Recent posts

#1

General Discussion / Re: ddclient and deSEC

Last post by JamesFrisch - Today at 09:02:04 PM

Hi guys and sorry for not updating this topic.

I first wanted to edit ddclient to make it more suitabel to work for deSEC and OPNsense but then soon came to the conclusion that ddclient is way too big and bloated. 


So I wrote a little script
https://github.com/jameskimmel/deSEC_DynDNS

Hope you guys like it, give it a try.

#2

Virtual private networks / Re: OpenVPN Instaces Road Warr...

Last post by loualbano - Today at 08:39:03 PM

One more thank you from me.  I was trying it client side through Gnome VPN setup and I don't think it was taking.  This is the better way.

#3

Q-Feeds (Threat intelligence) / Re: Looking for testers Q-Feed...

Last post by sammy - Today at 08:22:49 PM

kondmatex-app.com blocked!
thanks

[os-]

#4

General Discussion / Re: dynamic dns

Last post by Maurice - Today at 08:16:54 PM

The os-ddclient plugin supports both its own native backend as wells as the legacy ddclient. The os-ddclient plugin is not going away, only the ddclient backend might at some point.

So the way to go is using os-ddclient and selecting the native backend. If your provider is not yet listed as a supported service, you can create your own configuration using the 'custom' service.

Cheers
Maurice

#5

26.1 Series / Re: 26.1.1 MTU Issues on PPPoE

Last post by Boxer - Today at 07:53:44 PM

Good stuff

#6

26.1 Series / Re: Can Unbound DNSSEC be used...

Last post by LemurTech - Today at 07:40:36 PM

My current suspicion is that this is not an Unbound problem, it's a Dnsmasq problem. When DNSSEC is enabled, something changes the behavior of Dnsmasq and it no longer treats `iot.lan` as local:

Code Select Expand

DNSSEC enabled:

root@fw01:~ # drill .0.0.1 -p 53053 emporia.iot.lan
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 64879
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; emporia.iot.lan.     IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
.       2494    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2026021301 1800 900 604800 86400

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Feb 13 10:31:58 2026
;; MSG SIZE  rcvd: 108

DNSSEC Disabled:

root@fw01:~ # drill u/127.0.0.1 -p 53053 emporia.iot.lan
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7948
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; emporia.iot.lan.     IN      A

;; ANSWER SECTION:
emporia.iot.lan.        1       IN      A       192.168.12.86

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Feb 13 10:32:35 2026
;; MSG SIZE  rcvd: 49


#7

26.1 Series / Re: Clean upgrade from 25.1.7 ...

Last post by julsssark - Today at 06:48:04 PM

I am surprised your upgrades took that long but I've never run OPNsense in a large production environment. Good luck with the migration. Let us know how it goes.

#8

General Discussion / Re: Intermittent Packet Loss o...

Last post by meyergru - Today at 06:38:53 PM

Try "bridge-mcsnoop 0".

#9

26.1 Series / Re: 26.1.1 MTU Issues on PPPoE

Last post by Taunt9930 - Today at 05:55:11 PM

I'm seeing the same issue. I found this thread before upgrading so I blanked all the MTU boxes prior to upgrading, but putting 1508 back into the PPPoE adapter post upgrade also results in breaking a lot of the internet as other people here mentioned. I've had to go back to blank/default for now which isn't ideal.

Has anyone who has seen this issue tried 26.1.2 yet? I am stumped.

EDIT: Setting WAN MTU to Blank on 25.7.11_9, and upgrading to 26.1.2 and then setting it back to 1508 works. It now works as before, and gives expected results of 1440 and 1460 here http://pmtud.enslaves.us/

#10

26.1 Series / Re: NAT Reflection / Hairpinni...

Last post by Patrick M. Hausen - Today at 05:23:56 PM

Tricksy NATsesss ...