Messages

I'd enable both (that is, EIST and ASPM) unless ASPM is known to cause issues on your specific system. As a comparison, I have both powerd and speedstep running on my box, which is an Optiplex 3060.

Is Port 80 and 443 open on the webserver itself? Is there a firewall enabled and active?

I'm not sure how you expect OPNsense to be able to determine the method that your ISP allocates public IPs.

Have you tried deleting the certificate from the UI and creating a new one with the same settings?

I've been running for 333 days on a MinisForum UN100D, with a 256GB "GOFATOO" NVMe SSD, with 28.4TB written so far, consuming 34% of the drive life.  If it dies I'll put another SSD in it, so no big deal, but I *did* turn off NetFlow and RRD as that's all I can figure would write that much data in that amount of time.

Honestly the best thing to do with OPNsense to extend drive lifetime isn't just to buy a higher quality drive, it's to buy a larger capacity drive. I bought a $50 512GB drive (at the time, it might be cheaper now) for my router not because I thought I would need that much space but because the TBW rating for 512GB is demonstrably higher compared to 256GB drives. I'm at 17% endurance used and 45 TBW after just over 3 years (1110 days power on time).

OPNsense isn't quite that modular. Services that "aren't needed" might be a dependency for what you are using. It's taking up minimal disk space and even if you removed them, they'll reappear when you install an update. The only things you can safely remove are anything listed under plugins.

Have you tried manually going to services_dhcp.php?if=lan to see if it's just a UI issue? that's the URL for the ISC DHCP configuration page. Replace "lan" with whatever you have called your LAN interface.

Couple things I can think of:
Does the ssh login user have R/W access to the directory?
Try removing "restrict" at the beginning of the pubkey stored on the server as a test. I've found it sometimes causes unintentional effects.

I first set up my OPNsense install in August 2022, which means 22.7, and it made a 260MB EFI partition at the time. I'm assuming that was done by the OPNsense installer, as I don't remember having the ability to change partition sizes.

When you pasted the private key into the GUI window while setting it up, did you make sure there were no line breaks? Remember, you paste the key into the backups page, just having the id_rsa in ~/.ssh isn't enough.

To be clear, does this need to be done if OPNsense is running on UFS, or is this a ZFS exclusive issue?

My first thought is are you using a vNIC, or did you passthrough the NICs to OPNsense? If they're passed through, did you install the Realtek driver plugin? The stock BSD drivers for Realtek are questionable at best.

Personally I've found a budget NVMe SSD with a HMB cache to work just fine for OPNsense. I bought a Team MP33 512GB (solely for higher endurance rating) and it's been working fine for 3 years so far with its endurance used according to SMART data at only 16%. Granted I set it up with UFS and not ZFS, but I imagine it won't be much different than a ZFS setup.
Just remember if you try to "right size" the SSD to something like a 128 GB (or even smaller) you're going to run into laughably small endurance ratings, since they're typically rated based on drive writes per day. 512 GB drives aren't very expensive while also offering good endurance ratings, such as the 600 TBW for the one I bought.

You'll need to buy an X550-T2 if you want to stick with Intel and have a NIC that supports 2.5 gig. 2.5 is a much newer standard than 10 gig, despite what the speeds may suggest, and as such isn't supported on older NICs like the X540-T2, which launched in early 2012.

For those stumbling across this thread via Google, or reading the forums: A pull request has been submitted to the Github at this elegant and finely crafted link. It fixes the issue and so it'll be fixed soon. Still waiting on widget.