Messages

I just found the problem. While editing the CSV file with LibreOffice, the columns shifted. I corrected that, and now the import works. Sorry for the interruption.

I created two entries manually and exported them as a CSV file. I added more entries to this file. When I read in the data, each entry is reported as wrong:
f4040reception,1,192.168.200.2,e8:df:70:85:21:f1,0,FRITZ!Box 4040,,,,,
!! Value should be a boolean (0,1).
!! Please specify a valid network segment or IP address.
!! Value must be a colon-separated hexadecimal sequence (e.g., 01:02:f3) or "*".
!! Invalid MAC address.
and so on.
However, I don't see any problem with the MAC address or with specifying 0 or 1.
Version: 25.1.12
I have done this already on an other OPNsense box. Maybe earlier than 25.1.12. Shortly after upgrade in Juli 2025.

No, I didn't. But it didn't help either. Unbound doesn't forward requests to home.arpa to the specified server, even after I set it up as a private domain. As far as I can tell, the request doesn't even arrive there.

I manage some internal zones using BIND9 and would like the OPNsense unbound to forward requests to the Bind name server. This works for several zones like first.site or second.site, but not for home.arpa.

Does home.arpa have a special meaning and therefore isn't forwarded?

The ticket HA & monit helps me.

Thank you, that helps me.

In an HA configuration, I receive a notification every day from the backup firewall that the Monit service is stopped and started again. The stop is at 01:05:09 and the start is at 01:05:10. I can't find anything in the logs that indicates this restart.

Does anyone have any advice?

For an HA configuration, the exact same hardware is required, as is said time and again. What exactly does that mean?

Do the boxes have to be exactly the same, or is it only important that the order of the interfaces is correct?
LAN = LAN
WAN = WAN
OPT1 = OPT1
OPT2 = OPT2

What does this mean for virtual machines? For example, if one is running on VMware ESXi and the other on KVM/QEMU? Does this work or not, because it is not the same "hardware"?

Or if e1000 is used as the interface in one VM under VMware ESXi and VMXNET3 in the other?

Thank you. But I can only search show unread posts since last visit. I want to search all my posts. If I use the advanced search I have to give a search term. But I want to see all my posts, at least the last ten.

I find the solution for VMware ESXi: I had to enable the promiscuous mode for all the interfaces. For this I created port groups to use only for the VM's with OPNsense.

I find the solution for VMware ESXi: I had to enable the promiscuous mode for all the interfaces. For this I created port groups to use only for the VM's with OPNsense.

I find the solution for VMware ESXi: I had to enable the promiscuous mode for all the interfaces. For this I created port groups to use only for the VM's with OPNsense.

How do I find my previous posts or their answers? Or posts I've written in other people's posts? I can't remember the titles or exact wording. I can't search for my username.

When setting up the HA cluster, I followed the manual: https://docs.opnsense.org/manual/how-tos/carp.html, but I have a small problem that prevents me from putting the cluster into operation.

I cannot reach the public virtual address. However, if I have a VPN active for the IP address of one of the two devices, I can reach the virtual address of the LAN interface. When I am on site in the internal network, I can reach both the virtual address from the LAN and the one with the public IP address.

By reach I mean, on the one hand, pinging and, on the other hand, logging into the system via SSH.

I don't have any physical devices, both OPNsense's are implemented as VMs under VMware ESXi. The security settings MAC address changes and Forged transmits are allowed on the vSwitch.

What did I forget to configure?

I have MAC address changes enabled and Forged transmits, but not Promiscuous mode. I observed traffic to 224.0.0.18.

So I'll activate promiscuous mode and test it again. Unfortunately I won't be able to try this out until the next maintenance window.