"This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
26.1 Series / IPFire Domain Blocklist ( Suricata - Unbound - Adguard )
February 11, 2026, 06:39:20 PM #2
25.7, 25.10 Series / Feature request: Maxmind + IPinfo
October 08, 2025, 04:17:16 PM
I've had Maxmind's GeoIP lists configured for a while, and when I updated Opnsense today, I was able to configure the IPinfo lists. The problem is that when configuring them, I can't have both; I have to choose one. Maxmind's lists have been problematic for a while, so I've left the new IPinfo ones. I'm wondering if it's possible to configure Maxmind and IPinfo in Opnsense.
#4
Web Proxy Filtering and Caching / Dnscrypt plugin does not update
June 20, 2025, 03:16:55 PM
I've mentioned this before but I keep seeing it remains unresolved. I must say I don't know how the plugin update system works in OPNsense or who's responsible for this work. As of today, the dnscrypt plugin in OPNsense works with version 2.1.5, but I'm seeing version discrepancies across different sources.
In the OPNsense plugin repository, it has version 1.15 integrating dnscrypt-proxy 2.1
https://github.com/opnsense/plugins/blob/master/dns/dnscrypt-proxy/pkg-descr
In the FreeBSD repositories, dnscrypt has version 2.1.5_13 updated on June 6, 2025.
https://www.freshports.org/dns/dnscrypt-proxy2/
And on the official Dnscrypt website on GitHub, they're already at version 2.1.12, which is what OPNsense should have.
https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.1.12
The funny thing is that on dnscrypt's GitHub, the program is available for FreeBSD, so it would be appreciated if it could be updated either on FreeBSD or directly on Opnsense.
In the OPNsense plugin repository, it has version 1.15 integrating dnscrypt-proxy 2.1
https://github.com/opnsense/plugins/blob/master/dns/dnscrypt-proxy/pkg-descr
In the FreeBSD repositories, dnscrypt has version 2.1.5_13 updated on June 6, 2025.
https://www.freshports.org/dns/dnscrypt-proxy2/
And on the official Dnscrypt website on GitHub, they're already at version 2.1.12, which is what OPNsense should have.
https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.1.12
The funny thing is that on dnscrypt's GitHub, the program is available for FreeBSD, so it would be appreciated if it could be updated either on FreeBSD or directly on Opnsense.
#5
25.1, 25.4 Legacy Series / PPPoE Pfsense
May 05, 2025, 04:04:45 PM #6
25.1, 25.4 Legacy Series / Opnsense 25.1.4 update dnscrypt
March 26, 2025, 05:11:14 PM
Upgrading to 25.1.4 also installs a dnscrypt update, however you are still on version 2.1.5 when the latest version is 2.1.7 released last January. As I commented recently in another post I am interested in this last version because it supports the ODOH protocol for dns, not having it I have to modify by hand the dnscrypt configuration file with the result that it works. The problem is that by doing the modification through ssh and not through the dnscrypt interface in opnsense the changes do not survive a reboot. An update of dnscrypt to version 2.1.7 would be appreciated.
#7
Web Proxy Filtering and Caching / Support for Oblivious DNS in DNScrypt
March 05, 2025, 01:23:52 AM
DNScrypt supports Cloudflare's DNS under the ODOH protocol and Relay is required to configure them. DNSCrypt Servers and DNS-over-HTTPS Servers can be configured in the DNScrypt interface, but ODOH Servers cannot be configured.
Following this tutorial https://forums.serverbuilds.net/t/guide-adguard-home-unbound-dnscrypt-under-opnsense-part-2/13271 the Cloudflare ODOH DNS with their respective Relays work correctly. The problem is that when restarting Opnsense all modifications are lost and the dnscrypt-proxy.toml file has to be modified again via SSH.
Following this tutorial https://forums.serverbuilds.net/t/guide-adguard-home-unbound-dnscrypt-under-opnsense-part-2/13271 the Cloudflare ODOH DNS with their respective Relays work correctly. The problem is that when restarting Opnsense all modifications are lost and the dnscrypt-proxy.toml file has to be modified again via SSH.
#8
24.7, 24.10 Legacy Series / Hbsdfw
December 23, 2024, 05:33:39 PM
I know this is not the right place to discuss this topic, but I can't locate the developer. I have installed the latest ISO of hbsdfw, and it doesn't come with any plugins to install. I have tried changing repositories, although I may have done it wrong, and I can't manage it. My question is whether it is possible to install the Opnsense plugins in that version.
#9
Zenarmor (Sensei) / Unsatisfactory TLS inspection.
November 05, 2024, 05:37:30 PM
I am testing the SSE version of Zenarmor and I am having problems accessing various websites of different types with TLS inspection enabled. There are times when it works fine but suddenly it stops loading the page and you can not access, to access that particular website you have to wait a few minutes trying again and then it is allowed, meanwhile you can not access any other website because the same thing happens. When the above is solved for a while everything works normally but soon happens again. When not being able to access the browser gives DNS error but I doubt very much that this is the problem.
#10
Zenarmor (Sensei) / zenoverlay vpn interface
October 27, 2024, 12:59:40 PM
Reviewing my interfaces in Opnsense I found a new one that may have been around for a while but I hadn't seen it until now called zenoverlay vpn and I think it is related to zenarmor and its monitoring of the wireguard interface. I have searched for information about it and have not found anything so I don't know if it is necessary to activate it or not and what it is for.
#11
Zenarmor (Sensei) / 1.18 Wireguard is disconnected
October 24, 2024, 09:06:09 PM
With the new update zenarmor prevents the wireguard connection, disabling the WG interface in zenarmor solves the problem, if you re-enable wireguard it connects but after a few minutes it disconnects again. All this can be seen in the Opnsense widget:
#12
24.7, 24.10 Legacy Series / 24.7.6 worrying comment.
October 09, 2024, 05:21:42 PM
Valuable feedback and code changeshave come from this process that will also find their way into otherrelated projects in the near future.
Let's hope that this is not a new 'Pfsense case' and that the free version of Opnsense will be maintained under the current conditions.
Let's hope that this is not a new 'Pfsense case' and that the free version of Opnsense will be maintained under the current conditions.
#13
24.7, 24.10 Legacy Series / 24.7.1 perfect
August 08, 2024, 04:07:36 PM
A long awaited update from my side, many thanks to franco for his work.
Clean install 24.7
Update to 24.7.1 perfect
Some components of the update took a long time to update but everything is fine.
Clean install 24.7
Update to 24.7.1 perfect
Some components of the update took a long time to update but everything is fine.
#14
Virtual private networks / Port Shadow Attack Allows VPN Traffic Interception, Redirection
July 19, 2024, 06:05:40 PM #15
Intrusion Detection and Prevention / Hyperscan Proprietary Licensed Software
May 12, 2024, 05:11:18 PM
Intel Takes Open-Source Hyperscan Development To Proprietary Licensed Software:
https://www.phoronix.com/news/Intel-Hyperscan-Now-Proprietary
https://www.phoronix.com/news/Intel-Hyperscan-Now-Proprietary
#16
24.1, 24.4 Legacy Series / Pfsense leaves FreeBSD for Linux
April 01, 2024, 03:50:48 PM #17
24.1, 24.4 Legacy Series / Changes in the update of GeoIP databases
March 13, 2024, 04:56:13 PM
https://www.reddit.com/r/opnsense/comments/1bchr5v/maxmind_transition_to_r2_presigned_urls/
https://dev.maxmind.com/geoip/updating-databases?utm_campaign=R2%20presigned%20URLs&utm_medium=email&_hsmi=297747371&utm_content=297747371&utm_source=hs_email#directly-downloading-databases
https://github.com/maxmind/geoipupdate/issues/290
https://dev.maxmind.com/geoip/updating-databases?utm_campaign=R2%20presigned%20URLs&utm_medium=email&_hsmi=297747371&utm_content=297747371&utm_source=hs_email#directly-downloading-databases
https://github.com/maxmind/geoipupdate/issues/290
#18
Zenarmor (Sensei) / High ram consumption Zenarmor 1.16.1
January 05, 2024, 03:08:30 PM
Mini-pc Opnsense 8 GB ram
Suricata deactivated
With version 1.16 I had 55% of ram memory used and with the new version 1.16.1 I am now using 80 - 85% of ram memory used.
Suricata deactivated
With version 1.16 I had 55% of ram memory used and with the new version 1.16.1 I am now using 80 - 85% of ram memory used.
#19
Intrusion Detection and Prevention / Suricata in Wan does not work with ppoe
December 19, 2023, 06:27:51 PM
So far I had Suricata working correctly on Wan but I have changed internet provider and use ppoe. I have created the corresponding ppoe VLAN assigned to Wan and I have configured the Wan interface with ppoe with user - password. In interface assignments I have assigned the VLAN ppoe created earlier to Wan. With this configuration I have access to the internet without any problems. The problem is that Suricata in Wan does not work even if I put the Wan ip that I have assigned something that before if it worked perfectly, with that it does not work I mean that it does not block absolutely nothing, it is as if it did not recognise the interface. So that it recognizes it in interface assignments I have to put Wan in igb xxxxxx and create a new virtual interface for ppoe.
#20
23.7 Legacy Series / Native/Emulated Mode Netmap
September 06, 2023, 02:08:34 PM
Mini-Pc Opnsense 23.7.3
-Wireguard
-Suricata ( Wan )
-Zenarmor ( Routed mode L3 native Netmap ) Lan + LAGG
Interfaces ( Igb ):
-Wan
-Lan
-Wg
-LAGG
Access to Opnsense via SSH: sysctl -a |grep netmap
Native Netmap does not work.
-Wireguard
-Suricata ( Wan )
-Zenarmor ( Routed mode L3 native Netmap ) Lan + LAGG
Interfaces ( Igb ):
-Wan
-Lan
-Wg
-LAGG
Access to Opnsense via SSH: sysctl -a |grep netmap
Native Netmap does not work.
