Messages

Q: What was/were the error(s) ??

A: I am sorry that I can not tell. I lose opnsense access when error popup and can not connect to it after.

Q: No room for a small SSD in that device ?

A: No, storage is good and used for 2 years now. I am using ZFS because N100 is not work well with UFS. Dont know if this fixed yet.


Thanks,

Hi, all

Since 25, I got this issue.

Step 1. I download iso from opnsense and make a bootable usb.
Step 2. I use this bootable usb to install opnsense and restore configration
Step 3. I do upgrade in dashboard link, download is ok but after several package install, error popup and I lose access to opnsense

My hardware is CWWK N100 with 4 intel NIC and 64G microSD as boot device.
I saw some error complain about microSD device, but it work normally sometime.
I got 50% failure in step 3 and do not know what went wrong.

*** I just found that there are 26.1.2 iso available. I use this iso for new installation and everything went well now.

Any suggestion?

Thanks,

Never mind.  Found the related thread, https://forum.opnsense.org/index.php?topic=50657.0 and applied the patch.  All works great now.  Thanks

Thanks for the information. I will wait for next update.

I just do a fresh 26.1 install and uploaded my configuration. It works
but has some issues.

1. I see a lot of error like below, how can I fix it

/usr/local/opnsense/scripts/health/updaterrd.php: The command </usr/local/bin/rrdtool create '/var/db/rrd/ovpns4-traffic.rrd' --step 0 DS:'inpass:COUNTER:120:0:2500000000' DS:'outpass:COUNTER:120:0:2500000000' DS:'inblock:COUNTER:120:0:2500000000' DS:'outblock:COUNTER:120:0:2500000000' DS:'inpass6:COUNTER:120:0:2500000000' DS:'outpass6:COUNTER:120:0:2500000000' DS:'inblock6:COUNTER:120:0:2500000000' DS:'outblock6:COUNTER:120:0:2500000000' RRA:'AVERAGE:0.5:1:1200' RRA:'AVERAGE:0.5:5:720' RRA:'AVERAGE:0.5:60:1860' RRA:'AVERAGE:0.5:1440:2284'> returned exit code 1 and the output was "ERROR: step size: value must be positive"

2. Export old rule give me a csv but nothing happen when import it.

My bad, I just found out I need to use pull down to select interface and rules are all there.
Maybe a message box after import will be better. If this happen to you, check the pull down
first.

2026/2/5 update
issue 1 fixed after 26.1.1 released.

Thanks for your help,

Thanks Bob.

After changed wireguard peer allow ip setting to 0.0.0.0/0, connection to VPN
provider works fine now.

I got a lot to learn about wireguard VPN.

Hi, all

My OpenVPN sever and OpenVPN connection to VPN provider work fine in 25.1. After upgrade to 25.7,
It seems VPN connection need a certificate from VPN provider now. Is this true?

Now I tried to connect to  VPN provider through wireguard but never success yet. Here is the
configuration, hope someone correct what I do wrong.

1. create wireguard instance
Name: Surfshark
Public key: *****
Private key: *****
Listen port: 51820
Tunnel address: 10.14.0.2/16
Peer: SurfsharkJP
disable route: checked

PS: I am confused, why I need a wireguard server occupy a listen port for just establish VPN client connection

2. create wireguard peer
Name: SurfsharkJP
Public key: *****
Allow IP: <my vlan subnet>
End point address: *****
End point port: *****
Instances: Surfshark

3. check wireguard status
ok wg0 interface Surfshark 51820
ok wg0 peer SurfsharkJP ***** 41s 202k 61k

4. assign interface
Surfshark wg0 enable

5. NAT rule
Surfshark any    *    *    *    Interface address    *    NO

6. Surfshark rule
pass IPv4 *    *    *    *    *    *    *

7. vlan rule
pass IPv4 *    VLAN net    *    *    *    GW_Surfshark    *

8. gateway

GW_Surfshark Surfshark IPv4 255 10.14.0.1

With above configuration, VLAN net can not resolve DNS,
I can see 10.14.0.2 connect to 8.8.8.8 udp 53 passed but never receive any ip address.

Thanks for your help,

Thank you very much for your reply.

If I setup auto update rules everyday, I can
receive newest Dshield, Spamhaus block list
by daily base?

If that is the case, these two list should
be good and reliable block list to use.

Hello, everyone

I just turn on my suricata ips and found it useful. Currently I drop traffic from the following rules
and a lot of dns garbage traffic disappeared

ET DROP Dshield Block Listed Source group *
ET DROP Spamhaus DROP Listed Traffic Inbound group *

What I am curious is will suricata receive Dshield and Spamhaus list update frequently?
I google around and found some similar rule on github is very old.

Thanks,

Hi, all

I download config from old device which ethernet is igbx and change it to igcx. Then I upload this config to my new device.

After reboot, everything work as usual but now webui is blocked. Is it possible that I can get webui access without resetting to factory default and apply every setting manually?

BTW: I open firefox developer console when access webui and see ns_binding_aborted or ns_error_net_timeout


-----

After a factory reset and upload config again, it's working normal now. Strange.

Thanks for giving me a good idea to start.

Let me share my experience:

Environment
SG-250 have 2 vlan with id 1,2, opnsense connect to vlan1

Opnsense side
1. add a vlan with id 2
2. assign interface for vlan2
3. enable dhcp service on vlan2

SG-250
1. configure opnsense port to trunk

That's all

Hello, everyone

I just got a cisco SG-250 switch and plan to create 2 VLAN on it.
Opnsense will connect to VLAN1. Is it possible to assign IP to
VLAN2 from opnsense dhcp service? I googled and found a similiar
topic years ago and it say it not possible.

If opnsense can not help, I should build a dhcp server on vlan1 and
use SG-250 dhcp relay feature to assign IP to VLAN2. Is this idea
correct?


Thanks,

Hi, all

I am runngin opnsense 19.1.8.If I uncheck 'Password protect the console menu' option, I can see full function menu in serial console. If I check 'Password protect the console menu' option, I got login prompt, I tried to login using a account which is ok for web ui, I got 'this account is currently not available' error and back to login prompt.
Is there anything I should check to get serial console access?


Thanks,

please take a look at this topic

https://forum.opnsense.org/index.php?topic=12092.0

seem the same issue, it might help

I just migrate to opnsense today and got the same issue. Here is how I solve this problem:

When create certificate for openvpn server, you should have 'X509v3 key usage' and
'X509v3 Extended key usage' options. My first created certificate only has 3 'X509v3 key usage'
digital signaute, non repudiation, key encipherment, and this certificate wont work instead
showed describe error above. While create seconde certificate, I also select 3 'X509v3 Extended key usage'
TLS web server, TLS web client, code signing, and this one accepted by opnsense openvpn
server.

Hope this helps

Thank you very much for your advice. That explains why even Intel core i3 CPU cannot speed up network performance. My NIC are all PCI interface. I will try to replace NIC with PCIe interface.