"
LTE/mobile?
Cheers,
Franco
Cheers,
Franco
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#32
Development and Code Review / Re: Delete one firewall rule on WAN/LAN/TEST -> All firewall rules gone
December 04, 2025, 09:14:35 AM
Let's call this the worst OPNsense bug of 2025 that never happened. Many thanks to patient0 for catching it in time!
Meanwhile we're not shipping the original fix that caused the issue in 25.7.9 (or any 25.7.x for that matter) and will eventually use this one instead:
https://github.com/opnsense/core/commit/2eb539d821e
Above all thanks for using the development version! We need more of this. :)
Cheers,
Franco
Meanwhile we're not shipping the original fix that caused the issue in 25.7.9 (or any 25.7.x for that matter) and will eventually use this one instead:
https://github.com/opnsense/core/commit/2eb539d821e
Above all thanks for using the development version! We need more of this. :)
Cheers,
Franco
#33
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist source nets
December 03, 2025, 07:42:43 AM
Maybe if OpenWrt and OPNsense would push for that it would gain some traction, yet it's also a literal uphill battle while software authors try to keep their scope small at the price of some else dealing with all the consequences.
Cheers,
Franco
Cheers,
Franco
#34
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist source nets
December 03, 2025, 07:29:01 AM
True, but it doesn't explain why e.g. Unbound or Kea do not have dynamic prefix support built in as of today.
Cheers,
Franco
Cheers,
Franco
#35
General Discussion / Re: Problems with NRPE
December 02, 2025, 10:18:07 PMQuote from: iYx3Zp8Q08hrNVZCHTYt on December 02, 2025, 05:11:16 PMSame problem with check_procs here (other commands work) and sudo did not help. I suspect a relation to "unbound: safe command execution changes" (from the release notes of 25.7.8)?!
Highly unlikely.
I have the ticket here as requested on reddit from michaelsage. Will look into it tomorrow.
https://github.com/opnsense/plugins/issues/5059
#36
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist source nets
December 02, 2025, 10:15:40 PM
> I understand, but if the firewalls can't work with the RFCs or vice-versa, then something is broken.
This isn't about the RFCs. It's about asking a firewall/router/distro to reload everything while reconnecting the WAN to a new prefix.
I think to this day Unbound doesn't even have a proper reload. Dnsmasq is the only software I know that has a built in for a prefix matching. pf doesn't have it either but it would be so useful, but apparently not for the use cases it is written. Maybe that's the real issue here why home users are sidelined. They are not considered a use case.
Cheers,
Franco
This isn't about the RFCs. It's about asking a firewall/router/distro to reload everything while reconnecting the WAN to a new prefix.
I think to this day Unbound doesn't even have a proper reload. Dnsmasq is the only software I know that has a built in for a prefix matching. pf doesn't have it either but it would be so useful, but apparently not for the use cases it is written. Maybe that's the real issue here why home users are sidelined. They are not considered a use case.
Cheers,
Franco
#37
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist source nets
December 02, 2025, 09:42:40 PM
[LAN/64]
is the same as
::123:0:0:0:0/64%lan
except that in the latter you can merge the prefix from LAN with a suffix for better targeting.
Though we were talking today about the possibility to design a simple "LAN" (per-interface) type setting that latches on to all networks currently present on the interface. I'm not saying it will happen, but it would be the simplest solution although in reality it will require a number of changes and additions to get it to the finish line in a pretty full schedule we already have.
> If not then, are we already at an impasse with IPv6 PD as a viable migration path from IPv4?
As long as ISPs will milk users for static prefixes or not offer them at all... yes.
We've been at the trying to handle end with DHCPv6, ISC, DHCP, Radvd and Unbound and it's spaghetti code that produced unnecessary bugs and reworks over the years. Even today we need a daemon to watch a modern software daemon like Kea writing a lease file so that we can extract a PD assignment to add a route. You'd think by now bindings would do that in modern software, but they don't do this in a consistent way.
I don't understand it actually... everyone is asking here to fix PD for users but we're not the ones who hand out PDs or write the actual software based on the RFCs to do it?!
Cheers,
Franco
is the same as
::123:0:0:0:0/64%lan
except that in the latter you can merge the prefix from LAN with a suffix for better targeting.
Though we were talking today about the possibility to design a simple "LAN" (per-interface) type setting that latches on to all networks currently present on the interface. I'm not saying it will happen, but it would be the simplest solution although in reality it will require a number of changes and additions to get it to the finish line in a pretty full schedule we already have.
> If not then, are we already at an impasse with IPv6 PD as a viable migration path from IPv4?
As long as ISPs will milk users for static prefixes or not offer them at all... yes.
We've been at the trying to handle end with DHCPv6, ISC, DHCP, Radvd and Unbound and it's spaghetti code that produced unnecessary bugs and reworks over the years. Even today we need a daemon to watch a modern software daemon like Kea writing a lease file so that we can extract a PD assignment to add a route. You'd think by now bindings would do that in modern software, but they don't do this in a consistent way.
I don't understand it actually... everyone is asking here to fix PD for users but we're not the ones who hand out PDs or write the actual software based on the RFCs to do it?!
Cheers,
Franco
#38
25.7, 25.10 Series / Re: OPNcentral: Provisioning Remote Logging / Syslog?
December 02, 2025, 01:26:04 PM
Thanks :)
#39
General Discussion / Re: TUI for viewing and analysing OPNsense filter/firewall logs
December 02, 2025, 11:20:09 AM
Hi allddd,
Nice work on this! If you want we can work on including this in a future release as an optional binary package and see how it goes from there?
Cheers,
Franco
Nice work on this! If you want we can work on including this in a future release as an optional binary package and see how it goes from there?
Cheers,
Franco
#40
25.7, 25.10 Series / Re: OPNcentral: Provisioning Remote Logging / Syslog?
December 02, 2025, 11:12:24 AM
Can you add a ticket here? We agreed it's a good idea but would like an official issue for it.
https://github.com/opnsense/core/issues/new?template=feature_request.md
Thank you,
Franco
https://github.com/opnsense/core/issues/new?template=feature_request.md
Thank you,
Franco
#41
25.7, 25.10 Series / Re: 25.7.8 Unbound blocklist source nets
December 02, 2025, 09:54:59 AM
The alias support wouldn't help with Unbound, though. It's a situation where ISPs and software authors involved said: we don't care and the user or integrator can script it, wich leads to dissatisfaction as much as satisfaction.
For one you'd need to invent a suffix notation that includes the interface and the netmask:
::123:0:0:0:0/64%lan
And then you need to translate it all the time and support it seamlessly across a inhomogeneous software landscape?
Cheers,
Franco
For one you'd need to invent a suffix notation that includes the interface and the netmask:
::123:0:0:0:0/64%lan
And then you need to translate it all the time and support it seamlessly across a inhomogeneous software landscape?
Cheers,
Franco
#42
General Discussion / Re: boost-libs: missing redis
December 01, 2025, 05:05:16 PM
I'd just reinstall boost-libs from the GUI. The reference to redis is likely coincidental.
Cheers,
Franco
Cheers,
Franco
#43
General Discussion / Re: Help me to navigate to PPPoE logs
December 01, 2025, 04:33:48 PM
Yes it was fixed more than half a year ago.
Cheers,
Franco
Cheers,
Franco
#44
25.7, 25.10 Series / Re: The new configuration cleanup feature
December 01, 2025, 04:24:35 PM
In theory we could remove empty parent notes if we know we had contents in there, but it is a bit of guesswork.
This happens when a specific plugin has multiple models populating a child node for each model but the shared parent node is never directly referenced.
In practice this doesn't matter operationally. It's just the XML that looks a little less clean than it could be, but again this is only 1-2 lines in the file.
Cheers,
Franco
This happens when a specific plugin has multiple models populating a child node for each model but the shared parent node is never directly referenced.
In practice this doesn't matter operationally. It's just the XML that looks a little less clean than it could be, but again this is only 1-2 lines in the file.
Cheers,
Franco
#45
25.7, 25.10 Series / Re: (Solved?) Freeradius - can't connect to WiFi after 25.7.8 update
December 01, 2025, 04:21:39 PM
Looks like a bot reply? There was one the other day on Twitter that claimed VPN was broken in the latest update, but it wouldn't actually tell which VPN. Likewise here I see a lot of text and "debugging" but no mention of "radius" in a FreeRADIUS thread. ;)
Cheers,
Franco
Cheers,
Franco
