"Recent posts
#1
25.7, 25.10 Series / Re: OPNcentral Overwriting API...
Last post by franco - Today at 08:31:58 AM> This is a major flaw for something billed as a central management solution.
Let's agree to the fact that whoever makes the first bug report gets this fixed?
I went through the code and found a typo in the API key sync code.
You can install the new extension on the target system and see if that fixes it:
# opnsense-revert -z os-OPNBEcore
(it should update to 1.7_4 from 1.7_3)
Cheers,
Franco
Let's agree to the fact that whoever makes the first bug report gets this fixed?
I went through the code and found a typo in the API key sync code.
You can install the new extension on the target system and see if that fixes it:
# opnsense-revert -z os-OPNBEcore
(it should update to 1.7_4 from 1.7_3)
Cheers,
Franco
#2
25.7, 25.10 Series / Re: Interfaces: Neighbors: Aut...
Last post by Monviech (Cedrik) - Today at 08:05:56 AMWell there is no database cleanup yet so I would say it depends when these entries where created.
#3
26.1 Series / Re: OPNsense 26.1.4 VLAN odd b...
Last post by Patrick M. Hausen - Today at 07:57:24 AMYou edit the subject line of your first post and write e.g. "[SOLVED]" in it.
#4
Virtual private networks / Re: Wireguard Selective Routin...
Last post by Lucid1010 - Today at 07:38:58 AM.
#5
25.7, 25.10 Series / Re: Interfaces: Neighbors: Aut...
Last post by franco - Today at 07:34:58 AMNo.
Cheers,
Franco
Cheers,
Franco
#6
26.1 Series / Re: Fresh install of 26.1.2 no...
Last post by nicholaswkc - Today at 07:07:57 AMI do not install on VM.
#7
General Discussion / How can I make the NAT66 picke...
Last post by drosophila - Today at 05:21:23 AMWhenever my prefix changes, I get a new set of addresses: a public one and a PE one, like these
inet6 2001:a:b:c:1:2:3:4a prefixlen 64 autoconf pltime 3600 vltime 7200
inet6 2001:a:b:c:1:2:3:4b prefixlen 64 autoconf temporary pltime 3600 vltime 7200
When the firewall itself sends a message, it properly uses the PE generated address. However, when a NATed client reaches out, it'll be NATed to the normal address. I tried to do this with aliases (by creating a "dynamic host" alias with the MAC-derived suffix) but then I'd need to invert this in order to match the PE address (which I can't predict and thus can't create an alias for), and then somehow put this into the NAT pool.
This doesn't seem to be possible, but hopefully I'm just overlooking something, like the checkbox that says "use only temporary addresses"? ;)
inet6 2001:a:b:c:1:2:3:4a prefixlen 64 autoconf pltime 3600 vltime 7200
inet6 2001:a:b:c:1:2:3:4b prefixlen 64 autoconf temporary pltime 3600 vltime 7200
When the firewall itself sends a message, it properly uses the PE generated address. However, when a NATed client reaches out, it'll be NATed to the normal address. I tried to do this with aliases (by creating a "dynamic host" alias with the MAC-derived suffix) but then I'd need to invert this in order to match the PE address (which I can't predict and thus can't create an alias for), and then somehow put this into the NAT pool.
This doesn't seem to be possible, but hopefully I'm just overlooking something, like the checkbox that says "use only temporary addresses"? ;)
#8
Development and Code Review / Re: Clone Deciso appliance har...
Last post by drosophila - Today at 05:04:20 AMQuote from: Monviech (Cedrik) on February 21, 2026, 12:45:49 PMIf I need a full image I use "dd".As much as I love dd, isn't dd-ing (or copying in any other form) a running system a sort of desperate measure? Even the -nano images aren't immutable (I'd be real great if they were!), so at the very least the clone will generate "not properly unmounted" messages when booted. ZFS will probably also recover gracefully, but still...
You cn chain "dd" with a zipping tool and scp filetransfer in a single command and then set it as cron job.
#9
26.1 Series / Re: OPNsense 26.1.4 VLAN odd b...
Last post by Shoresy - Today at 03:34:02 AMI fixed the problem, well, not a complete fix, but a fix nonetheless. I defined those VLANs I was working with awhile back, perhaps a year ago, and left them as-is, with default setups, just skeleton VLAN definitions. When I created new VLANs through the GUI, connectivity worked fine, no odd behavior. So I deleted those old VLAN definitions I had created awhile back, and created new VLANs from scratch. The new ones worked perfectly fine. No more problems.
I have no idea what was causing the other, older VLANs to not pass traffic, even though the rules, DHCP, interface assignments all looked good. This can be closed as resolved, I just don't know how to resolve these threads or if it needs to be done by a moderator.
I have no idea what was causing the other, older VLANs to not pass traffic, even though the rules, DHCP, interface assignments all looked good. This can be closed as resolved, I just don't know how to resolve these threads or if it needs to be done by a moderator.
#10
26.1 Series / Re: Can the GUI levels stay ex...
Last post by Greelan - Today at 01:53:28 AMThe further alternative, which is probably the cleanest (but a little more challenging to implement).
