Messages

Don't use porcelain commands, because these change over time. Either the console option 12 or the GUI firmware.


Cheers,
Franco

thank you so much, i'll update it and report back.

It's not strange. The screenshot speaks for itself.


Cheers,
Franco

Is updating to the latest release sufficient, or should I run the following commands to update?
textopnsense-update -UR
opnsense-update -p
opnsense-update -kr
reboot

HardenedBSD 12.1?

Time to update IMO.


Cheers,
Franco

i am on
Versions
OPNsense 25.1.12-amd64
FreeBSD 14.2-RELEASE-p4
OpenSSL 3.0.17

its strange it does shows freebsd 12.X

the error

this the error we found out after the box is not respondig.

System details:
   •   OPNsense version: 25.1.10
   •   Hardware: Sophos GX125
   •   Install method:  SSD
   •   Typical uptime before failure: ~7 days
   •   Active services: NAT, DHCP, DNS Resolver, WireGuard
   •   Plugins: No heavy plugins like Zenarmor or Suricata installed

⸻

Symptoms:

Roughly once per week:
   •   The Web GUI becomes unreachable
   •   SSH access is also unavailable
   •   However, internet access still works, and WireGuard remains active
   •   I can still access remote servers via WireGuard tunnels
   •   Some managed switches (on LAN) become unreachable until a manual reboot

After reboot, everything works normally for another week.

⸻

What I've observed:
   •   No crash reports appear in System > Crash Reporter
   •   No partitions appear full (df -h shows healthy disk usage)
   •   Health graphs show memory usage gradually increasing
   •   No errors stand out in /var/log/* before crash (though I may be missing something)
   •   The system is still routing traffic, which suggests the kernel/network stack is alive

⸻

Suspicions:
   •   Memory or resource leak affecting web/ssh daemons?
   •   Lighttpd/nginx and sshd silently dying after prolonged uptime?
   •   Cron job or logrotate process causing silent failure?
   •   ARP/cache/broadcast issues causing LAN-side disconnects?

⸻

Questions:
   1.   Is this a known issue on 25.1.10 or the Sophos GX125 platform?
   2.   How can I better log or monitor what's failing before GUI/SSH becomes unreachable?
   3.   Any specific services I can safely restart from the console (if reachable) to avoid a full reboot?
   4.   Would a scheduled reboot (e.g. every 6 days) be a safe temporary workaround?

I'm happy to provide more logs or config info if helpful.

Thanks in advance for any insights or suggestions!

Hi all,

I'm running OPNsense 25.1.7_4-amd64 (FreeBSD 14.2-RELEASE-p3, OpenSSL 3.0.16) on a hardware appliance (not virtualized).
Today I noticed that the LAN interface is showing 5 errors in the interface statistics.

The network seems to be functioning fine, but I would like to understand:

where these errors come from,

whether I should be worried about them,

and what steps I can take to troubleshoot the issue.

Questions:

What types of errors are reported under the LAN interface stats (CRC errors, packet drops, collisions, etc.)?

Is there a log or diagnostic view in OPNsense where I can see more detail about these errors?

Could they be caused by bad cables, switch ports, or NIC driver issues?

Is a small number of errors (5 errors) considered normal, or does it point to a potential problem?

What steps would you recommend to troubleshoot and hopefully eliminate the cause?

System Details:

OPNsense version: 25.1.7_4

FreeBSD: 14.2-RELEASE-p3

Appliance type: hardware

LAN NIC: Intel(R) I211 (Copper)

Thanks for any advice or experiences you can share!

Is this the same configuration as PPPoE? Will the authentication be handled automatically?

Yes. The server will negotiate the authentication protocol with the client (OPNsense). All of this is automatic.

Thank you for your response.
I've got it configured, and it seems to be working well. I'm in the process of switching 10 firewalls from pfSense to OPNsense.

Thank you for your quick response.

Is this the same configuration as PPPoE? Will the authentication be handled automatically?
I ask because I don't see any option to select the protocol during the PPPoE setup—will this be managed behind the scenes?

Hi everyone,

We're planning to migrate a customer from pfSense to OPNsense and are currently validating compatibility for their setup.

We've successfully tested PPPoE on OPNsense, but we need to confirm if PAP (Password Authentication Protocol) is supported and working reliably in this context.

This is important for us before moving forward with the migration.

Has anyone used PAP authentication on OPNsense? Any known issues or limitations?

Thanks in advance!

If you need WireGuard VPN access to your network you obviously need to open the matching ports with an allow rule on WAN.  ;) This or I did not understand your question.

thank you for your answers.
your first answer has point me to the right direction. on the firewall WAN i had the wireguard ports on the destination port to any. i specified the incoming port too.

Thank you for your answer, I appreciate it!

Good catch—it's something I hadn't paid attention to.

Would it be smarter to limit the incoming ports for WireGuard, or should I leave them open?

Please find the attached.
the rule has been disabled for now.

Hi All,

I hope you're doing well.

We've encountered an issue with port forwarding for our cameras. After enabling port forwarding (NAT port to the camera recorder), it causes our WireGuard VPN and external access to the GUI to stop working. However, when we disable the NAT ports, everything starts working again.

Could you advise who might be able to help resolve this issue? Additionally, is it necessary to port forward or NAT the camera port to maintain all services functioning properly, or is there an alternative configuration we should consider?

Looking forward to your guidance.

Hello everyone,

I received two /29 subnets from our ISP. Currently, I'm using the first /29 as the uplink, with the other 7 IPs functioning as virtual IPs, which is working well.

The second /29 subnet has its own gateway, which has been added as well, with those IPs also set up as virtual. However, our Layer 3 switch is having trouble routing this second subnet because we need to configure a static route in OPNSense.

Could someone advise on how to set up the static routing for the second subnet?

Your support is greatly appreciated.

Thank you!

Yup, after the upgrade DOT DNS couldn't resolve in order to load Wireguard.
I've tried lowering DNSSEC standards and it helped, at least the BOGUS or NXDOMAIN responses lasted "only" 10sec, so the boot was fast, and WG successful.
I will not use IPs. IPs change.
I just hope Adguard will move to the early part of the boot sequence, so I don't need to use Unbound just to satisfy (unreliably) the boot process.

i have resolve it before with change the dns name of the extern site to the ip, after the last update OPNsense 24.1.7_4-amd64 has crashes it.
i am using DOT too.

Edit: ive got it resolved. Make sure to check the wireguard plug in. Somehow it disappeared. Reinstall it