Messages

Hi group,
I've been working on a new Opnsense firewall for my home network.. I had many install challenges getting the basic install working . I am interested in ideas on setting it up for best protection of my home network. So far I have Zenarmor and GEOIP blocking installed and working. Thoughts on intrusion protection and adding Clamav to the firewall.  Firewall is a Protectli FW6D with 6 network interfaces. So far only the WAN and LAN are configured. System has 16 Gb of Ram and 500 Gig of storage in a M2 SATA drive.
What is the general consensus of what I should install additionally to give me peace of mind in protecting my home network?
any comments welcome.

Thanks
Larry

Unit is a Protectli FW6d
\Intel i5 8250U Quad Core with Hyperthreading (8 threads) at up to 3.4GHz (turbo boost)
Also running ZFS
Larry

Success update:

After several reinstalls last one was successful. Not sure what made it work only it does now
Any insight to why this was such a painful and long process?

Larry

more update:
  on console i tried a show panic
got  mountroot unable to (re-) mount root.

Where to go from here

Update:

Tried to do update again. Looked good so far lots of stuff upgraded no problem at this point . then checked for updates system may have missed . only Base and kernal both came up. I told it to update then system again rebooted in middle but this time system is corrupted and will not boot up into operating system anymore
Pulling out hair at this point

LArry

Just tried a fresh install.  Install went fine. Then I went to update the system. obviously it found many to update.
on the first update when working on extracting first file it crashed and rebooted. tried again same result. Note: same behavior when I tried to update first installation to 27.7.3
Any Ideas??

Here is a sampling of what I found
The .35 address is my computer no other devices on this LAN
All the errors have the same no active user etc.

2025-09-13T16:38:52Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:52Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:51Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:51Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:40Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:38Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:38Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:28Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:38:28Errorauditno active session, user not found (called "/favicon.ico" @ 192.168.1.35)
2025-09-13T16:37:58Errorauditno active session, user not found (called "/ui/core/dashboard" @ 192.168.1.35)
2025-09-13T16:37:50Errorauditno active session, user not found (called "/api/diagnostics/system/system_time" @ 192.168.1.35)
2025-09-13T16:37:50Errorauditno active session, user not found (called "/api/diagnostics/traffic/interface" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/routing/settings/search_gateway" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/core/service/search" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/diagnostics/system/system_time" @ 192.168.1.35)
2025-09-13T16:37:40Errorauditno active session, user not found (called "/api/diagnostics/traffic/interface" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/routing/settings/search_gateway" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/core/service/search" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/diagnostics/system/system_resources" @ 192.168.1.35)
2025-09-13T16:37:31Errorauditno active session, user not found (called "/api/diagnostics/system/system_time" @ 192.168.1.35)

Tried to upgrade to 25.7.3  . each time when the status shows as follows


Installed packages to be UPGRADED:
   opnsense: 25.7.2 -> 25.7.3_7 [OPNsense]
   os-sensei: 2.0.7 -> 2.0.8 [SunnyValley]

Number of packages to be upgraded: 2
[1/2] Upgrading os-sensei from 2.0.7 to 2.0.8...
[1/2] Extracting os-sensei-2.0.8: .........

then unit reboots and doesn't complete upgrade

Tried to do upgrade multiple times with no success

Any ideas on why this is happening

?

Larry

Yes I figured it out. I missed the box to show community plug ins . So simple but I missed it. Thanks for listening.

LArry

I have been trying to install Adguard 
first added the repository with the command   fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
then did a pkg update command. got following response

root@OPNsense:~ # pkg update
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.

all seemed fine till I went to the opnsense GUI and looked for it in plugins .  no joy. I tried a reboot nothing I tried to repeat still no evidence of Adguard and it cannot be found.  AS I am fairly new I am probably missing something

Any ideas welcome

Thanks
regards
Larry

Too Soon to rejoice!
OS updated fine but Clamav and Zenarmor doesn't seem to be able to update.

Here is a log message I got from Clamav after update failed

Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: Connection refused

Larry

Success I believe,

So after much surfing internet I went in and created a gateway entry for the admin interface. Now updating seems to work so far. I've been able to upgrade OS to  24.7..1. Next is to see if I can upgrade Zenarmor and ClamAV.



More to come

LArry

Observation
Looks like OPNsense cannot reach internet. From the console shell I cannot ping any outside address i.e 8.8.4.4 DNS server. Using the GUI to do a ping it also fails. OPNsense is in transparent bridge mode  so I think there is a configuration issue. Computers on the lan network behind the OPNsense work.

Larry

I tried to check for updates and got error cannot update repositories

Any Ideas?

Thanks in advance
LArry

https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/sets/changelog.txz: Host does not resolve
Updating OPNsense repository catalogue...
pkg: https://mirrors.dotsrc.org/opnsense/FreeBSD:13:amd64/24.1/latest/meta.txz: No address record
repository OPNsense has no meta file, using default settings
pkg: https://mirrors.dotsrc.org/opnsense/FreeBSD:13:amd64/24.1/latest/packagesite.pkg: No address record
pkg: https://mirrors.dotsrc.org/opnsense/FreeBSD:13:amd64/24.1/latest/packagesite.txz: No address record
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:13:amd64/24.1/${SUBSCRIPTION}/meta.txz: No address record
repository SunnyValley has no meta file, using default settings
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:13:amd64/24.1/${SUBSCRIPTION}/packagesite.pkg: No address record
pkg: https://updates.zenarmor.com/opnsense/FreeBSD:13:amd64/24.1/${SUBSCRIPTION}/packagesite.txz: No address record
Unable to update repository SunnyValley
Error updating repositories!

Thanks Got it working

Larry