"Recent posts
#1
26.1 Series / Re: DNAT auto firewall [Regist...
Last post by TheSHAD0W - Today at 12:48:34 AMNote that a quick test using the "Register Rule" method on 26.1.1 was not successful; I'll dig further later...
#2
26.1 Series / Re: Wireguard Issues and Error
Last post by damian - Today at 12:20:34 AMApologies for the mistakes in my post - I've had a very long 3 weeks.
Corrections:
1. "I have set up and instance" = I have set up an instance
2. "Could someone point me to something the right direction please?" = Could someone point me in the right direction please?
Thank you
Corrections:
1. "I have set up and instance" = I have set up an instance
2. "Could someone point me to something the right direction please?" = Could someone point me in the right direction please?
Thank you
#3
26.1 Series / Re: zfs and sqlite
Last post by tessus - Today at 12:16:25 AMAs I feared this topic moved away from my original question. My question was not related to hostwatch and its i/o usage.
I don't want to sound ungrateful, but why is my question ignored or answered with something else I didn't ask. I am ok with answers like "I don't know", "never heard of such a thing", "check this ...", but unfortunatelety I just got unrelated answers.
But maybe my question was not specific enough, thus I'll try again:
What is the status of the ZFS issues related to sqlite in FreeBSD?
I don't want to sound ungrateful, but why is my question ignored or answered with something else I didn't ask. I am ok with answers like "I don't know", "never heard of such a thing", "check this ...", but unfortunatelety I just got unrelated answers.
But maybe my question was not specific enough, thus I'll try again:
What is the status of the ZFS issues related to sqlite in FreeBSD?
#4
26.1 Series / Wireguard Issues and Error
Last post by damian - February 12, 2026, 11:53:43 PMHi Everyone,
Please accept my apologies for asking a newbie question here - I'm sure you're up to your necks with far greater matters.
I'm trying to setup the following connection using OPNSence 26.1 installed on a VPS (with root access):
Wireguard (In) -> VLAN (Intermediary) -> LAN (Public IP)*
*Note: I only have the 3 interfaces with no WAN present
I've been through the OPNSense manual and followed every guide I could find online but nothing works.
The Wireguard instance doesn't accept connections at all - there's no Handshake. I have set up and instance, then Interfaces: Assignments, assigned Outbound NAT and Firewall rules, double, triple and quadruple-checked the instance, keys, and ports. Nothing.
I also get the following error using Firewall Rules:
There were error(s) loading the rules: /tmp/rules.debug:137: direction must be explicit with rules that specify routing - The line in question reads [137]: pass on wg0 route-to ( vlan01 10.6.5.0 ) inet from {(wg0:network)} to {(vlan01:network)} keep state ( no-sync ) label "dd6671fc-4a3b-4e9e-bf4c-f9f624c74090" # WG0-VLAN
When I change the "state" condition I get the same error but for the state condition I selected i.e. synproxy, modulate, sloppy, no state. The error is the same regardless of selected state.
Could someone point me to something the right direction please? Thank you
Please accept my apologies for asking a newbie question here - I'm sure you're up to your necks with far greater matters.
I'm trying to setup the following connection using OPNSence 26.1 installed on a VPS (with root access):
Wireguard (In) -> VLAN (Intermediary) -> LAN (Public IP)*
*Note: I only have the 3 interfaces with no WAN present
I've been through the OPNSense manual and followed every guide I could find online but nothing works.
The Wireguard instance doesn't accept connections at all - there's no Handshake. I have set up and instance, then Interfaces: Assignments, assigned Outbound NAT and Firewall rules, double, triple and quadruple-checked the instance, keys, and ports. Nothing.
I also get the following error using Firewall Rules:
There were error(s) loading the rules: /tmp/rules.debug:137: direction must be explicit with rules that specify routing - The line in question reads [137]: pass on wg0 route-to ( vlan01 10.6.5.0 ) inet from {(wg0:network)} to {(vlan01:network)} keep state ( no-sync ) label "dd6671fc-4a3b-4e9e-bf4c-f9f624c74090" # WG0-VLAN
When I change the "state" condition I get the same error but for the state condition I selected i.e. synproxy, modulate, sloppy, no state. The error is the same regardless of selected state.
Could someone point me to something the right direction please? Thank you
#5
26.1 Series / NGINX proxy reverse for an IIS
Last post by bulmaro - February 12, 2026, 11:23:01 PMCould someone please share the procedure for configuring NGINX as a reverse proxy for an IIS backend that uses Windows authentication (NTLM/Negotiate)? I've tried, but it keeps asking me for my username and password repeatedly.
#6
26.1 Series / ntopng plugin issue (26.1.2)
Last post by seelk - February 12, 2026, 10:54:03 PMI'm currently stuck in an endless loop to change the password for ntopng after initially logging in with admin/admin. I have reinstalled the plugin, including redis, to no avail. I have restarted the plugins, disabled them, deleted cookies, followed instructions from https://www.ntop.org/guides/ntopng/faq.html#cannot-login-into-the-gui but no success. Is anyone experiencing the same thing? I'm running out of options.
#7
Hardware and Performance / Re: Warning about RealTek adap...
Last post by nero355 - February 12, 2026, 10:42:12 PMQuote from: meyergru on February 12, 2026, 08:00:04 PMWanna buy my adapters?NOPE.AVI ^_^
Already got too much stuff hanging around here unused... LOL!
#8
25.7, 25.10 Series / Re: NetFlow + SIP strange prob...
Last post by ou1 - February 12, 2026, 10:38:34 PMActually, I may have just found the issue. For some reason, I had unchecked "Disable hardware checksum offload" some time ago. Turning it back on fixes the SIP issues with NetFlow disabled.
Update: that's definitely it, I feel kinda stupid now for playing with settings like that and not trusting Deciso's default recommended settings.
Update: that's definitely it, I feel kinda stupid now for playing with settings like that and not trusting Deciso's default recommended settings.
#9
25.7, 25.10 Series / Re: Detections and blocking of...
Last post by nero355 - February 12, 2026, 10:38:22 PMQuote from: BigFreddy on February 12, 2026, 09:03:52 PMI took a look at the link you provided but the guide is broken as the images are not available anymore.I am guessing you are in a country that blocked IMGur.com since the first post of the thread contains images hosted there and work just fine here ?!
QuoteSo, to use Pi-Hole, I need to make additional changes within OPNSense while with the first two solutions (Zenarmor and Suricata) I don't need to make much of adjustments when it comes to DNS within OPNSense ?If you need to ask me that question I would suggest to take some time to read a lot and I do mean A LOT about all three and how they work, because nor ZenArmor nor Suricata are a so called "Turn it on and forget about it!" solution and you really need to know what you are doing !! ;)
#10
25.7, 25.10 Series / NetFlow + SIP strange problem
Last post by ou1 - February 12, 2026, 10:28:36 PMI'm experiencing a very strange issue on OPNSense Business 25.10.2, running on a DEC750. I believe this was a problem also on previous versions, but I only disabled NetFlow just before upgrading to 25.10.2.
If I disable NetFlow (clear all interfaces, disable Capture Local, reboot), I can no longer make outgoing calls from my SIP phone. Incoming calls work fine. It remains this way until I re-enable NetFlow. I don't even need to enable it on my VOIP interface, it just needs to be enabled.
Looking at captured traffic, the client is sending large INVITE packets which are being fragmented. This happens both with NetFlow enabled and disabled. The only difference is that when it doesn't work (when NetFlow is disabled), there is no response from the server. It seems that the server is either silently dropping the packets, or they are not being delivered.
With NetFlow enabled, I get responses 100 Trying, 183 Session Progress, 180 Ringing.
With Netflow disabled, I get no responses, then client re-sends the INVITE, over and over until the call fails.
I have no static NAT rules, just Hybrid Outbound NAT, no SIP-specific OPNSense configuration whatsoever. I don't see any dropped packets in the firewall logs.
Any insight into this would be very appreciated.
If I disable NetFlow (clear all interfaces, disable Capture Local, reboot), I can no longer make outgoing calls from my SIP phone. Incoming calls work fine. It remains this way until I re-enable NetFlow. I don't even need to enable it on my VOIP interface, it just needs to be enabled.
Looking at captured traffic, the client is sending large INVITE packets which are being fragmented. This happens both with NetFlow enabled and disabled. The only difference is that when it doesn't work (when NetFlow is disabled), there is no response from the server. It seems that the server is either silently dropping the packets, or they are not being delivered.
With NetFlow enabled, I get responses 100 Trying, 183 Session Progress, 180 Ringing.
With Netflow disabled, I get no responses, then client re-sends the INVITE, over and over until the call fails.
I have no static NAT rules, just Hybrid Outbound NAT, no SIP-specific OPNSense configuration whatsoever. I don't see any dropped packets in the firewall logs.
Any insight into this would be very appreciated.
