"Recent posts
#1
25.7, 25.10 Series / After upgrading to 25.7.9, can...
Last post by kwo1 - Today at 01:00:55 AMHi,
Yesterday, I upgraded from OPNsense 25.7.7.2 to 25.7.9. Each time after it's done upgrading and finished rebooting, the web logon GUI becomes inaccessible. The IP continues to respond to ping, but the web page doesn't return the login page in the browser. It also stops accepting connections via SSH, whereas it worked prior to the upgrade.
Prior to the upgrade, OPNsense was working fine. I was able to initiate the upgrade through the web GUI portal.
Troubleshooting steps I've tried to no avail (on top of reverting the OPNsense VM to backup)
-via CLI of the OPNsense VM as root and running 'configctl webgui restart renew' and 'service config restart'
-via CLI, confirming the correct IP is set, and changing it from HTTPS to HTTP
-via CLI, looking at /conf/config.xml, I see <interfaces>opt1</interfaces>, which I think references the interface it listens on for the webgui. Opt1 is correct.
Of the dozen times I've performed an upgrade to OPNsense in the past via the web gui, it's never done this. What am I missing?
Looking for advice, thank you.
Yesterday, I upgraded from OPNsense 25.7.7.2 to 25.7.9. Each time after it's done upgrading and finished rebooting, the web logon GUI becomes inaccessible. The IP continues to respond to ping, but the web page doesn't return the login page in the browser. It also stops accepting connections via SSH, whereas it worked prior to the upgrade.
Prior to the upgrade, OPNsense was working fine. I was able to initiate the upgrade through the web GUI portal.
Troubleshooting steps I've tried to no avail (on top of reverting the OPNsense VM to backup)
-via CLI of the OPNsense VM as root and running 'configctl webgui restart renew' and 'service config restart'
-via CLI, confirming the correct IP is set, and changing it from HTTPS to HTTP
-via CLI, looking at /conf/config.xml, I see <interfaces>opt1</interfaces>, which I think references the interface it listens on for the webgui. Opt1 is correct.
Of the dozen times I've performed an upgrade to OPNsense in the past via the web gui, it's never done this. What am I missing?
Looking for advice, thank you.
#2
Tutorials and FAQs / Re: OPNsense + PROXMOX + VLANs...
Last post by spetrillo - Today at 12:00:18 AMOk so I was not able to get to the Proxmox GUI. Going to reboot and see if that helps.
#3
General Discussion / Re: block cameras to internet
Last post by passeri - December 17, 2025, 11:44:35 PM@robertkwild, I have a corresponding setup, cameras talking to an NVR which is accessible from an app or local web address. The NVR is on a unique subnet where it is blocked entirely from the internet. It is allowed to request only the time, which is served by Opnsense, or of course respond to received requests. I can use the app to access the NVR because access from the primary subnet into the NVR subnet is not blocked (direction). Thus, if you have carried out meyergru's suggested test you should find you have access from within your network, not from outside it. If that is the case then all is well with your rules.
To view your cameras when away from home, set up wireguard access to home, allowing requests from that subnet into the NVR subnet.
I am unable to comment on your rules for a couple of reasons. One is that as a usual practice I do not click on external image addresses in here. More importantly, using remote images means that those images will eventually die, making the entire thread meaningless for future readers. Please always upload images or code here using the tools available. It also enables easier reading and responses.
To view your cameras when away from home, set up wireguard access to home, allowing requests from that subnet into the NVR subnet.
I am unable to comment on your rules for a couple of reasons. One is that as a usual practice I do not click on external image addresses in here. More importantly, using remote images means that those images will eventually die, making the entire thread meaningless for future readers. Please always upload images or code here using the tools available. It also enables easier reading and responses.
#4
25.7, 25.10 Series / Re: 26.1 Release Question
Last post by franco - December 17, 2025, 11:20:06 PMTrying to keep y'all happy. Let me know how it goes!
Thanks,
Franco
Thanks,
Franco
#5
Tutorials and FAQs / Re: [HOWTO] Installing OPNsens...
Last post by TheAutomationGuy - December 17, 2025, 10:42:02 PMThe ServeTheHome forum has a nice thread about the Edge 620,640,680 devices. They are a little/lot more powerful than the 510. Just something to consider for anyone looking for hardware ideas. I personally have a 620 and a 640 and run OPNsense on both of them without any issues.
PS - do not get the 610 models because no one has found drivers to make them work with third party software like OPNsense.
PS - do not get the 610 models because no one has found drivers to make them work with third party software like OPNsense.
#6
German - Deutsch / Probleme mit IPTV / WIFI Telef...
Last post by eric1905 - December 17, 2025, 10:12:38 PMHallo zusammen,
ich bin "relativ" neu bei OPNsense. Ich nutze es zwar schon eine Weile und es funktioniert großteils, allerdings scheint es noch an manchen Stellen zu "drücken". Dies macht sich dadurch bemerkbar, dass vor allem IPTV und Telefonie über WLAN nicht gut funktionieren und der Stream oft aussetzt und meine Gesprächspartner nur abgehackt zu verstehen sind.
Auch hakt es manchmal beim Casten von Spotify auf meinen Smartspeakern. Das hat mal besser geklappt, allerdings ist mir meine Festplatte in der OPNSense abgeraucht und ich durfte alles nochmal aufsetzen, da ich kein Backup hatte.
Kurz zu meinem Setup:
Ich habe folgende Interfaces definiert
[LAN] 192.168.1.1 /24 lan igc0
[SmartHome] 192.168.2.1 /24 opt3 vlan02
[Privat] 192.168.3.1 /24 opt1 vlan03
[Management] 192.168.10.1/24 opt2 vlan010
[Gast] 192.168.20.1/24 opt4 vlan020
[WAN] pppoe0 igc1
Die Geräte die IPTV und WIFI Telefonie nutzen sind in den VLAN Privat und SmartHome.
Die Rules meiner VLANs sehen wie folgt aus:
LAN:
You cannot view this attachment.
Management:
You cannot view this attachment.
Gast:
Privat:
SmartHome:
Damit Spotify und Sonos / Google Home über mehrere VLAN funktioniert habe ich folgende Plugins noch installiert:
os-mdns-repeater (installed)
os-udpbroadcastrelay (installed)
Ich habe gelesen, dass man Upstream und Downstream begrenzen soll für besseres IPTV, allerdings hat das auch nicht viel geholfen. Dafür habe ich unter Firewall - Shaper folgendes angelegt:
Pipes:
Bandwidth
180 Mbit/s Downstream FQCoDel
38 Mbit/s Upstream FQCoDel
Queues für beides mit Weight 100
Rules:
Sequence 1 Download Queue
Sequence 2 Upload Queue
Generell zu meinem Setup:
Ich habe an meiner OPNSense einen TP-Link tp-SG108E hängen. An diesem hängen an den Ports 7 und 8 noch ein tp-SG108E bzw. tp-SG108PE, an dem 3 Unifi Accesspoints hängen.
Was muss ich noch tun, damit ich vollends zufrieden bin?
Kann ich noch weitere Einstellungen teilen?
Vielen Dank schon mal im Voraus.
ich bin "relativ" neu bei OPNsense. Ich nutze es zwar schon eine Weile und es funktioniert großteils, allerdings scheint es noch an manchen Stellen zu "drücken". Dies macht sich dadurch bemerkbar, dass vor allem IPTV und Telefonie über WLAN nicht gut funktionieren und der Stream oft aussetzt und meine Gesprächspartner nur abgehackt zu verstehen sind.
Auch hakt es manchmal beim Casten von Spotify auf meinen Smartspeakern. Das hat mal besser geklappt, allerdings ist mir meine Festplatte in der OPNSense abgeraucht und ich durfte alles nochmal aufsetzen, da ich kein Backup hatte.
Kurz zu meinem Setup:
Ich habe folgende Interfaces definiert
[LAN] 192.168.1.1 /24 lan igc0
[SmartHome] 192.168.2.1 /24 opt3 vlan02
[Privat] 192.168.3.1 /24 opt1 vlan03
[Management] 192.168.10.1/24 opt2 vlan010
[Gast] 192.168.20.1/24 opt4 vlan020
[WAN] pppoe0 igc1
Die Geräte die IPTV und WIFI Telefonie nutzen sind in den VLAN Privat und SmartHome.
Die Rules meiner VLANs sehen wie folgt aus:
LAN:
You cannot view this attachment.
Management:
You cannot view this attachment.
Gast:
Privat:
SmartHome:
Damit Spotify und Sonos / Google Home über mehrere VLAN funktioniert habe ich folgende Plugins noch installiert:
os-mdns-repeater (installed)
os-udpbroadcastrelay (installed)
Ich habe gelesen, dass man Upstream und Downstream begrenzen soll für besseres IPTV, allerdings hat das auch nicht viel geholfen. Dafür habe ich unter Firewall - Shaper folgendes angelegt:
Pipes:
Bandwidth
180 Mbit/s Downstream FQCoDel
38 Mbit/s Upstream FQCoDel
Queues für beides mit Weight 100
Rules:
Sequence 1 Download Queue
Sequence 2 Upload Queue
Generell zu meinem Setup:
Ich habe an meiner OPNSense einen TP-Link tp-SG108E hängen. An diesem hängen an den Ports 7 und 8 noch ein tp-SG108E bzw. tp-SG108PE, an dem 3 Unifi Accesspoints hängen.
Was muss ich noch tun, damit ich vollends zufrieden bin?
Kann ich noch weitere Einstellungen teilen?
Vielen Dank schon mal im Voraus.
#7
General Discussion / Re: Firewall rules/orders for ...
Last post by tdalej - December 17, 2025, 09:58:02 PMNVR is on LAN40 and the camera in question is on LAN20.
LAN40 is used for things that I don't want to have access to the other networks.
Putting that one camera on LAN40 would cost another POE injector, and I already have a POE switch in that location on LAN20 ...
I added out and in rule because I need to be able to register the camera to the NVR and it needs bi directional traffic?
The rules right below block all traffic between those networks if I understand them correctly.
changing to /32 from /24 made no difference.
Do I need to disable and reenable, or reboot?
LAN40 is used for things that I don't want to have access to the other networks.
Putting that one camera on LAN40 would cost another POE injector, and I already have a POE switch in that location on LAN20 ...
I added out and in rule because I need to be able to register the camera to the NVR and it needs bi directional traffic?
The rules right below block all traffic between those networks if I understand them correctly.
changing to /32 from /24 made no difference.
Do I need to disable and reenable, or reboot?
#8
General Discussion / Re: block cameras to internet
Last post by meyergru - December 17, 2025, 09:50:08 PMNo, you cannot use RFC1918 in the destination of the IPv6 rule, because that cannot match any IPv6 address. You should use "any" as instructed.
That way, you will block any IPv6-related traffic, but since that is not needed for inter-VLAN traffic anyway, it does not block anything other than internet traffic from those MACs.
IDK how tapo actually works - maybe it can also find and connect to your cameras on your LAN, without using internet access. You can only find out by disconnecting your phone from WiFi and using your mobile connection. That way, you will come from "outside" your own network. If you cannot connect to your cameras this way, you can be sure that the cameras do not use cloud access.
That way, you will block any IPv6-related traffic, but since that is not needed for inter-VLAN traffic anyway, it does not block anything other than internet traffic from those MACs.
IDK how tapo actually works - maybe it can also find and connect to your cameras on your LAN, without using internet access. You can only find out by disconnecting your phone from WiFi and using your mobile connection. That way, you will come from "outside" your own network. If you cannot connect to your cameras this way, you can be sure that the cameras do not use cloud access.
#9
25.7, 25.10 Series / Re: New skin "flexcolor"
Last post by Schnuffel2008 - December 17, 2025, 09:49:46 PMHi Franco,
Thank you for your message. I'd be happy to create a pull request on GitHub. But I don't think it's worth it for a single color that users can change themselves, is it? I'm continuing to work on making my skin even more flexible. As soon as I've finished a few more options, I'll create a new pull request. Is that okay?
Thank you for your message. I'd be happy to create a pull request on GitHub. But I don't think it's worth it for a single color that users can change themselves, is it? I'm continuing to work on making my skin even more flexible. As soon as I've finished a few more options, I'll create a new pull request. Is that okay?
#10
Tutorials and FAQs / Re: OPNsense + PROXMOX + VLANs...
Last post by spetrillo - December 17, 2025, 09:49:37 PMAnd away we go!
Got a connection to the GUI. DHCP gave me an IP, so I know that is working.
Right now I use vlan 1 as my mgmt vlan. In this new build I am moving it to vlan 2 and vlan 1 will no longer be used.
Now to see if I can get to the Proxmox GUI on vlan 3.
Got a connection to the GUI. DHCP gave me an IP, so I know that is working.
Right now I use vlan 1 as my mgmt vlan. In this new build I am moving it to vlan 2 and vlan 1 will no longer be used.
Now to see if I can get to the Proxmox GUI on vlan 3.
