Messages

I tried updating from 26.1.4 to latest but I am getting errors. this is on baremetal. I am using unbound dns as upstream with dns over tls per opnsense docs.
I am using pihole for internal dns. internet is working fine in the house.
```
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 26.1.4 (amd64) at Wed Mar 25 10:15:07 EDT 2026
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching data.pkg: ........ done
Processing entries: .......... done
OPNsense repository update completed. 929 packages processed.
Updating mimugmail repository catalogue...
Waiting for another process to update repository mimugmail
Updating unsense repository catalogue...
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
repository unsense has no meta file, using default settings
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
pkg: An error occurred while fetching package: No error
Unable to update repository unsense
Error updating repositories!
***DONE***
```
I tried selecting different mirror but the same error. please help how to diagnose the issue.

Update: the issue was a theme package not updating. once I removed it I was able to update successfully.

IDK if you're still working on this but I got to try it and it's a very good theme. easy on the eyes that the orange but I always liked cicada theme. it has been my go to theme any time I reinstall opnsense. having said that, I think unsense would rival cicada for me if you to fade the blue color. maybe make it kinda unifi blue, I think it would make it easier for certain folkes ( I am one of them) to be able to read the blue text.
Thank you for making unsense theme.


Cheers,
MrTismo

[Please note the following :]

Because some of us don't use OPNsense for DNS at all and have a seperate Raspberry Pi or Intel Atom NUC running Pi-Hole I thought it might be useful to have the right settings available in this topic :

- 10.0.0.0/24 subnet
- OPNsense Interface for it is called ThuisLAN
- It's Gateway IP Address is 10.0.0.138
- Pi-Hole DNS IP Address is 10.0.0.139

Please note the following :
My Pi-Hole uses a Management VLAN for it's Internet connectivity so any rules related to that are not shown here because they are simply not needed !!

NAT Outbound Rule Settings :


NAT Outbound Rules Overview :


NAT Port Forward Overview :


NAT Port Forward Settings :


Firewall Rules Overview :


The only thing I don't like but kind of also do like :

With this setup all the Redirected DNS Queries are shown in the Pi-Hole Query Log as done by the OPNsense Gateway Interface (10.0.0.138) instead of the device being naughty, but fixing that would require setting up a DMZ for example (or any kind of dedicated let's say "Servers VLAN") so ALL the traffic passes OPNsense instead of being partially local and party from OPNsense like it is now.

On the other hand you can filter "Bad Traffic" from "Naughty clients" very easily by looking for the Gateway IP Address of your VLAN in the Pi-Hole Query Log :P

Most important thing is that IT WORKS! ^_^

how would unbound on OPNsense fit in this scenario if one were to use it as upstream server?

When it is identified and shown like in your output, the tunable IMHO does work. Now check the other end and cabling.

You have identical speed on both ends?

Good morning Patrick. I got it figured out. My assumption was when one plugs an sfp into an opnsense box,the unassigned interface would light up green but it wasn't in my case so I was thinking it wasn't working. Once I assigned which in my case was ix1, things started working.

Just sharing for awareness:

I recently purchased a Qotom Q20331G9-S10 CPU Atom C3758R - (4 SFP+ Version) - No RAM, No Storage.

I then installed:

• RAM -- Kingston KF432S20IBK2/64 -- 64GB (2x32GB).
  
• NVME -- SK hynix Gold P31 2TB

Serial console issues aside, the VGA installation went off without a hitch.

I had it up and running on the Intel i226s almost immediately.

The Intel X553 was a bit of a different matter.  It refused to recognize any of the SFP+ modules (SR or DAC) I installed, so after a bit of research I found that the Intel driver itself was refusing the use of the "unapproved" SFP+ modules.

There is a sysctl that allows you to bypass this behavior.

So, within /boot/loader.conf.local I set the following:

hw.ix.unsupported_sfp=1

... after that and a quick reboot. I could get the modules to recognize and autoconfig up at 10Gb.

For connectivity to my switches I am currently using this DAC Cable:
10Gtek SFP+ DAC Twinax Cable, Passive, Compatible with Intel XDACBL2M, 2 Meter(6.5ft)

Hope that helps anyone looking to get this device working in their own environment.


Edit:

To have the system boot after power-loss, you can set that behavior within the bios here:

--> IntelRCSetup --> South Bridge Chipset Configuration --> State after G3 --> (Change to desired behavior)

I don't have that /boot/loader.conf.local
I have /boot/loader.conf but within it there is no mention of
hw.ix.unsupported_sfp. Do I add it there and set it to 1 ?

This config modification can be achieved using tunables. System>settings>tunables

System > Settings > Tunables.

Add it as a new variable and reboot.

Thank you Patrick. This tunable didn't help get my sfp+ module loaded under interfaces. I can see it identified in opnsense by running ifconfig -v under ix1 like so

Code Select Expand

@OPNsense:~ $ ifconfig -v ix1
ix1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4803828<VLAN_MTU,JUMBO_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,HWSTATS,MEXTPG>
        ether 20:7c:14:f5:45:69
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        drivername: ix1
        plugged: SFP/SFP+/SFP28 10G Base-LR (SC)
        vendor: E.C.I. NETWORKS PN: ENXGSFPPOMACV2 SN: SC25447837828 DATE: 2025-02-10
        module temperature: 21.84 C voltage: 3.24 Volts
        lane 1: RX power: 0.00 mW (-40.00 dBm) TX bias: 0.00 mA but when I go check under interfaces>>>overview ix1 is red and not green.
boot/loader.conf

Code Select Expand

# dynamically generated tunables settings follow
debug.kassert.warn_only="1"
dev.netmap.admode="2"
dev.netmap.buf_num="1000000"
hw.ibrs_disable="0"
hw.ix.unsupported_sfp="1"
hw.ixl.enable_head_writeback="0"

There might also be tunables like this they can coerce the Intel chip to cooperate with the modules:

hw.ix.unsupported_sfp
Force Intel driver to use unsupported SFP+ modules. Def: 0             
boot-time
Set the value to: 1

Where could I find this settings?

Just sharing for awareness:

I recently purchased a Qotom Q20331G9-S10 CPU Atom C3758R - (4 SFP+ Version) - No RAM, No Storage.

I then installed:

• RAM -- Kingston KF432S20IBK2/64 -- 64GB (2x32GB).
  
• NVME -- SK hynix Gold P31 2TB

Serial console issues aside, the VGA installation went off without a hitch.

I had it up and running on the Intel i226s almost immediately.

The Intel X553 was a bit of a different matter.  It refused to recognize any of the SFP+ modules (SR or DAC) I installed, so after a bit of research I found that the Intel driver itself was refusing the use of the "unapproved" SFP+ modules.

There is a sysctl that allows you to bypass this behavior.

So, within /boot/loader.conf.local I set the following:

hw.ix.unsupported_sfp=1

... after that and a quick reboot. I could get the modules to recognize and autoconfig up at 10Gb.

For connectivity to my switches I am currently using this DAC Cable:
10Gtek SFP+ DAC Twinax Cable, Passive, Compatible with Intel XDACBL2M, 2 Meter(6.5ft)

Hope that helps anyone looking to get this device working in their own environment.


Edit:

To have the system boot after power-loss, you can set that behavior within the bios here:

--> IntelRCSetup --> South Bridge Chipset Configuration --> State after G3 --> (Change to desired behavior)

I don't have that /boot/loader.conf.local
I have /boot/loader.conf but within it there is no mention of
hw.ix.unsupported_sfp. Do I add it there and set it to 1 ?

Hoping in bugs fixed that are not raised in the bug tracker for coordination? Not 100% a good plan. :)

🥲 that's fair haha.
Bug tracker in github?

Regular view: On hover:

Data in the /api/diagnostics/system/systemTemperature feed looks ok:

Code Select Expand

[
    {
        "device": "hw.acpi.thermal.tz0.temperature",
        "device_seq": "0",
        "temperature": "48.1",
        "type_translated": "Zone",
        "type": "zone"
    }
]
Tested in latest Chrome and Firefox

I am having the same bug. How can I confirm using /api/diagnostics/system/systemTemperature

I am drawing a blank here and would like some help. How do I remove nextcloud or disable it? I keep unchecking the enable button but there is no save button to make it stick.

Bonjour, personnellement je sais pas la réponse mais je pense que tu auras plus de succès si tu traduis votre question en anglais parce que la majorité ici parle l'anglais.

Thank you @NW4fun for making this post and @franco for the quick fix. I was puzzled as well since I uninstalled zenarmor before upgrade. I always have a feeling that it breaks upgrades

Hi Wstemb,

Thank you for your valuable analysis and feedback. Your feedback has been forwarded to the dev team.
Thank you for your co-operation.

Nothing has been fixed since. Still getting error 200

Code Select Expand

Connection Error
There was an issue on our end. Sorry about that.

Zenarmor 1.18.2

I was about to make a thread about his also. The latest wazuh-agent I have in my system 4.7.5 while the other agents on my other systems are updated to 4.9