Messages

I have around 200 rules configured.
I have several services running.
But CPU or RAM usage isn't the problem.

As mentioned, the CPU is mostly idle until the occasional 30% spike occurs.
The issue with the waiting time arises after editing each rule.

I find the performance very poor in this regard; it definitely needs improvement. The number of rules hasn't changed significantly compared to my old firewall rule system, at least not for me.

Update: Okay, I found the problem on my end, even though I hadn't changed anything. If I connect directly via IP without going through DNS and reverse proxy, then it seems to run smoothly. Although, it wasn't a problem before with the reverse proxy configuration, which is really strange. I'll experiment a bit with the reverse proxy settings on the Opnsense site.

Hi everyone,

Since I now have to adjust a lot of rules after migrating the firewall rules,
I've noticed that with the new rules, it always takes a very long time for the settings to be applied to the system. After making a change, I always have to wait about 10+ seconds per rule before I can make any further changes.
I didn't have this problem with the old rules; if I changed something, it was more or less immediately possible to edit another rule, etc.
Will anything be done to improve the performance? Because as it is, it's very unsatisfactory in that regard.
My OPNsense is running on the following hardware, which is actually more or less underutilized; on the contrary, I don't have a heavy load on it.

Intel(R) Celeron(R) N5105 @ 2.00GHz (4 cores, 4 threads) (approx. 2-5% usage, occasionally a short-term 30% spike)
16 GB RAM: 10% usage
SSD Disk: 3% usage

Many thanks and for your feedback

Okay, I booted from the other snapshot and the rules were migrated. That would solve my problem, but the question remains whether this was done by the firmware.

Hello everyone,

As I already mentioned, the migration was performed in February 2026.

I only noticed yesterday after seeing that something was wrong with the Crowdsec alias; it seems to have been reset as well. Everything was set up on the OPNsense around the same time.

And yes, all the migrated rules appear to have been reset. My rules are back in their original location.

I deleted them from the "old location" after the migration, once I had verified that everything was working correctly.

The only changes I made were installing Crowdsec on the OPNsense and firmware updates. I personally suspect that a firmware update might have loaded the old snapshot taken before the migration, which is why everything was reset.

I'm currently on the following firmware version:

OPNsense 26.1.4-amd64
FreeBSD 14.3-RELEASE-p9
OpenSSL 3.0.19

It seems this happened during the upgrade from version 25.xx to 26.xx, but I can't say for sure. I'll probably have no choice but to perform this migration again. I just wanted to report it since these rules weren't deleted by me. I assume it was an automated process, like a firmware upgrade.

Unfortunately, I don't have any further information.

Hi everyone,

I recently migrated all my rules to Rules New. But today I discovered that all the migrated rules are now gone, apparently due to a firmware upgrade.

New alias entries I created are also gone.

I find this rather suspicious, to be honest. I didn't notice it at first; it wasn't until the Crowdsec website told me that the OPNsense integration wasn't working that I checked again and discovered it.

Ive look on my Firewall : the Snapshot from that Migration i have created on 2026-02-20 19:06

Have you tried restoring a backup? As far as I know, they are created by default after every change, and you can also do this from the console.

Hi All,

i have some Widget on Dashboard that is not working.
Anyone have a Solution for that?

Look here:

https://ibb.co/LdFFMj5p

https://ibb.co/rRjZBBTc

My Hardware Specs:

---<<BOOT>>---
Copyright (c) 1992-2023 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.3-RELEASE-p8 stable/26.1-n271977-c961e158e272 SMP amd64
FreeBSD clang version 19.1.7 (https://github.com/llvm/llvm-project.git llvmorg-19.1.7-0-gcd708029e0b2)
[1] VT(vga): resolution 640x480
[1] CPU microcode: updated from 0x1d to 0x24000026
[1] CPU: Intel(R) Celeron(R) N5105 @ 2.00GHz (1996.80-MHz K8-class CPU)
[1]   Origin="GenuineIntel"  Id=0x906c0  Family=0x6  Model=0x9c  Stepping=0
[1]   Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
[1]   Features2=0x4ff8ebbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,RDRAND>
[1]   AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
[1]   AMD Features2=0x101<LAHF,Prefetch>
[1]   Structured Extended Features=0x2394a2c3<FSGSBASE,TSCADJ,FDPEXC,SMEP,ERMS,NFPUSG,PQE,RDSEED,SMAP,CLFLUSHOPT,CLWB,PROCTRACE,SHA>
[1]   Structured Extended Features2=0x18400124<UMIP,WAITPKG,GFNI,RDPID,MOVDIRI,MOVDIR64B>
[1]   Structured Extended Features3=0xfc000400<MD_CLEAR,IBPB,STIBP,L1DFL,ARCH_CAP,CORE_CAP,SSBD>
[1]   XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
[1]   IA32_ARCH_CAPS=0x14020c6b<RDCL_NO,IBRS_ALL,SKIP_L1DFL_VME,MDS_NO>
[1]   VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
[1]   TSC: P-state invariant, performance statistics
[1] real memory  = 17179869184 (16384 MB)
[1] avail memory = 16403177472 (15643 MB)
[1] Event timer "LAPIC" quality 600
[1] ACPI APIC Table: <ALASKA A M I >
[1] WARNING: L1 data cache covers fewer APIC IDs than a core (0 < 1)
[1] FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
[1] FreeBSD/SMP: 1 package(s) x 4 core(s)
[1] random: registering fast source Intel Secure Key RNG
[1] random: fast provider: "Intel Secure Key RNG"
[1] random: unblocking device.
[1] ioapic0 <Version 2.0> irqs 0-119
[1] Launching APs: 2 1 3
[1] random: entropy device external interface
[1] wlan: mac acl policy registered
[1] kbd1 at kbdmux0
[1] WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 15.0.
[1] efirtc0: <EFI Realtime Clock>
[1] efirtc0: registered as a time-of-day clock, resolution 1.000000s
[1] smbios0: <System Management BIOS> at iomem 0x78d7a000-0x78d7a017
[1] smbios0: Entry point: v3 (64-bit), Version: 3.3
[1] aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,SHA1,SHA256>
[1] acpi0: <ALASKA A M I >
[1] acpi0: Power Button (fixed)
[1] cpu0: <ACPI CPU> on acpi0
[1] hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
[1] Timecounter "HPET" frequency 19200000 Hz quality 950
[1] Event timer "HPET" frequency 19200000 Hz quality 550
[1] Event timer "HPET1" frequency 19200000 Hz quality 440
[1] Event timer "HPET2" frequency 19200000 Hz quality 440
[1] Event timer "HPET3" frequency 19200000 Hz quality 440
[1] Event timer "HPET4" frequency 19200000 Hz quality 440
[1] atrtc1: <AT realtime clock> on acpi0
[1] atrtc1: Warning: Couldn't map I/O.
[1] atrtc1: registered as a time-of-day clock, resolution 1.000000s
[1] Event timer "RTC" frequency 32768 Hz quality 0
[1] attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
[1] Timecounter "i8254" frequency 1193182 Hz quality 0
[1] Event timer "i8254" frequency 1193182 Hz quality 100
[1] Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
[1] acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
[1] pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
[1] pci0: <ACPI PCI bus> on pcib0
[1] vgapci0: <VGA-compatible display> port 0x3000-0x303f mem 0x6000000000-0x6000ffffff,0x4000000000-0x400fffffff at device 2.0 on pci0
[1] vgapci0: Boot video device
[1] xhci0: <XHCI (generic) USB 3.0 controller> mem 0x6001100000-0x600110ffff at device 20.0 on pci0
[1] xhci0: 32 bytes context size, 64-bit DMA
[1] usbus0 on xhci0
[1] usbus0: 5.0Gbps Super Speed USB v3.0
[1] pci0: <memory, RAM> at device 20.2 (no driver attached)
[1] pci0: <simple comms> at device 22.0 (no driver attached)
[1] ahci0: <AHCI SATA controller> port 0x3090-0x3097,0x3080-0x3083,0x3060-0x307f mem 0x80800000-0x80801fff,0x80803000-0x808030ff,0x80802000-0x808027ff at device 23.0 on pci0
[1] ahci0: AHCI v1.31 with 2 6Gbps ports, Port Multiplier not supported
[1] ahcich0: <AHCI channel> at channel 0 on ahci0
[1] ahcich1: <AHCI channel> at channel 1 on ahci0
[1] pcib1: <ACPI PCI-PCI bridge> at device 28.0 on pci0
[1] pci1: <ACPI PCI bus> on pcib1
[1] igc0: <Intel(R) Ethernet Controller I226-V> mem 0x80600000-0x806fffff,0x80700000-0x80703fff at device 0.0 on pci1
[1] igc0: EEPROM V2.14-0 eTrack 0x80000290
[1] igc0: Using 2048 TX descriptors and 2048 RX descriptors
[1] igc0: Using 4 RX queues 4 TX queues
[1] igc0: Using MSI-X interrupts with 5 vectors
[1] igc0: Ethernet address: 60:be:b4:0d:88:c6
[1] igc0: netmap queues/slots: TX 4/2048, RX 4/2048
[1] pcib2: <ACPI PCI-PCI bridge> at device 28.3 on pci0
[1] pci2: <ACPI PCI bus> on pcib2
[1] igc1: <Intel(R) Ethernet Controller I226-V> mem 0x80400000-0x804fffff,0x80500000-0x80503fff at device 0.0 on pci2
[1] igc1: EEPROM V2.14-0 eTrack 0x80000290
[1] igc1: Using 1024 TX descriptors and 1024 RX descriptors
[1] igc1: Using 4 RX queues 4 TX queues
[1] igc1: Using MSI-X interrupts with 5 vectors
[1] igc1: Ethernet address: 60:be:b4:0d:88:c7
[1] igc1: netmap queues/slots: TX 4/1024, RX 4/1024
[1] pcib3: <ACPI PCI-PCI bridge> at device 28.4 on pci0
[1] pci3: <ACPI PCI bus> on pcib3
[1] igc2: <Intel(R) Ethernet Controller I226-V> mem 0x80200000-0x802fffff,0x80300000-0x80303fff at device 0.0 on pci3
[1] igc2: EEPROM V2.14-0 eTrack 0x80000290
[1] igc2: Using 1024 TX descriptors and 1024 RX descriptors
[1] igc2: Using 4 RX queues 4 TX queues
[1] igc2: Using MSI-X interrupts with 5 vectors
[1] igc2: Ethernet address: 60:be:b4:0d:88:c8
[1] igc2: netmap queues/slots: TX 4/1024, RX 4/1024
[1] pcib4: <ACPI PCI-PCI bridge> at device 28.5 on pci0
[1] pci4: <ACPI PCI bus> on pcib4
[1] igc3: <Intel(R) Ethernet Controller I226-V> mem 0x80000000-0x800fffff,0x80100000-0x80103fff at device 0.0 on pci4
[1] igc3: EEPROM V2.14-0 eTrack 0x80000290
[1] igc3: Using 1024 TX descriptors and 1024 RX descriptors
[1] igc3: Using 4 RX queues 4 TX queues
[1] igc3: Using MSI-X interrupts with 5 vectors
[1] igc3: Ethernet address: 60:be:b4:0d:88:c9
[1] igc3: netmap queues/slots: TX 4/1024, RX 4/1024
[1] pcib5: <ACPI PCI-PCI bridge> at device 28.6 on pci0
[1] pci5: <ACPI PCI bus> on pcib5
[1] igc4: <Intel(R) Ethernet Controller I226-V> mem 0x7fe00000-0x7fefffff,0x7ff00000-0x7ff03fff at device 0.0 on pci5
[1] igc4: EEPROM V2.14-0 eTrack 0x80000290
[1] igc4: Using 1024 TX descriptors and 1024 RX descriptors
[1] igc4: Using 4 RX queues 4 TX queues
[1] igc4: Using MSI-X interrupts with 5 vectors
[1] igc4: Ethernet address: 60:be:b4:0d:88:ca
[1] igc4: netmap queues/slots: TX 4/1024, RX 4/1024
[1] pcib6: <ACPI PCI-PCI bridge> at device 28.7 on pci0
[1] pci6: <ACPI PCI bus> on pcib6
[1] igc5: <Intel(R) Ethernet Controller I226-V> mem 0x7fc00000-0x7fcfffff,0x7fd00000-0x7fd03fff at device 0.0 on pci6
[1] igc5: EEPROM V2.14-0 eTrack 0x80000290
[1] igc5: Using 1024 TX descriptors and 1024 RX descriptors
[1] igc5: Using 4 RX queues 4 TX queues
[1] igc5: Using MSI-X interrupts with 5 vectors
[1] igc5: Ethernet address: 60:be:b4:0d:88:cb
[1] igc5: netmap queues/slots: TX 4/1024, RX 4/1024
[1] isab0: <PCI-ISA bridge> at device 31.0 on pci0
[1] isa0: <ISA bus> on isab0
[1] hdac0: <Intel Jasper Lake HDA Controller> mem 0x6001120000-0x6001123fff,0x6001000000-0x60010fffff at device 31.3 on pci0
[1] pci0: <serial bus> at device 31.5 (no driver attached)
[1] acpi_button0: <Sleep Button> on acpi0
[1] acpi_button1: <Power Button> on acpi0
[1] acpi_tz0: <Thermal Zone> on acpi0
[1] atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
[1] atkbd0: <AT Keyboard> irq 1 on atkbdc0
[1] kbd0 at atkbd0
[1] atkbd0: [GIANT-LOCKED]
[1] ns8250: UART FCR is broken
[1] ns8250: UART FCR is broken
[1] uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
[1] ns8250: UART FCR is broken
[1] uart0: console (115200,n,8,1)
[1] ns8250: UART FCR is broken
[1] ns8250: UART FCR is broken
[1] uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
[1] acpi_syscontainer0: <System Container> on acpi0
[1] acpi_syscontainer1: <System Container> on acpi0
[1] atrtc0: <AT realtime clock> at port 0x70 irq 8 on isa0
[1] atrtc0: Warning: Couldn't map I/O.
[1] atrtc0: registered as a time-of-day clock, resolution 1.000000s
[1] atrtc0: Can't map interrupt.
[1] hwpstate_intel0: <Intel Speed Shift> on cpu0
[1] cpufreq0: <CPU frequency control> on cpu0
[1] hwpstate_intel1: <Intel Speed Shift> on cpu1
[1] cpufreq1: <CPU frequency control> on cpu1
[1] hwpstate_intel2: <Intel Speed Shift> on cpu2
[1] cpufreq2: <CPU frequency control> on cpu2
[1] hwpstate_intel3: <Intel Speed Shift> on cpu3
[1] cpufreq3: <CPU frequency control> on cpu3
[1] Timecounter "TSC" frequency 1996803693 Hz quality 1000
[1] Timecounters tick every 1.000 msec
[2] ZFS filesystem version: 5
[2] ZFS storage pool version: features support (5000)
[2] hdacc0: <Intel Jasper Lake HDA CODEC> at cad 2 on hdac0
[2] hdaa0: <Intel Jasper Lake Audio Function Group> at nid 1 on hdacc0
[2] pcm0: <Intel Jasper Lake (HDMI/DP 8ch)> at nid 4 on hdaa0
[2] ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <FORESEE 128GB SSD V4.30.2> ACS-3 ATA SATA 3.x device
ada0: Serial Number NEH437Q011880
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 122104MB (250069680 512 byte sectors)
[2] Trying to mount root from zfs:zroot/ROOT/default []...
[2] ugen0.1: <Intel XHCI root HUB> at usbus0
[2] uhub0 on usbus0
[2] uhub0: <Intel XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
[3] uhub0: 14 ports with 14 removable, self powered
[3] Mounting filesystems...
[3] no pools available to import
[3] Setting hostuuid: 42bc2e5c-b51b-43ee-9591-352745e081b5.
[3] Setting hostid: 0x96ca5550.
[3] Configuring vt: keymap.
[3] >>> Invoking import script 'importer'
[3] Configuring crash dump device: /dev/ada0p3
[3] swapon: adding /dev/ada0p3 as swap device
[3] .ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg /usr/local/lib/ipsec /usr/local/lib/perl5/5.42/mach/CORE
[3] 32-bit compatibility ldconfig path:
[3] done.
[4] >>> Invoking early script 'upgrade'
[4] >>> Invoking early script 'configd'
[4] Starting configd.
[5] >>> Invoking early script 'templates'
[5] Generating configuration: templates...done
[10] >>> Invoking early script 'backup'
[10] >>> Invoking backup script 'captiveportal'
[10] >>> Invoking backup script 'netflow'
[10] >>> Invoking backup script 'rrd'
[12] >>> Invoking early script 'carp'
[12] CARP event system: OK
[12] Launching the init system...done.
[12] Initializing..........done.
[13] igc0: link state changed to UP
[13] igc1: link state changed to UP
[13] igc2: link state changed to UP
[14] Starting device manager...
[14] acpi_wmi0: <ACPI-WMI mapping> on acpi0
[14] acpi_wmi0: cannot find EC device
[14] acpi_wmi0: Embedded MOF found
[14] ACPI: \134_SB.WFDE.WQCC: 1 arguments were passed to a non-method ACPI object (Buffer) (20221020/nsarguments-361)
[14] acpi_wmi1: <ACPI-WMI mapping> on acpi0
[14] acpi_wmi1: cannot find EC device
[14] acpi_wmi1: Embedded MOF found
[14] ACPI: \134_SB.WFTE.WQCC: 1 arguments were passed to a non-method ACPI object (Buffer) (20221020/nsarguments-361)
[16] done.
[16] Configuring login behaviour...done.
[17] Configuring loopback interface...
[17] lo0: link state changed to UP
[17] done.
[17] Configuring kernel modules...
[17] qat_ocf0: <QAT engine>
[17] done.
[17] Setting up extended sysctls...done.
[17] Setting timezone: Europe/Zurich
[17] Writing firmware settings: FreeBSD OPNsense
[17] Writing trust files...done.
[17] Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
[17] certctl: Modified 192 trust store links.
[17] Writing trust bundles...done.
[18] Setting hostname: opensense01.freenet.dom
[18] Generating /etc/resolv.conf...done.
[18] Generating /etc/hosts...done.
[18] Configuring system logging...done.
[18] Configuring firewall.......done.
[19] Configuring hardware interfaces...done.
[19] Configuring loopback interface...done.
[19] Configuring LAGG interfaces...done.
[19] Configuring VLAN interfaces...done.
[19] Configuring ISCSI interface...
[19] igc2: link state changed to DOWN
[19] done.
[19] Configuring LAN interface...
[19] igc1: link state changed to DOWN
[19] done.
[19] Configuring WAN interface...
[19] igc0: link state changed to DOWN
[19] done.
[20] Generating /etc/resolv.conf...done.
[20] Generating /etc/hosts...done.
[20] Configuring firewall.......done.
[20] Configuring OpenSSH...done.
[20] Starting web GUI...done.
[20] Setting up routes...done.
[21] Starting Unbound DNS...done.
[22] Configuring firewall.....
[22] igc0: link state changed to UP
[22] igc2: link state changed to UP
[22] ..
[22] igc1: link state changed to UP
[23] done.
[23] Setting up gateway monitor...done.
[23] Syncing OpenVPN settings...done.
[23] Configuring WireGuard VPN...
[23] wg0: link state changed to UP
[23] done.
[23] Starting DHCP relays...done.
[23] Starting NTP service...done.
[23] Starting Unbound DNS...
[24] done.
[24] >>> Invoking start script 'newwanip'
[24] >>> Invoking start script 'freebsd'
[24] setup igc2
[24] setup igc1
[24] error : interface opt5 not found
[24] error : interface opt3 not found
[24] error : interface opt1 not found
[25] Starting acme_http_challenge.
[25] Starting hostwatch.
[25] Starting redis.
[25] Starting clamav_clamd.
[38] Starting haproxy.
[38] Starting rspamd.
[38] 2026-02-20 12:10:09 #38576(main) <8060fd>; main; main: rspamd 3.14.0 is loading configuration, build id: release
[38] Starting clamav_freshclam.
[39] Updating aliases
[39] Certificates generated /usr/local/etc/postfix/cert_opn.pem
[39] Certificates generated /usr/local/etc/postfix/ca_opn.pem
[39] postfix: Postfix is using backwards-compatible default settings
[39] postfix: See https://www.postfix.org/COMPATIBILITY_README.html for details
[39] postfix: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload"
[39] /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: support for parameter "smtpd_tls_dh1024_param_file" will be removed; instead, do not specify (leave at default)
[39] /usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: support for parameter "smtpd_use_tls" will be removed; instead, specify "smtpd_tls_security_level"
[39] postfix/postfix-script: starting the Postfix mail system
[39] >>> Invoking start script 'syslog'
[39] >>> Invoking start script 'haproxy'
[39] >>> Invoking start script 'carp'
[39] >>> Invoking start script 'cron'
[39] Starting Cron: OK
[40] >>> Invoking start script 'openvpn'
[40] >>> Invoking start script 'sysctl'
[41] Service `sysctl' has been restarted.
[41] >>> Invoking start script 'beep'
[42] Root file system: zroot/ROOT/default
[42] Fri Feb 20 12:10:13 CET 2026
[42]
*** XXX:  OPNsense 26.1.2_5 (amd64) ***

Thats my Firewall that i have buy for some Years.
https://www.amazon.de/dp/B0B4P354QG

I hope now i have all Informationen submited.

Thanks all.

Hi All,

Can someone help? I'm stuck.

Everything seems to be working fine, but there's apparently a problem I can't solve.

Everything seems to be working fine, but there's one problem I can't seem to fix.

Code Select Expand

... time="2026-02-22T00:49:24+01:00" level=error msg="auth-api: auth with api key failed return nil response, error: dial tcp 127.0.0.1:8080: connect: connection refused"

time="2026-02-22T00:49:24+01:00" level=error msg="Get "http://127.0.0.1:8080/v1/decisions/stream?additional_pull=false&community_pull=false\": dial tcp 127.0.0.1:8080: connect: connection refused"
I read that it might be blocked, but I've already opened ports 8080 and 6060 on the LAN, and I've also configured floating-point access. I've opened ports 127.0.0.1, but that doesn't seem to have any effect. What I find strange, though, is that even though I've configured the internal LAN, it's still trying to send its requests to the looping device.

Perhaps someone has an idea why LAPI can't connect.

Thanks in advance.

I also performed a migration to the new firewall. However, I have to say that I'm not having any problems with clients accessing the internet or anything like that. You might have a rule that's preventing your clients from accessing the internet through OpenSense. Remote diagnostics are very difficult in this case with so little information.

What exactly happens when you try to access the internet with a client? What is logged in the firewall?

Because otherwise, I think this is just a guessing game.

Best regards

Hi All,

i have migrated to new Firewall Rules.
But i have many Rules with Categories and my questions is:

i need a way to change multiple entry to assign a new categories is that implementet yet?

thanks all.

ah yes i have found thanks

Hi All,

I know that Crowdsec was available in an earlier release, which I could install via the plugins, but it's no longer there.
According to the website https://docs.crowdsec.net/docs/getting_started/install_crowdsec_opnsense/
it should be there.
Can someone tell me how to install the plugin?
Here's a list of the plugins available to me.

os-acme-client (installed) 4.13 832KiB 3 OPNsense ACME Client
os-clamav (installed) 1.8.1 47.8KiB 3 OPNsense Antivirus engine for detecting malicious threats
os-cpu-microcode-intel (installed) 1.1 508B 2 OPNsense Intel CPU microcode updates
os-dmidecode (installed) 1.2 6.71KiB 3 OPNsense Display hardware information on the dashboard
os-haproxy (installed) 4.6_2 682KiB 3 OPNsense Reliable, high performance TCP/HTTP load balancer
os-isc-dhcp (installed) 1.0_3 277KiB 2 OPNsense ISC DHCPv4/v6 server
os-postfix (installed) 1.24.1 156KiB 3 OPNsense SMTP mail relay
os-redis (installed) 1.1_3 69.1KiB 3 OPNsense Redis DB
os-rspamd (installed) 1.13_2 80.1KiB 3 OPNsense Protect your network from spam
os-sftp-backup (installed) 1.1_2 13.6KiB 2 OPNsense Backup configurations using SFTP
os-smart (installed) 2.4 22.9KiB 3 OPNsense SMART tools
os-theme-rebellion (installed) 1.9.4 5.23MiB 3 OPNsense A suitably dark theme
os-theme-vicuna (installed) 1.50 5.31MiB 3 OPNsense The vicuna theme - blue sapphire
os-cpu-microcode-amd 1.1 504B 2 OPNsense AMD CPU microcode updates
os-debug 1.7 5.63KiB 2 OPNsense Debugging Tools
os-dec-hw 1.1_3 6.87KiB 2 OPNsense Deciso hardware specific information
os-etpro-telemetry 1.8 50.3KiB 2 OPNsense ET Pro Telemetry Edition
os-frr 1.50_1 329KiB 2 OPNsense The FRRouting Protocol Suite
os-git-backup 1.1_3 14.8KiB 2 OPNsense Track config changes using git
os-q-feeds-connector 1.4_1 70.4KiB 2 OPNsense Connector for Q-Feeds threat intel
os-relayd 2.9_3 144KiB 2 OPNsense Relayed Load Balancer
os-stunnel 1.0.6_1 44.8KiB 2 OPNsense Stunnel TLS proxy
os-sunnyvalley 1.5_2 2.43KiB 2 OPNsense Vendor Repository for Zenarmor - Enterprise SASE & SSE platform (NGFW, SWG, CASB, ZTNA, SD-WAN)
os-vmware 1.5_1 645B 2 OPNsense VMware tools

I find the list of plugins quite short anyway, because it used to be much longer. Is this a bug in the new release?

Many thanks for your help.

Hi everyone,

If you can fix this, please adjust it so that you also use password + keyfile authentication, because on TrueNAS, that's the default.

Just a question for clarification, why is only the public key requested? If I want to save a backup from Opnsense to, for example, my TrueNAS, would I have to enter the public key in the module for authentication, or am I misunderstanding this?

Thanks for the clarification.

Hi all,

i have the following problem.

***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.1.1 (amd64) at Thu Mar 13 20:55:11 CET 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Checking for upgrades (66 candidates): .......... done
Processing candidates (66 candidates): .......... done
The following 66 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
   abseil: 20240722.0 -> 20250127.0 [OPNsense]
   bind-tools: 9.20.5 -> 9.20.6 [OPNsense]
   boost-libs: 1.86.0_1 -> 1.87.0_1 [OPNsense]
   ca_root_nss: 3.104 -> 3.108 [OPNsense]
   clamav: 1.4.2,1 -> 1.4.2_1,1 [OPNsense]
   crowdsec: 1.6.4_1 -> 1.6.5_2 [OPNsense]
   curl: 8.12.0 -> 8.12.1 [OPNsense]
   diffutils: 3.8_1 -> 3.11 [OPNsense]
   dnsmasq: 2.90_4,1 -> 2.90_5,1 [OPNsense]
   easy-rsa: 3.2.1_3,1 -> 3.2.2,1 [OPNsense]
   icu: 74.2_1,1 -> 76.1,1 [OPNsense]
   indexinfo: 0.3.1 -> 0.3.1_1 [OPNsense]
   krb5: 1.21.3 -> 1.21.3_1 [OPNsense]
   libpsl: 0.21.5_1 -> 0.21.5_2 [OPNsense]
   lighttpd: 1.4.77 -> 1.4.77_1 [OPNsense]
   mpd5: 5.9_18 -> 5.9_19 [OPNsense]
   nano: 8.2 -> 8.3 [OPNsense]
   nss: 3.107 -> 3.109 [OPNsense]
   ntp: 4.2.8p18_1 -> 4.2.8p18_4 [OPNsense]
   openldap26-client: 2.6.9 -> 2.6.9_1 [OPNsense]
   openssh-portable: 9.9.p1_1,1 -> 9.9.p2_1,1 [OPNsense]
   opnsense: 25.1.1 -> 25.1.3 [OPNsense]
   opnsense-update: 25.1.1 -> 25.1.3 [OPNsense]
   os-acme-client: 4.8 -> 4.9 [OPNsense]
   os-dmidecode: 1.1_1 -> 1.2 [OPNsense]
   os-theme-rebellion: 1.9.2 -> 1.9.2_1 [OPNsense]
   os-theme-vicuna: 1.48 -> 1.48_1 [OPNsense]
   pftop: 0.10_1 -> 0.12 [OPNsense]
   php83: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-ctype: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-curl: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-dom: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-filter: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-gettext: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-ldap: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-mbstring: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-pcntl: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-pdo: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-session: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-simplexml: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-sockets: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-sqlite3: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-xml: 8.3.16 -> 8.3.17_1 [OPNsense]
   php83-zlib: 8.3.16 -> 8.3.17_1 [OPNsense]
   postfix: 3.9.1,1 -> 3.10.1,1 [OPNsense]
   protobuf: 29.3,1 -> 29.3_1,1 [OPNsense]
   protobuf-c: 1.4.1_8 -> 1.5.1 [OPNsense]
   py311-Jinja2: 3.1.4 -> 3.1.6 [OPNsense]
   py311-beautifulsoup: 4.12.3 -> 4.13.3_1 [OPNsense]
   py311-certifi: 2024.12.14 -> 2025.1.31 [OPNsense]
   py311-cryptography: 42.0.8_6,1 -> 42.0.8_7,1 [OPNsense]
   py311-duckdb: 1.1.3 -> 1.2.0 [OPNsense]
   py311-numpy: 1.26.4_2,1 -> 1.26.4_5,1 [OPNsense]
   py311-pyasn1-modules: 0.4.0 -> 0.4.1 [OPNsense]
   py311-pylsqpack: 0.3.18 -> 0.3.19 [OPNsense]
   py311-trio: 0.28.0 -> 0.29.0 [OPNsense]
   py311-truststore: 0.10.0 -> 0.10.1 [OPNsense]
   re2: 20240702 -> 20240702_1 [OPNsense]
   rspamd: 3.11.0 -> 3.11.0_1 [OPNsense]
   socat: 1.8.0.2 -> 1.8.0.3 [OPNsense]
   sqlite3: 3.46.1,1 -> 3.46.1_1,1 [OPNsense]
   suricata: 7.0.8_1 -> 7.0.8_2 [OPNsense]
   syslog-ng: 4.8.1_4 -> 4.8.1_5 [OPNsense]
   zstd: 1.5.6 -> 1.5.7 [OPNsense]

Installed packages to be REINSTALLED:
   kea-2.6.1_2 [OPNsense] (required shared library changed)
   sudo-1.9.16p2_1 [OPNsense] (option removed: SSSD2)

Number of packages to be upgraded: 64
Number of packages to be reinstalled: 2

The process will require 81 MiB more space.
162 MiB to be downloaded.
[1/66] Fetching py311-cryptography-42.0.8_7,1.pkg: .......... done
[2/66] Fetching lighttpd-1.4.77_1.pkg: .......... done
[3/66] Fetching php83-filter-8.3.17_1.pkg: ... done
[4/66] Fetching opnsense-update-25.1.3.pkg: ..... done
[5/66] Fetching re2-20240702_1.pkg: .......... done
[6/66] Fetching php83-curl-8.3.17_1.pkg: ...... done
[7/66] Fetching boost-libs-1.87.0_1.pkg: .......... done
[8/66] Fetching py311-numpy-1.26.4_5,1.pkg: .......... done
[9/66] Fetching nss-3.109.pkg: .......... done
[10/66] Fetching py311-pyasn1-modules-0.4.1.pkg: .......... done
[11/66] Fetching php83-ldap-8.3.17_1.pkg: ..... done
[12/66] Fetching easy-rsa-3.2.2,1.pkg: ....... done
[13/66] Fetching crowdsec-1.6.5_2.pkg: .......... done
[14/66] Fetching krb5-1.21.3_1.pkg: .......... done
[15/66] Fetching icu-76.1,1.pkg: .......... done
[16/66] Fetching dnsmasq-2.90_5,1.pkg: .......... done
[17/66] Fetching bind-tools-9.20.6.pkg: .......... done
[18/66] Fetching php83-simplexml-8.3.17_1.pkg: ... done
[19/66] Fetching php83-pdo-8.3.17_1.pkg: ....... done
[20/66] Fetching ntp-4.2.8p18_4.pkg: .......... done
[21/66] Fetching diffutils-3.11.pkg: .......... done
[22/66] Fetching syslog-ng-4.8.1_5.pkg: .......... done
[23/66] Fetching os-dmidecode-1.2.pkg: . done
[24/66] Fetching php83-sockets-8.3.17_1.pkg: ...... done
[25/66] Fetching libpsl-0.21.5_2.pkg: ........ done
[26/66] Fetching protobuf-c-1.5.1.pkg: .......... done
[27/66] Fetching os-acme-client-4.9.pkg: .......... done
[28/66] Fetching os-theme-rebellion-1.9.2_1.pkg: .......... done
[29/66] Fetching clamav-1.4.2_1,1.pkg: .......... done
[30/66] Fetching php83-pcntl-8.3.17_1.pkg: ... done
[31/66] Fetching ca_root_nss-3.108.pkg: .......... done
[32/66] Fetching php83-sqlite3-8.3.17_1.pkg: .... done
[33/66] Fetching py311-trio-0.29.0.pkg: .......... done
[34/66] Fetching abseil-20250127.0.pkg: .......... done
[35/66] Fetching php83-session-8.3.17_1.pkg: ..... done
[36/66] Fetching py311-certifi-2025.1.31.pkg: .......... done
[37/66] Fetching kea-2.6.1_2.pkg: .......... done
[38/66] Fetching php83-mbstring-8.3.17_1.pkg: .......... done
[39/66] Fetching php83-gettext-8.3.17_1.pkg: . done
[40/66] Fetching php83-zlib-8.3.17_1.pkg: ... done
[41/66] Fetching zstd-1.5.7.pkg: .......... done
[42/66] Fetching socat-1.8.0.3.pkg: .......... done
[43/66] Fetching php83-ctype-8.3.17_1.pkg: . done
[44/66] Fetching curl-8.12.1.pkg: .......... done
[45/66] Fetching rspamd-3.11.0_1.pkg: .......... done
[46/66] Fetching php83-8.3.17_1.pkg: .......... done
[47/66] Fetching py311-truststore-0.10.1.pkg: ..... done
[48/66] Fetching openssh-portable-9.9.p2_1,1.pkg: .......... done
[49/66] Fetching indexinfo-0.3.1_1.pkg: . done
[50/66] Fetching nano-8.3.pkg: .......... done
[51/66] Fetching php83-xml-8.3.17_1.pkg: ... done
[52/66] Fetching suricata-7.0.8_2.pkg: .......... done
[53/66] Fetching php83-dom-8.3.17_1.pkg: .......... done
[54/66] Fetching mpd5-5.9_19.pkg: .......... done
[55/66] Fetching sqlite3-3.46.1_1,1.pkg: .......... done
[56/66] Fetching py311-pylsqpack-0.3.19.pkg: ........ done
[57/66] Fetching openldap26-client-2.6.9_1.pkg: .......... done
[58/66] Fetching protobuf-29.3_1,1.pkg: .......... done
[59/66] Fetching py311-beautifulsoup-4.13.3_1.pkg: .......... done
[60/66] Fetching opnsense-25.1.3.pkg: .......... done
[61/66] Fetching os-theme-vicuna-1.48_1.pkg: .......... done
[62/66] Fetching py311-duckdb-1.2.0.pkg: .......... done
[63/66] Fetching sudo-1.9.16p2_1.pkg: .......... done
[64/66] Fetching pftop-0.12.pkg: ........ done
[65/66] Fetching py311-Jinja2-3.1.6.pkg: .......... done
[66/66] Fetching postfix-3.10.1,1.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/66] Upgrading indexinfo from 0.3.1 to 0.3.1_1...
[1/66] Extracting indexinfo-0.3.1_1: .... done
[2/66] Upgrading py311-truststore from 0.10.0 to 0.10.1...
[2/66] Extracting py311-truststore-0.10.1: .......... done
[3/66] Upgrading py311-cryptography from 42.0.8_6,1 to 42.0.8_7,1...
[3/66] Extracting py311-cryptography-42.0.8_7,1: .......... done
[4/66] Upgrading py311-pyasn1-modules from 0.4.0 to 0.4.1...
[4/66] Extracting py311-pyasn1-modules-0.4.1: .......... done
[5/66] Upgrading abseil from 20240722.0 to 20250127.0...
[5/66] Extracting abseil-20250127.0: .......... done
[6/66] Upgrading py311-certifi from 2024.12.14 to 2025.1.31...
[6/66] Extracting py311-certifi-2025.1.31: .......... done
[7/66] Upgrading py311-numpy from 1.26.4_2,1 to 1.26.4_5,1...
[7/66] Extracting py311-numpy-1.26.4_5,1: .......... done
[8/66] Upgrading krb5 from 1.21.3 to 1.21.3_1...
[8/66] Extracting krb5-1.21.3_1: .......... done
[9/66] Upgrading php83 from 8.3.16 to 8.3.17_1...
[9/66] Extracting php83-8.3.17_1: .......... done
[10/66] Upgrading sqlite3 from 3.46.1,1 to 3.46.1_1,1...
[10/66] Extracting sqlite3-3.46.1_1,1: .......... done
[11/66] Upgrading py311-pylsqpack from 0.3.18 to 0.3.19...
[11/66] Extracting py311-pylsqpack-0.3.19: .......... done
[12/66] Upgrading protobuf from 29.3,1 to 29.3_1,1...
[12/66] Extracting protobuf-29.3_1,1: .......... done
[13/66] Upgrading icu from 74.2_1,1 to 76.1,1...
[13/66] Extracting icu-76.1,1: .......... done
[14/66] Upgrading libpsl from 0.21.5_1 to 0.21.5_2...
[14/66] Extracting libpsl-0.21.5_2: .......... done
[15/66] Upgrading protobuf-c from 1.4.1_8 to 1.5.1...
[15/66] Extracting protobuf-c-1.5.1: .......... done
[16/66] Upgrading py311-trio from 0.28.0 to 0.29.0...
[16/66] Extracting py311-trio-0.29.0: .......... done
[17/66] Upgrading php83-zlib from 8.3.16 to 8.3.17_1...
[17/66] Extracting php83-zlib-8.3.17_1: ........ done
[18/66] Upgrading zstd from 1.5.6 to 1.5.7...
[18/66] Extracting zstd-1.5.7: .......... done
[19/66] Upgrading php83-xml from 8.3.16 to 8.3.17_1...
[19/66] Extracting php83-xml-8.3.17_1: ......... done
[20/66] Upgrading boost-libs from 1.86.0_1 to 1.87.0_1...
[20/66] Extracting boost-libs-1.87.0_1: .......... done
[21/66] Upgrading nss from 3.107 to 3.109...
[21/66] Extracting nss-3.109: .......... done
[22/66] Upgrading easy-rsa from 3.2.1_3,1 to 3.2.2,1...
[22/66] Extracting easy-rsa-3.2.2,1: .......... done
[23/66] Upgrading bind-tools from 9.20.5 to 9.20.6...
[23/66] Extracting bind-tools-9.20.6: .......... done
[24/66] Upgrading php83-pdo from 8.3.16 to 8.3.17_1...
[24/66] Extracting php83-pdo-8.3.17_1: .......... done
[25/66] Upgrading php83-session from 8.3.16 to 8.3.17_1...
[25/66] Extracting php83-session-8.3.17_1: .......... done
[26/66] Upgrading php83-mbstring from 8.3.16 to 8.3.17_1...
[26/66] Extracting php83-mbstring-8.3.17_1: .......... done
[27/66] Upgrading socat from 1.8.0.2 to 1.8.0.3...
[27/66] Extracting socat-1.8.0.3: ......... done
[28/66] Upgrading curl from 8.12.0 to 8.12.1...
[28/66] Extracting curl-8.12.1: .......... done
[29/66] Upgrading openldap26-client from 2.6.9 to 2.6.9_1...
[29/66] Extracting openldap26-client-2.6.9_1: .......... done
[30/66] Upgrading py311-beautifulsoup from 4.12.3 to 4.13.3_1...
[30/66] Extracting py311-beautifulsoup-4.13.3_1: .......... done
[31/66] Upgrading lighttpd from 1.4.77 to 1.4.77_1...
===> Creating groups
Using existing group 'www'
===> Creating users
Using existing user 'www'
[31/66] Extracting lighttpd-1.4.77_1: .......... done
[32/66] Upgrading php83-filter from 8.3.16 to 8.3.17_1...
[32/66] Extracting php83-filter-8.3.17_1: ......... done
[33/66] Upgrading opnsense-update from 25.1.1 to 25.1.3...
[33/66] Extracting opnsense-update-25.1.3: .......... done
[34/66] Upgrading re2 from 20240702 to 20240702_1...
[34/66] Extracting re2-20240702_1: .......... done
[35/66] Upgrading php83-curl from 8.3.16 to 8.3.17_1...
[35/66] Extracting php83-curl-8.3.17_1: .......... done
[36/66] Upgrading php83-ldap from 8.3.16 to 8.3.17_1...
[36/66] Extracting php83-ldap-8.3.17_1: ........ done
[37/66] Upgrading dnsmasq from 2.90_4,1 to 2.90_5,1...
[37/66] Extracting dnsmasq-2.90_5,1: .......... done
[38/66] Upgrading php83-simplexml from 8.3.16 to 8.3.17_1...
[38/66] Extracting php83-simplexml-8.3.17_1: ......... done
[39/66] Upgrading ntp from 4.2.8p18_1 to 4.2.8p18_4...
[39/66] Extracting ntp-4.2.8p18_4: .......... done
[40/66] Upgrading syslog-ng from 4.8.1_4 to 4.8.1_5...
[40/66] Extracting syslog-ng-4.8.1_5: .......... done
[41/66] Upgrading php83-sockets from 8.3.16 to 8.3.17_1...
[41/66] Extracting php83-sockets-8.3.17_1: .......... done
[42/66] Upgrading php83-pcntl from 8.3.16 to 8.3.17_1...
[42/66] Extracting php83-pcntl-8.3.17_1: ......... done
[43/66] Upgrading ca_root_nss from 3.104 to 3.108...
[43/66] Extracting ca_root_nss-3.108: ..... done
[44/66] Upgrading php83-sqlite3 from 8.3.16 to 8.3.17_1...
[44/66] Extracting php83-sqlite3-8.3.17_1: ......... done
[45/66] Reinstalling kea-2.6.1_2...
[45/66] Extracting kea-2.6.1_2: .......... done
[46/66] Upgrading php83-gettext from 8.3.16 to 8.3.17_1...
[46/66] Extracting php83-gettext-8.3.17_1: ........ done
[47/66] Upgrading php83-ctype from 8.3.16 to 8.3.17_1...
[47/66] Extracting php83-ctype-8.3.17_1: ........ done
[48/66] Upgrading openssh-portable from 9.9.p1_1,1 to 9.9.p2_1,1...
[48/66] Extracting openssh-portable-9.9.p2_1,1: .......... done
[49/66] Upgrading suricata from 7.0.8_1 to 7.0.8_2...
[49/66] Extracting suricata-7.0.8_2: .......... done
[50/66] Upgrading php83-dom from 8.3.16 to 8.3.17_1...
[50/66] Extracting php83-dom-8.3.17_1: .......... done
[51/66] Upgrading mpd5 from 5.9_18 to 5.9_19...
[51/66] Extracting mpd5-5.9_19: .......... done
[52/66] Upgrading py311-duckdb from 1.1.3 to 1.2.0...
[52/66] Extracting py311-duckdb-1.2.0: .......... done
[53/66] Reinstalling sudo-1.9.16p2_1...
[53/66] Extracting sudo-1.9.16p2_1: .......... done
[54/66] Upgrading pftop from 0.10_1 to 0.12...
[54/66] Extracting pftop-0.12: ..... done
[55/66] Upgrading py311-Jinja2 from 3.1.4 to 3.1.6...
[55/66] Extracting py311-Jinja2-3.1.6: .......... done
[56/66] Upgrading crowdsec from 1.6.4_1 to 1.6.5_2...
[56/66] Extracting crowdsec-1.6.5_2: .......... done
crowdsec is running as pid 45734.
Stopping crowdsec.
Waiting for PIDS: 45734.
Waiting for PIDS: 52434.
Updating crowdsec hub data
Downloading /usr/local/etc/crowdsec/hub/.index.json
crowdsecurity/base-http-scenarios is outdated because of scenarios:crowdsecurity/http-cve-probing
crowdsecurity/base-http-scenarios is outdated because of contexts:crowdsecurity/http_base
crowdsecurity/postfix is outdated because of parsers:crowdsecurity/postfix-logs
downloading parsers:crowdsecurity/postfix-logs
downloading scenarios:crowdsecurity/http-cve-probing
downloading https://hub-data.crowdsec.net/web/trendy_cves_uris.json
downloading contexts:crowdsecurity/http_base
downloading collections:crowdsecurity/base-http-scenarios
downloading collections:crowdsecurity/postfix

Run 'sudo service crowdsec reload' for the new configuration to be effective.
Loaded: 134 parsers, 10 postoverflows, 753 scenarios, 8 contexts, 4 appsec-configs, 93 appsec-rules, 132 collections
Starting crowdsec.
[57/66] Upgrading diffutils from 3.8_1 to 3.11...
[57/66] Extracting diffutils-3.11: .......... done
[58/66] Upgrading os-dmidecode from 1.1_1 to 1.2...
[58/66] Extracting os-dmidecode-1.2: ...... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
[59/66] Upgrading os-acme-client from 4.8 to 4.9...
[59/66] Extracting os-acme-client-4.9: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/AcmeClient: OK
[60/66] Upgrading os-theme-rebellion from 1.9.2 to 1.9.2_1...
[60/66] Extracting os-theme-rebellion-1.9.2_1: .......... done
[61/66] Upgrading clamav from 1.4.2,1 to 1.4.2_1,1...
===> Creating groups
Using existing group 'clamav'
Using existing group 'mail'
===> Creating users
Using existing user 'clamav'
[61/66] Extracting clamav-1.4.2_1,1: .......... done
[62/66] Upgrading rspamd from 3.11.0 to 3.11.0_1...
===> Creating groups
Using existing group 'rspamd'
===> Creating users
Using existing user 'rspamd'
[62/66] Extracting rspamd-3.11.0_1: .......... done
[63/66] Upgrading nano from 8.2 to 8.3...
[63/66] Extracting nano-8.3: .......... done
[64/66] Upgrading opnsense from 25.1.1 to 25.1.3...
[64/66] Extracting opnsense-25.1.3: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
Migrated OPNsense\Unbound\Unbound from 1.0.11 to 1.0.12
Migrated OPNsense\Dnsmasq\Dnsmasq from <unversioned> to 1.0.0
Migrated OPNsense\Core\Tunables from 1.0.0 to 1.0.1
Migrated OPNsense\Interfaces\Vip from 1.0.0 to 1.0.1
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: Modified 2 trust store links.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
[65/66] Upgrading os-theme-vicuna from 1.48 to 1.48_1...
[65/66] Extracting os-theme-vicuna-1.48_1: .......... done
[66/66] Upgrading postfix from 3.9.1,1 to 3.10.1,1...
===> Creating groups
Using existing group 'mail'
Using existing group 'maildrop'
Using existing group 'postfix'
===> Creating users
Using existing user 'postfix'
===> Creating homedir(s)
[66/66] Extracting postfix-3.10.1,1: ......... done
postfix: Postfix is using backwards-compatible default settings
postfix: See https://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=3.6" and "postfix reload"
chown: /usr/local/man/man1/mailq.1.gz: No such file or directory

===============================================================
Postfix was *not* activated in //usr/local/etc/mail/mailer.conf!

To finish installation run the following commands:

  mkdir -p //usr/local/etc/mail
  install -m 0644 //usr/local/share/postfix/mailer.conf.postfix //usr/local/etc/mail/mailer.conf
===============================================================

=====
Message from dnsmasq-2.90_5,1:

--
To enable dnsmasq, edit /usr/local/etc/dnsmasq.conf and
set dnsmasq_enable="YES" in /etc/rc.conf[.local]

Further options and actions are documented inside
/usr/local/etc/rc.d/dnsmasq


NOTE: when using dnssec, inaccurate system clocks
can cause DNS resolution to fail
because DNSSEC signatures may then not validate.


SECURITY RECOMMENDATION
~~~~~~~~~~~~~~~~~~~~~~~
It is recommended to enable the wpad-related options
at the end of the configuration file (you may need to
copy them from the example file to yours) to fix
CERT Vulnerability VU#598349.
You may need to manually remove /usr/local/etc/syslog-ng.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/ssl/cert.pem if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/kea-ctrl-agent.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/kea-dhcp4.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/kea/keactrl.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/ssh/sshd_config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/suricata/suricata.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/crowdsec/config.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/crowdsec/local_api_credentials.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/crowdsec/online_api_credentials.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/crowdsec/console.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/clamd.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/freshclam.conf if it is no longer needed.
=====
Message from rspamd-3.11.0_1:

--
Due to the issues with Hyperscan alignment, it is recommended to remove the
existing cached files that might cause troubles from /var/db/rspamd by using the
following command: "find /var/db/rspamd/ -type f -name '*.unser' -delete"
This action is needed merely for this particular upgrade.
=====
Message from opnsense-25.1.3:

--
What are you looking at?
You may need to manually remove /usr/local/etc/postfix/main.cf if it is no longer needed.
You may need to manually remove /usr/local/etc/postfix/master.cf if it is no longer needed.
You may need to manually remove /usr/local/etc/postfix/aliases if it is no longer needed.
You may need to manually remove /usr/local/etc/postfix/transport if it is no longer needed.
You may need to manually remove /usr/local/etc/postfix/virtual if it is no longer needed.
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages:

Installed packages to be REMOVED:
   libsigsegv: 2.14

Number of packages to be removed: 1
[1/1] Deinstalling libsigsegv-2.14...
[1/1] Deleting files for libsigsegv-2.14: ........ done
Checking all packages: .......... done
The following package files will be deleted:
   /var/cache/pkg/dnsmasq-2.90_5,1~1ba23f6dcb.pkg
   /var/cache/pkg/postfix-3.10.1,1.pkg
   /var/cache/pkg/php83-8.3.17_1~1ec044c1e6.pkg
   /var/cache/pkg/sudo-1.9.16p2_1~10006b4ee0.pkg
   /var/cache/pkg/nss-3.109.pkg
   /var/cache/pkg/protobuf-29.3_1,1~58d8f36e23.pkg
   /var/cache/pkg/syslog-ng-4.8.1_5.pkg
   /var/cache/pkg/php83-curl-8.3.17_1~7a7cc654a4.pkg
   /var/cache/pkg/opnsense-25.1.3~4e5ab1baa3.pkg
   /var/cache/pkg/py311-certifi-2025.1.31~9a9de9b45d.pkg
   /var/cache/pkg/indexinfo-0.3.1_1~1634745d18.pkg
   /var/cache/pkg/py311-pyasn1-modules-0.4.1.pkg
   /var/cache/pkg/php83-xml-8.3.17_1.pkg
   /var/cache/pkg/socat-1.8.0.3.pkg
   /var/cache/pkg/php83-ctype-8.3.17_1~b882eb5da5.pkg
   /var/cache/pkg/easy-rsa-3.2.2,1~3d0d27a7cc.pkg
   /var/cache/pkg/opnsense-25.1.3.pkg
   /var/cache/pkg/protobuf-c-1.5.1.pkg
   /var/cache/pkg/py311-cryptography-42.0.8_7,1~e3360d1806.pkg
   /var/cache/pkg/abseil-20250127.0.pkg
   /var/cache/pkg/lighttpd-1.4.77_1~5fae8d6eb7.pkg
   /var/cache/pkg/boost-libs-1.87.0_1.pkg
   /var/cache/pkg/py311-Jinja2-3.1.6~2e84b00e54.pkg
   /var/cache/pkg/indexinfo-0.3.1_1.pkg
   /var/cache/pkg/postfix-3.10.1,1~c64008431c.pkg
   /var/cache/pkg/php83-ctype-8.3.17_1.pkg
   /var/cache/pkg/os-dmidecode-1.2.pkg
   /var/cache/pkg/php83-curl-8.3.17_1.pkg
   /var/cache/pkg/os-theme-rebellion-1.9.2_1.pkg
   /var/cache/pkg/py311-numpy-1.26.4_5,1.pkg
   /var/cache/pkg/php83-dom-8.3.17_1.pkg
   /var/cache/pkg/py311-beautifulsoup-4.13.3_1.pkg
   /var/cache/pkg/clamav-1.4.2_1,1.pkg
   /var/cache/pkg/boost-libs-1.87.0_1~ff9e7be9f4.pkg
   /var/cache/pkg/php83-mbstring-8.3.17_1.pkg
   /var/cache/pkg/py311-pylsqpack-0.3.19.pkg
   /var/cache/pkg/pftop-0.12~5c6ff4626d.pkg
   /var/cache/pkg/php83-sockets-8.3.17_1.pkg
   /var/cache/pkg/php83-gettext-8.3.17_1.pkg
   /var/cache/pkg/crowdsec-1.6.5_2~28d0db5efc.pkg
   /var/cache/pkg/php83-dom-8.3.17_1~4ad65bc998.pkg
   /var/cache/pkg/mpd5-5.9_19.pkg
   /var/cache/pkg/php83-simplexml-8.3.17_1.pkg
   /var/cache/pkg/py311-trio-0.29.0.pkg
   /var/cache/pkg/php83-zlib-8.3.17_1~38a1c96eb6.pkg
   /var/cache/pkg/sqlite3-3.46.1_1,1~c10504717d.pkg
   /var/cache/pkg/protobuf-29.3_1,1.pkg
   /var/cache/pkg/bind-tools-9.20.6~1935af8f6c.pkg
   /var/cache/pkg/php83-gettext-8.3.17_1~466ce054a9.pkg
   /var/cache/pkg/mpd5-5.9_19~c1efd9d43b.pkg
   /var/cache/pkg/ntp-4.2.8p18_4~10ab4c3d85.pkg
   /var/cache/pkg/ca_root_nss-3.108.pkg
   /var/cache/pkg/zstd-1.5.7~f24ce5e6aa.pkg
   /var/cache/pkg/php83-pdo-8.3.17_1~688f851975.pkg
   /var/cache/pkg/py311-cryptography-42.0.8_7,1.pkg
   /var/cache/pkg/php83-xml-8.3.17_1~48df67e008.pkg
   /var/cache/pkg/php83-ldap-8.3.17_1.pkg
   /var/cache/pkg/php83-session-8.3.17_1~3b17a00662.pkg
   /var/cache/pkg/bind-tools-9.20.6.pkg
   /var/cache/pkg/os-theme-vicuna-1.48_1.pkg
   /var/cache/pkg/sudo-1.9.16p2_1.pkg
   /var/cache/pkg/openssh-portable-9.9.p2_1,1~a8b7c04426.pkg
   /var/cache/pkg/php83-sqlite3-8.3.17_1~e18d1b2695.pkg
   /var/cache/pkg/py311-truststore-0.10.1~b73b0c6b6a.pkg
   /var/cache/pkg/php83-pdo-8.3.17_1.pkg
   /var/cache/pkg/py311-beautifulsoup-4.13.3_1~9e85a878a0.pkg
   /var/cache/pkg/easy-rsa-3.2.2,1.pkg
   /var/cache/pkg/kea-2.6.1_2.pkg
   /var/cache/pkg/libpsl-0.21.5_2~1c1087bc0c.pkg
   /var/cache/pkg/crowdsec-1.6.5_2.pkg
   /var/cache/pkg/lighttpd-1.4.77_1.pkg
   /var/cache/pkg/nano-8.3~52fd707333.pkg
   /var/cache/pkg/protobuf-c-1.5.1~742e0d1412.pkg
   /var/cache/pkg/py311-pylsqpack-0.3.19~b287ab4af0.pkg
   /var/cache/pkg/py311-pyasn1-modules-0.4.1~296e39c0aa.pkg
   /var/cache/pkg/diffutils-3.11.pkg
   /var/cache/pkg/icu-76.1,1~841b5ae1eb.pkg
   /var/cache/pkg/php83-ldap-8.3.17_1~cb14f2d302.pkg
   /var/cache/pkg/php83-filter-8.3.17_1~5679cb6edc.pkg
   /var/cache/pkg/clamav-1.4.2_1,1~dad70cc586.pkg
   /var/cache/pkg/re2-20240702_1~710cf8174d.pkg
   /var/cache/pkg/sqlite3-3.46.1_1,1.pkg
   /var/cache/pkg/openldap26-client-2.6.9_1~22dbdc11f0.pkg
   /var/cache/pkg/ntp-4.2.8p18_4.pkg
   /var/cache/pkg/nss-3.109~4ef2277c45.pkg
   /var/cache/pkg/openldap26-client-2.6.9_1.pkg
   /var/cache/pkg/py311-trio-0.29.0~6e7fff27af.pkg
   /var/cache/pkg/kea-2.6.1_2~20b9bfcb88.pkg
   /var/cache/pkg/libpsl-0.21.5_2.pkg
   /var/cache/pkg/opnsense-update-25.1.3~ea2655dcb9.pkg
   /var/cache/pkg/suricata-7.0.8_2~655a9dbc26.pkg
   /var/cache/pkg/php83-sockets-8.3.17_1~87c5b41cf3.pkg
   /var/cache/pkg/php83-zlib-8.3.17_1.pkg
   /var/cache/pkg/py311-truststore-0.10.1.pkg
   /var/cache/pkg/php83-simplexml-8.3.17_1~0a4f3bd048.pkg
   /var/cache/pkg/diffutils-3.11~f6e9019633.pkg
   /var/cache/pkg/py311-duckdb-1.2.0~445097a92e.pkg
   /var/cache/pkg/os-dmidecode-1.2~55bee2ded0.pkg
   /var/cache/pkg/ca_root_nss-3.108~887efe8228.pkg
   /var/cache/pkg/py311-Jinja2-3.1.6.pkg
   /var/cache/pkg/socat-1.8.0.3~9df3832327.pkg
   /var/cache/pkg/abseil-20250127.0~da51474fc7.pkg
   /var/cache/pkg/os-theme-vicuna-1.48_1~febb25d0cf.pkg
   /var/cache/pkg/opnsense-update-25.1.3.pkg
   /var/cache/pkg/nano-8.3.pkg
   /var/cache/pkg/php83-session-8.3.17_1.pkg
   /var/cache/pkg/php83-mbstring-8.3.17_1~0736684d76.pkg
   /var/cache/pkg/openssh-portable-9.9.p2_1,1.pkg
   /var/cache/pkg/rspamd-3.11.0_1~9107aefab8.pkg
   /var/cache/pkg/php83-sqlite3-8.3.17_1.pkg
   /var/cache/pkg/krb5-1.21.3_1~89de19c5d3.pkg
   /var/cache/pkg/dnsmasq-2.90_5,1.pkg
   /var/cache/pkg/rspamd-3.11.0_1.pkg
   /var/cache/pkg/php83-filter-8.3.17_1.pkg
   /var/cache/pkg/php83-pcntl-8.3.17_1.pkg
   /var/cache/pkg/re2-20240702_1.pkg
   /var/cache/pkg/pftop-0.12.pkg
   /var/cache/pkg/curl-8.12.1.pkg
   /var/cache/pkg/zstd-1.5.7.pkg
   /var/cache/pkg/php83-8.3.17_1.pkg
   /var/cache/pkg/icu-76.1,1.pkg
   /var/cache/pkg/syslog-ng-4.8.1_5~c1d5935ef8.pkg
   /var/cache/pkg/py311-duckdb-1.2.0.pkg
   /var/cache/pkg/os-acme-client-4.9~8b7d75214c.pkg
   /var/cache/pkg/krb5-1.21.3_1.pkg
   /var/cache/pkg/suricata-7.0.8_2.pkg
   /var/cache/pkg/os-theme-rebellion-1.9.2_1~f72ef63734.pkg
   /var/cache/pkg/curl-8.12.1~d85a3be0a3.pkg
   /var/cache/pkg/py311-numpy-1.26.4_5,1~793c96920c.pkg
   /var/cache/pkg/py311-certifi-2025.1.31.pkg
   /var/cache/pkg/os-acme-client-4.9.pkg
   /var/cache/pkg/php83-pcntl-8.3.17_1~6ce739b176.pkg
The cleanup will free 162 MiB
Deleting files: .......... done
All done
Nothing to do.
Starting web GUI...done.
Fetching base-25.1.3-amd64.txz: ...

I started the upgrade shortly before 9:00 PM, and now it's almost two hours later. I don't mean the last step, it's been almost two hours. This is the first time I've had to wait this long for an upgrade, and it's happily carrying on like this. I don't know how long this will last. I don't see anything unusual in the log. What can I do besides wait?

Thanks for Support.

Hallo zusammen,

ich wollte fragen ob jemand von euch eine Lösung zu dem Problem hat.
Seit ungefähr 2 Tagen habe ich das Problem das der Service Redis über Gui nicht starten lässt.

Die Fehlermeldung das IP bereits benutzt wird habe es auch mit netstat etc. gecheckt aber der Service ist dann trotzdem nicht gestartet ich habe auch einen Workaround gefunden aber anscheinend nach dem nächsten Änderung über GUI ist der Dienst wieder offline. Datenbank hatte ich auch reset gemacht hat aber nichts gebracht.


Das Problem ist wohl das ich in der Konfiguration 2x die Interne IP drin stehen habe.

Es siehst dann so aus:

bind 127.0.0.1 ::1 172.29.2.1 172.29.2.1
Wenn ich dann den doppelten eintrag rauslöscht habe lässt sich die DB wieder starten.

Irgendwie richtig seltsam das ganze.

Viele Grüsse