Recent posts

#1
General Discussion / Re: Unbound DNS keeps crashing...
Last post by apoorv569 - Today at 05:59:04 AM
Quote from: meyergru on July 08, 2026, 02:52:38 PMTry disabling the firewall rules for a try. It might be the case that you created a loop where Unbound tries to query itself when it makes upstream queries.


You mean the floating rule that blocks all port 53 traffic for all interfaces? or the destination NAT rule?
#2
Actually I used the 26.7 RC1 Image for a "Fresh" Installation on Baremetal...

From the Console I Assigned my WAN/LAN Interfaces, a "New" IPv4 LAN Address and Specified an IPv4 DHCP Range for my LAN Interface...

Unfortunately the Laptop connected to the LAN Interface was NOT being assigned its IP Addresses and therefore I was unable to Connect to the OPNsense Web Interface!!!

After Assigning Static IPv4 IP Addresses to the Laptop, I was able to able to Restore my 26.1 Confirguation...

From there I was able to install the "Missing" Plug-INs, Restored my 26.1 Configuration a Second Time and after that things have proceeded "Normally"...
#3
Quote from: sopex on May 27, 2026, 07:57:09 PMThe GUI cannot do it, but you can create a custom rule https://docs.opnsense.org/manual/ips.html#advanced-configuration slope

And bypass the Dropbox SID for the specific ip. I am not exactly sure on the correct syntax.
Thanks for pointing me in the right direction. I have one question, though: when you mention bypassing the Dropbox SID for a specific IP using a custom rule, are you referring to creating a `pass` rule in Suricata's advanced configuration?
#4
You don't add the current mimugmail repos on a 26.7.x OPNsense

You don't need the mimugmail repos for AGH if already installed. The AGH updates will work just fine


As long as BE and CE are on different versions of OpenSSL there should be a dedicated version of that 3rd party repository built against the respective OpenSSL target
#5
26.1, 26,4 Series / Re: Source NAT vs Outbound ?
Last post by hharry - Today at 04:09:44 AM
I also have a question OPNsense 26.1.11_6-amd64

I see under outbound hybrid ( legacy rules ), automatic rules including the below sources ( which is correct )

LAN networks, LAN_VL4 networks, LAN_VL23 networks, Loopback networks, au761nordvpncom networks, us9417nordvpncom networks, 127.0.0.0/8



I've upgraded to OPNsense 26.1.11_6-amd64, and run the migration wizard, on see the below SNAT automatic rules, which seems to be missing LAN networks, au761nordvpncom networks, us9417nordvpncom networks

Loopback network, LAN_VL4 network, LAN_VL23 network

LAN side Interfaces are;

LAN
LAN_VL4
LAN_VL23

Automatic rule generation is enabled
OPNsense is not handling VLAN tagging, ESXi vswitch handles all vlan tagging, and interfaces are presented as untagged interfaces to OPNsense VM


#6
I tried to reinstall AGH single repository under 26.7.r1 and I still get the error:

pkg: Repository mimugmail has a wrong packagesite, need to re-create database
#7
So I guess this falls in the same category. I have Opnsense running in a ProxMox VM and has never been issue until the last update.

The underlying CPU is an Intel Celeron as I don't need OpnSense run a gazillion of sessions and has never had a performance problem. It would be very helpful if we could have this resolved. I know we're depending on an external set of libraries but it's a bit worrisome that parts of the product stop working due to "virtual" restrictions which haven't been a real problem before.

```
vendor_id   : GenuineIntel
cpu family   : 6
model      : 156
model name   : Intel(R) Celeron(R) N5105 @ 2.00GHz
```


#8
26.1, 26,4 Series / Re: re0 (Realtek) interface st...
Last post by fengchen_opn - Today at 02:27:00 AM
Quote from: drosophila on July 08, 2026, 02:48:13 PMbut maybe you might try a clean image,
I tried reinstalling; version 26.1.6 works fine, but things go wrong after upgrading to 26.1.11. Anyway, I'm planning to switch to an Intel network card —haha.
#9
26.1, 26,4 Series / Re: lots of empty space in new...
Last post by nero355 - Today at 01:07:08 AM
I am sorry for bringing this topic up again, but I have no choice : The amount of data I can see in the webGUI part of Firewall Rules [New] is A LOT LESS than the old Firewall Rules that will become Legacy starting with 26.7 and moved to a plug-in :'(

Here are some screenshots :

Firefox - 1366x768 Laptop Screen


LibreWolf - 1366x768 Laptop Screen


Pale Moon - 1366x768 Laptop Screen


Pale Moon - 1920x1200 Desktop Monitor - Windowed


Pale Moon - 1920x1200 Desktop Monitor - Window resized to almost the size of the whole monitor



Issues I have with the Firewall Rules [New] webGUI :
- I can't see all the rules like I could in the old Firewall Rules and can't even scroll to see more on a 1366x768 screen.
- I feel like the 'Commands' should be part of the whole Firewall Rule line and not a side-menu or overlay sub-window so to speak.
This forces you to scroll sideways to be able to see the 'Comment' part of the Firewall Rule for example.
- On the 'Pale Moon - 1920x1200 Desktop Monitor - Windowed' screenshot you can see that there is a lot of overlapping of text and everything is not outlined if you know what I mean.
This is also the case for 'Pale Moon - 1366x768 Laptop Screen' and in the case of 'Pale Moon - 1920x1200 Desktop Monitor - Window resized to almost the size of the whole monitor' this leads to a lot of added unnecessary space and waste of it.
- Even on the 'Pale Moon - 1920x1200 Desktop Monitor - Window resized to almost the size of the whole monitor' screenshot you can see that I can't see all the Firewall Rules which is just strange : Both how much width the data needs and how much data is shown from top to bottom.


I would kindly like to ask you guys to have another look at this and maybe redesign it a bit ? :)



/EDIT :
Maybe I should have posted this in another topic : https://forum.opnsense.org/index.php?topic=51158.0 ?!
I remembered there was a second topic, but thought they were almost the same, however that does not seem to be the case...
#10
26.1, 26,4 Series / Re: Unable to make wifi workin...
Last post by nero355 - Today at 12:24:10 AM
Quote from: sonofnet on July 08, 2026, 08:16:12 PMI've just found out that be201 and be202 do only work with intel processors 12th generation an highier. So I've changed to a realtek module.
Crap...

I totally forgot about that and did not tell you after you posted about ordering one...

My bad! And thnx for the reminder! :)