"Recent posts
#1
25.7, 25.10 Series / Re: DNS failures after upgrade...
Last post by pseudonym3k - Today at 01:50:15 AMI'm up on 26.1.1 now and my internet still goes through periods of instability. It still appears to be dpinger. As best I can tell, dpinger still isn't working right.
For a test, I used my cell phone solely on cellular service (wifi radio turned off) to run ping tests across two days. One day I ran all day against the new IP I selected from my tracert (the one mentioned above, that appeared to be solid and I have dpinger monitoring), and the next day I ran ping test against my own public IP.
My cell phone never failed a ping test to either IP. But dpinger continued to fail the monitoring IP and restarted (?) my gateway assignment.
I don't have any fallback internet method, so if my internet goes down there's nothing I can do about it. It would be nice to monitor and have a notification, but it's not necessary.
I disabled gateway monitoring a few days ago and so far my internet has been up and stable...
For a test, I used my cell phone solely on cellular service (wifi radio turned off) to run ping tests across two days. One day I ran all day against the new IP I selected from my tracert (the one mentioned above, that appeared to be solid and I have dpinger monitoring), and the next day I ran ping test against my own public IP.
My cell phone never failed a ping test to either IP. But dpinger continued to fail the monitoring IP and restarted (?) my gateway assignment.
I don't have any fallback internet method, so if my internet goes down there's nothing I can do about it. It would be nice to monitor and have a notification, but it's not necessary.
I disabled gateway monitoring a few days ago and so far my internet has been up and stable...
#2
26.1 Series / Re: Upgrade in situ "Reloading...
Last post by fbantgat7 - Today at 01:15:33 AMThank you for the suggestion to use opnsense-bootstrap. It completed without any problems. An update after it rebooted installed the following packages:
The SoC on this box does not have any microcode applicable for it. All seems to work fine now.
Thanks again for your help! :-)
Code Select
New packages to be INSTALLED:
cpu-microcode-amd: 20251202
cpu-microcode-rc: 1.0_2
libpci: 3.14.0
os-cpu-microcode-amd: 1.1
pciids: 20251206
x86info: 1.31.s03_1The SoC on this box does not have any microcode applicable for it. All seems to work fine now.
Thanks again for your help! :-)
#3
26.1 Series / Re: after upgrade to 26.1 and ...
Last post by zyon - Today at 12:33:55 AMOn ssh look the status of adguard and check the status resolver (if issues)
#4
Tutorials and FAQs / HowTo - Redirect all DNS Reque...
Last post by nero355 - Today at 12:18:39 AMBecause some of us don't use OPNsense for DNS at all and have a seperate Raspberry Pi or Intel Atom NUC running Pi-Hole I thought it might be useful to have the right settings available in this topic :
- 10.0.0.0/24 subnet
- OPNsense Interface for it is called ThuisLAN
- It's Gateway IP Address is 10.0.0.138
- Pi-Hole DNS IP Address is 10.0.0.139
Please note the following :
My Pi-Hole uses a Management VLAN for it's Internet connectivity so any rules related to that are not shown here because they are simply not needed !!
NAT Outbound Rule Settings :
:strip_exif()/f/image/KM6Iq1GkC8tBjXnrRxwQYW4R.jpg?f=fotoalbum_medium)
NAT Outbound Rules Overview :
:strip_exif()/f/image/r4LE0hlQtIah0w7yyT6azUZw.jpg?f=fotoalbum_medium)
NAT Port Forward Overview :
:strip_exif()/f/image/hhd2iM0b25VYp40xBUnp8yHW.jpg?f=fotoalbum_medium)
NAT Port Forward Settings :
:strip_exif()/f/image/ofIWJ71ld65nKqFokXGTg8Zj.jpg?f=fotoalbum_medium)
Firewall Rules Overview :
:strip_exif()/f/image/BU68t0skhIMcajwIjxEitc9f.jpg?f=fotoalbum_medium)
The only thing I don't like but kind of also do like :
With this setup all the Redirected DNS Queries are shown in the Pi-Hole Query Log as done by the OPNsense Gateway Interface (10.0.0.138) instead of the device being naughty, but fixing that would require setting up a DMZ for example (or any kind of dedicated let's say "Servers VLAN") so ALL the traffic passes OPNsense instead of being partially local and party from OPNsense like it is now.
On the other hand you can filter "Bad Traffic" from "Naughty clients" very easily by looking for the Gateway IP Address of your VLAN in the Pi-Hole Query Log :P
Most important thing is that IT WORKS! ^_^
- 10.0.0.0/24 subnet
- OPNsense Interface for it is called ThuisLAN
- It's Gateway IP Address is 10.0.0.138
- Pi-Hole DNS IP Address is 10.0.0.139
Please note the following :
My Pi-Hole uses a Management VLAN for it's Internet connectivity so any rules related to that are not shown here because they are simply not needed !!
NAT Outbound Rule Settings :
:no_upscale():strip_icc():strip_exif()/f/image/KM6Iq1GkC8tBjXnrRxwQYW4R.jpg?f=user_large)
NAT Outbound Rules Overview :
:no_upscale():strip_icc():strip_exif()/f/image/r4LE0hlQtIah0w7yyT6azUZw.jpg?f=user_large)
NAT Port Forward Overview :
:no_upscale():strip_icc():strip_exif()/f/image/hhd2iM0b25VYp40xBUnp8yHW.jpg?f=user_large)
NAT Port Forward Settings :
:no_upscale():strip_icc():strip_exif()/f/image/ofIWJ71ld65nKqFokXGTg8Zj.jpg?f=user_large)
Firewall Rules Overview :
:no_upscale():strip_icc():strip_exif()/f/image/BU68t0skhIMcajwIjxEitc9f.jpg?f=user_large)
The only thing I don't like but kind of also do like :
With this setup all the Redirected DNS Queries are shown in the Pi-Hole Query Log as done by the OPNsense Gateway Interface (10.0.0.138) instead of the device being naughty, but fixing that would require setting up a DMZ for example (or any kind of dedicated let's say "Servers VLAN") so ALL the traffic passes OPNsense instead of being partially local and party from OPNsense like it is now.
On the other hand you can filter "Bad Traffic" from "Naughty clients" very easily by looking for the Gateway IP Address of your VLAN in the Pi-Hole Query Log :P
Most important thing is that IT WORKS! ^_^
#5
26.1 Series / Re: after upgrade to 26.1 and ...
Last post by Patrick M. Hausen - Today at 12:05:02 AMSSH to your firewall, use drill to ask Unbound directly, watch what happens. If it's also slow, increase log level for Unbound and check logs. If it's fast, use tcpdump to observe how the AGH <> Unbound communication is going.
Etc. There is to from the top of the shelf answer. I use AGH and Unbound without problems, so it must be particular to your configuration(s). Please remember: in >90% of all cases it's always a specific problem only you have and only very rarely that "oh, yes, the foo bug, you need to change the quux frob from blah to bleh in the new version". That's not how these things work.
Etc. There is to from the top of the shelf answer. I use AGH and Unbound without problems, so it must be particular to your configuration(s). Please remember: in >90% of all cases it's always a specific problem only you have and only very rarely that "oh, yes, the foo bug, you need to change the quux frob from blah to bleh in the new version". That's not how these things work.
#6
26.1 Series / Re: after upgrade to 26.1 and ...
Last post by senseuser - February 07, 2026, 11:58:45 PMHello.
Exactly the same situation. Reaches up to 7000 ms. Firmware 26.1.1
Exactly the same situation. Reaches up to 7000 ms. Firmware 26.1.1
#7
German - Deutsch / Re: HA mit CARP: LAN VIP wird ...
Last post by Patrick M. Hausen - February 07, 2026, 11:36:03 PM- tagged und untagged nicht mischen
- generell das Tagging dem Hypervisor überlassen, also eine Port Group pro VLAN, eine virtuelle Netzwerkkarte pro VLAN im OPNsense Gast
- natürlich auf jedem Interface eine CARP-Adresse
- generell das Tagging dem Hypervisor überlassen, also eine Port Group pro VLAN, eine virtuelle Netzwerkkarte pro VLAN im OPNsense Gast
- natürlich auf jedem Interface eine CARP-Adresse
#8
25.7, 25.10 Series / Re: How to find out which proc...
Last post by Patrick M. Hausen - February 07, 2026, 11:34:17 PMSee other thread. Disable hostwatch. It's a new non-essential feature. It's going to mature but if it gives you trouble now, your firewall will work just as well with it disabled.
#9
26.1 Series / Re: SQLITE3 constantly writing...
Last post by Patrick M. Hausen - February 07, 2026, 11:32:32 PMDisable hostwatch. Interfaces: Neighbours: Auto discovery.
#10
26.1 Series / Widget order
Last post by bbergen - February 07, 2026, 10:31:40 PMWhen I rearrange the order of the widgets in the dashboard and save, if I close my browser and reload or load in a browser on another computer, the new order doesn't persist.
I tried resetting to default first, adding a couple of widgets and then rearranging but no difference.
Any suggestions?
I tried resetting to default first, adding a couple of widgets and then rearranging but no difference.
Any suggestions?
