Messages

It's usually when you use VPN which means that IP the forum sees you is used by multiple VPN user. And the IP landed on a spam or abuse list which in turn is used by the forum software.

Can you try with the VPN off (at least for the forum) or use another VPN server of your VPN provider or another VPN provider. Sometimes @franco chimes in and can remove the IP from the blacklist. You may send him PM directly with the VPN IP involved.

Where is the best place to use tcpdump?

I'd start on the LAN of OPNsense8, just to verify that it gets that far with for an destination IP in the WAN net (which is not the OPNsense 8 WAN IP). Then on the WAN of OPNsense 8.

Btw: you don't have to use tcpdump on the command line, there is package capture in the GUI

https://docs.opnsense.org/manual/diagnostics_interfaces.html#packet-capture

Then I don't know, I guess it's time to use tcpdump to see where the package(s) go and where they stop.

> 192.168.0.100 -> 192.168.8.100  NG

192.168.0.100 is on the WAN of OPNsense8 and all traffic from LAN OPNsense8 192.168.8.0/24 will be NAT-ted to the OPNsense8 WAN IP 192.168.0.8. From the view of the "world (OPNsense8 WAN net and the rest of internet) 192.168.8.0/24 doesn't exist, only 192.168.0.0/24.

> 192.168.0.100 -> 192.168.7.100  NG
same as above, but even more not-visible

> 192.168.7.100 -> 192.168.0.100  NG

If there is really not NAT on OPNsense7 (what does "WAN disabled" mean?) then I don't know how it would work with DHCP.

OPNsense8 only knows about it's WAN net 192.168.0.0/24 and LAN net 192.168.8.0/24. If you have not added a static route on OPNsense8 to send traffic from 192.168.7.0/24 back to 192.168.8.<OPNsense7 WAN IP> then OPNsense doesn't know where to send traffic originating from 192.168.7.0/24 and will send it out OPNsense8 WAN (and the LAN firewal has to allow traffic from "other-than-LAN net").

If you have added the static route on OPNsense8 for OPNsense7 LAN, you will have to add firewall rules to allow such traffic on OPNsense8 and OPNsense7.

You can use tcpdump or package capture in OPNsense GUI to verify where the traffic goes.

And is NAT setup on OPNsense8 for traffic leaving through NAT, e.g. with what IP does the ping arrive at OPNsense7 LAN 192.168.0.8?

Btw: To get to 192.168.0.8 there is not much routing necessary. The not-LAN traffic on OPNsense7 is send to gateway 192.168.8.1/OPNsense8 and on OPNsense8 192.168.0.8 is an interface address.

Let's recap, working setup if OPNsense 7 get's WAN IP from DHCP:

OPNsense8 :
- WAN IP  : 192.168.0.8
- LAN IP  : 192.168.8.1/24

OPNsense7 :
- WAN IP  : 192.168.8.254 (if DHCP)
- LAN IP  : 192.168.7.1/24

If OPNsense7 gets its IP using DHCP, it receives the gateway by DHCP, too. If you set the WAN IP on OPNsense7 as static you have to create and set a gateway yourself.

The way you describe it, you have assigned the OPNsense WAN IP statically but you have not created and assigned a gateway.

Update: via console took about an hour to upgrade to 26.1_4 and the vpn + other packages worked

Glad it work, what kind of up- and download do you have? One hour is not exactly fast, what hardware is it?

#1
Versions
OPNsense 25.7.11_9-amd64
FreeBSD 14.3-RELEASE-p7
OpenSSL 3.0.18

#2
Yes
See below


Proceed with this action? [26.1/y/N]: 26.1

Hi there,

For over 11 years now, OPNsense is driving innovation through
...
etc,etc,etc

Mmmh that looks good, what key are you pressing at the end of the text, 'q'?

Putty ssh, login as root, menu select 12, 26.1 nothing happens...

From what version are you upgrading? And after you enter '26.1' (not 'y') did you see some changelog text?

Currently they just say "Reboot the machine" which I thought I had accomplished with the power button.

Glad you're back online without having to use a chip reader/writer.

That is indeed something that could be added to the documentation, yes.

Now, when powered up, it appears to enter a boot loop.

I assume you disconnected the power for a minute or so? And you don't see anything on the serial console, even when trying to boot from e.g. OPNsense USB?

The previous BIOS v34 I have saved away but you better wait for an answer from @franco or Deciso in general.

Most likely igb0 is not the port you thing it is. Ask the internet for how the ports are numbered, e.g.

https://www.reddit.com/r/PFSENSE/comments/1i03vrp/using_sophos_xg115_rev_3_in_2025/

Code Select Expand

              1       2       3       4
[ SFP ]    [RJ-45] [RJ-45] [RJ-45] [RJ-45]
   4         LAN     WAN     DMZ      |
   |______________Shared______________|
 igb0       igb1    igb2    igb3    igb0 (again)
Or in the shell use ifconfig <interface> to see which one is up.

Good point @meyergru, I didn't notice that.

Have a look at a similar thread from about a week ago: https://forum.opnsense.org/index.php?topic=50436.0, the post from Maurice.

Same for me, I did pgrades two OPNsense installation.

One from an installation which was on the Development channel, by switching as France explained, no issue.

The other was on the Dev channel too (not that it matters), exported config (to be sure) and reinstalled using the DVD ISO. The config was found on the ZFS pool and installation when smooth, and with the config found on the ZFS pool.
The only confusing thing was that after the installation and before the reboot the text on the console told me that the OPNsense GUI will be reachable on 192.168.1.1. That specific installation is IPv6 only, so I wasn't sure if the config was applied correctly - but it was.