Messages

ssh works however and interface config is also available.
I tried to reload all services, but did not help.

They decided to put remote elasticsearch option and log streaming behind a paywall.

25.7.7_4-amd64 fixed phase2 view


Thanks and regards

therese also a checkbox without description:

OPNsense 25.7.7_2-amd64
FreeBSD 14.3-RELEASE-p4
OpenSSL 3.0.18


Phase2 table is missing

I can only say thank you for your work as I made it to 110 active opnsense installations and it will be more in the future + we switched to official hardware from your store. I hope you enjoy the constant stream of sales.

Is it a FreeBSD or network adapter issue? Ive added the port directly via CLI with the same results

Got OPNsense 25.1.10-amd64, It was working once after configuration but hasnt outlived a firewall reboot.

Its part of the bridge:

member: igc2 flags=8<SPAN>
ifmaxaddr 0 port 3 priority 128 path cost 55

Got a weird error message when removing it:
opnsense   /usr/local/opnsense/scripts/interfaces/reconfigure_bridges.php: The command '/sbin/ifconfig 'bridge0' deletem 'igc2'' returned exit code '1', the output was 'ifconfig: BRDGDEL igc2: No such file or directory'

But interface is empty, traffic

perfect, thank you

Hello, I had it running once but im no able to reproduce an SPAN port.

Currently I have this configuration:

1 real physical Interface, no IP configured
1 bridge configured with 1 member - the physical interface - IP configured and I can see traffic.
1 span port configured inside bridge to a second physical interface

tcpdump show traffic on the bridge, but theres nothing on the span port.

Am I missing something here?

Oh, OK, sounds pretty standard then - certification made for the sole purpose of being able to make the befriended vendors win in public tenders. I guess OPNsense rather needs the Dutch variant of the BSI certificate. ;D  :P

yes makes sense that opnsense should apply to dutch regulation. currently it looks like for critical infrastructe (where it comes to real security and not just homelab security) they will change laws, so you can only use hardware/software built in germany. at that point, opnsense would not able to use anyway for real security needs (in germany).

another update. The opnsense hardware distributor just tried to catch us with BSI promises. Then sold us a overpriced garbage device that failed on the initial installation. Therefor opnsense is not on the list anymore after 2026. Maybe I reach the 100 active devices until then.

general is 127.0.0.1 configured, with google it works but is not a option since Im using encrypted dns and blocklists with unbound.

Im using unbound as dns server and ipsec tunnel with a dns remote gateway. after rebooting the firewall, ipsec seems to be started before unbound and is not able to resolve the host. it stops after 3 retrys, even though keyretries is set to 0 in the ipsec config which should mean unlimited retries.
is there a way to start ipsec delayed after unbound, or configure ipsec service not to stop?

Update, the hardware you are selling in your shop will get the BSI certification, plus opnsense will get it too

Thanks for this :-)