"
Thank you all!
Raised it here: https://github.com/tobychui/zoraxy/discussions/228#discussioncomment-15316651
Raised it here: https://github.com/tobychui/zoraxy/discussions/228#discussioncomment-15316651
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
General Discussion / Re: Zoraxy Reverse Proxy does not work with OPNsense
December 22, 2025, 11:08:18 AM #2
General Discussion / Re: Zoraxy Reverse Proxy does not work with OPNsense
December 21, 2025, 11:36:06 PM
Thank you again for the suggestion, but I still don't want to switch to caddy :D
After digging into this for what seems like an eternity I was finally able to trace down why all my attems did not work to enable debug logging, I'm adding this here as it may be helpful for anyone stumbling upon this:
To enable debug options for lighttpd, edit the file
So with that info I way finally able to find a solution, this is to add the following line:
With this option zoraxy works just fine on opnsense!!
Before I post this fix all around in zoraxy github, is there maybe a way this could make it officially into opnsense?
I honestly don't fully understand these options, so I can not judge if there is any reason this is not already done. Or if there is any danger in activating this.
After digging into this for what seems like an eternity I was finally able to trace down why all my attems did not work to enable debug logging, I'm adding this here as it may be helpful for anyone stumbling upon this:
To enable debug options for lighttpd, edit the file
Code Select
/usr/local/etc/inc/plugins.inc.d/webgui.inc it's hardcoded in the Code Select
/usr/local/etc/rc.restart_webgui script to fully regenerate from that hardcoded config. The source is available here: https://github.com/opnsense/core/blob/master/src/etc/inc/plugins.inc.d/webgui.incSo with that info I way finally able to find a solution, this is to add the following line:
Code Select
server.http-parseopts = ( "method-get-body" => "enable" ) after Line 488 in the config: https://github.com/opnsense/core/blob/master/src/etc/inc/plugins.inc.d/webgui.inc#L488With this option zoraxy works just fine on opnsense!!
Before I post this fix all around in zoraxy github, is there maybe a way this could make it officially into opnsense?
I honestly don't fully understand these options, so I can not judge if there is any reason this is not already done. Or if there is any danger in activating this.
#3
General Discussion / Re: Zoraxy Reverse Proxy does not work with OPNsense
December 09, 2025, 10:56:33 PM
Yeah seems like this is somewhat out of my league and power, but I'm happy to provide/do any testing for this to be resolved, as this is kind of the online major pain-point I currently have in my homelab.
On a side note, on this thread, I'm also helping to troubleshoot Forward Auth in zoraxy when using authentik: https://github.com/tobychui/zoraxy/issues/895#issuecomment-3621381598
Here there is a image of zoraxy that logs far more verbose data, maybe this is in any way helpful?
On a side note, on this thread, I'm also helping to troubleshoot Forward Auth in zoraxy when using authentik: https://github.com/tobychui/zoraxy/issues/895#issuecomment-3621381598
Here there is a image of zoraxy that logs far more verbose data, maybe this is in any way helpful?
#4
General Discussion / Re: Zoraxy Reverse Proxy does not work with OPNsense
December 09, 2025, 10:06:46 PM
I can't seem to get the debug lighttpd working.
I updated the following:
/usr/local/etc/lighttpd/conf.d/debug.con
-> uncommented:
In the file: /usr/local/etc/lighttpd/conf.d/access_log.conf
I changed syslog-level from 6 to 7
I uncommented this line:
and commented out:
After that I restarted lighttpd:
I also rebooted the node.
Though after doing all that, I could not see any additional logfiles being written to /var/log/lighttpd/ and the default one still only contains the informational data:
I also checked dmesg, but that did also not contain the debug logs of lighttpd, maybe this is something trivial that I'm missing with my limited FreeBSD knowledge.
Maybe someone knowns what I'm doing wrong?
I also did some further tests with curl on http2/ http1.1 if this sparks any idea for someone reading this?
Here directly via IP using http2
Here using zoraxy with http2
Here directly via IP using http1.1
Here using http1.1 and directly via IP:
I updated the following:
/usr/local/etc/lighttpd/conf.d/debug.con
-> uncommented:
Code Select
debug.log-response-header = "enable"
debug.log-request-header = "enable"In the file: /usr/local/etc/lighttpd/conf.d/access_log.conf
I changed syslog-level from 6 to 7
Code Select
accesslog.syslog-level = 7I uncommented this line:
Code Select
accesslog.use-syslog = "enable"and commented out:
Code Select
accesslog.filename = log_root + "/access.log"After that I restarted lighttpd:
Code Select
configctl webgui restart
/usr/local/etc/rc.restart_webgui
I also rebooted the node.
Though after doing all that, I could not see any additional logfiles being written to /var/log/lighttpd/ and the default one still only contains the informational data:
Code Select
2025-12-09T21:56:04
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:21:56:04 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0"I also checked dmesg, but that did also not contain the debug logs of lighttpd, maybe this is something trivial that I'm missing with my limited FreeBSD knowledge.
Maybe someone knowns what I'm doing wrong?
I also did some further tests with curl on http2/ http1.1 if this sparks any idea for someone reading this?
Here directly via IP using http2
Code Select
⚡tobia ❯❯ ./curl -vk --http2 https://10.50.20.1
Note: Using embedded CA bundle (230814 bytes)
Note: Using embedded CA bundle, for proxies (230814 bytes)
* Trying 10.50.20.1:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust: peer verification disabled
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
* subject: CN=OPNsense.localdomain; C=NL; ST=Zuid-Holland; L=Middelharnis; O=OPNsense self-signed web certificate
* start date: May 12 14:22:51 2024 GMT
* expire date: Jun 13 14:22:51 2025 GMT
* issuer: CN=OPNsense.localdomain; C=NL; ST=Zuid-Holland; L=Middelharnis; O=OPNsense self-signed web certificate
* Certificate level 0: Public key type ? (4096/128 Bits/secBits), signed using sha256WithRSAEncryption
* SSL certificate OpenSSL verify result: unable to get local issuer certificate (20)
* SSL certificate verification failed, continuing anyway!
* Established connection to 10.50.20.1 (10.50.20.1 port 443) from 192.168.1.200 port 53262
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://10.50.20.1/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: 10.50.20.1]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.17.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: 10.50.20.1
> User-Agent: curl/8.17.0
> Accept: */*
>
* Request completely sent off
< HTTP/2 200
< set-cookie: PHPSESSID=XXX; path=/; secure; HttpOnly; SameSite=Lax
< set-cookie: PHPSESSID=XXX; path=/; secure; HttpOnly
< set-cookie: cookie_test=XXX; expires=Tue, 09 Dec 2025 21:21:34 GMT; Max-Age=3600; path=/; secure; HttpOnly
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate
< pragma: no-cache
< content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';
< x-frame-options: SAMEORIGIN
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< referrer-policy: same-origin
< content-type: text/html; charset=UTF-8
< strict-transport-security: max-age=31536000
< accept-ranges: bytes
< content-length: 2789
< date: Tue, 09 Dec 2025 20:21:33 GMT
< server: OPNsense
<
<!doctype html>
<html lang="en-US" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="robots" content="noindex, nofollow" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="copyright" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<title>Login | OPNsense</title>
<link href="/ui/themes/rebellion/build/css/main.css?v=190a5ea47ddfe74a" rel="stylesheet">
<link href="/ui/themes/rebellion/build/images/favicon.png?v=190a5ea47ddfe74a" rel="shortcut icon">
<script src="/ui/js/jquery-3.5.1.min.js"></script>
<script src="/ui/js/theme.js?v=190a5ea47ddfe74a"></script>
<script>
$( document ).ready(function() {
$.ajaxSetup({
'beforeSend': function(xhr) {
xhr.setRequestHeader("X-CSRFToken", "Mg_cQQ_BwGrt5cZfGZCH2Q" );
}
});
});
</script>
</head>
<body class="page-login">
<div class="container">
<main class="login-modal-container">
<header class="login-modal-head" style="height:50px;">
<div class="navbar-brand">
<img src="/ui/themes/rebellion/build/images/default-logo.png?v=190a5ea47ddfe74a" height="30" alt="logo" />
</div>
</header>
<div class="login-modal-content">
<div id="inputerrors" class="text-danger"> </div><br />
<form class="clearfix" id="iform" name="iform" method="post" autocomplete="off"><input type="hidden" name="QdgI-W_IbDP7V2LuCt37pw" value="Mg_cQQ_BwGrt5cZfGZCH2Q" autocomplete="new-password" />
<div class="form-group">
<label for="usernamefld">Username:</label>
<input id="usernamefld" type="text" name="usernamefld" class="form-control user" tabindex="1" autofocus="autofocus" autocapitalize="off" autocorrect="off" />
</div>
<div class="form-group">
<label for="passwordfld">Password:</label>
<input id="passwordfld" type="password" name="passwordfld" class="form-control pwd" tabindex="2" />
</div>
<button type="submit" name="login" value="1" class="btn btn-primary pull-right">Login</button>
</form>
</div>
</main>
<div class="login-foot text-center">
<a target="_blank" href="https://opnsense.org/">OPNsense</a> (c) 2014-2025 <a target="_blank" href="https://www.deciso.com/">Deciso B.V.</a>
</div>
</div>
</body>
</html>
* Connection #0 to host 10.50.20.1:443 left intactHere using zoraxy with http2
Code Select
⚡tobia ❯❯ ./curl -vk --http2 https://opnsense.XXX.dev
Note: Using embedded CA bundle (230814 bytes)
Note: Using embedded CA bundle, for proxies (230814 bytes)
* Host opnsense.XXX.dev:443 was resolved.
* IPv6: (none)
* IPv4: 10.10.20.9
* Trying 10.10.20.9:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust: peer verification disabled
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.XXX.dev
* start date: Nov 14 12:53:44 2025 GMT
* expire date: Feb 12 12:53:43 2026 GMT
* issuer: C=US; O=Let's Encrypt; CN=R12
* Certificate level 0: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* SSL certificate OpenSSL verify result: unable to get local issuer certificate (20)
* SSL certificate verification failed, continuing anyway!
* Established connection to opnsense.XXX.dev (10.10.20.9 port 443) from 192.168.1.200 port 53371
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://opnsense.XXX.dev/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: opnsense.XXX.dev]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.17.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: opnsense.XXX.dev
> User-Agent: curl/8.17.0
> Accept: */*
>
* Request completely sent off
< HTTP/2 400
< content-type: text/html
< date: Tue, 09 Dec 2025 20:24:22 GMT
< server: OPNsense
< content-length: 162
<
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>400 Bad Request</title>
</head>
<body>
<h1>400 Bad Request</h1>
</body>
</html>
* Connection #0 to host opnsense.XXX.dev:443 left intactHere directly via IP using http1.1
Code Select
⚡tobia ❯❯ ./curl -vk --http1.1 https://10.50.20.1
Note: Using embedded CA bundle (230814 bytes)
Note: Using embedded CA bundle, for proxies (230814 bytes)
* Trying 10.50.20.1:443...
* ALPN: curl offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust: peer verification disabled
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=OPNsense.localdomain; C=NL; ST=Zuid-Holland; L=Middelharnis; O=OPNsense self-signed web certificate
* start date: May 12 14:22:51 2024 GMT
* expire date: Jun 13 14:22:51 2025 GMT
* issuer: CN=OPNsense.localdomain; C=NL; ST=Zuid-Holland; L=Middelharnis; O=OPNsense self-signed web certificate
* Certificate level 0: Public key type ? (4096/128 Bits/secBits), signed using sha256WithRSAEncryption
* SSL certificate OpenSSL verify result: unable to get local issuer certificate (20)
* SSL certificate verification failed, continuing anyway!
* Established connection to 10.50.20.1 (10.50.20.1 port 443) from 192.168.1.200 port 53497
* using HTTP/1.x
> GET / HTTP/1.1
> Host: 10.50.20.1
> User-Agent: curl/8.17.0
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly; SameSite=Lax
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly
< Set-Cookie: cookie_test=XXX; expires=Tue, 09 Dec 2025 21:28:14 GMT; Max-Age=3600; path=/; secure; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: same-origin
< Content-type: text/html; charset=UTF-8
< Strict-Transport-Security: max-age=31536000
< Accept-Ranges: bytes
< Content-Length: 2789
< Date: Tue, 09 Dec 2025 20:28:14 GMT
< Server: OPNsense
<
<!doctype html>
<html lang="en-US" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="robots" content="noindex, nofollow" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="copyright" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<title>Login | OPNsense</title>
<link href="/ui/themes/rebellion/build/css/main.css?v=190a5ea47ddfe74a" rel="stylesheet">
<link href="/ui/themes/rebellion/build/images/favicon.png?v=190a5ea47ddfe74a" rel="shortcut icon">
<script src="/ui/js/jquery-3.5.1.min.js"></script>
<script src="/ui/js/theme.js?v=190a5ea47ddfe74a"></script>
<script>
$( document ).ready(function() {
$.ajaxSetup({
'beforeSend': function(xhr) {
xhr.setRequestHeader("X-CSRFToken", "QHvHZSgsipJdn7QCOlywiA" );
}
});
});
</script>
</head>
<body class="page-login">
<div class="container">
<main class="login-modal-container">
<header class="login-modal-head" style="height:50px;">
<div class="navbar-brand">
<img src="/ui/themes/rebellion/build/images/default-logo.png?v=190a5ea47ddfe74a" height="30" alt="logo" />
</div>
</header>
<div class="login-modal-content">
<div id="inputerrors" class="text-danger"> </div><br />
<form class="clearfix" id="iform" name="iform" method="post" autocomplete="off"><input type="hidden" name="H6oJ5FEb0wUfRprByrj2DQ" value="QHvHZSgsipJdn7QCOlywiA" autocomplete="new-password" />
<div class="form-group">
<label for="usernamefld">Username:</label>
<input id="usernamefld" type="text" name="usernamefld" class="form-control user" tabindex="1" autofocus="autofocus" autocapitalize="off" autocorrect="off" />
</div>
<div class="form-group">
<label for="passwordfld">Password:</label>
<input id="passwordfld" type="password" name="passwordfld" class="form-control pwd" tabindex="2" />
</div>
<button type="submit" name="login" value="1" class="btn btn-primary pull-right">Login</button>
</form>
</div>
</main>
<div class="login-foot text-center">
<a target="_blank" href="https://opnsense.org/">OPNsense</a> (c) 2014-2025 <a target="_blank" href="https://www.deciso.com/">Deciso B.V.</a>
</div>
</div>
</body>
</html>
* Connection #0 to host 10.50.20.1:443 left intactHere using http1.1 and directly via IP:
Code Select
⚡tobia ❯❯ ./curl -vk --http1.1 https://opnsense.XXX.dev
Note: Using embedded CA bundle (230814 bytes)
Note: Using embedded CA bundle, for proxies (230814 bytes)
* Host opnsense.XXX.dev:443 was resolved.
* IPv6: (none)
* IPv4: 10.10.20.9
* Trying 10.10.20.9:443...
* ALPN: curl offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust: peer verification disabled
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / [blank] / UNDEF
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=*.XXX.dev
* start date: Nov 14 12:53:44 2025 GMT
* expire date: Feb 12 12:53:43 2026 GMT
* issuer: C=US; O=Let's Encrypt; CN=R12
* Certificate level 0: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type ? (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* SSL certificate OpenSSL verify result: unable to get local issuer certificate (20)
* SSL certificate verification failed, continuing anyway!
* Established connection to opnsense.XXX.dev (10.10.20.9 port 443) from 192.168.1.200 port 53562
* using HTTP/1.x
> GET / HTTP/1.1
> Host: opnsense.XXX.dev
> User-Agent: curl/8.17.0
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Cache-Control: no-store, no-cache, must-revalidate
< Content-Length: 2789
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';
< Content-Type: text/html; charset=UTF-8
< Date: Tue, 09 Dec 2025 20:30:14 GMT
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Pragma: no-cache
< Referrer-Policy: same-origin
< Server: OPNsense
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly; SameSite=Lax
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly
< Set-Cookie: cookie_test=XXX; expires=Tue, 09 Dec 2025 21:30:14 GMT; Max-Age=3600; path=/; secure; HttpOnly
< Strict-Transport-Security: max-age=31536000
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
<
<!doctype html>
<html lang="en-US" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="robots" content="noindex, nofollow" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="copyright" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<title>Login | OPNsense</title>
<link href="/ui/themes/rebellion/build/css/main.css?v=190a5ea47ddfe74a" rel="stylesheet">
<link href="/ui/themes/rebellion/build/images/favicon.png?v=190a5ea47ddfe74a" rel="shortcut icon">
<script src="/ui/js/jquery-3.5.1.min.js"></script>
<script src="/ui/js/theme.js?v=190a5ea47ddfe74a"></script>
<script>
$( document ).ready(function() {
$.ajaxSetup({
'beforeSend': function(xhr) {
xhr.setRequestHeader("X-CSRFToken", "vCn25poe5-7duF4xaGVFqg" );
}
});
});
</script>
</head>
<body class="page-login">
<div class="container">
<main class="login-modal-container">
<header class="login-modal-head" style="height:50px;">
<div class="navbar-brand">
<img src="/ui/themes/rebellion/build/images/default-logo.png?v=190a5ea47ddfe74a" height="30" alt="logo" />
</div>
</header>
<div class="login-modal-content">
<div id="inputerrors" class="text-danger"> </div><br />
<form class="clearfix" id="iform" name="iform" method="post" autocomplete="off"><input type="hidden" name="Y-eTdSKnnMVkTXU-RgdR8g" value="vCn25poe5-7duF4xaGVFqg" autocomplete="new-password" />
<div class="form-group">
<label for="usernamefld">Username:</label>
<input id="usernamefld" type="text" name="usernamefld" class="form-control user" tabindex="1" autofocus="autofocus" autocapitalize="off" autocorrect="off" />
</div>
<div class="form-group">
<label for="passwordfld">Password:</label>
<input id="passwordfld" type="password" name="passwordfld" class="form-control pwd" tabindex="2" />
</div>
<button type="submit" name="login" value="1" class="btn btn-primary pull-right">Login</button>
</form>
</div>
</main>
<div class="login-foot text-center">
<a target="_blank" href="https://opnsense.org/">OPNsense</a> (c) 2014-2025 <a target="_blank" href="https://www.deciso.com/">Deciso B.V.</a>
</div>
</div>
</body>
</html>
* Connection #0 to host opnsense.XXX.dev:443 left intact
#5
General Discussion / Re: Zoraxy Reverse Proxy does not work with OPNsense
December 09, 2025, 03:18:29 PM
I see.
I'm not particularly sure if this is the correct way, but I added the following lines to the file: /usr/local/etc/lighttpd/lighttpd.conf
Then running:
I could see the following when selecting Debug and Informational:
But that does not really look like "debug" info to me, any ideas what I'm missing?
I'm not particularly sure if this is the correct way, but I added the following lines to the file: /usr/local/etc/lighttpd/lighttpd.conf
Code Select
debug.log-request-header = "enable"
debug.log-response-header = "enable"Then running:
Code Select
/usr/local/etc/rc.restart_webguiI could see the following when selecting Debug and Informational:
Code Select
2025-12-09T15:15:36
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:15:15:36 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0"
2025-12-09T15:15:36
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:15:15:36 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0"
2025-12-09T15:15:34
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:15:15:34 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0"
2025-12-09T15:15:33
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:15:15:33 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0"But that does not really look like "debug" info to me, any ideas what I'm missing?
#6
General Discussion / Re: Zoraxy Reverse Proxy does not work with OPNsense
December 09, 2025, 01:28:54 PMQuote from: Monviech (Cedrik) on December 09, 2025, 01:02:20 PMShhhh use the caddy plugin on opnsense.
I think i actually was in that zoraxy thread in github.
For caddy all of that is figured out and you also have a nice GUI directly on the OPNsense.
Hi,
Thanks for the suggestion, but I'd prefer to stick with Zoraxy as it's working perfectly for my other services. Switching to Caddy just for OPNsense feels like avoiding the root cause rather than fixing it.
The issue seems to be lighttpd rejecting Zoraxy's requests with a 400 Bad Request, while direct curl access works fine?
Any ideas if my attempt for changing the lighttpd config was the correct file? Or any idea which specific headers could interfere here?
Also see this reply from the maintainer: https://github.com/tobychui/zoraxy/discussions/228#discussioncomment-12095120
According to this comment: https://github.com/opnsense/plugins/issues/4471#issuecomment-2602517275
It seems like Opnsense got a PR to disable HTTP/3, so this issue should be resolved now? Yet for zoraxy "the issue" still appears.
#7
General Discussion / Zoraxy Reverse Proxy does not work with OPNsense
December 09, 2025, 10:45:10 AM
Hi
So issue is between Zoraxy (Reverse Proxy written in Go) and OPNsense WebUI. Currently Zoraxy seems to work with most if not all sites except OPNSense.
When trying to add a HTTP Proxy for OPNsense there are a couple of options available:
- [] Allow plain HTTP access # Allow inbound connections without TLS/SSL
- [] Disable Requests Logging # Disable logging for all incoming requests for this hostname
- [] Disable Statistic Collection # Disable collecting statistics for this hostname but keep request logging
- [] Monitor Uptime # Enable active uptime monitor and auto disable upstreams that are offline
- [] Use Sticky Session # Enable stick session on load balancing
- [] Disable Chunked Transfer Encoding # Enable this option if your upstream uses a legacy HTTP server implementation (e.g. Proxmox / opencloud)
- [] Require TLS # Proxy target require HTTPS connection
- [] Skip Verification # Check this if proxy target is using self signed certificates
- [] Skip WebSocket Origin Check # Check this to allow cross-origin websocket requests
It's also possible to set/remove headers on zoraxy>client or zoraxy>origin
I've tried about every possible way and could not get it to work, I seem to be not the only one: https://github.com/tobychui/zoraxy/discussions/228
I've tried this suggestion: https://github.com/opnsense/plugins/issues/4471#issuecomment-2742109624 which did not work and also this one https://github.com/opnsense/plugins/issues/4471#issuecomment-2599639355 by adding the line
Here a curl output of the site:
Zoraxy does not seem to have an option to force a specific HTTP version, and as this is not neccessary for any other proxy setup in my homelab (50+ http proxies) I think there should be another way?
It would be very nice if we could get to the bottom of this, thanks!
So issue is between Zoraxy (Reverse Proxy written in Go) and OPNsense WebUI. Currently Zoraxy seems to work with most if not all sites except OPNSense.
When trying to add a HTTP Proxy for OPNsense there are a couple of options available:
- [] Allow plain HTTP access # Allow inbound connections without TLS/SSL
- [] Disable Requests Logging # Disable logging for all incoming requests for this hostname
- [] Disable Statistic Collection # Disable collecting statistics for this hostname but keep request logging
- [] Monitor Uptime # Enable active uptime monitor and auto disable upstreams that are offline
- [] Use Sticky Session # Enable stick session on load balancing
- [] Disable Chunked Transfer Encoding # Enable this option if your upstream uses a legacy HTTP server implementation (e.g. Proxmox / opencloud)
- [] Require TLS # Proxy target require HTTPS connection
- [] Skip Verification # Check this if proxy target is using self signed certificates
- [] Skip WebSocket Origin Check # Check this to allow cross-origin websocket requests
It's also possible to set/remove headers on zoraxy>client or zoraxy>origin
I've tried about every possible way and could not get it to work, I seem to be not the only one: https://github.com/tobychui/zoraxy/discussions/228
I've tried this suggestion: https://github.com/opnsense/plugins/issues/4471#issuecomment-2742109624 which did not work and also this one https://github.com/opnsense/plugins/issues/4471#issuecomment-2599639355 by adding the line
Code Select
server.http-parseopts = ( "method-get-body" => "enable" ) to the file: /usr/local/etc/lighttpd/lighttpd.conf I hope that's the correct one? Both of these suggested fixes did not work for zoraxy, I'm still getting the Bad request error:Here a curl output of the site:
Code Select
❯❯ curl -v https://opnsense.XXX.dev
* Host opnsense.XXX.dev:443 was resolved.
* IPv6: (none)
* IPv4: 10.10.20.9
* Trying 10.10.20.9:443...
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* Established connection to opnsense.XXX.dev (10.10.20.9 port 443) from XXX port 57877
* using HTTP/1.x
> GET / HTTP/1.1
> Host: opnsense.XXX.dev
> User-Agent: curl/8.16.0
> Accept: */*
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
* Request completely sent off
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Cache-Control: no-store, no-cache, must-revalidate
< Content-Length: 2789
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval';
< Content-Type: text/html; charset=UTF-8
< Date: Tue, 09 Dec 2025 09:10:56 GMT
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Pragma: no-cache
< Referrer-Policy: same-origin
< Server: OPNsense
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly; SameSite=Lax
< Set-Cookie: PHPSESSID=XXX; path=/; secure; HttpOnly
< Set-Cookie: cookie_test=XXX; expires=Tue, 09 Dec 2025 10:10:56 GMT; Max-Age=3600; path=/; secure; HttpOnly
< Strict-Transport-Security: max-age=31536000
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
<
<!doctype html>
<html lang="en-US" class="no-js">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="robots" content="noindex, nofollow" />
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta name="copyright" content="" />
<meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1" />
<meta name="mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-capable" content="yes">
<title>Login | OPNsense</title>
<link href="/ui/themes/rebellion/build/css/main.css?v=190a5ea47ddfe74a" rel="stylesheet">
<link href="/ui/themes/rebellion/build/images/favicon.png?v=190a5ea47ddfe74a" rel="shortcut icon">
<script src="/ui/js/jquery-3.5.1.min.js"></script>
<script src="/ui/js/theme.js?v=190a5ea47ddfe74a"></script>
<script>
$( document ).ready(function() {
$.ajaxSetup({
'beforeSend': function(xhr) {
xhr.setRequestHeader("X-CSRFToken", "lsIHDJMZv7fNwZEWS_S0Pw" );
}
});
});
</script>
</head>
<body class="page-login">
<div class="container">
<main class="login-modal-container">
<header class="login-modal-head" style="height:50px;">
<div class="navbar-brand">
<img src="/ui/themes/rebellion/build/images/default-logo.png?v=190a5ea47ddfe74a" height="30" alt="logo" />
</div>
</header>
<div class="login-modal-content">
<div id="inputerrors" class="text-danger"> </div><br />
<form class="clearfix" id="iform" name="iform" method="post" autocomplete="off"><input type="hidden" name="NqqKPVoCWf2rymUXMqttXQ" value="lsIHDJMZv7fNwZEWS_S0Pw" autocomplete="new-password" />
<div class="form-group">
<label for="usernamefld">Username:</label>
<input id="usernamefld" type="text" name="usernamefld" class="form-control user" tabindex="1" autofocus="autofocus" autocapitalize="off" autocorrect="off" />
</div>
<div class="form-group">
<label for="passwordfld">Password:</label>
<input id="passwordfld" type="password" name="passwordfld" class="form-control pwd" tabindex="2" />
</div>
<button type="submit" name="login" value="1" class="btn btn-primary pull-right">Login</button>
</form>
</div>
</main>
<div class="login-foot text-center">
<a target="_blank" href="https://opnsense.org/">OPNsense</a> (c) 2014-2025 <a target="_blank" href="https://www.deciso.com/">Deciso B.V.</a>
</div>
</div>
</body>
</html>
* Connection #0 to host opnsense.XXX.dev:443 left intact
Zoraxy does not seem to have an option to force a specific HTTP version, and as this is not neccessary for any other proxy setup in my homelab (50+ http proxies) I think there should be another way?
It would be very nice if we could get to the bottom of this, thanks!
#8
Hardware and Performance / Re: i-226-x weird problems back after opnsense updates
September 02, 2025, 06:49:00 PM
Awesome :)
#9
25.7, 25.10 Series / Re: Weird errors after update from 25.7 to 25.7.1
September 01, 2025, 11:34:51 AM
Yeah you are right.
For me the issue seems resolved, hopefully it does not re-appear.
Though as other seem to have the same problem, it may be quite unfortunate for all N100 users as it's quite a common device, no?
Let me know if I can provide any details.
For me the issue seems resolved, hopefully it does not re-appear.
Though as other seem to have the same problem, it may be quite unfortunate for all N100 users as it's quite a common device, no?
Let me know if I can provide any details.
#10
25.7, 25.10 Series / Re: Weird errors after update from 25.7 to 25.7.1
September 01, 2025, 08:01:33 AM
I did a fresh install which fixed the issues.
My SDD does not have issues, at least that's what smart data is telling me it's on about 3% wear and has passed the overall smart check.
As multiple people with N100 seem to have this issue right after/during the update to 25.7.2 this does not seem like a full hardware issue to me.
My SDD does not have issues, at least that's what smart data is telling me it's on about 3% wear and has passed the overall smart check.
As multiple people with N100 seem to have this issue right after/during the update to 25.7.2 this does not seem like a full hardware issue to me.
#11
25.7, 25.10 Series / Re: Weird errors after update from 25.7 to 25.7.1
August 31, 2025, 09:06:07 PM
Warning to anyone here, using opnsense-bootstrap renders the running installation unusable and manual reinstall is neccessary:
I will now manually reinstall the machine via usb-stick
Code Select
root@OPNsense:/home/tobias # sh opnsense-bootstrap.sh.in
Must specify an OPNsense release.
root@OPNsense:/home/tobias # sh opnsense-bootstrap.sh.in -r 25.7
This utility will attempt to turn this installation into the latest
OPNsense 25.7 release. All packages will be deleted, the base
system and kernel will be replaced, and if all went well the system
will automatically reboot.
Proceed with this action? [y/N]: y
fetch: https://github.com/opnsense/core/archive/stable/25.7.tar.gz: size of remote file is not known
/tmp/opnsense-bootstrap/core.tar.gz 11 MB 3878 kBps 03s
pkg: 163 packages installed
beep-1.0_2: already unlocked
boost-libs-1.88.0_1: already unlocked
brotli-1.1.0,1: already unlocked
ca_root_nss-3.115: already unlocked
choparp-20150613_1: already unlocked
cpdup-1.22_1: already unlocked
cpustats-0.1: already unlocked
curl-8.14.1: already unlocked
cyrus-sasl-2.1.28_5: already unlocked
cyrus-sasl-gssapi-2.1.28: already unlocked
dhcp6c-20250513: already unlocked
dhcrelay-1.0: already unlocked
dmidecode-3.6: already unlocked
dnsmasq-2.91_1,1: already unlocked
dpinger-3.3: already unlocked
easy-rsa-3.2.3,1: already unlocked
expat-2.7.1: already unlocked
filterlog-0.7_1: already unlocked
flock-2.37.2_1: already unlocked
flowd-0.9.1_5: already unlocked
gettext-runtime-0.23.1: already unlocked
glib-2.84.1_3,2: already unlocked
gmp-6.3.0: already unlocked
hostapd-2.11_3: already unlocked
hyperscan-5.4.2: already unlocked
icu-76.1,1: already unlocked
ifinfo-13.0_1: already unlocked
iftop-1.0.p4_1: already unlocked
indexinfo-0.3.1_1: already unlocked
isc-dhcp44-server-4.4.3P1_2: already unlocked
ivykis-0.43.2: already unlocked
jansson-2.14.1: already unlocked
jq-1.8.0: already unlocked
json-c-0.18: already unlocked
kea-2.6.3_1: already unlocked
krb5-1.21.3_1: already unlocked
ldns-1.8.4: already unlocked
libargon2-20190702_1: already unlocked
libcbor-0.12.0_2: already unlocked
libedit-3.1.20250104,1: already unlocked
libevent-2.1.12: already unlocked
libffi-3.5.1: already unlocked
libfido2-1.16.0: already unlocked
libiconv-1.17_1: already unlocked
libidn2-2.3.8: already unlocked
libinotify-20240724_2: already unlocked
libltdl-2.5.4: already unlocked
liblz4-1.10.0,1: already unlocked
libmcrypt-2.5.8_4: already unlocked
libnet-1.3,1: already unlocked
libnghttp2-1.66.0: already unlocked
libpfctl-0.15: already unlocked
libpsl-0.21.5_2: already unlocked
libsodium-1.0.19: already unlocked
libucl-0.9.2_1: already unlocked
libunistring-1.3: already unlocked
libuuid-2.41.1_1: already unlocked
libxml2-2.14.5: already unlocked
libyaml-0.2.5: already unlocked
lighttpd-1.4.79: already unlocked
log4cplus-2.1.2: already unlocked
lua54-5.4.8: already unlocked
lzo2-2.10_1: already unlocked
monit-5.35.2: already unlocked
mpd5-5.9_19: already unlocked
mpdecimal-4.0.1: already unlocked
nano-8.4: already unlocked
nettle-3.10.2: already unlocked
nspr-4.37: already unlocked
ntp-4.2.8p18_4: already unlocked
oniguruma-6.9.10: already unlocked
openldap26-client-2.6.10: already unlocked
openssh-portable-10.0.p1_1,1: already unlocked
openssl-3.0.17,1: already unlocked
openvpn-2.6.14: already unlocked
opnsense-installer-25.1: already unlocked
opnsense-lang-25.1.11: already unlocked
opnsense-update-25.7: already unlocked
os-dmidecode-1.2: already unlocked
os-telegraf-1.12.12_1: already unlocked
os-theme-rebellion-1.9.3: already unlocked
os-wol-2.5_1: already unlocked
p5-Error-0.17030: already unlocked
pam_opnsense-24.1: already unlocked
pcre2-10.45_1: already unlocked
perl5-5.40.2_2: already unlocked
pftop-0.13: already unlocked
php83-8.3.23: already unlocked
php83-ctype-8.3.23: already unlocked
php83-dom-8.3.23: already unlocked
php83-filter-8.3.23: already unlocked
php83-gettext-8.3.23: already unlocked
php83-mbstring-8.3.23: already unlocked
php83-pcntl-8.3.23: already unlocked
php83-pdo-8.3.23: already unlocked
php83-pear-1.10.13: already unlocked
php83-pecl-mcrypt-1.0.7: already unlocked
php83-pecl-radius-1.4.0b1_3: already unlocked
php83-phalcon-5.9.3: already unlocked
php83-phpseclib-3.0.46: already unlocked
php83-session-8.3.23: already unlocked
php83-simplexml-8.3.23: already unlocked
php83-sockets-8.3.23: already unlocked
php83-xml-8.3.23: already unlocked
php83-zlib-8.3.23: already unlocked
pkcs11-helper-1.29.0_3: already unlocked
pkg-1.19.2_5: already unlocked
py311-Babel-2.17.0_1: already unlocked
py311-Jinja2-3.1.6: already unlocked
py311-anyio-4.9.0: already unlocked
py311-async_generator-1.10_1: already unlocked
py311-attrs-25.3.0: already unlocked
py311-bottleneck-1.3.8_1: already unlocked
py311-certifi-2025.7.14: already unlocked
py311-cffi-1.17.1: already unlocked
py311-charset-normalizer-3.4.2: already unlocked
py311-h11-0.16.0: already unlocked
py311-h2-4.1.0_1: already unlocked
py311-hpack-4.0.0_1: already unlocked
py311-hyperframe-6.0.0_1: already unlocked
py311-idna-3.10: already unlocked
py311-ldap3-2.9.1_1: already unlocked
py311-markupsafe-3.0.2: already unlocked
py311-netaddr-1.3.0: already unlocked
py311-numexpr-2.11.0: already unlocked
py311-numpy-1.26.4_6,1: already unlocked
py311-outcome-1.3.0_2: already unlocked
py311-packaging-25.0: already unlocked
py311-pyasn1-0.6.0: already unlocked
py311-pyasn1-modules-0.4.1: already unlocked
py311-pycparser-2.22: already unlocked
py311-pylsqpack-0.3.22: already unlocked
py311-pysocks-1.7.1_1: already unlocked
py311-python-dateutil-2.9.0: already unlocked
py311-pytz-2025.2_1,1: already unlocked
py311-pyyaml-6.0.1_1: already unlocked
py311-requests-2.32.4: already unlocked
py311-six-1.17.0: already unlocked
py311-sniffio-1.3.1: already unlocked
py311-socksio-1.0.0_1: already unlocked
py311-sortedcontainers-2.4.0_1: already unlocked
py311-trio-0.30.0: already unlocked
py311-truststore-0.10.1: already unlocked
py311-typing-extensions-4.14.1: already unlocked
py311-tzdata-2025.2: already unlocked
py311-ujson-5.10.0_1: already unlocked
py311-urllib3-1.26.20,1: already unlocked
py311-vici-5.9.11_1: already unlocked
python311-3.11.13: already unlocked
radvd-2.20: already unlocked
readline-8.2.13_2: already unlocked
rrdtool-1.9.0_1: already unlocked
samplicator-1.3.8.r1_1: already unlocked
strongswan-5.9.14: already unlocked
sudo-1.9.17p1: already unlocked
syslog-ng-4.8.2_3: already unlocked
tailscale-1.86.4: already unlocked
telegraf-1.35.1: already unlocked
unbound-1.23.1: already unlocked
wol-0.7.1_5: already unlocked
wpa_supplicant-2.11_5: already unlocked
zip-3.0_4: already unlocked
zstd-1.5.7: already unlocked
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 163 packages (of 0 packages in the universe):
Installed packages to be REMOVED:
beep: 1.0_2
boost-libs: 1.88.0_1
brotli: 1.1.0,1
ca_root_nss: 3.115
choparp: 20150613_1
cpdup: 1.22_1
cpustats: 0.1
curl: 8.14.1
cyrus-sasl: 2.1.28_5
cyrus-sasl-gssapi: 2.1.28
dhcp6c: 20250513
dhcrelay: 1.0
dmidecode: 3.6
dnsmasq: 2.91_1,1
dpinger: 3.3
easy-rsa: 3.2.3,1
expat: 2.7.1
filterlog: 0.7_1
flock: 2.37.2_1
flowd: 0.9.1_5
gettext-runtime: 0.23.1
glib: 2.84.1_3,2
gmp: 6.3.0
hostapd: 2.11_3
hyperscan: 5.4.2
icu: 76.1,1
ifinfo: 13.0_1
iftop: 1.0.p4_1
indexinfo: 0.3.1_1
isc-dhcp44-server: 4.4.3P1_2
ivykis: 0.43.2
jansson: 2.14.1
jq: 1.8.0
json-c: 0.18
kea: 2.6.3_1
krb5: 1.21.3_1
ldns: 1.8.4
libargon2: 20190702_1
libcbor: 0.12.0_2
libedit: 3.1.20250104,1
libevent: 2.1.12
libffi: 3.5.1
libfido2: 1.16.0
libiconv: 1.17_1
libidn2: 2.3.8
libinotify: 20240724_2
libltdl: 2.5.4
liblz4: 1.10.0,1
libmcrypt: 2.5.8_4
libnet: 1.3,1
libnghttp2: 1.66.0
libpfctl: 0.15
libpsl: 0.21.5_2
libsodium: 1.0.19
libucl: 0.9.2_1
libunistring: 1.3
libuuid: 2.41.1_1
libxml2: 2.14.5
libyaml: 0.2.5
lighttpd: 1.4.79
log4cplus: 2.1.2
lua54: 5.4.8
lzo2: 2.10_1
monit: 5.35.2
mpd5: 5.9_19
mpdecimal: 4.0.1
nano: 8.4
nettle: 3.10.2
nspr: 4.37
ntp: 4.2.8p18_4
oniguruma: 6.9.10
openldap26-client: 2.6.10
openssh-portable: 10.0.p1_1,1
openssl: 3.0.17,1
openvpn: 2.6.14
opnsense-installer: 25.1
opnsense-lang: 25.1.11
opnsense-update: 25.7
os-dmidecode: 1.2
os-telegraf: 1.12.12_1
os-theme-rebellion: 1.9.3
os-wol: 2.5_1
p5-Error: 0.17030
pam_opnsense: 24.1
pcre2: 10.45_1
perl5: 5.40.2_2
pftop: 0.13
php83: 8.3.23
php83-ctype: 8.3.23
php83-dom: 8.3.23
php83-filter: 8.3.23
php83-gettext: 8.3.23
php83-mbstring: 8.3.23
php83-pcntl: 8.3.23
php83-pdo: 8.3.23
php83-pear: 1.10.13
php83-pecl-mcrypt: 1.0.7
php83-pecl-radius: 1.4.0b1_3
php83-phalcon: 5.9.3
php83-phpseclib: 3.0.46
php83-session: 8.3.23
php83-simplexml: 8.3.23
php83-sockets: 8.3.23
php83-xml: 8.3.23
php83-zlib: 8.3.23
pkcs11-helper: 1.29.0_3
pkg: 1.19.2_5
py311-Babel: 2.17.0_1
py311-Jinja2: 3.1.6
py311-anyio: 4.9.0
py311-async_generator: 1.10_1
py311-attrs: 25.3.0
py311-bottleneck: 1.3.8_1
py311-certifi: 2025.7.14
py311-cffi: 1.17.1
py311-charset-normalizer: 3.4.2
py311-h11: 0.16.0
py311-h2: 4.1.0_1
py311-hpack: 4.0.0_1
py311-hyperframe: 6.0.0_1
py311-idna: 3.10
py311-ldap3: 2.9.1_1
py311-markupsafe: 3.0.2
py311-netaddr: 1.3.0
py311-numexpr: 2.11.0
py311-numpy: 1.26.4_6,1
py311-outcome: 1.3.0_2
py311-packaging: 25.0
py311-pyasn1: 0.6.0
py311-pyasn1-modules: 0.4.1
py311-pycparser: 2.22
py311-pylsqpack: 0.3.22
py311-pysocks: 1.7.1_1
py311-python-dateutil: 2.9.0
py311-pytz: 2025.2_1,1
py311-pyyaml: 6.0.1_1
py311-requests: 2.32.4
py311-six: 1.17.0
py311-sniffio: 1.3.1
py311-socksio: 1.0.0_1
py311-sortedcontainers: 2.4.0_1
py311-trio: 0.30.0
py311-truststore: 0.10.1
py311-typing-extensions: 4.14.1
py311-tzdata: 2025.2
py311-ujson: 5.10.0_1
py311-urllib3: 1.26.20,1
py311-vici: 5.9.11_1
python311: 3.11.13
radvd: 2.20
readline: 8.2.13_2
rrdtool: 1.9.0_1
samplicator: 1.3.8.r1_1
strongswan: 5.9.14
sudo: 1.9.17p1
syslog-ng: 4.8.2_3
tailscale: 1.86.4
telegraf: 1.35.1
unbound: 1.23.1
wol: 0.7.1_5
wpa_supplicant: 2.11_5
zip: 3.0_4
zstd: 1.5.7
Number of packages to be removed: 163
The operation will free 1 GiB.
[1/163] Deinstalling rrdtool-1.9.0_1...
[1/163] Deleting files for rrdtool-1.9.0_1: 0%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdcached
[1/163] Deleting files for rrdtool-1.9.0_1: 4%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdcreate
[1/163] Deleting files for rrdtool-1.9.0_1: 8%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdinfo
[1/163] Deleting files for rrdtool-1.9.0_1: 12%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdtool
[1/163] Deleting files for rrdtool-1.9.0_1: 16%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdupdate
[1/163] Deleting files for rrdtool-1.9.0_1: 20%
rrdtool-1.9.0_1: missing file /usr/local/etc/rc.d/rrdcached
[1/163] Deleting files for rrdtool-1.9.0_1: 25%
rrdtool-1.9.0_1: missing file /usr/local/include/rrd.h
[1/163] Deleting files for rrdtool-1.9.0_1: 29%
rrdtool-1.9.0_1: missing file /usr/local/include/rrd_client.h
[1/163] Deleting files for rrdtool-1.9.0_1: 33%
rrdtool-1.9.0_1: missing file /usr/local/include/rrd_format.h
[1/163] Deleting files for rrdtool-1.9.0_1: 37%
rrdtool-1.9.0_1: missing file /usr/local/lib/librrd.a
[1/163] Deleting files for rrdtool-1.9.0_1: 41%
rrdtool-1.9.0_1: missing file /usr/local/lib/librrd.so
[1/163] Deleting files for rrdtool-1.9.0_1: 45%
rrdtool-1.9.0_1: missing file /usr/local/lib/librrd.so.8
[1/163] Deleting files for rrdtool-1.9.0_1: 50%
rrdtool-1.9.0_1: missing file /usr/local/lib/librrd.so.8.3.0
[1/163] Deleting files for rrdtool-1.9.0_1: 54%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/RRDp.pm
[1/163] Deleting files for rrdtool-1.9.0_1: 58%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/mach/5.40/RRDs.pm
[1/163] Deleting files for rrdtool-1.9.0_1: 62%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/mach/5.40/auto/RRDp/.packlist
[1/163] Deleting files for rrdtool-1.9.0_1: 66%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/mach/5.40/auto/RRDs/.packlist
[1/163] Deleting files for rrdtool-1.9.0_1: 70%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/mach/5.40/auto/RRDs/RRDs.so
[1/163] Deleting files for rrdtool-1.9.0_1: 75%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/man/man3/RRDp.3.gz
[1/163] Deleting files for rrdtool-1.9.0_1: 79%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/man/man3/RRDs.3.gz
[1/163] Deleting files for rrdtool-1.9.0_1: 83%
rrdtool-1.9.0_1: missing file /usr/local/libdata/pkgconfig/librrd.pc
[1/163] Deleting files for rrdtool-1.9.0_1: 87%
rrdtool-1.9.0_1: missing file /usr/local/share/licenses/rrdtool-1.9.0_1/GPLv2
[1/163] Deleting files for rrdtool-1.9.0_1: 91%
rrdtool-1.9.0_1: missing file /usr/local/share/licenses/rrdtool-1.9.0_1/LICENSE
[1/163] Deleting files for rrdtool-1.9.0_1: 95%
rrdtool-1.9.0_1: missing file /usr/local/share/licenses/rrdtool-1.9.0_1/catalog.mk
[1/163] Deleting files for rrdtool-1.9.0_1: 100%
pkg: sqlite error while executing DELETE FROM packages WHERE id = 1508; in file pkgdb.c:2296: database disk image is malformed
root@OPNsense:/home/tobias #I will now manually reinstall the machine via usb-stick
#12
25.7, 25.10 Series / Re: Weird errors after update from 25.7 to 25.7.1
August 28, 2025, 11:38:47 AM
Hi Franco,
So what are we supposed to do?
I see other people having the same issue, so there seems to be something broken.
Can we fix the db or examine this further?
So what are we supposed to do?
I see other people having the same issue, so there seems to be something broken.
Can we fix the db or examine this further?
#13
25.7, 25.10 Series / Re: Weird errors after update from 25.7 to 25.7.1
August 27, 2025, 09:33:09 PM
seems like the db is corrupt, can we fix it or will this be fixed upstream?
#14
25.7, 25.10 Series / Re: Weird errors after update from 25.7 to 25.7.1
August 25, 2025, 11:35:31 AM
Is any more details needed?
Can I somehow correct that db, or what is the cause of this?
Can I somehow correct that db, or what is the cause of this?
#15
25.7, 25.10 Series / Re: 25.7 upgrade from GUI error to 25.7.2
August 25, 2025, 08:35:19 AM
Feel free to follow this thread: https://forum.opnsense.org/index.php?topic=48365.0
