buf_size 4096

How to achieve connectivity without packet loss? Without Zenarmor everything works without drops.

Hi, after update im not able to connect to openvpn instances.

some logs from /var/log/openvpn/latest

Code Select Expand

<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server100 42675 - [meta sequenceId="10665"] MANAGEMENT: Client connected from /var/etc/openvpn/instance-11ddf25b-cffc-4d7d-ac65-11af4d239602.sock
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server100 42675 - [meta sequenceId="10666"] MANAGEMENT: CMD 'status 3'
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server100 42675 - [meta sequenceId="10667"] MANAGEMENT: Client disconnected
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server95 50542 - [meta sequenceId="10668"] MANAGEMENT: Client connected from /var/etc/openvpn/instance-eef414e6-42a5-4b3a-ac81-486ca0f4faa0.sock
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server95 50542 - [meta sequenceId="10669"] MANAGEMENT: CMD 'status 3'
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server95 50542 - [meta sequenceId="10670"] MANAGEMENT: Client disconnected
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server131 4320 - [meta sequenceId="10671"] MANAGEMENT: Client connected from /var/etc/openvpn/instance-43ac02a2-5a40-4b23-b735-2d785cacfcde.sock
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server131 4320 - [meta sequenceId="10672"] MANAGEMENT: CMD 'status 3'
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server131 4320 - [meta sequenceId="10673"] MANAGEMENT: Client disconnected
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server105 74517 - [meta sequenceId="10674"] MANAGEMENT: Client connected from /var/etc/openvpn/instance-a2f1d33d-1b81-4cdb-bbe2-0488259f46e8.sock
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server105 74517 - [meta sequenceId="10675"] MANAGEMENT: CMD 'status 3'
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server91 11945 - [meta sequenceId="10676"] MANAGEMENT: Client connected from /var/etc/openvpn/instance-e4352535-9b8a-47d2-9912-a33dd87010b3.sock
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server91 11945 - [meta sequenceId="10677"] MANAGEMENT: CMD 'status 3'
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server105 74517 - [meta sequenceId="10678"] MANAGEMENT: Client disconnected
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server91 11945 - [meta sequenceId="10679"] MANAGEMENT: Client disconnected
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server97 69433 - [meta sequenceId="10680"] MANAGEMENT: Client connected from /var/etc/openvpn/instance-12feb732-a4be-4fbf-9f18-bdbe9ce402f2.sock
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server97 69433 - [meta sequenceId="10681"] MANAGEMENT: CMD 'status 3'
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server97 69433 - [meta sequenceId="10682"] MANAGEMENT: Client disconnected
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server111 99364 - [meta sequenceId="10683"] MANAGEMENT: Client connected from /var/etc/openvpn/instance-7ffacefa-42da-4773-ba76-4be34ad80a29.sock
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server111 99364 - [meta sequenceId="10684"] MANAGEMENT: CMD 'status 3'
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server111 99364 - [meta sequenceId="10685"] MANAGEMENT: Client disconnected
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server121 67657 - [meta sequenceId="10686"] MANAGEMENT: Client connected from /var/etc/openvpn/instance-7acdbd9c-b875-486f-ae93-23f075acdefc.sock
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server121 67657 - [meta sequenceId="10687"] MANAGEMENT: CMD 'status 3'
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server121 67657 - [meta sequenceId="10688"] MANAGEMENT: Client disconnected
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server92 19091 - [meta sequenceId="10689"] MANAGEMENT: Client connected from /var/etc/openvpn/instance-5f0e621d-c40e-4dfc-bdd0-76047c78e905.sock
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server92 19091 - [meta sequenceId="10690"] MANAGEMENT: CMD 'status 3'
<29>1 2025-07-25T10:39:01+02:00 fw.sloto.space openvpn_server92 19091 - [meta sequenceId="10691"] MANAGEMENT: Client disconnected


On dashboard i see client is connected, but openvpn app can't connect (UDP send exception: send: Can't assign requested address).

hi all, searching for workaround via physical interface for Zenarmor visibility?

I'm running OPNsense with Zenarmor (Sensei) and using multiple OpenVPN instances (TUN interfaces). As widely documented, Netmap does not support TUN interfaces, which means Zenarmor can't see or filter any traffic coming through those VPNs.

I understand this is a FreeBSD/Netmap limitation, not a Zenarmor issue.

I attempted to bridge the OpenVPN TUN interface with a physical VLAN interface to force traffic to flow through a Netmap-visible interface, hoping Zenarmor could then perform packet inspection. But as expected, TUN interfaces can't be bridged due to the lack of Ethernet framing.

I then tried routing traffic from the OpenVPN subnet (e.g. 172.17.2.0/24) through vlan with outbound NAT and firewall rules, but Zenarmor still doesn't pick up this traffic.

My question:

Is there any known workaround (even dirty or semi-supported) that could make Zenarmor see and filter traffic coming from OpenVPN (TUN), perhaps by routing or redirecting it through a physical interface that Netmap supports? Or is this fundamentally impossible without switching to WireGuard or using TAP (which has its own limitations in OPNsense)?

Any ideas, tricks, or experiences are welcome.

Thanks in advance.

Hi,
I'm trying to add a Client Specific Override (CSO) using the OPNsense API and curl, but I keep getting the response {"result":"failed"}.

I've tried various payload formats, using this OPNsense API doc as a base. Since I couldn't find a full schema for OPNsense CSO, I borrowed the format from the pf API here: https://pfrest.org/api-docs/#/VPN/postVPNOpenVPNCSOEndpoint

Here's one example I tested:

Code Select Expand

curl -v -k --location https://my.opnsense.host/api/openvpn/client_overwrites/add \
-u "key:secret" \
--header 'Content-Type: application/json' \
--data '{
  "common_name": "test.user",
  "disable": false,
  "block": false,
  "description": "IP-Reservation",
  "server_list": ["OVPN-Proton-IN"],
  "tunnel_network": "172.17.2.107/24"
}'

I also tried with escaping quotes and with other field combinations, but always got the same result.

The API call completes successfully with HTTP 200, but the body returns:

Code Select Expand

{"result":"failed"}
full output:

Code Select Expand

* Host my.opnsense.host:443 was resolved.
* IPv6: (none)
* IPv4: 192.0.2.123
*   Trying 192.0.2.123:443...
* Connected to your.opnsense.host (192.0.2.123) port 443
* ALPN: curl offers h2,http/1.1
* (TLS handshake and certificate ok)
* using HTTP/2
* Server auth using Basic with user '[REDACTED]'
> POST /api/openvpn/client_overwrites/add HTTP/2
> Host: your.opnsense.host
> Authorization: Basic [REDACTED]
> User-Agent: curl/8.7.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 213
>
* upload completely sent off: 213 bytes
< HTTP/2 200
< content-type: application/json; charset=UTF-8
< server: OPNsense
< date: Fri, 11 Apr 2025 17:06:49 GMT
< set-cookie: PHPSESSID=[REDACTED]; path=/; secure; HttpOnly; SameSite=Lax
<
{"result":"failed"}
Any idea what I might be doing wrong? Is the tunnel_network key invalid in OPNsense? What's the correct schema for the CSO add endpoint?

Thanks!

Hello,

I'm having an issue with my internal DNS running on Samba AD, which is in a different segment than the queried DNS servers.

Code Select Expand

nslookup nic.cz
;; reply from unexpected source: 10.10.0.11#53, expected 10.10.0.12#53
;; reply from unexpected source: 10.10.0.11#53, expected 10.10.0.13#53
Server: 10.10.0.11
Address: 10.10.0.11#53
I have configured port forwarding in OPNsense according to this guide, but instead of querying 127.0.0.1, I use a host alias "DNS-Services" that includes my internal Samba DNS servers (10.10.0.11, 10.10.0.12, 10.10.0.13).

Port Forwarding Settings:
   •   Interface: vlan0.10
   •   Protocol: TCP/UDP
   •   Destination / Invert: Checked
   •   Destination: vlan0.10 net
   •   Destination Port: DNS
   •   Redirect target IP: DNS-Services
   •   Redirect target port: DNS
   •   NAT reflection: Disabled

I tested bypassing OPNsense and configured L3 on the switch, and everything started working. This makes me confident that the issue is on the firewall.

Could you point me in the right direction and help me identify where I'm making a mistake?

In the previous version of OPNsense (24.7.12), the captive portal functioned as expected. A client would connect to the guest network, and a pop-up window with the login page would automatically open. This worked reliably across all operating systems.

Now, after updating to 25.1, the pop-up does not appear. It can be bypassed by manually entering any web address in a browser, which triggers a redirect to the login page. However, this does not always work consistently. I often have to refresh the page multiple times, disconnect and reconnect to Wi-Fi, or switch browsers to get the login page to appear. This behavior is highly unreliable for a production environment.

Another issue is that I can no longer download templates, neither the default ones nor the custom templates I have added. I haven't changed any settings—this issue only appeared after the update.

Additionally, there has been a long-standing issue with session timeouts. Even if I set Idle timeout to 0 and Hard timeout to 10080 (a week), the settings are not applied. When a client disconnects, they must log in again, despite the timeout settings.

My configuration is entirely standard, and I use both vouchers and an external RADIUS server for authentication. I originally followed the OPNsense documentation when setting it up.

Has anyone else encountered the same problem? Or even better—found a solution?

Hello all, I've been struggling for weeks with forwarding traffic to a WireGuard gateway. When I create a rule on the segment interface, it works, but it directs the entire segment to the WireGuard gateway. What I need is to configure it so that a client computer using the SwitchyOmega extension in Chrome (an HTTP proxy within the browser) on port 8100 is forwarded to this gateway.

The question is whether I need to use Squid—which, at least in the pfSense GUI, doesn't seem capable of this—or if I should use SNAT and DNAT rules to route traffic from the client, translating port 8100 to 80 and 8101 to 443, for example.

I've tried countless combinations, but none of them worked correctly, likely due to my insufficient knowledge of the issue.

In the attached screenshots, you can see the configuration of the SwitchyOmega extension in the browser, where the address 10.2.0.1 is the WireGuard gateway connection, and its physical local address is 10.2.0.2.

Would really appreciate any help with this

Hi I'm using Force CSO Login Matching option to use username as CN because need to set static IP for the connection. It's kind of working just always the client gets +2 as an IP, so whenever i set IP to 172.16.100.100, it get 172.16.100.102. No any overrides are set there.

Also when I change the IP i can't connect again with TLS handshake failed log.

Any advice?

Hi! I'm looking for a way to avoid creating 30 VPN servers just for routing traffic to other VPN clients connected to Proton servers. Managing such a large number of connections is not ideal for resources or security.

I need to route connections from private subnets to these VPN gateways. One idea I had is using HAProxy.
Would set up proxy profiles in the clients' browsers and use a specific port to route only HTTP and HTTPS traffic to the VPN gateway connected to the Proton server.
However, I'm not sure how to proceed and would appreciate any help, tutorials, or advice.

Thanks for any feedback!

Are OVPN group policies not being applied to the OVPN interface? Is this a bug, or am I missing something?

Automatically generated and Floating rules are there.

I am having an issue with the eastpect process consuming all processing resources:

Code Select Expand


51818 root         11  48  -20  4623M   393M RUN      4  20:39  99.16% eastpect
49088 root         11  36  -20  4624M   396M RUN      2  20:31  98.70% eastpect
50751 root         11  42  -20  4623M   392M RUN      7  20:31  95.33% eastpect


I have the Elasticsearch database external and the Memory Disk Size set to 500MB. After investigating possible causes, I concluded that Zenarmor might be the reason. I have the plugin version 1.17.5 installed, and I am on OPNsense 24.7_9.

I tried restarting the service, but it immediately spikes back to the previous numbers. The same situation occurred yesterday, and the only solution was to restart the firewall, but I do not want to restart the firewall every time this type of issue arises. I have 150 clients in production.

Code Select Expand


root@fw:/usr/local/zenarmor/output/active/temp # df
Filesystem                1K-blocks     Used    Avail Capacity  Mounted on
zroot/ROOT/default        110187668 19465572 90722096    18%    /
devfs                             1        0        1     0%    /dev
/dev/gpt/efiboot0            266144     1840   264304     1%    /boot/efi
fdescfs                           1        0        1     0%    /dev/fd
procfs                            8        0        8     0%    /proc
zroot/var/mail             90722232      136 90722096     0%    /var/mail
zroot/tmp                  90727056     4960 90722096     0%    /tmp
zroot                      90722192       96 90722096     0%    /zroot
zroot/var/crash            90722192       96 90722096     0%    /var/crash
zroot/var/audit            90722192       96 90722096     0%    /var/audit
zroot/var/tmp              90722212      116 90722096     0%    /var/tmp
zroot/usr/src              90722192       96 90722096     0%    /usr/src
zroot/usr/ports            90722192       96 90722096     0%    /usr/ports
zroot/var/log              93674056  2951960 90722096     3%    /var/log
zroot/usr/home             90722192       96 90722096     0%    /usr/home
devfs                             1        0        1     0%    /var/dhcpd/dev
/dev/md43                    495516      752   455124     0%    /usr/local/zenarmor/output/active/temp
devfs                             1        0        1     0%    /var/captiveportal/zone0/dev
devfs                             1        0        1     0%    /var/captiveportal/zone1/dev
devfs                             1        0        1     0%    /var/unbound/dev
tmpfs                        358400   265748    92652    74%    /usr/local/zenarmor/run/tracefs
devfs                             1        0        1     0%    /var/unbound/dev
/usr/local/lib/python3.11 110187668 19465572 90722096    18%    /var/unbound/usr/local/lib/python3.11
/lib                      110187668 19465572 90722096    18%    /var/unbound/lib


I hope someone can help me troubleshoot this issue without having to resort to frequent firewall restarts. Thank you!

Hi, have a cosmetic request. Is Team Rebellion able to fix the bright dashboard?

Hi, i have this in the log:

Code Select Expand

Error captiveportal Forcefully repair database (Traceback (most recent call last): File "/usr/local/opnsense/scripts/OPNsense/CaptivePortal/cp-background-process.py", line 208, in main bgprocess.db.cleanup_sessions() File "/usr/local/opnsense/scripts/OPNsense/CaptivePortal/lib/db.py", line 375, in cleanup_sessions cur.execute(""" delete sqlite3.OperationalError: no such table: cp_clients )

Clients are able to use the the captive portal, just no user list available at session tab and allowed address has "unknown date" on connected since.

Any sugestion? Is having anyone else this issue?

I am in need of some guidance for a specific configuration challenge in our network. We operate in a mixed network environment with Unix, Windows, and Linux devices. Currently, A records are updated via a samba-ad-dc controller for domain devices. However, we are encountering a significant issue: the PTR records for our Unix devices are not being updated as needed.

The core of the issue seems to be related to how the OPNsense DHCP server handles record updates. When it attempts to send A record updates, these requests are refused.

Code Select Expand

client @0x7f04994a6768 10.10.0.253#56955/key updater: updating zone 'domain/NONE': update failed: rejected by secure update (REFUSED)

This refusal then appears to prevent the completion of the subsequent PTR record updates, which are critical for our Unix systems.

Once im doing the update manually with nsupdate it works.

Code Select Expand

# nsupdate -k /tmp/rndc.key
> server 10.10.0.12
> zone 0.10.10.in-addr.arpa
> update add 124.0.10.10.in-addr.arpa. 3600 PTR host.domain.name.
> send

Code Select Expand

09-Feb-2024 22:50:56.541 update: info: client @0x7f0499a65768 10.10.0.253#53295/key updater: updating zone '0.10.10.in-addr.arpa/IN': adding an RR at '124.0.10.10.in-addr.arpa' PTR host.domain.name.

I am looking to configure the OPNsense DHCP server to only send PTR record updates to an external BIND server, bypassing the issue with the A records entirely. Is this configuration possible within OPNsense?

Thank you in advance for your time and help!

Hi, having this kernel error with lighthttpd for a while, thought it could be HAProxy time-out issue so i disable it, but the error is still here. Is here someone who can give me some feedback, I'm lost and do not know how to move forward. Webgui is running pretty fast, there is no problem. Im using LE certs for firewall and they're ok, well at least I'm having no issue there. Not using local DNS plugins, but AD controller.
There is about 7 errors in a minute here and i just cant find the reason of it

Code Select Expand

kernel opnsense.domain.name lighttpd 2815 - - (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.73/src/mod_openssl.c.3327) SSL: -1 5 32: Broken pipe

Hello OPNsense community,

I am currently using an OpenVPN server on OPNsense in tun mode on the WAN interface. For DNS, I am using a local AD Windows Server 2019 with DNS service enabled, where dynamic updates for secure/unsecure zones are allowed. However, I am encountering issues with this setup, and I need some assistance.

The problem I am facing is that no DNS records of clients are made on the DNS server.

Here is a summary of my current configuration:

OPNsense OpenVPN server in tun mode on WAN interface with local DNS IP of Win server
Local AD Windows Server 2019 with DNS service enabled.
Dynamic updates for secure/unsecure zones are allowed on the Windows DNS server.


Could you please provide guidance on how to troubleshoot and resolve this issue? Any suggestions, advice, or steps to follow would be greatly appreciated.

Thank you in advance for your help.

Best regards,
Martin

Hello! Got issue after 23.7.9 updat. Wireguard interfaces appear unassigned. As they've been created and configured before the update, they are up and running, so it's kinda cosmetic issue. Just wonder if i need to create new one i won't be able to assign it to interface. Am i the only one with this one?