Messages

I had that before on Tailscale and MGMT VLAN.
When I set it to: All(recommended) so 0.0.0.0, the Webgui became reachable from my WAN on 80 and 443.
Which I could not understand, because I had no firewall rules set on my WAN so I presumed everything gets blocked.
Setting the interfaces to Tailscale and MGMT VLAN solved that unwanted WAN access.

Edit: Could it be that opening 80, 443 on WAN has something to do with anti lock-out rules which are set automatically?

Edit 2: I have set the interfaces to 'All'. Checked: 'Disable the anti lock-out rule' in Firewall/Advanced/Settings.
And problem is solved. So the 'restart WebGUI' script is not needed.

Cheers, Eric

The WebGUI was reachable on the same LAN, but not through tailscale on reboot.

I found out that the GUI service (lighttpd) has that "race condition" where it tries to start before the Tailscale interface is fully ready.
So I made a '/usr/local/etc/rc.syshook.d/start/99-tailscale-gui-fix', which re-starts the GUI a couple of seconds after a boot-up.
All good now.

Yep, I have it now. But when I was looking for that API yesterday, that 'hover' label did not show it was a API gen button. So I did not pay attention to that button anymore.
But maybe since 26.1.1 that hover text has changed, cuz now I see it is API generator button.
All good!

Cheers, Eric

Never mind. Found it of course just after posting.
It is another Tab in the user section

I must be me but I just can't find a API key generation tool in the GUI.
According to the documentation there should be a API section on the user manager page. But not on my system.

https://docs.opnsense.org/development/how-tos/api.html

I have re-installed to 26.1 on ZFS. Restored a recent config.xml and all good now.
Thanks for the help guys

Cheers, Eric

Ok, things have gone haywire. I am on my mobile connection now.
I started the update. Things looked normal. Then I lost the connection. Tried rebooting after a while and still no connection.

I have opnsense running on a dedicated zimaboard. Connected the board to a screen and I made a screenshot of where it hangs.

Looks like a problem

Cheers, Eric

OK, did that:

# opnsense-patch https://github.com/opnsense/core/commit/7ae42d9584
Fetched 7ae42d9584 via https://github.com/opnsense/core
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 7ae42d958441078caec4b3278ca182492d96f43e Mon Sep 17 00:00:00 2001
|From: Franco Fichtner <franco@opnsense.org>
|Date: Tue, 3 Feb 2026 15:04:51 +0100
|Subject: [PATCH] firmware: do not fail upgrade if new kernel is already booted
|
|PR: https://forum.opnsense.org/index.php?topic=50654.0
|---
| src/opnsense/scripts/firmware/upgrade.sh | 2 ++
| 1 file changed, 2 insertions(+)
|
|diff --git a/src/opnsense/scripts/firmware/upgrade.sh b/src/opnsense/scripts/firmware/upgrade.sh
|index cc581e5aa4f..b90ae8ed875 100755
|--- a/src/opnsense/scripts/firmware/upgrade.sh
|+++ b/src/opnsense/scripts/firmware/upgrade.sh
--------------------------
Patching file opnsense/scripts/firmware/upgrade.sh using Plan A...
Hunk #1 succeeded at 38.
done
All patches have been applied successfully.  Have a nice day.


I haven't rebooted yet or run the updater. Wasn't sure on the next step.
Cheers, Eric

Well the output is a surprise for me, lol ;-)


# opnsense-version kernel
26.1
# uname -a
FreeBSD OPNsense.localdomain 14.3-RELEASE-p7 FreeBSD 14.3-RELEASE-p7 stable/26.1-n271965-1bab7230df71 SMP amd64

But according to the GUI I am on:
System Information
Versions
OPNsense 25.7.11_9-amd64
FreeBSD 14.3-RELEASE-p7

And 25.7.11_9 is also showing in the console menu


Cheers, Eric

This was the output:

sh -x /usr/local/etc/rc.syshook upgrade
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
+ REQUESTS_CA_BUNDLE=/usr/local/etc/ssl/cert.pem
+ SYSDIR=/usr/local/etc/rc.syshook.d
+ SYSLEVEL=upgrade
+ shift
+ [ -z upgrade ]
+ [ ! -d /usr/local/etc/rc.syshook.d/upgrade ]
+ find -s /usr/local/etc/rc.syshook.d/upgrade -type f}
+ SYSHOOKS='/usr/local/etc/rc.syshook.d/upgrade/10-sanity.sh
/usr/local/etc/rc.syshook.d/upgrade/20-isc-dhcp-plugin.sh
/usr/local/etc/rc.syshook.d/upgrade/90-cleanup.sh'
+ RETURN=0
+ SYSHOOK=upgrade/10-sanity.sh
+ SYSHOOK=10-sanity.sh
+ SYSNAME=sanity.sh
+ echo $'>>> Invoking upgrade script \'sanity.sh\''
>>> Invoking upgrade script 'sanity.sh'
+ /usr/local/etc/rc.syshook.d/upgrade/10-sanity.sh
Passed all upgrade tests.
+ SYSHOOK=upgrade/20-isc-dhcp-plugin.sh
+ SYSHOOK=20-isc-dhcp-plugin.sh
+ SYSNAME=isc-dhcp-plugin.sh
+ echo $'>>> Invoking upgrade script \'isc-dhcp-plugin.sh\''
>>> Invoking upgrade script 'isc-dhcp-plugin.sh'
+ /usr/local/etc/rc.syshook.d/upgrade/20-isc-dhcp-plugin.sh
Skipping already installed legacy ISC-DHCP plugin...
+ SYSHOOK=upgrade/90-cleanup.sh
+ SYSHOOK=90-cleanup.sh
+ SYSNAME=cleanup.sh
+ echo $'>>> Invoking upgrade script \'cleanup.sh\''
>>> Invoking upgrade script 'cleanup.sh'
+ /usr/local/etc/rc.syshook.d/upgrade/90-cleanup.sh
+ exit 0

Cheers, Eric

Then I get this:

# opnsense-update -VFs || echo "failed"
+ [ '' ]
+ [ -F ]
+ flush_temporary
+ find /usr/local/opnsense -type f -name '*.pyc' -delete
+ find /boot ! '(' -type d ')' -a '(' -name '*.pkgsave' -o -name '.pkgtemp.*' ')' -delete
+ find /boot -type d -name '.pkgtemp.*' -print0
+ xargs -0 -n1 rm -r
+ find /usr/libexec/bsdinstall ! '(' -type d ')' -a '(' -name '*.pkgsave' -o -name '.pkgtemp.*' ')' -delete
+ find /usr/libexec/bsdinstall -type d -name '.pkgtemp.*' -print0
+ xargs -0 -n1 rm -r
+ find /usr/local ! '(' -type d ')' -a '(' -name '*.pkgsave' -o -name '.pkgtemp.*' ')' -delete
+ find /usr/local -type d -name '.pkgtemp.*' -print0
+ xargs -0 -n1 rm -r
+ [ '' '=' -R ]
+ [ -n '' ]
+ [ -n '' ]
+ [ -n '' ]
+ [ ! -f /usr/local/etc/pkg/repos/OPNsense.conf ]
+ [ -n '' ]
+ [ -n '' ]
+ [ -n '' ]
+ [ '' '=' -M ]
+ [ '' '=' -x ]
+ [ '' '=' -X ]
+ [ -n '' ]
+ [ -n '' ]
+ [ -n -s ]
+ exit 0

And when updating, the same error message.

Cheers, Eric

Yes, I've tried to update several times now. Also after a reboot, but no luck.
I am getting the same output in the console.

Hi,

I've tried updating to 26.1 in the console.
After fetching the packages etc, I got the message: "The upgrade was aborted due to an error."
I am left in the dark here, because I don't know what the error is.

Console output:

Fetching packages-26.1-amd64.tar: ......................... done
Fetching base-26.1-amd64.txz: ...... done
Extracting packages-26.1-amd64.tar... done
Extracting base-26.1-amd64.txz... done
Please reboot.
>>> Invoking upgrade script 'sanity.sh'
Passed all upgrade tests.
>>> Invoking upgrade script 'isc-dhcp-plugin.sh'
Skipping already installed legacy ISC-DHCP plugin...
>>> Invoking upgrade script 'cleanup.sh'
The upgrade was aborted due to an error.

*** OPNsense.localdomain: OPNsense 25.7.11_9 (amd64) ***


Cheers, Eric

Nope, didn't touch anything. Just updated from the gui

Hi,

Since updating to 25.7.11_2 (and now also on 25.7.11_9) the WebGUI is unreachable after a reboot/restart of OPNSense
I need to SSH into a shell and then invoke: configctl webgui restart.
Then the WebGUI is immediately available again.
Any thoughts on this?

Cheers, Eric