OPNsense Forum

I am currently setting up a new firewall with opnsense and encountered a problem (again) after upgrading vom 25.7 to 26.1 today. My small installation at home should be compact and was working with an atheros wifi card in access point mode before the update.
Now after the update to 26.1  I get the dreaded message "Error creating interface with mode Infrastructure (BSS). The ath0 interface may not support creating more clones with the selected mode."

After getting it to work with a lot of effort only to have it break again after not even a day when updating I consider the wlan support so broken that I am ready to give up and look for a more stable solution and use an external access point.

Anyone with a recommendation for a small access point with a stable support for security updates?

If you want to stay open source you could install OpenWRT on custom Wifi (or flashable) hardware.

If you just need something that works without VLAN support, a cheap fritzbox is quite good as set and forget kinda device.

Most people here would suggest Unify for some reason when more features are needed.

I personally use Zyxel Access Points, they get regular updates too.

Quote from: sandy on January 29, 2026, 01:33:45 PMAnyone with a recommendation for a small access point with a stable support for security updates?

Sure, get an Asus RT-AX53U, cheap and powerful option, which is Supporting Dual Radio and WiFi6

Flash on it OpenWRT, which is very simple.
https://openwrt.org/toh/asus/rt-ax53u

Profit.

Regards,
S.

I like Mikrotik hAP-ax2 with RouterOS.

Those are awesome!

But more expensive than the Asus option + OpenWRT suggested. So all depends on the budget.

Regards,
S.

I used a converted old Asus router for a while (albeit with FreshTomato firmware instead of OpenWRT) and it worked well as an AP with a couple VLAN-backed SSIDs.  No issue using it with OPNsense.

I'm one of those that likes the UniFi APs currently, but it's mostly the hardware I like.  I'm less enthused with the company, tbh.

Quote from: OPNenthu on January 29, 2026, 02:46:35 PMI'm one of those that likes the UniFi APs currently, but it's mostly the hardware I like.  I'm less enthused with the company, tbh.

+1 :)

I simply love my In Wall Accesspoints and my small Outdoor unit, but everything else is kind of getting annoying the last couple of years...

You could get the same from TP-Link Omada which are also a bit cheaper and might even be able to run without a Controller annoying you the whole time because a lot of their stuff has the option to be configured via a nice and simple webGUI on the device itself !!

Another option I might test at some point is this thing from HPE Aruba : https://www.cits.com.eg/wp-content/uploads/2023/05/product-access-points-remote_cits.webp
Basically it's a "In Wall on a Stick" kind of model and might be useful for people who need a WiFi Accesspoint they can use like it was a lamp in their livingroom and needs to be moved outside from time to time ^_^

"Sure, get an Asus RT-AX53U, cheap and powerful option, which is Supporting Dual Radio and WiFi6

Flash on it OpenWRT, which is very simple.
https://openwrt.org/toh/asus/rt-ax53u"

I've ordered one and hope it will work as well as recommended.

How does quoting work in this forum software? I can't get it to work and have simply copied it manually in.

Quote from: sandy on January 29, 2026, 04:50:50 PMI've ordered one and hope it will work as well as recommended.

I use it as primary AP in dumb mode, with several SSIDs bound to different VLANs. Basically the AP works as WiFI + VLAN separation.

Quote from: sandy on January 29, 2026, 04:50:50 PMHow does quoting work in this forum software? I can't get it to work and have simply copied it manually in.

On each reply click the "QUOTE" button to quote the whole reply or highlight a word/sentence from a reply and click "QUOTE SELECTED TEXT"

Regards,
S.

Quote from: Seimus on January 29, 2026, 04:57:34 PMOn each reply click the "QUOTE" button to quote the whole reply or highlight a word/sentence from a reply and click "QUOTE SELECTED TEXT"

Okay, a browser problem. With Edge it works as expected. Probably Adblock plus plugin in Firefox has blocked the function.

At least I discovered how fragile the Wifi interface support is very quickly. Now I'll wait für the access point to be delivered.

Thanks for the help!

Hello,
After updating to 26.1, the wifi interfaces are still broken and impossible to recreate them (Firefox and EDGE)

Quote from: sandy on January 29, 2026, 06:08:51 PMAdblock plus plugin in Firefox

/Offtopic =>
Please use uBlock Origin instead because I can remember one of those AdBlock alternatives selling user data in the past !!

You can look it up yourself to double-check if it's the one you are using or not :)

Quote from: cercle on January 29, 2026, 09:54:57 PMHello,
After updating to 26.1, the wifi interfaces are still broken and impossible to recreate them (Firefox and EDGE)

Can confirm this issue with my firewall device as well. I'm also using an Atheros Wi-Fi adapter just like OP.

As the AP on my OPNsense device is not being used often, I only noticed this when I found the ISC DHCPv6 Server is not bringing up after upgrading to 26.1, and when checking the logs I noticed the cause for DHCPv6 startup failure was that my Wi-Fi interface has disappeared.

After further inspection, it seems Wi-Fi functionality is in a mess with 26.1 at the moment. I've seen the following inconsistencies on my device:
- In Interfaces -> Overview, instead of "ath0_wlan1" as I previously configured, I get a "wlan0" interface that's in "no carrier" state. However, it correctly shows the info of my Wi-Fi adapter.
- Moving the interface assignment to this "wlan0" will not activate it. Also, if you reboot while configured this way, on next boot the firewall will no longer recognize your current interface configuration and will ask you to reconfigure all interfaces (LAN, WAN, etc.). This means this "wlan0" is created at a much later point during system startup.
- If you were asked to reconfigure your interfaces, trying to assign your WLAN interface to "ath0" (which is how the Wi-Fi adapter appears in the interface list, although its MAC address appears as 00:00:00:00:00:00) will assign it to "ath0_wlan0". However, that interface is not being shown in Interaces -> Wireless -> Devices section, and only appears as a "wireless clone" in Interfaces -> Assignments.
- It's no longer possible to add devices in Interfaces -> Wireless -> Devices section. Trying to add one will fail with this error: "Error creating interface with mode Infrastructure (BSS). The ath0 interface may not support creating more clones with the selected mode." Additionally, I get this message printed in the console, "ath0: only 1 sta vap supported".
- I can only configure the Wi-Fi interface as "Infrastructure (BSS)" mode rather than "Access Point" mode. While the option to set it as "Access Point" mode is available to me initially (Interfaces -> OPTx (the Wireless interface) -> Network-specific wireless configuration -> Mode), after setting up the parameters and applying changes, the mode automatically became "Infrastructure (BSS)" and it is the only option available.

As I cannot get the Wi-Fi adapter configured to work as it used to with 26.1 I've reverted my device back to 25.7 via snapshot. My Atheros Wi-Fi adapter works as expected in that version.

Off-topic FYI: The option 13 in OPNsense console (to restore backup) is not the same as System -> Snapshots.

Would somebody check the logs for command errors? I have the feeling most reports around the last weeks omit obvious log entries in their installations.


Cheers,
Franco

Same here on PC Engines APU2C4 and wle200nx card (Atheros AR9280).
The upgrade log is available at the following link, in case it is helpful:
https://paste.debian.net/hidden/22cde1ad

Thanks.

Quote from: apraile on January 31, 2026, 04:03:43 PMSame here on PC Engines APU2C4 and wle200nx card (Atheros AR9280).
The upgrade log is available at the following link, in case it is helpful:
https://paste.debian.net/hidden/22cde1ad

Thanks.

I just checked your upgrade log. It appears you have the same issue I encountered. On line 2285, "ath0: only 1 sta vap supported".

However, looks like you have two Atheros adapter installed. The other one (ath1) is not reporting that message, but neither is working.

Can you check if you have a "wlan0" (and "wlan1" in your case for your second adapter) interface with OPNsense 26.1? You can use "ifconfig" from console but Interfaces -> Overview will also work. From my experience, those interfaces would be in a red "no carrier" state.

Quote from: franco on January 31, 2026, 02:34:48 PMWould somebody check the logs for command errors? I have the feeling most reports around the last weeks omit obvious log entries in their installations.


Cheers,
Franco

I'm not seeing anything out of ordinary from that upgrade log, other than the line regarding "only 1 sta vap supported" which happened after finishing update from 25.7 to 26.1.

From my experience, that error message seems to be what was preventing OPNsense Web UI from adding new devices in Interface -> Wireless -> Devices. As soon as I tried adding a new device there and failed with error, I get that message printed on the console.

Still, I wonder what might be responsible for the creation of interfaces "wlan0" (without the ath0 prefix) that I saw with "ifconfig" or Interfaces -> Overview.

root@~~~~~~~:/usr/local/www # diff /usr/local/etc/inc/interfaces.inc*
1693,1696c1693
<         $doExec = sprintf('/sbin/ifconfig wlan create wlandev %s %s bssid name %s', $baseif, $mode, $device);
<
<         #if (mwexecf('/sbin/ifconfig wlan create wlandev %s %s bssid name %s', [$baseif, $mode, $device])) {
<         if (mwexecf($doExec)) {
---
>         if (mwexecf('/sbin/ifconfig wlan create wlandev %s %s bssid name %s', [$baseif, $mode, $device])) {
root@~~~~~~~:/usr/local/www #

Are you referring to this commit? https://github.com/opnsense/core/commit/7e93cdb63f030

I'm not catching the error in either, which doesn't mean it's not there.

Might be worth checking the system log file as well for "ifconfig" failures.


Cheers,
Franco

Quote from: sandy on January 29, 2026, 01:33:45 PMAfter getting it to work with a lot of effort only to have it break again after not even a day when updating I consider the wlan support so broken that I am ready to give up and look for a more stable solution and use an external access point.

This is a common bad decision, using one device for everything ( many with me included have been there ), if it dies or issues, there goes the entire network.

Like Seimus recommended, I have an Asus RT-AX53U running openwrt for years now.
You set it and forget, the latest release is 24.10.5 but if you few up to some adventure, you can get snapshot or RC images.

Quote from: lss4 on February 01, 2026, 06:07:56 AMCan you check if you have a "wlan0" (and "wlan1" in your case for your second adapter) interface with OPNsense 26.1? You can use "ifconfig" from console but Interfaces -> Overview will also work. From my experience, those interfaces would be in a red "no carrier" state.

Yes, you are correct, this is the output of ifconfig:

[...]
wlan0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=0
        ether xx:xx:xx:xx:xx:xx
        groups: wlan
        ssid "" channel 1 (2412 MHz 11b)
        regdomain FCC country US ecm authmode OPEN privacy OFF txpower 30
        bmiss 7 scanvalid 60 wme burst bintval 0
        parent interface: ath1
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wlan1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=0
        ether xx:xx:xx:xx:xx:xx
        grstatus: no carrieroups: wlan
        ssid "" channel 1 (2412 MHz 11b)
        regdomain FCC country US ecm authmode OPEN privacy OFF txpower 30
        bmiss 7 scanvalid 60 wme burst bintval 0
        parent interface: ath0
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



Quote from: franco on February 02, 2026, 08:53:23 AMAre you referring to this commit? https://github.com/opnsense/core/commit/7e93cdb63f030

I'm not catching the error in either, which doesn't mean it's not there.

Might be worth checking the system log file as well for "ifconfig" failures.


Cheers,
Franco

Is the commit, in my case the issue start with "$mode" as is empty (have PC Engines APU2 HW, HW isn't important from my pov) but new function mwexecf() translates the 2nd %s (for $mode) to regular '' instead of none/null, so ifconfig will return non-zero exit code as '' is not valid parameter for it; so the escape handling need to be fine tuned (did not look into git code so not sure if simple or with more effort).

had to revert to get a log as rotated ;)

latest.log:<11>1 2026-02-02T20:00:36+01:00 ~~~~~~~ opnsense 92351 - [meta sequenceId="1"] /interfaces_wireless_edit.php: The command </sbin/ifconfig wlan create wlandev 'ath0' '' bssid name 'ath0_wlan2'> returned exit code 1 and the output was "ifconfig: : bad value wlan1"
system_20260202.log:<11>1 2026-02-02T20:00:36+01:00 ~~~~~~~ opnsense 92351 - [meta sequenceId="1"] /interfaces_wireless_edit.php: The command </sbin/ifconfig wlan create wlandev 'ath0' '' bssid name 'ath0_wlan2'> returned exit code 1 and the output was "ifconfig: : bad value wlan1"

and "wlan1" is created (as i have ath0_wlan1 already configured so is bit misleading but you get the point)

Thank you, that was the missing puzzle piece here.

How about https://github.com/opnsense/core/commit/45597a976c4 ?


Cheers,
Franco

Quote from: franco on February 02, 2026, 09:18:31 PMThank you, that was the missing puzzle piece here.

How about https://github.com/opnsense/core/commit/45597a976c4 ?


Cheers,
Franco

the commit works on my end.

maybe if i may suggest:
 - is shorter (as you dont want to use sprintf())
 - easier to follow in the future

##
$wlan_frmt = '/sbin/ifconfig wlan create wlandev %s '.($mode !== '' ? '%s' : '').' bssid name %s';
$wlan_args = [$baseif, ...($mode !== '' ? [$mode] : []), $device];
##

Quote from: hakuna on February 02, 2026, 09:20:02 AM

Quote from: sandy on January 29, 2026, 01:33:45 PMAfter getting it to work with a lot of effort only to have it break again after not even a day when updating I consider the wlan support so broken that I am ready to give up and look for a more stable solution and use an external access point.

This is a common bad decision, using one device for everything ( many with me included have been there ), if it dies or issues, there goes the entire network.

Like Seimus recommended, I have an Asus RT-AX53U running openwrt for years now.
You set it and forget, the latest release is 24.10.5 but if you few up to some adventure, you can get snapshot or RC images.

Sorry, you must really differentiate the situation.
There is a working function now broken and need to be fixed.
This is not a question of separate functions by spreading it to different devices.
There are lots of use cases an all-in-one appliance is the right answer f.e. in small remote branches.

Thanks for confirming.

Quotemaybe if i may suggest:
 - is shorter (as you dont want to use sprintf())
 - easier to follow in the future

Fair points. We're aiming for correctness and ease of following the code and not concerned with compressing input at the moment.

Making empty escapes serves a very specific and necessary purpose of not misplacing arguments on the command like when one or more arguments end up empty by accident.

We're already discussing avoiding the use of vsprintf() internally as there are limits to its ability escape number types and that likely means we'll write a short replacement function for "%%" and "%s" only which could also allow to add an empty argument escaper formatter. It would collapse the code back to what it was, e.g. with "%o":

mwexecf('/sbin/ifconfig wlan create wlandev %s %o bssid name %s', [$baseif, $mode, $device];

Though the pattern for variadic format strings is used only in 10% of cases and this is the sole use of an optional argument that I've seen in the projects history and is likely inherent to ifconfig more than anything.


Cheers,
Franco

Quote from: lss4 on January 31, 2026, 02:19:16 PM

Quote from: cercle on January 29, 2026, 09:54:57 PMHello,
After updating to 26.1, the wifi interfaces are still broken and impossible to recreate them (Firefox and EDGE)

Can confirm this issue with my firewall device as well...

I can also confirm this issue with the Atheros Wi-Fi adapter of my Qotom 20331G9 after upgrading from 25.7 to 26.1.

Additionally, with that interface setup for KEA DHCP, it broke all DHCP assignments to all (VLAN) interfaces effectively disabling network traffic. That is, the KEA DHCP server would not start.

After removing that interface from the KEA DHCP server settings, I was able to successfully start the KEA DHCP server and all other network traffic works.

As a newbie to OPNsense I did not setup any snapshots; now I have learnt.

As I don't actually use that Wi-Fi adapter as it is setup as an isolated internet-only VLAN solely for guests, I am simply riding out this as-is until a patch is issued...

There was a second bug with that particular code it seems which was fixed hereby applying to 26.1.1:

# opnsense-patch https://github.com/opnsense/core/commit/4912a671be1


Cheers,
Franco

I confirm that in the current state it still does not work with APU2 and wle200nx in version 26.1.1

How about confirming the patch instead?


Thanks,
Franco

Ok, let's wait for the next update...

I think you dont understand, you can execute the above command in the shell of your opnsense and it will patch it.

Patched yesterday opensense with as bundle so with router restart, when the interface is configured with mode it will fail as mode is non-empty:

in the log you can see
/usr/local/etc/rc.linkup: The command </sbin/ifconfig wlan create wlandev 'ath0' 'wlanmode hostap' bssid name 'ath0_wlan1'> returned exit code 1 and the output was "ifconfig: SIOCIFCREATE2 (wlan): Input/output error"

the issue is that escapeshellarg() convert "wlanmode hostap" into "'wlanmode hostap'" which isn't valid param as there must not be any ''

correct cmd:
/sbin/ifconfig wlan create wlandev 'ath0' wlanmode hostap bssid name 'ath0_wlan1'
what we get from escape ..
/sbin/ifconfig wlan create wlandev 'ath0' 'wlanmode hostap' bssid name 'ath0_wlan1'

this also makes the new fix/commit not requried, but no overwiew on whole code so just statement base on the troubleshooting

As of commit 4912a67 WLAN appears to work again.
On a freshly-updated 26.1, apply the following two patches in order.

# opnsense-patch 45597a9
# opnsense-patch 4912a67

After reboot WLAN interfaces should be configured.
Haven't checked other possible issues regarding WLAN yet, as right now I've a lot of other things to do for 26.1, like migrating old firewall rules.

Yes, make sure to only apply 4912a67 on 26.1.1 otherwise you'll get an apply failure because it undoes the other fix.


Cheers,
Franco

Thank you Monviech, now I understand, I applied the patch and everything works again.

Quote from: Monviech (Cedrik) on February 05, 2026, 11:29:32 AMI think you dont understand, you can execute the above command in the shell of your opnsense and it will patch it.

Can you please point out which command exactly.

opnsense-patch 4912a67 ?

Yes, make sure you are on 26.1.1 and run this from the console:

# opnsense-patch 4912a67


Cheers,
Franco

Quote from: franco on February 07, 2026, 06:44:42 PMYes, make sure you are on 26.1.1 and run this from the console:

# opnsense-patch 4912a67

Thanks, did it last night and it helped and works !