Topics

I was playing around with my bound minimum and maximum ttl when I noticed at some point I wasn't seeing any cache hits even though running dig proved that i am caching I flushed cache and restarted unbound and opnsense but don't see any cached hits accumulating.

Hi: Can I install Smokeping directly on Opnsense. I have seen this question in some old forum articles and have seen online one person that had it working on older Opnsese. Since the package for smokeping exists for both FreeBSD - https://www.freshports.org/net-mgmt/smokeping/ and HardenedBSD - https://github.com/HardenedBSD/hardenedbsd-ports/tree/master/net-mgmt/smokeping, I was wondering if there is an easy way to deploy it on OPNsense. I already tried and had issues with dependancies and conflicts with sunnyvally repositories. Has anyone got it to work on newer versions of Opnsense.

Hello: I recently started monitoring my gateway and noticed that I am getting intervals of packet loss. I am running opnsense 25.7.7_4 with adguard home and unbound as my recursive resolver. I am also using zenarmor. I was just wondering if anybody can explain what I am seeing here on the health/quality graph and what could be causing it. As I have never monitored this before I am not sure if this is normal behavior. See attached graph.

Hello: I am trying to get an email alert when my Opnsense goes on UPS. I followed this tutorial (https://forum.opnsense.org/index.php?topic=23071.msg109726#msg109726) and when I check the status in monit it always shows status failed, but my Apcupsd status shows online. I also get the email that says failed but
the status never says Ok. Does anyone have another method that works or is it not working because I"m doing something wrong.

Hello: I replaced one of my computers on the network with a new one. It has the same computer name and user name as the old one. In ISC DHCPv4 I replaced the MAC address of that client with the MAC address of the new nic. The new PC got assigned the IP address expected. Then I noticed some problems with networking and rdp. When I ran a nslookup of the host name it shows the network static assigned network address and the address of another pc on my network. I am using unbound as a recursive server with adguard home. I cannot seem to resolve this problem. Does anyone have any idea what could be causing this problem and how to resolve it.
Thanks

Hello I was checking my unbound log files and under warning I keep getting error: read (in tcp initial): Connection reset by peer for 199.180.180.63 port 53. This IP address resolves to r.arin.net. Can anybody explain what might be causing this.

Hello I am trying to under stand my statistics for caching in unbound. I am running adguard home with unbound as the recursive resolver. I have caching off in adguard. I am finding that only about 50% of my queries get cached results. I tried opening a list of urls several times assuming that once the are resolved by unbound they would be cached and my cache hits stats would increase to a higher percentage as the exact same sites are being requested over and over.
Am I correct in assuming that the number of cache hits should be significantly higher when repeatedly opening the same urls and can anyone explain this behavior.

Does anybody know if the opnsense redis plugin can be used as a cachedb for unbound. When I run unbound -V --enable-cachedb is missing. This is my output.

root@Free:~ # unbound -V
Version 1.23.1

Configure line: --with-libexpat=/usr/local --with-libnghttp2 --with-ssl=/usr/local --enable-dnscrypt --disable-dnstap --with-dynlibmodule --enable-ecdsa --enable-event-api --enable-gost --with-libevent --with-pythonmodule=yes --with-pyunbound=yes ac_cv_path_SWIG=/usr/local/bin/swig LDFLAGS=-L/usr/local/lib --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/share/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd14.3
Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 3.0.17 1 Jul 2025
Linked modules: dns64 python dynlib respip validator iterator
DNSCrypt feature available

Hello: I would like to be able to start opnsense from the internet with a magic packet if it goes down in power outage. Is it even possible to wake an Opnsense machine with wake on wan or wake on lan from the internet if it gets shut down. I have searched for hours and have not seen any scenario where a packet can be sent to the wan of the opnsense router. If anyone has any knowledge of this could reply to my post

Hello: All my times in zenarmor are showing in GMT. Is there a setting in Zenarmor to change it to local time.

Hello: I have hosts (i4.c.eset.com, and c.eset.com) required for live grid on eset antivirus that have been added to exclusions but are still showing in blocked conversations heat map. Can anyone explain to me why these items are being blocked when they have been excluded globally.

Hello: I have monit set to alert when elasticsearch shuts down. I would like to us it to also restart elasticsearch but from what I understand, elasticsearch cannot be started as administrator. How can I get monit to restart elasticsearch when it as shutdown and not restart.

Hello: I have suricata set up in ids mode only. I have created and enabled policy and selected some of the downloaded rulesets selected in policy. It seems that the policy is being ignored and I am getting alerts for all the downloaded rulesets, not just the ones selected for that policy. Does policy work for ids or only for ips.

Hello: I recently started having an issuer where on the two wired hosts on my lan have their Src Hostname switching from ip address to hostname.localdomain in reports and live sessions. If I reset the reporting database they start reporting again with their static ip addresses again but after a wile revert to reporting as hostname.localdomain again. This only happens on the two wired hosts and none on wifi. This is recent since the upgrade to Opnsense 25.1.2. I have never noticed this behavior before. Can anybody give me an explanation for this and a possible fix?

I am new to using suricata and was wondering when a rule blocks an Ip address how long is it blocked for and can I change the length of time a rule blocks an ip address. Also how would I unblock an ip that was blocked that is a false positive.

Hello: Not sure if I should ask this here or in a crowdsec forum. I am running suricata in ids mode and have crowdsec set up to parse suricata logs and ban. I have been noticing that not all the suricata alerts are being sent to or collected by crowdsec. When I checked the suricata fast logs, I have found that only suricata alerts with Classification: Potentially Bad Traffic are being picked up by crowdsec. Others such as Classification: Attempted Information Leak seem to be ignored by crowdsec.

Hello : Wondering if anybody can help me. I  am running crowdsec and suricata on OPNsense 25.1.1. I have crowsec parsing the suricata logs. When I get two hits on crowdsec they are both listed in the alerts on opnsense but only one is listed in the decisions until i delete the first one and then the second one shows up. When I log into crowdsec console online both show in the alerts and the decisions. I have tried this many times and the same results each time . If i go to console and clcsi list decisions only the first is shown. But when I delete the first one and cscli list decisions then the second is shown. I never had this problem before on OPNsense 24.7 My OPNsense insatallation is fresh installation, not an upgrade from 24.7
I am showing this from my health audit. opnsense-25.1.1: checksum mismatch for /usr/local/opnsense/service/templates/OPNsense/IDS/suricata.yaml

Hell:  Is it possible to run Zenarmor with Netflow and nProbe on the same network interfaces, or will there be a conflict because. I have been asked why I would want to run nProbe and ntop if I am running Zenarmor, but they each offer something different.

Hello: Can anybody tell me if I would need to purchase a license to use nprobe.
Thanks

Hello. I was running zenarmor with elastisearch 8 on OPNsense 24.7.12_4 and it was using too much memory to I decided to uninstall it and go with MongoDB. Since the change I keep Mongo db keeps stopping and I am getting an error "Some errors were detected during retiring for MogoDB data collection. and Some errors and Some errors were detected during data retiring for MongoDB log rotation. Does anybody know why this is happening.  After installing with MongoDB I used a Zenarmor backup from when I was on elastisearch  to restore Zenarmor settings. I am not  sure if this would be the cause.