Messages

I had issues with aliases as well, but looks like it may have also been a problem in the last version but I hadn't noticed.  I tried loads of things incl changing DNS, removing DNS from System > General etc but what fixed it for me was going through each one individually, copy the URL string to the source, delete the URL string, click save and the apply.  Then go back into the alias, paste back in the URL, save and apply.

Takes a few min to go through them all but it worked for me and saved deleting all my firewall rules and aliases and starting again.

I had a similar issue going from 25.7.9_7 to 25.7.10 and had to update twice.

I started another thread as I also lost crowdsec and had to reinstall and re-configure that: https://forum.opnsense.org/index.php?topic=50150.0

Please let me know if you would like any logs and where to find them.

Pretty much as the title says, just upgraded from 25.7.9_7 to 25.7.10 which uninstalled crowdsec and rebooted me into 25.7.9_7 again.  Second install and I got 25.7.10 but had to re-install crowdsec which didn't pick up the existing config so I've had to go through re-enrolment and re-config all over again which is a pain.

Something funky is still going on, even between updates.

In the past week I've bought a new m.2 ssd and reinstalled opnsense (ZFS) and all plugins incl adguardhome.  New ssd is reported as OK by SMART tests.

Now I'm noticing that even between reboots (no updates) that some of the adguard home config changes I've made since the last reboot are lost.

Not sure that can mean a repo issue?

I've ordered a new ssd and will reinstall next week and then see what happens during the next scheduled update in 1-2 weeks time, not sure what else I can do for now?

Hi, I already have the microcode and those tunables applied after I spotted them from last time I had an issue.

I guess I'll see how it goes next set of updates and report back but would be interested to see if anyone else with an N series chip experiences continuing problems.

Yes that's what I'm running the adguard home only repo.

I'm not convinced this is the issue though.  When I upgraded from 25.7.3 to 25.7.4 I got a "/" corruption error but at the time didn't report it as I was short of time.  I suspect the same has happened again but it's not shown in the logs and I didn't see it on the screen during update.   The SSD seems fine via SMART so like the other thread I linked above there seems to be a possible N series Intel corruption issue lurking somewhere?

So run a pkg update after upgrading each time?

I have an issue which may be related to: https://forum.opnsense.org/index.php?topic=48343.15 but I'm using the ZFS file system and I've implemented the tunables recommended in that thread and rebooted before I upgraded (as I suffered this issue last upgrade last week). 

When I update (as I just have from 25.7.4 to 25.7.5) I'm experiencing an issue where the update doesn't work first time and my Adguard Home and Unbound config reverts to a previous version and I have to update again (which then works) and restore my Adguard Home and Unbound config. This issue also happened when I upgraded from 25.7.3 to 25.7.4.

I'm using ZFS on a sata ssd and there are no SMART errors and I can't figure out what's going wrong.

I've attached a system.log file from today, but not sure what to look for?

Edit: I'm also now noticing that on just a plain reboot (no update) that my unbound config is reverting to a previous version as well, so something funky is going on

I've just added a port forwarding rule to forward UDP port 41641 to my linux server which runs Tailscale to allow me to access plex, jellyfin, immich etc when away from home.  Without port forwarding I was being DERP relayed which isn't great for plex etc as the bandwidth is pretty low.  With a direct connection I get better performance out of my synchronous gigabit connection.

However I would also like to limit what can connect to this port so I first created a host alias for the two new Tailscale FQDNs 'login.tailscale.com' and 'controlplane.tailscale.com' and then the IPv4 and IPv6 rules below to effectively only allow connections from these hosts.

This is working as in I can still connect to may server when remote, but would appreciate and comments on whether this will achieve what I'm trying to do in terms of blocking anything else or isn't effective etc.  In the rules below, "BRSK" is my WAN interface. 192.168.1.9/32 is the IPv4 address of my server and I have obfuscated the IPv6 address. I get a static /48 from my ISP and therefore my LAN gets a static /64 delegated.

I'm switching ISP in less than 2 weeks and trying to plan out the best way to update my config to update the connection type, interfaces, gateways, default routes etc etc.

My current ISP (BT) is PPPOE/DHCPv6 and my new ISP (BRSK) is DHCPv4/SLAAC.

Can I achieve this via the GUI or do I need to go to the shell and re-assign interfaces? Which is the best way?

My current ISP uses PPPOE with credentials for IPv4 and DHCPv6 over PPPOE for IPv6 and they give out a /56.

My new ISP has no credentials, I need to clone the MAC address of their supplied router onto my WAN interface and then change to DHCPv4 and SLAAC on WAN to get a /48.

I've seen some posts about residual gateways and routes causing problems so how to go about this please?

I use Kea DHCPv4, Router Advertisements for IPv6 (no DHCPv6 on LAN) and Unbound for DNS if they matter.

Hi @tinkermanuk did you ever get this successfully sorted?

I'm planning on swtiching from BT (pppoe) to BRSK shortly (DHCP IPv4 and SLAAC for IPv6) and was looking at the same settings as you were in OPNSense and got confused.  I had hoped it was a simple setting switch but it looks more complex.  For example did you have to make any changes to  gateways in addition to the pppoe > DHCP switch?

At the very least I would recommend accessing plex via a reverse proxy.  Caddy is a simple reverse proxy to set up and handles certificates etc for you.  Yes you will need a domain and a ddns service (unless you have a static public IP address).

Alternatives are accessing over wireguard/tailscale or some people even use cloudflare tunnels, latter may be against cloudflares ToS but these options do not require any open ports.

If you search the plex and selfhosted subreddits you will find lots of posts on how to do these things and they will all be a step up from forwarding a port directly to plex.

Nobody?

No, 24.7.3_1 is fine for me after the devs reverted back to earlier versions of dhcpv6. I believe there were upstream freebsd ipv6 issues that haven't been fixed.