Messages

Code Select Expand

root@OPNsense:~ # pluginctl -g OPNsense.Interfaces.settings
{
    "@attributes": {
        "version": "0.0.0",
        "persisted_at": "1769701369.97",
        "description": "Global interface settings"
    },
    "disablechecksumoffloading": "1",
    "disablesegmentationoffloading": "1",
    "disablelargereceiveoffloading": "1",
    "disablevlanhwfilter": "1",
    "disableipv6": "0",
    "dhcp6_norelease": "0",
    "dhcp6_debug": "0",
    "dhcp6_duid": "",
    "dhcp6_ratimeout": "10"
}
root@OPNsense:~ # pluginctl -m
*** OPNsense\Interfaces\Settings migration failed from 0.0.0 to 1.0.0, check log for details
I've checked the system logs for errors around the time of the upgrade and there is nothing relating to "migration".

Well that was quite a scary upgrade!

Luckily I had a snapshot but foolishly overwrote the snapshot with another attempt at an upgrade.

Franco, you are quite right, I do have Zenarmor installed but don't use Suricata.

The interfaces that netmap_transmit was flooding the logs alternate between igc3 and igc5. Just so happened to be the ones Zenarmor protect.

After the upgrade, I managed to access the UI from another interface and checked Zenarmor. It was complaining that I seem to have enabled hardware offload - I can guarantee I hadn't!

Anyway, what fixed everything was changing "VLAN Hardware Filtering" from "Leave default" to "Disable VLAN Hardware Filtering"

Continuous

netmap_transmit igc3 drop but that needs checksum

I've just completed the 26.1 upgrade from the last version of OPNsense.

I watched the first reboot by checking ping responses and then reconnected to the UI.

Shortly after I have lost all connectivity, even when sat on the same LAN. SSH is not responding.

I assume this is firewall rule related. How can I reset the rules from console to restore access?

I just got this rather scary message during the update to 25.7.6. The update appeared to stop.

I couldn't log in at the console, I got this error:

Password:
sh: /usr/local/libexec/opnsense-auth: not found
Login incorrect

The GUI then gave a 404 error.

After a couple of minutes it sprang back into life.

I've never seen this behaviour before - is it expected?

The update appears to have now completed successfully, as far as I can tell.

I had the same "Danger. Unexpected error, check log for details" error but when I refreshed the OPNsense main dashboard page, version updated to 25.7.6 and a check for updates came back with "There are no updates available on the selected mirror".

I am reluctant to reboot in case I'm left with a broken OPNsense.

Is there anything I can check to ensure a reboot will succeed?

Just checked the other way by configuring only "Register domain feeds" and unticking all in "Type of DNSBL".

Now the "Size of blocklist" number does change. I assume that this number should tally with the number reported on TIP?

E.g. with no other blocklists ticked, the size of blocklist number is 358,597. However, the previous count from TIP is 438,574 and current is 539,551 using the numbers from my current plan (free edition).

There seems to be an anomally.

Installed, registered and now have blocked information in the widget. Nice and slick :-)

One question though. I've ticked the box to register domain feeds after confirming Unbound has blocklists enabled. Am I supposed to see a q-feeds specific blocklist appear in the "Type of DNSBL" drop-down?

If so, there's nothing there for q-feeds, just the default. I've tried disable/enable blocklist, Unbound restart, and uncheck/check of "register domain feeds".

Hi RutgerDiehard,

No you're not supposed to see our list in that dropdown. If both are activated (in our plugin and blocklists in general in unbound) then the list is active. You can verify by checking the number of IOCs in the Unbound report. It might be something we will improve later on though ;)

Thanks for the quick reply :-)

I assume you mean by looking at the "Size of blocklist" in the Unbound DNS report?

If I untick "Register domain feeds" in q-feeds and recheck the "Size of blocklist" number, it does not change.

Is this correct or am I looking in the wrong place?

Installed, registered and now have blocked information in the widget. Nice and slick :-)

One question though. I've ticked the box to register domain feeds after confirming Unbound has blocklists enabled. Am I supposed to see a q-feeds specific blocklist appear in the "Type of DNSBL" drop-down?

If so, there's nothing there for q-feeds, just the default. I've tried disable/enable blocklist, Unbound restart, and uncheck/check of "register domain feeds".

I have OPNsense continuously open in a tab in my browser and regularly check logs, Zenarmor live sessions and dive in for general tweaking.

I also have my OS theme change depending on the time of day; dark at night, light during the day. Generally, all my sites will follow suite such as Facebook, Unifi, Portainer etc. etc. It would be awesome if OPNsense was able to follow the OS or browser theme automatically.

I imagine it would work by choosing a "Light" theme in Settings -> General and an opposing "Dark" theme. A toggle button would then allow "Automatic" adjustment based on system settings.

For me, this would complete an otherwise excellent product. Would love to hear others thoughts on this.

Yes, I see the same after upgrading to 25.7; nothing in Reporting -> Insight at all.

This is what worked for me:

Code Select Expand

ifctl -6pi pppoe0

OPNsense updates just offered a Netdata update which I installed. When I attempt to access Netdata on http://[IP]:19999, I get "File does not exist, or is not accessible:" message.

I've tried removing and then reinstalling with the same result.

Not had any issues with Netdata previously so I assume it's the update that's broken it.

Stumbled across another thread with similar sounding symptoms which has been fixed by an update here https://github.com/opnsense/core/issues/8797

I applied the fix, removed a device from a network and connected to another. Then reconnected the device back to the original network. Now when I check Adguard Home/nslookup the host has the correct DNS name.

Looks like this fixes the issue I'm experiencing!

I do have to connect to a new network, then change back to the original for DNS to reflect the correct host.domain name. Simply resetting the network adapter does not work.

Is there a way of removing all current hosts registered via DHCP6 so when they renew their addresses, they will automatically register the correct domain?

Sounds like this may also apply to my issue here https://forum.opnsense.org/index.php?topic=47488.0

Is it worth trying the patch to see?