Messages

I've just applied the latest patch, rebooted and for a while it was all good. After an hour of usage, suddenly I notice very high CPU usage on the hostwatch service.



I'm just stopping this service until they figure it out because it's clearly giving a lot of issues at the moment.

Nothing is going to be worse, just disable it.

Interfaces: Neighbors: Automatic Discovery

It fills in a missing feature people coming from consumer routers like Fritzbox got used to and frequently demanded: show an overview of all devices in my network.

More useless garbage that we didn't ask for..... Why can't this be a plugin that those folks can install separately and not brick our routers.... I have a 16Gig hostwatch log this morning, lose gui, forced to restart to recover...  Definitely not a professional group here....

Yep, that new feature broke my WebUI because it filled up the storage completely ( /var/log/hostwatch/hostwatch_20260116.log was more than 100 Gigs).

People reporting high CPU usage with this update is probably related to this also.
Here is the explanation -> https://github.com/opnsense/hostwatch/issues/8

The question is, did something change?

The only thing that I've changed recently was the OPNsense firmware. I've been using WireGuard + AdGuard without any issues for several months.

The problem is / was probably present before.

Well, that's very strange. I've been using this firewall with Wireguard for a very long time without any issues after rebooting. But since the last update, every single time I've rebooted, wg clients could no longer connect, unless I disabled and re-enabled the service.

The "Renew DNS for Wireguard..." cron job didn't fix it for me (maybe I did something wrong). The script I posted works fine and it acts right after finishing the reboot process.

Could your issue be related to this?

[/usr/local/opnsense/scripts/wireguard/wg-service-control.php: The command </usr/bin/wg syncconf 'wg1' '/usr/local/etc/wireguard/wg1.conf'> returned exit code 1 and the output was "Name does not resolve: `DNS_NAME:PORT' Configuration parsing error"]

I have a WireGuard server running on my OPNsense firewall. After the last update (25.7.9) none of the WG clients could connect to the server. I checked the log and this is what it said:

/usr/local/opnsense/scripts/wireguard/wg-service-control.php: The command </usr/bin/wg syncconf 'wg1' '/usr/local/etc/wireguard/wg1.conf'> returned exit code 1 and the output was "Name does not resolve: `DNS_NAME:PORT' Configuration parsing error"



I censored the DNS names. I have 2 errors because I have 2 configurations/2 DNS.

Disabling and re-enabling WireGuard from the GUI fixed the problem.

To temporarily fix the issue I had to do the following:

1. Log into the firewall through ssh.

2. Create the script file:

Code Select Expand

nano /usr/local/etc/rc.syshook.d/start/99-wireguard-restart
3. Input this text in the file:

Code Select Expand

#!/bin/sh

# Wait for WAN + DNS (AdGuard/Unbound) to be ready

sleep 10

# Fully restart all WireGuard instances (same effect as GUI Enable/Apply)

/usr/local/bin/php /usr/local/opnsense/scripts/wireguard/wg-service-control.php -a restart

exit 0

4. Add execution rights to the file:

Code Select Expand

chmod +x /usr/local/etc/rc.syshook.d/start/99-wireguard-restart

I suppose this issue is caused by an improper order in the execution of certain services.