Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - franco

#1
Hey and welcome,

Haven't had any complaints on 6RD for a while now so this is a bit unexpected.

Not sure why LAN would have a default route. Easiest first check is System: Gateways: Configuration and see the auto-generated gateway for 6RD which needs to be marked as "Upstream Gateway".

Does a LAN gateway exist there?


Cheers,
Franco
#3
Announcements / OPNsense 25.1.10 released
July 01, 2025, 12:08:04 PM
Hey,

We are getting close to 25.7.  In fact, the release date is July 23.
As such minimal changes are going into this stable release for the
usual reasons.

Expecting a quick release candidate in two weeks while we piece together
the individual changes that will make the next release series a distinct
step forward: privilege separation capability, latest and greatest FreeBSD
related updates, easier than ever MVC programming experience, a new UI
grid framework named Tabulator etc.

Here are the full patch notes:

o system: reduce future maintenance load in privilege separation efforts
o interfaces: remove unused "friendly" value from get_interface_list()
o interfaces: fix escaping in refactored bridge code
o interfaces: fix bridge SPAN support
o interfaces: add update mode to ifctl
o firewall: fix issue with event binding in rule automation page
o dnsmasq: implement domain type to select between adding domain to range or interface
o dnsmasq: dhcp-host are allowed to have duplicate partial IPv6 addresses
o unbound: improve the chroot mounting code to avoid excessive (un)mount calls
o lang: update language translations to their latest state
o mvc: eventually phase out getCurrentValue() in favour of getValue()
o plugins: os-caddy 2.0.2
o ports: libxml2 fixes for recent CVEs
o ports: nss 3.113
o ports: phpseclib 3.0.46
o ports: py-duckdb 1.3.1
o ports: sudo 1.9.17

Stay safe and cool,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/blob/stable/25.1/www/caddy/pkg-descr
[2] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_113.html
[3] https://github.com/duckdb/duckdb/releases/tag/v1.3.1
[4] https://www.sudo.ws/stable.html#1.9.17
#4
Given the fact that OpenVPN has always been very pedantic about that particular input I think all there is left to do here is add the correct validation?


Cheers,
Franco
#5
General Discussion / Re: bridge span port
July 01, 2025, 10:05:56 AM
It's a bug we're fixing today in 25.1.10.


Cheers,
Franco
#6
The base isn't the problem. The real problem is that your packages are stuck at 24.1 while the base and kernel successfully upgraded to 24.7.

You can try this instead:

# opnsense-bootstrap -r 24.7


Given the critical nature of a major OS upgrade underneath from FreeBSD 13 to 14 consider the possibility that may not be successful since the first attempt also failed. Likely for reasons of third party plugins installed or manual ports installs. Unfortunately these things get complicated quickly.


Cheers,
Franco
#7
General Discussion / Re: Authentik SSO
June 25, 2025, 10:36:56 AM
Hi,

At the moment it's not planned, but it's not set in stone either. The plugin hooks are open so contributions to community edition for other SSOs are also possible.


Cheers,
Franco
#8
General Discussion / Re: Authentik SSO
June 24, 2025, 12:43:20 PM
OIDC will be supported starting with the 25.10 business edition.


Cheers,
Franco
#9
There's four main reasons:

1. netdata is community scope
2. the plugin was last updated years ago in OPNsense 22.7.1
2. the netdata error reported is not helpful
3. netdata port in FreeBSD likely broke this and an update was made there already although the problem scope is still unclear because of 1+2+3

opnsense-revert should work on an older netdata package or 25.1.10 will fix it when the FreeBSD port is correctly fixed again. Worse case someone needs to make an effort to update the plugin to whatever it was that netdata broke in a 3 year old plugin...


Cheers,
Franco
#10
I don't think these changes from 25.1.9 caused this to start working, but we did do a few things in earlier 25.1.x to improve the default gateway switching amongst others.


Cheers,
Franco
#11
Your installation appears to be quite broken as if the core package was partially uninstalled likely following the use of the FreeBSD package repository. Unfortunately it may have also scrubbed your subscription awareness so reinstalling is probably the fastest approach with an image from https://opnsense-update.deciso.com/


Cheers,
Franco
#12
Announcements / Re: OPNsense 25.1.9 released
June 20, 2025, 01:51:17 PM
A hotfix release was issued as 25.1.9_2:

o system: fix route status removal buttons
o openvpn: fix server deletion in legacy page
#13
I think so. And iflib in FreeBSD allows easy deployment of a multi-threaded driver like the infamously pulled WireGuard implementation.


Cheers,
Franco
#14
The old version should work as discussed.

It could be a bug in conjunction with the FreeBSD code and fixed there, but that would require some developer being interested and I still doubt Intel should cause bricking OS boots because of their microcode changes.

My assumption is this will disappear in the next microcode update not to be spoken off again.


Cheers,
Franco
#15
I've been seeing these reports and I don't even know what should have caused them in the first place. The last Tailscale plugin change was in 25.1.

Tailscale upstream software updates in:

25.1.6: 1.82.5
25.1.5: 1.82.0
25.1.4: 1.80.3
25.1.3: 1.80.2
25.1.1: 1.80.0

but not in .7, .8. and .9 which correlates more with reports that this starts being problematic.


Cheers,
Franco