"
do-ip6 is tied to the global IPv6 off switch Interfaces: Settings: Allow IPv6
Cheers,
Franco
Cheers,
Franco
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
25.1, 25.4 Production Series / Re: The IPv6-PD gateway address in the routing table
Today at 09:12:24 AM
You have to understand DHCPv6 cannot control the link-local of the client nor does it care about it so it's a bit tricky to get it to route there without knowing.
However, you can add the link-local as a static mapping and that should make it work...
https://github.com/opnsense/core/commit/3582242d0fe
Cheers,
Franco
However, you can add the link-local as a static mapping and that should make it work...
https://github.com/opnsense/core/commit/3582242d0fe
Cheers,
Franco
#3
25.1, 25.4 Production Series / Re: Cannot Save Firewall Rules Using Chromium
Today at 09:09:16 AM
This seems ironic, because that page is one of the oldest in the project not having been fundamentally changed for at least a decade.
Cheers,
Franco
Cheers,
Franco
#4
General Discussion / Re: [SOLVED] Can't access to internet with WireGuard.
July 02, 2025, 11:51:07 AM
/0 effectively means 0.0.0.0/0 which means you merely set a default route for your traffic
Cheers,
Franco
Cheers,
Franco
#5
25.1, 25.4 Production Series / Re: 25.1.10 breaks telegraf
July 02, 2025, 08:34:39 AM
How about this then:
# opnsense-patch https://github.com/opnsense/plugins/commit/2d22b81af
Cheers,
Franco
# opnsense-patch https://github.com/opnsense/plugins/commit/2d22b81af
Cheers,
Franco
#6
25.1, 25.4 Production Series / Re: 25.1.10 breaks telegraf
July 02, 2025, 08:29:01 AM
> telegraf that is installed with 25.1.10 considers it a config error and stops config from loading
We have entered the software era of make it and break it for no reason other than annoying users? I mean ignoring the setting is out of the question? Geez.
Cheers,
Franco
We have entered the software era of make it and break it for no reason other than annoying users? I mean ignoring the setting is out of the question? Geez.
Cheers,
Franco
#7
General Discussion / Re: Can't seem get 6RD tunnel on WAN side with LAN setting Track Interface to work
July 01, 2025, 01:32:31 PM
Hey and welcome,
Haven't had any complaints on 6RD for a while now so this is a bit unexpected.
Not sure why LAN would have a default route. Easiest first check is System: Gateways: Configuration and see the auto-generated gateway for 6RD which needs to be marked as "Upstream Gateway".
Does a LAN gateway exist there?
Cheers,
Franco
Haven't had any complaints on 6RD for a while now so this is a bit unexpected.
Not sure why LAN would have a default route. Easiest first check is System: Gateways: Configuration and see the auto-generated gateway for 6RD which needs to be marked as "Upstream Gateway".
Does a LAN gateway exist there?
Cheers,
Franco
#8
25.1, 25.4 Production Series / Re: WireGuard stuck on LTE after WAN failover
July 01, 2025, 01:17:26 PM #9
Announcements / OPNsense 25.1.10 released
July 01, 2025, 12:08:04 PM
Hey,
We are getting close to 25.7. In fact, the release date is July 23.
As such minimal changes are going into this stable release for the
usual reasons.
Expecting a quick release candidate in two weeks while we piece together
the individual changes that will make the next release series a distinct
step forward: privilege separation capability, latest and greatest FreeBSD
related updates, easier than ever MVC programming experience, a new UI
grid framework named Tabulator etc.
Here are the full patch notes:
o system: reduce future maintenance load in privilege separation efforts
o interfaces: remove unused "friendly" value from get_interface_list()
o interfaces: fix escaping in refactored bridge code
o interfaces: fix bridge SPAN support
o interfaces: add update mode to ifctl
o firewall: fix issue with event binding in rule automation page
o dnsmasq: implement domain type to select between adding domain to range or interface
o dnsmasq: dhcp-host are allowed to have duplicate partial IPv6 addresses
o unbound: improve the chroot mounting code to avoid excessive (un)mount calls
o lang: update language translations to their latest state
o mvc: eventually phase out getCurrentValue() in favour of getValue()
o plugins: os-caddy 2.0.2
o ports: libxml2 fixes for recent CVEs
o ports: nss 3.113
o ports: phpseclib 3.0.46
o ports: py-duckdb 1.3.1
o ports: sudo 1.9.17
Stay safe and cool,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/blob/stable/25.1/www/caddy/pkg-descr
[2] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_113.html
[3] https://github.com/duckdb/duckdb/releases/tag/v1.3.1
[4] https://www.sudo.ws/stable.html#1.9.17
We are getting close to 25.7. In fact, the release date is July 23.
As such minimal changes are going into this stable release for the
usual reasons.
Expecting a quick release candidate in two weeks while we piece together
the individual changes that will make the next release series a distinct
step forward: privilege separation capability, latest and greatest FreeBSD
related updates, easier than ever MVC programming experience, a new UI
grid framework named Tabulator etc.
Here are the full patch notes:
o system: reduce future maintenance load in privilege separation efforts
o interfaces: remove unused "friendly" value from get_interface_list()
o interfaces: fix escaping in refactored bridge code
o interfaces: fix bridge SPAN support
o interfaces: add update mode to ifctl
o firewall: fix issue with event binding in rule automation page
o dnsmasq: implement domain type to select between adding domain to range or interface
o dnsmasq: dhcp-host are allowed to have duplicate partial IPv6 addresses
o unbound: improve the chroot mounting code to avoid excessive (un)mount calls
o lang: update language translations to their latest state
o mvc: eventually phase out getCurrentValue() in favour of getValue()
o plugins: os-caddy 2.0.2
o ports: libxml2 fixes for recent CVEs
o ports: nss 3.113
o ports: phpseclib 3.0.46
o ports: py-duckdb 1.3.1
o ports: sudo 1.9.17
Stay safe and cool,
Your OPNsense team
--
[1] https://github.com/opnsense/plugins/blob/stable/25.1/www/caddy/pkg-descr
[2] https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_113.html
[3] https://github.com/duckdb/duckdb/releases/tag/v1.3.1
[4] https://www.sudo.ws/stable.html#1.9.17
#10
25.1, 25.4 Production Series / Re: openvpn - Options error: error parsing --server parameters Server (IPv4)
July 01, 2025, 10:20:57 AM
Given the fact that OpenVPN has always been very pedantic about that particular input I think all there is left to do here is add the correct validation?
Cheers,
Franco
Cheers,
Franco
#11
General Discussion / Re: bridge span port
July 01, 2025, 10:05:56 AM
It's a bug we're fixing today in 25.1.10.
Cheers,
Franco
Cheers,
Franco
#12
General Discussion / Re: upgrade from 24.1.10 failed
June 27, 2025, 09:00:29 AM
The base isn't the problem. The real problem is that your packages are stuck at 24.1 while the base and kernel successfully upgraded to 24.7.
You can try this instead:
# opnsense-bootstrap -r 24.7
Given the critical nature of a major OS upgrade underneath from FreeBSD 13 to 14 consider the possibility that may not be successful since the first attempt also failed. Likely for reasons of third party plugins installed or manual ports installs. Unfortunately these things get complicated quickly.
Cheers,
Franco
You can try this instead:
# opnsense-bootstrap -r 24.7
Given the critical nature of a major OS upgrade underneath from FreeBSD 13 to 14 consider the possibility that may not be successful since the first attempt also failed. Likely for reasons of third party plugins installed or manual ports installs. Unfortunately these things get complicated quickly.
Cheers,
Franco
#13
General Discussion / Re: Authentik SSO
June 25, 2025, 10:36:56 AM
Hi,
At the moment it's not planned, but it's not set in stone either. The plugin hooks are open so contributions to community edition for other SSOs are also possible.
Cheers,
Franco
At the moment it's not planned, but it's not set in stone either. The plugin hooks are open so contributions to community edition for other SSOs are also possible.
Cheers,
Franco
#14
General Discussion / Re: Authentik SSO
June 24, 2025, 12:43:20 PM
OIDC will be supported starting with the 25.10 business edition.
Cheers,
Franco
Cheers,
Franco
#15
25.1, 25.4 Production Series / Re: Netdata "File does not exist, or is not accessible:" after update
June 24, 2025, 09:55:44 AM
There's four main reasons:
1. netdata is community scope
2. the plugin was last updated years ago in OPNsense 22.7.1
2. the netdata error reported is not helpful
3. netdata port in FreeBSD likely broke this and an update was made there already although the problem scope is still unclear because of 1+2+3
opnsense-revert should work on an older netdata package or 25.1.10 will fix it when the FreeBSD port is correctly fixed again. Worse case someone needs to make an effort to update the plugin to whatever it was that netdata broke in a 3 year old plugin...
Cheers,
Franco
1. netdata is community scope
2. the plugin was last updated years ago in OPNsense 22.7.1
2. the netdata error reported is not helpful
3. netdata port in FreeBSD likely broke this and an update was made there already although the problem scope is still unclear because of 1+2+3
opnsense-revert should work on an older netdata package or 25.1.10 will fix it when the FreeBSD port is correctly fixed again. Worse case someone needs to make an effort to update the plugin to whatever it was that netdata broke in a 3 year old plugin...
Cheers,
Franco
