Messages

Thanks for the reply, Franco.
Having an official DEC850 device with OPNsense, I would like to know which would be the correct forum to report problems and any discussions related to OPNsense. I thought I was in the correct forum. I made a mistake in the thread, and I apologize, but I think the forum is correct.

[first problem]

Hello Franco!
I have a DEC850, Business subscription.
Today I've upgraded the firewall from 24.10.1 to the latest 24.10.2
The upgrade process completed without errors, but...

The first problem: I don't have the os-tailscale on Plugins section and also other new plugings added with the lates 24.10.2
The second problem: when I run an audit for connectivity, I receive this log:

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 24.10.2 (amd64) at Wed Feb  5 00:47:39 CET 2025
Strict TLS 1.3 and CRL checking is enabled.
Checking connectivity for host: opnsense-update.deciso.com -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes
1508 bytes from 89.149.211.205: icmp_seq=0 ttl=52 time=40.363 ms
1508 bytes from 89.149.211.205: icmp_seq=1 ttl=52 time=40.109 ms
1508 bytes from 89.149.211.205: icmp_seq=2 ttl=52 time=40.930 ms
1508 bytes from 89.149.211.205: icmp_seq=3 ttl=52 time=40.262 ms

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 40.109/40.416/40.930/0.310 ms
Checking connectivity for repository (IPv4): https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 874 packages processed.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: ... done
Processing entries: ....... done
SunnyValley repository update completed. 66 packages processed.
All repositories are up to date.
Checking connectivity for host: opnsense-update.deciso.com -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10/latest/meta.txz: No route to host
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10/latest/packagesite.pkg: No route to host
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10/latest/packagesite.txz: No route to host
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:amd64/24.7/${SUBSCRIPTION}/meta.txz: No route to host
repository SunnyValley has no meta file, using default settings
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:amd64/24.7/${SUBSCRIPTION}/packagesite.pkg: No route to host
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:14:amd64/24.7/${SUBSCRIPTION}/packagesite.txz: No route to host
Unable to update repository SunnyValley
Error updating repositories!
Checking server certificate for host: opnsense-update.deciso.com
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS ECC CA G1
verify return:1
depth=0 CN = opnsense-update.deciso.com
verify return:1
DONE
Checking server certificate for host: updates.zenarmor.com
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R4
verify return:1
depth=1 C = US, O = Google Trust Services, CN = WE1
verify return:1
depth=0 CN = zenarmor.com
verify return:1
DONE
***DONE***

What is problem?

I have an OPNsense DEC850 configured like this:

- On port 1 (WAN1), TIM Business modem (192.168.9.1)
- On port 2 (WAN2), Vodafone Business modem (192.168.10.1)
- On port x0 (LAN), connect an Ubiquiti UDM-PRO
The Ubiquiti UDM-PRO have 192.168.1.1 ip.
The DEC850 have the 192.168.3.1 ip.

The DEC850 is configured to handle the two wan connections in load balancing.
In both modems I created a DMZ for the IP address that is assigned to the DEC850. The modems are only used to provide the internet connection to the firewall.
Then, through the x0 port of the firewall, I connected it to the WAN port of the Ubiquiti UDM-PRO (with static IP 192.168.3.20).
All the various network devices (access points, computers, NAS, smartphones, printers, etc. etc.) are connected to the UDM-PRO.

I have read and followed various guides I found online, but I have not been able to solve the problem.
I need your help to configure rules to access a Synology NAS through Tailscale from mobile app's (Synology Drive, Synology Photos, Synology Note, etc etc) with a direct connection. Now it always works only through DERP.

Given that both modems have a DMZ for the IP assigned to both WANs of the firewall and therefore there are no blocks, now how can I allow the Synology-Tailscale NAS, with IP address 192.168. 1.50 (and connected to the UDM-PRO) to be reachable from my external devices (such as iOS and Android with Tailscale client) directly and not through DERP? What additional configurations do I need to do?

[Source:]

Hi all.
I have an OPNsense DEC850 configured like this:

- On port 1 (WAN1), TIM Business modem (192.168.9.1)
- On port 2 (WAN2), Vodafone Business modem (192.168.10.1)
- On port x0 (LAN), connect an Ubiquiti UDM-PRO
The Ubiquiti UDM-PRO have 192.168.1.1 ip.
The DEC850 have the 192.168.3.1 ip.

The DEC850 is configured to handle the two wan connections in load balancing.
In both modems I created a DMZ for the IP address that is assigned to the DEC850. The modems are only used to provide the internet connection to the firewall.
Then, through the x0 port of the firewall, I connected it to the WAN port of the Ubiquiti UDM-PRO (with static IP).
All the various network devices (access points, computers, NAS, smartphones, printers, etc. etc.) are connected to the UDM-PRO.

I need your help to configure rules to access a Synology NAS through DDNS for mobile app's (Synology Drive, Synology Photos, Synology Note, etc etc).

On the Synology NAS everything is already configured with its own DDNS service "myname.synology.me" with the relative Let's Encrypt certificate.
On the UDM-PRO to which the NAS is connected, I created a port-forwarding:
Source: Any - Protocol: TCP - Forwarded IP: 192.168.1.49 (nas IP) - Port: 5001 (the port for Synology Drive)

At this point my problem is to create the necessary rules on the DEC850 firewall so that when I have to access remotely through the link myname.synology.me, this points towards the NAS and allows me to connect to the various services.

Thanks in advance for your help

Regarding Zenarmor, will I need to export and then import its backup or will the OPNsense configuration file restore everything exactly as it was?

I have a DEC850 (64GB ram and 256GB ssd) with a Business license, updated to the latest version opnsense-business 24.10_7 and a Zenarmor license v1.18.3 with Elasticsearch DB.
Having purchased the hardware in 2022, the file system is UFS, but I would like to switch to ZFS.
Is there a way to switch to the new file system without reinstalling everything? If so, what is the procedure?
If not, how do I reinstall my DEC850 so that it boots with ZFS and then restore all the configurations, packages and licenses currently installed?

Thank you in advance

[DECISO DEC850]

Hello everyone.
I have a DECISO DEC850 with the Business license, updated to the latest release 23.10.2.
I installed the Maltrail plugin from the repository, currently in version 1.10. This plugin installs version 0.60 of Maltrail, but is currently up to version 0.67 ( https://github.com/stamparm/maltrail/releases ), but I don't know how to update it manually from the website. Also, why aren't the repositories updated within OPNsense?

My problem is that, although Maltrail (sensor and server) is active, the alias "BlocklistMaltrail" within Firewall - Aliases, does not load any lines for the fail2ban list. It always remains with the value zero. I attach some screenshots.
Also, how can I change the default password "changeme!" ?

I hope someone can help me.

Thank you in advance.

[DECISO DEC850]

Hello everyone.
I have a DECISO DEC850 with the Business license, updated to the latest release 23.10.2.
I installed the Maltrail plugin from the repository, currently in version 1.10. This plugin installs version 0.60 of Maltrail, but is currently up to version 0.67 ( https://github.com/stamparm/maltrail/releases ), but I don't know how to update it manually from the website. Also, why aren't the repositories updated within OPNsense?

My problem is that, although Maltrail (sensor and server) is active, the alias "BlocklistMaltrail" within Firewall - Aliases, does not load any lines for the fail2ban list. It always remains with the value zero. I attach some screenshots.
Also, how can I change the default password "changeme!" ?

I hope someone can help me.

Thank you in advance.

I always have 0 lines of Maltrail/Fail2ban. Why don't download any lists?