Messages

There's a chance that your disk has gone bad, which is something I see often on the forums.  Try to install the 'os-smart' plugin and run a S.M.A.R.T check to see about your disk health.  That plugin provides a simple status widget that you can add to the Lobby screen as well.  Probably not worth reinstalling if it's running well now and passing the Health audit (System->Firmware->Status->Run an audit->Health).

As for tunables during installation, you can set them temporarily from the boot menu:

https://forum.opnsense.org/index.php?topic=47494.msg239887#msg239887

You'll need console access- serial or VGA.

I think the system is corrupted. I'm seeing errors in the health audit. Can't install os-smart. Getting errors when I try to install updates.

Code Select Expand



############### Health audit errors ##############

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 25.7 (amd64) at Tue Aug 12 09:20:05 EDT 2025
>>> Root file system: /dev/gpt/rootfs
>>> Check installed kernel version
Version 25.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 25.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
os-nut 1.9
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: ....
nspr-4.37: checksum mismatch for /usr/local/bin/nspr-config
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_aix32.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_aix64.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_darwin.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_freebsd.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_hpux32.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_hpux64.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_linux.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_netbsd.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_nto.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_openbsd.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_qnx.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_riscos.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_solaris.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_win95.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/pratom.h
nspr-4.37: checksum mismatch for /usr/local/include/nspr/prinit.h
nspr-4.37: checksum mismatch for /usr/local/lib/libnspr4.a
nspr-4.37: checksum mismatch for /usr/local/lib/libnspr4.so
nspr-4.37: checksum mismatch for /usr/local/lib/libplc4.so
nspr-4.37: checksum mismatch for /usr/local/lib/libplds4.so
nspr-4.37: checksum mismatch for /usr/local/libdata/pkgconfig/nspr.pc
nspr-4.37: missing file /usr/local/share/licenses/nspr-4.37/LICENSE
nspr-4.37: missing file /usr/local/share/licenses/nspr-4.37/MPL20
nspr-4.37: missing file /usr/local/share/licenses/nspr-4.37/catalog.mk
Checking all packages.....
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/LICENSE
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/METADATA
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/RECORD
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/WHEEL
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/top_level.txt
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__init__.py
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__main__.py
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/__init__.cpython-311.opt-1.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/__init__.cpython-311.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/__main__.cpython-311.opt-1.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/__main__.cpython-311.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/core.cpython-311.opt-1.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/core.cpython-311.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/cacert.pem
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/core.py
py311-certifi-2025.7.14: missing file /usr/local/share/licenses/py311-certifi-2025.7.14/LICENSE
py311-certifi-2025.7.14: missing file /usr/local/share/licenses/py311-certifi-2025.7.14/MPL20
py311-certifi-2025.7.14: missing file /usr/local/share/licenses/py311-certifi-2025.7.14/catalog.mk
Checking all packages.....
py311-typing-extensions-4.14.1: checksum mismatch for /usr/local/lib/python3.11/site-packages/__pycache__/typing_extensions.cpython-311.opt-1.pyc
py311-typing-extensions-4.14.1: checksum mismatch for /usr/local/lib/python3.11/site-packages/__pycache__/typing_extensions.cpython-311.pyc
py311-typing-extensions-4.14.1: missing file /usr/local/lib/python3.11/site-packages/typing_extensions-4.14.1.dist-info/METADATA
py311-typing-extensions-4.14.1: missing file /usr/local/lib/python3.11/site-packages/typing_extensions-4.14.1.dist-info/RECORD
py311-typing-extensions-4.14.1: missing file /usr/local/lib/python3.11/site-packages/typing_extensions-4.14.1.dist-info/WHEEL
py311-typing-extensions-4.14.1: missing file /usr/local/lib/python3.11/site-packages/typing_extensions-4.14.1.dist-info/licenses/LICENSE
py311-typing-extensions-4.14.1: checksum mismatch for /usr/local/lib/python3.11/site-packages/typing_extensions.py
Checking all packages..... done
>>> Check for core packages consistency
Core package "opnsense" at 25.7 has 68 dependencies to check.
Checking packages: .......................
opnsense-25.7 version mismatch, expected 25.7.1_1
Checking packages: ...........................
py311-duckdb-1.3.1_1 version mismatch, expected 1.3.2
Checking packages: ..............
sudo-1.9.17p1 version mismatch, expected 1.9.17p2
Checking packages: ..
syslog-ng-4.8.2_3 version mismatch, expected 4.8.2_4
Checking packages: ... done
***DONE***


#########  os-smart install fails #########

***GOT REQUEST TO INSTALL***
Currently running OPNsense 25.7 (amd64) at Tue Aug 12 09:24:10 EDT 2025
Installation out of date. The update to opnsense-25.7.1_1 is required.
***DONE***

######## Firmware update fails ###########

***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7 (amd64) at Tue Aug 12 00:54:33 EDT 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (11 candidates): .......... done
Processing candidates (11 candidates): .......... done
The following 11 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
boost-libs: 1.88.0_1 -> 1.88.0_2
curl: 8.14.1 -> 8.15.0
ivykis: 0.43.2 -> 0.43.2_1
jq: 1.8.0 -> 1.8.1
libucl: 0.9.2_1 -> 0.9.2_2
nss: 3.113.1_1 -> 3.114
opnsense: 25.7 -> 25.7.1_1
py311-duckdb: 1.3.1_1 -> 1.3.2
sudo: 1.9.17p1 -> 1.9.17p2
syslog-ng: 4.8.2_3 -> 4.8.2_4
webp: 1.5.0 -> 1.6.0

Number of packages to be upgraded: 11

36 MiB to be downloaded.
[1/11] Fetching boost-libs-1.88.0_2.pkg: .......... done
[2/11] Fetching nss-3.114.pkg: .......... done
[3/11] Fetching jq-1.8.1.pkg: .......... done
[4/11] Fetching syslog-ng-4.8.2_4.pkg: .......... done
[5/11] Fetching webp-1.6.0.pkg: .......... done
[6/11] Fetching ivykis-0.43.2_1.pkg: .......... done
[7/11] Fetching curl-8.15.0.pkg: .......... done
[8/11] Fetching libucl-0.9.2_2.pkg: .......... done
[9/11] Fetching opnsense-25.7.1_1.pkg: .......... done
[10/11] Fetching py311-duckdb-1.3.2.pkg: .......... done
[11/11] Fetching sudo-1.9.17p2.pkg: .......... done
Checking integrity...Assertion failed: (strcmp(uid, p->uid) != 0), function pkg_conflicts_check_local_path, file pkg_jobs_conflicts.c, line 315.
Child process pid=26045 terminated abnormally: Abort trap
Starting web GUI...done.
***DONE***



As for tunables during installation, you can set them temporarily from the boot menu:

https://forum.opnsense.org/index.php?topic=47494.msg239887#msg239887

I assume that i'll need to do this for all future updates unless the developers change the default for this tunable. Is this correct? This will make future updates painful :-(

I came across this mailing list thread while searching online about FreeBSD instabilities with N100, as many have been reporting upgrade issues.  I'm not sure if this is related to the problematic microcode updates.

https://lists.freebsd.org/archives/freebsd-current/2025-January/006984.html

Thank you!

I have an N100 system. I recently upgraded to 25.7. The system crashed during the first boot after the upgrade. I saw that there were file system errors during the boot. After a re-install it appeared to be running OK. While reading the forum to try and solve some other problems I had during the upgrade I found this thread. I have now added vm.pmap.pcid_enabled=0 to the tunables. Even though it seems to be running fine I assume that there could still have been some file system corruption. Do you think I should re-install 25.7? If so, how would I do this so that the vm.pmap.pcid_enabled=0 setting is in place before the first boot? Sorry this may be simple but I'm not very good with Linux.

Dns:
First IP shown at nslookup is the resolving DNS server.
The DHCP in your ipfire was configured to push an external DNS server to the Clients.
Your opnsense DHCP pushes itself as DNS resolver to the Clients.
In my opinion it's okay and the better choice as for example it's allowing you to resolver local hostnames.


Portforward: the destination address should be your wan address instead of LAN address.
That should so the job from the outside.

From inside you need either
- split-dns (Host overwriting in unbound): your local DNS resolver gives back the local IP of your webserver
or enable NAT Reflection:
https://docs.opnsense.org/manual/nat.html

Turning on NAT reflection and correcting the port forwarding solved the problems. Everything is working now. Thank you for your help!

Goto System: Settings: Administration
and Change your Port to 444 for example.
And Check "Disable web GUI redirect rule".

I changed the web GUI port to 444. and disabled the web GUI redirect rule.

I no longer see the OPNsense GUI when I access my web server from the LAN. I now just get a timeout. Port forwarding to my web server is still not working. Also,  It looks like OPNsense is still modifying LAN DNS lookups.

Below are command prompt sessions showing the different name lokkup results using OPNsense and my old IPCop firewall. I assume that I must have some problems with the OPNsense DNS settings. Using OPNsense, my hostname "mesterhome.com" is being redirected from WAN addresses of 129.250.35.250 and 198.252.121.79 to the local LAN address 192.168.1.1 and 198.252.121.79.

The address 198.252.121.79 is the actual ip address assigned to my hostname.

Code Select Expand




Microsoft Windows [Version 10.0.18363.778]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Users\Luke-AMD6>REM nslookup results using OPNsense

C:\Users\Luke-AMD6>nslookup mesterhome.com
Server:  OPNsense.localdomain
Address:  192.168.1.1

Non-authoritative answer:
Name:    mesterhome.com
Address:  198.252.121.79


C:\Users\Luke-AMD6>



Microsoft Windows [Version 10.0.18363.778]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Users\Luke-AMD6>REM nslookup using IPCop

C:\Users\Luke-AMD6>nslookup mesterhome.com
Server:  x.ns.gin.ntt.net
Address:  129.250.35.250

Non-authoritative answer:
Name:    mesterhome.com
Address:  198.252.121.79


C:\Users\Luke-AMD6>


Screen captures of my current OPNsense settings can be viewed here:  https://mesterhome.com/OPNsense/

I must be making a stupid mistake! Port forwarding is not hard to do. Just assign the WAN port  to a LAN address and port.

Hello,

I've been running the IPCop Linux based firewall for many years. Unfortunately that project has quietly died. I decided to use OPNsense as a replacement.

I have the basic configuration working. The local LAN is able to access the WAN connected through my cable modem. I'm having no luck getting port forwarding working. I have a lot of port forwarding entries in IPCop. I decided to work with the most critical one first. My web server. I can't get external access to it. Also, when I try to hit it from the LAN side I'm getting redirected to the OPNsense web GUI instead of my WWW server.

It looks like OPNsense is redirecting port 80 and 443 to it's GUI. This is even though i've added a port forward to direct this traffic to my WWW server.

When I do an nslookup while running OPNsense, I see that DNS info is being modified by OPNsense. It's pointing my hostname (mesterhome.com) to 192.168.1.1 (the OPNsense WWW GUI) instead of 192.168.1.25 (the WWW server address). See the two command prompt screen captures. One is using IPCop and the other with OPNsense.

Also attached is my OPNsense config file and screen captures of the working IPCop port forwards and the non functional OPNsense forwarding.

I must have some basic problem with my setup. I hope that someone here can help me fix what I'm doing wrong.

Looks like this forum won't allow me to attach pictures. You can view them here: https://mesterhome.com/OPNsense/