Messages

With everything you've tried so far and the fact that DNS appears to be resolving correctly, I would be suspicious of some kind of ban on your IP. Does your ISP use dynamic assignment for your IPv4 WAN address? Maybe try to to connect via a VPN and see if the problem persists.

Hello,
I'm in the installer and recovered my config file to a second USB drive (FAT32). The drive is /dev/da0p1, but the installer shows it as /dev/da0c. I can mount the partition and see /config/config.xml, yet the installer never prompts me to press a key at boot and the import fails.

Any suggestions?

My suggestion is to create the directory structure as /conf/config.xml as directed in the documentation. Yours is /config/config.xml assuming that's not a typo.

...namely the ability specify a specific DNS service for a certain group of devices, for example, pointing all of my smart TV and media devices to Adguard Home or Pi-Hole.

You can accomplish that using DNSmasq by applying tags.

You most likely did not change the interface in the selectpicker. It's "Floating" per default, but you should choose "LAN". There you can find your rules.

You were right, that was it.

I'm glad this happened to someone and I got to see it because I'm pretty sure this would've happened to me eventually. Now I'm ready.

Just make sure you have a config.xml downloaded somewhere so you are prepared.  :)


Cheers,
Franco

Oh yeah, if I forget that part, it's time to throw all the networking gear in a box and find a new hobby.

Every year or so I like to do the major version upgrade by installing fresh and then restoring my latest config backup. Any major watchouts or gotchas that I should be aware of this time around? For reference, I have a pretty vanilla setup. Just a couple of VLANs and a site-to-site Wireguard instance. No IPv6. I already migrated to dnsmasq for DHCP and I'm using the Adguard Home plugin for DNS. No Unbound in use.

This guide helped me tremendously:

https://homenetworkguy.com/how-to/migrate-from-isc-dhcp-to-dnsmasq-or-kea-dhcp-in-opnsense/

Nothing is going to be worse, just disable it.

Interfaces: Neighbors: Automatic Discovery

It fills in a missing feature people coming from consumer routers like Fritzbox got used to and frequently demanded: show an overview of all devices in my network.

More useless garbage that we didn't ask for..... Why can't this be a plugin that those folks can install separately and not brick our routers.... I have a 16Gig hostwatch log this morning, lose gui, forced to restart to recover...  Definitely not a professional group here....

You should definitely demand a refund. Be sure to draw attention to your post count so the devs know who they're dealing with.

Go to the NUT configuration page. Next, select the "UPS type" tab and choose "Netclient" using the little down arrow on the right side of the tab. From there, you can enter your client credentials.

Interestingly it does not show up any traffic in the firewall log which is pretty weird. I log everything to see and learn.

Traffic on the same subnet is layer 2 (switched), which is why you won't see anything in the logs due to it never reaching the firewall.

I disabled and enabled google drive backup, nothing more.

It looks like that since the update to 25.1 the backup function is not working automatically.

What I am saying is that a backup is only made to Google Drive when changes to your config have been made since the last backup. For example, I made some minor changes to firewall rules on Jan 31st. That night, a backup was saved to Google Drive. For almost 2 weeks, I made no changes to any settings in OPNsense so no new backups were saved until I made another change on Jan 13th. Try making a minor change to a rule description or something like that and see if it prompts a backup to be saved by the next day.

Are you actually changing any settings in OPNsense? A daily backup is only created if settings have been changed.

Here is the screenshot of Firewall Rule for OPT1:

As was already mentioned, that rule doesn't accomplish anything. After creating an interface, all traffic is denied by default until allow rules are created. To accomplish your intended goal, edit that rule to be an allow rule and check the inverse box for the destination. That will allow traffic to any destination that is not your LAN net; i.e. the internet.

Please show the interface configuration, the DHCP settings, and the firewall rule(s) you configured for OPT1.

Firewall Rules:
LAN = No custom rules all default generated rules
OPT1 = IPv4+6 *    *    *    LAN net    *    *    *       OPT_Block

It's not clear what that one OPT1 rule is supposed to be doing but you certainly don't seem to have any rules that allow internet access. If your goal is to allow OPT1 internet access but no access to the LAN, create a rule that allows all traffic to the inverse (check Destination/invert box) of LAN net.

It's still not very clear what you're trying to accomplish. Post a screenshot of all rules (excluding the auto ones) on your LAN interface. Just showing the one rule isn't relevant because the order of the rules matters.