"
Cloudflare 1.1.1.1 Incident on July 14, 2025 - https://blog.cloudflare.com/cloudflare-1-1-1-1-incident-on-july-14-2025/
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
25.1, 25.4 Production Series / Re: Did anyone else's internet just "quit"?
July 16, 2025, 08:09:34 AM #2
25.1, 25.4 Production Series / Dnsmasq returns only IPv4 addresses for Aliases
July 15, 2025, 11:56:42 AM
Hi!
Is it known that Dnsmasq returns only IPv4 addresses for Aliases?
host OpenMediaVault.localdomain
OpenMediaVault.localdomain has address 192.168.X.Y
OpenMediaVault.localdomain has IPv6 address 2a0Z:X::Y
host omv.localdomain
omv.localdomain has address 192.168.X.Y
Is it known that Dnsmasq returns only IPv4 addresses for Aliases?
host OpenMediaVault.localdomain
OpenMediaVault.localdomain has address 192.168.X.Y
OpenMediaVault.localdomain has IPv6 address 2a0Z:X::Y
host omv.localdomain
omv.localdomain has address 192.168.X.Y
#3
25.1, 25.4 Production Series / Re: 25.1.7_4: Unbound to dnsmasq 5(REFUSED), restarting dnsmasq solves the issue
June 02, 2025, 12:49:28 PM
Thanks, I tried and got this:
sudo opnsense-patch 4381fe4903ecbeff19ebd1e04b789628e51124ef; configctl webgui restart
Fetched 4381fe4903ecbeff19ebd1e04b789628e51124ef via https://github.com/opnsense/core
1 out of 1 hunks failed while patching opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf
OK
sudo opnsense-patch 4381fe4903ecbeff19ebd1e04b789628e51124ef; configctl webgui restart
Fetched 4381fe4903ecbeff19ebd1e04b789628e51124ef via https://github.com/opnsense/core
1 out of 1 hunks failed while patching opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf
OK
#4
25.1, 25.4 Production Series / 25.1.7_4: Unbound to dnsmasq 5(REFUSED), restarting dnsmasq solves the issue
June 01, 2025, 01:51:53 PM
OPNsense 25.1.7_4 - The setup is according to the official documentation.
Everything works fine until Unbound to dnsmasq returns 5(REFUSED), restarting dnsmasq solves the issue
Everything works fine until Unbound to dnsmasq returns 5(REFUSED), restarting dnsmasq solves the issue
#5
25.1, 25.4 Production Series / Re: 25.1.7-Dnsmasq-Hosts-Aliases not working.
May 21, 2025, 03:22:42 PM
the issue is fixed in OPNsense 25.1.7_2, /var/etc/dnsmasq-hosts is populated correctly
Though it works for some time, the latter resolution is again faulty. Restarting Unbound fixes the problem for a short time.
Though it works for some time, the latter resolution is again faulty. Restarting Unbound fixes the problem for a short time.
#6
25.1, 25.4 Production Series / 25.1.7-Dnsmasq-Hosts-Aliases not working.
May 19, 2025, 03:14:50 PM
Hi!
OPNsense v25.1.7 host aliases no longer working:
>host omv.localdomain
Host omv.localdomain not found: 2(SERVFAIL)
>host openmediavault.localdomain
openmediavault.localdomain has address XXX.XXX.XXX.XXX
cfg was not changed since 25.1.6_4
OPNsense v25.1.7 host aliases no longer working:
>host omv.localdomain
Host omv.localdomain not found: 2(SERVFAIL)
>host openmediavault.localdomain
openmediavault.localdomain has address XXX.XXX.XXX.XXX
cfg was not changed since 25.1.6_4
#7
24.1, 24.4 Legacy Series / Re: ACME plugin: can't obtain production certificate using DNS challenge
June 05, 2024, 01:45:11 PM
I'm having the same issue
AcmeClient: validation for certificate failed: XXX.XXX.XXX
2024-06-05T14:42:54 opnsense AcmeClient: domain validation failed (dns01)
2024-06-05T14:42:54 opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php: AcmeClient: The shell command returned exit code '2': '/usr/local/sbin/acme.sh --renew --syslog 6 --log-level 1 --server 'letsencrypt' --dns 'dns_cf' --dnssleep '120' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/6244690401b582.96545326' --certpath '/var/etc/acme-client/certs/6244690401b582.96545326/cert.pem' --keypath '/var/etc/acme-client/keys/6244690401b582.96545326/private.key' --capath '/var/etc/acme-client/certs/6244690401b582.96545326/chain.pem' --fullchainpath '/var/etc/acme-client/certs/6244690401b582.96545326/fullchain.pem' --domain 'XXX.XXX.XXX' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/624465c1ebd1a0.95366960_prod/account.conf''
2024-06-05T14:42:53 opnsense AcmeClient: using challenge type: Cloudflare DNS Validation
2024-06-05T14:42:53 opnsense AcmeClient: account is registered: YYY WEB GUI Cert Accoiunt
2024-06-05T14:42:53 opnsense AcmeClient: using CA: letsencrypt
AcmeClient: validation for certificate failed: XXX.XXX.XXX
2024-06-05T14:42:54 opnsense AcmeClient: domain validation failed (dns01)
2024-06-05T14:42:54 opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php: AcmeClient: The shell command returned exit code '2': '/usr/local/sbin/acme.sh --renew --syslog 6 --log-level 1 --server 'letsencrypt' --dns 'dns_cf' --dnssleep '120' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/6244690401b582.96545326' --certpath '/var/etc/acme-client/certs/6244690401b582.96545326/cert.pem' --keypath '/var/etc/acme-client/keys/6244690401b582.96545326/private.key' --capath '/var/etc/acme-client/certs/6244690401b582.96545326/chain.pem' --fullchainpath '/var/etc/acme-client/certs/6244690401b582.96545326/fullchain.pem' --domain 'XXX.XXX.XXX' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/624465c1ebd1a0.95366960_prod/account.conf''
2024-06-05T14:42:53 opnsense AcmeClient: using challenge type: Cloudflare DNS Validation
2024-06-05T14:42:53 opnsense AcmeClient: account is registered: YYY WEB GUI Cert Accoiunt
2024-06-05T14:42:53 opnsense AcmeClient: using CA: letsencrypt
#8
23.7 Legacy Series / Re: double "block all targeting port 0" Automatically generated rules on the WAN
November 09, 2023, 07:58:52 AM
Thank you!
#9
23.7 Legacy Series / double "block all targeting port 0" Automatically generated rules on the WAN
November 09, 2023, 07:41:10 AM
Hi!
I have noticed that there is a double "block all targeting port 0" Automatically generated rules on the WAN interface - OPNsense 23.7.7_3-amd64
IPv4+6 TCP/UDP * * * * * * * block all targeting port 0
IPv4+6 TCP/UDP * * * * * * * block all targeting port 0
Might be a bug?
I have noticed that there is a double "block all targeting port 0" Automatically generated rules on the WAN interface - OPNsense 23.7.7_3-amd64
IPv4+6 TCP/UDP * * * * * * * block all targeting port 0
IPv4+6 TCP/UDP * * * * * * * block all targeting port 0
Might be a bug?
#10
23.1 Legacy Series / Re: Loss of outgoing connectivity after upgrade from 22.7.11 -> 23.1
March 06, 2023, 11:40:23 AM
do you have custom tunables in your config?
check this https://forum.opnsense.org/index.php?topic=32017.15
check this https://forum.opnsense.org/index.php?topic=32017.15
#11
23.1 Legacy Series / Re: Upgraded to 23.1.r2: no LAN ip after reboot
January 27, 2023, 09:43:55 AM
can confirm - removing dev.igb.X.eee_control solved the problem.
#12
Hardware and Performance / Re: PPPoE with separate router/bridge
December 17, 2022, 02:23:56 PMQuote from: skyjam on September 25, 2018, 05:14:45 PM
Hi there
as there is a PPPoE problem in FreeBSD and it doesn't look like it will be solved in a reasonable timeframe I'm thinking of putting a router/bridge in front of my setup like this:Code Select
WAN / Internet
:
: FTTH provider
:
.----+------------.
| PPPoE Router | (or Bridge, whatever)
'-----+-----------'
|
WAN
|
.-----+------.
| OPNsense |
'-----+------'
|
LAN
Internet is provided with PPPoE and VLAN ID.
I have fixed IP's I want to use with opnSense.
Is there any cheap router/Bridge/whatever available to just do this:
"transform" the ISP's signal to use with a regular WAN port of my opnSense router?
If necessary I can also put a fiber converter in front, too.
It may even use one of my public IP's.
Thank you for all hints!
Were you able to find a solution? I'm looking for the same appliance.
#13
22.7 Legacy Series / Re: 1000M drops to 100M after a few minutes
December 13, 2022, 07:14:20 PM
Hi! I think I know what you are talking about. I have apu2 with the very same specs as you.
Just seconds after reboot I run a speed test and can get up to 800Mbps, a couple of minutes later it drops to ~200-300Mbps max.
I understood that if I disable the Shaper, which was helpful when I had a VSDL connection, the speed stays in the 800Mbps range.
Server: Active Cloud - XXXXXXXXXX
ISP: XXXXXXXXX
Idle Latency: 3.95 ms (jitter: 0.19ms, low: 3.81ms, high: 4.10ms)
Download: 816.02 Mbps (data used: 1.2 GB)
10.18 ms (jitter: 9.49ms, low: 3.70ms, high: 235.02ms)
Upload: 84.49 Mbps (data used: 100.5 MB)
27.24 ms (jitter: 6.91ms, low: 5.67ms, high: 88.46ms)
Packet Loss: 0.0%
suggest checking if this is your case.
Have a nice day!
Just seconds after reboot I run a speed test and can get up to 800Mbps, a couple of minutes later it drops to ~200-300Mbps max.
I understood that if I disable the Shaper, which was helpful when I had a VSDL connection, the speed stays in the 800Mbps range.
Server: Active Cloud - XXXXXXXXXX
ISP: XXXXXXXXX
Idle Latency: 3.95 ms (jitter: 0.19ms, low: 3.81ms, high: 4.10ms)
Download: 816.02 Mbps (data used: 1.2 GB)
10.18 ms (jitter: 9.49ms, low: 3.70ms, high: 235.02ms)
Upload: 84.49 Mbps (data used: 100.5 MB)
27.24 ms (jitter: 6.91ms, low: 5.67ms, high: 88.46ms)
Packet Loss: 0.0%
suggest checking if this is your case.
Have a nice day!
#14
22.7 Legacy Series / Re: Block private networks - blocks 100.75.* network
December 09, 2022, 11:00:52 AM
Thanks, didn't notice that :(
#15
22.7 Legacy Series / Block private networks - blocks 100.75.* network
December 09, 2022, 10:44:14 AM
Hi!
My OPNsense is blocking connections from address 100.75.* with labeling "block private networks from WAN" while "Block private networks" is checked under the WAN interface.
though help for this option states: "When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8) and Carrier-grade NAT addresses (100.64/10). This option should only be set for WAN interfaces that use the public IP address space."
I will appreciate any help.
Thanks in advance
My OPNsense is blocking connections from address 100.75.* with labeling "block private networks from WAN" while "Block private networks" is checked under the WAN interface.
though help for this option states: "When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8) and Carrier-grade NAT addresses (100.64/10). This option should only be set for WAN interfaces that use the public IP address space."
I will appreciate any help.
Thanks in advance
