"Recent posts
#1
German - Deutsch / Re: DHCP läuft nicht v.26.1
Last post by Meditux - Today at 06:51:10 PMIch hatte nach dem Upgrade ähnliche Erfahrungen. Bei mir lief noch DNSMask. Nach dem Update war der Dienst deaktiviert. Nach einen kurzen Moment doof aus der Wasche schauen war der Fehler eingegrenzt und ich bin zu Kea DHCP gewechselt.
Gruß Meditux
Gruß Meditux
#2
General Discussion / Re: ddclient and deSEC
Last post by skywalker007 - Today at 06:38:41 PMOpened a bug ticket for this as I think if this is implemented via separate services in the native backend, then not using the preserve parameter actually is a bug.
https://github.com/opnsense/core/issues/9793
https://github.com/opnsense/core/issues/9793
#3
German - Deutsch / Re: 26.1.4 Wireguard funktioni...
Last post by Meditux - Today at 06:25:19 PMQuote from: Zapad on February 03, 2026, 11:11:47 AMja, habe ich.
Ich habe Fritzbox mit exposed host und Bridged, gesamt 4 IP 2x ip4 und 2 ip6.
habe 2 Gateway Gruppen mit Ausfall Option, aber kein Richtlinien basiertes Routing für wireguard.
ddns läuft über Exposed Host, und darüber greife ich auf Wireguard.
Habe jetzt weiter expirementiert es läuft in 2 Versionen:
1x Status Typ > kein, Zustandrichtlinie > Standard
1x Status Typ > Status behalten, Zustandrichtlinie > Interface
mit anderen Optionen läuft es nicht.
Ich hatte an einer Box (OPNsense 26.1.1_4) mit Multi-Wan auch Probleme (Snapshot Replication), die entfernte NAS konnte unter den neuen Firewall-Regeln keine Verbindung mehr aufbauen und wurde immer mit Regel-ID 09 geblockt. Seit dem Update auf OPNsense 26.1.2 läuft alles wieder, auch mit den neuen Firewall-Regeln!
ZFS und die Snapshot-Funktion ist schon geil :-)
Gruß Meditux
#4
German - Deutsch / Re: Upgrade auf 26.1
Last post by Meditux - Today at 06:14:27 PMQuote from: k0ns0l3 on February 11, 2026, 01:23:01 PMHallo Community,
Ist die Upgrade auf 26.1 mittlerweile reibungslos oder gibt es immer noch Probleme.
Danke für Info
Lg
Ich hatte noch ein Problem mit den neuen Firewall-Regeln in Verbindung mit einer Box welche Multi-Wan gemacht hat. Das Thema hat sich allerding mit dem Update 26.1.2 auch gegessen. Läuft soweit alles Rund! Vielen Dank an alle Beteidigten. Gruß Meditux
#5
General Discussion / Re: DynDNS client for deSEC.io
Last post by skywalker007 - Today at 06:14:21 PMQuote from: JamesFrisch on February 13, 2026, 09:06:36 PMShameless plug for a little script I wrote.I looked at your script quickly and my observation is that it is completely decoupled from OPNsense logic to update the IPs when the WAN connection gets established. Why would I schedule a script with cron?
I first wanted to edit ddclient to make it more suitable for working with deSEC and OPNsense, but soon came to the conclusion that ddclient is too big and bloated.
So I wrote a little script:
https://github.com/jameskimmel/deSEC_DynDNS
Hope you guys like it, give it a try.
Using the custom parameter of the native backend is in my opinion the better integration into OPNsense logic as it only get's called when the IP actually changes. It also allows you to use the preserve parameters to avoid overwriting A or AAAA records id the other one is updated.
The only challenge with the custom approach is that it doesn't do error handling in case the update fails for some reason. But as a workaround, this is acceptable. I'll open a FR to get the native integration fixed.
#6
26.1 Series / Re: How to have two DNS server...
Last post by Maurice - Today at 05:31:35 PMHave you tried Unbound with a DNS-over-TLS upstream? There shouldn't be a noticeable performance impact.
Since your ISP doesn't seem to be trustworthy, I would avoid using their DNS servers and plaintext DNS in general.
Cheers
Maurice
Since your ISP doesn't seem to be trustworthy, I would avoid using their DNS servers and plaintext DNS in general.
Cheers
Maurice
#7
General Discussion / OPNWAF / ACME renewal (let`s e...
Last post by FD-Tim - Today at 05:07:59 PMHello,
one of our certificate will not renew. It just take the "old" not valid certificate. Is it okay to hard delete the certificate from store? In GUI i can not delete it. Funny is, that all other certificates renewal are working. I already tried to recreate the complete virtual server.
one of our certificate will not renew. It just take the "old" not valid certificate. Is it okay to hard delete the certificate from store? In GUI i can not delete it. Funny is, that all other certificates renewal are working. I already tried to recreate the complete virtual server.
Code Select
<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39454"] [ssl:info] [pid 38425:tid 56393967149056] AH01914: Configuring server sub.domain.tld:443 for SSL protocol
<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39455"] [md:debug] [pid 38425:tid 56393967149056] mod_md.c(1136): AH10113: get_certificates called for vhost sub.domain.tld.
<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39456"] [md:debug] [pid 38425:tid 56393967149056] mod_md.c(1230): AH10077: sub.domain.tld[state=0]: providing certificates for server sub.domain.tld
<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39459"] [ssl:debug] [pid 38425:tid 56393967149056] ssl_util_ssl.c(451): AH02412: [sub.domain.tld:443] Cert matches for name 'sub.domain.tld' [subject: CN=sub.domain.tld / issuer: CN=R12,O=Let's Encrypt,C=US / serial: xxx / notbefore: Nov 17 14:02:36 2025 GMT / notafter: Feb 15 14:02:35 2026 GMT]
<174>1 2026-02-15T16:48:16+01:00 opnsense.network.local httpd 67053 - [meta sequenceId="39460"] [ssl:info] [pid 38425:tid 56393967149056] AH02568: Certificate and private key sub.domain.tld:443:0 configured from /usr/local/md/domains/sub.domain.tld/pubcert.pem and /usr/local/md/domains/sub.domain.tld/privkey.pem #8
26.1 Series / How to have two DNS servers?
Last post by yarn - Today at 04:43:28 PMI need to have 2 DNS servers on 2 IPs:
What's the best way to approach this problem? Is there a way to augment ISP's DNS answers so that we can use just 1 server with DNSSEC enabled? (I'm guessing no...)
Currently I have a virtual IP 192.168.1.53 with "Deny service binding" for dnscrypt-proxy to listen on (plus 127.0.0.1), and DNSmasq is on "port 53" (so the wildcard address 0.0.0.0). However, sometimes when I switch off the VPN on my laptop, I get DNS reply without RRsig as if it's from DNSmasq instead dnscrypt-proxy, but packet cap shows it's indeed from the virtual IP. I don't know if it's an OS bug or if DNSmasq is fighting with dnscrypt-proxy for the virtual IP.
Unbound (instead of DNSmasq) just refuses to start or produce any log if dnscrypt-proxy is listening on 192.168.1.53.
Is there a way to fix ISP's DNS poisoning? For NO-DATA I can add dnscrypt-proxy to system DNS so DNSmasq forwards to it as well, for fake IP I'm guessing no...
Is there a way to not have ISP's DHCP DNS in OPNsense's system DNS but still let DNSmasq forward to them?
- One for other members of the family, run by DNSmasq forwarding to ISP DNS servers, which are very fast, but have no DNSSEC support and probably have some poisoning (e.g. Tiktok videos doesn't load unless they use the other DNS).
- One for myself and OPNsense, run by dnscrypt-proxy with DNSSEC support but has higher latency, which is unacceptable for others (web page opens too slowly).
What's the best way to approach this problem? Is there a way to augment ISP's DNS answers so that we can use just 1 server with DNSSEC enabled? (I'm guessing no...)
Currently I have a virtual IP 192.168.1.53 with "Deny service binding" for dnscrypt-proxy to listen on (plus 127.0.0.1), and DNSmasq is on "port 53" (so the wildcard address 0.0.0.0). However, sometimes when I switch off the VPN on my laptop, I get DNS reply without RRsig as if it's from DNSmasq instead dnscrypt-proxy, but packet cap shows it's indeed from the virtual IP. I don't know if it's an OS bug or if DNSmasq is fighting with dnscrypt-proxy for the virtual IP.
Unbound (instead of DNSmasq) just refuses to start or produce any log if dnscrypt-proxy is listening on 192.168.1.53.
Is there a way to fix ISP's DNS poisoning? For NO-DATA I can add dnscrypt-proxy to system DNS so DNSmasq forwards to it as well, for fake IP I'm guessing no...
Is there a way to not have ISP's DHCP DNS in OPNsense's system DNS but still let DNSmasq forward to them?
#9
Hardware and Performance / Re: Adapts to Marvell AQC113C-...
Last post by Seimus - Today at 04:24:03 PMQuote from: albb0920 on Today at 03:33:44 PMI hope I understood your question correctly.
Temperature sensor measurements are exposed through sysctl,
I haven't figured out how these can be wired to OPNsense dashboard though.Quoteroot@usb:~ # sysctl -a | grep aq | grep phy_temperature
dev.aq.1.phy_temperature: 46
dev.aq.0.phy_temperature: 42
Oh shoot! I totally forgot to check via sysctl. So its already there and working! Awesome <3
To show it on the GUI there are several ways but both of them need manual intervention.
1. Widget - but this would have to be created
2. RRD graphs, you can add custom graphs but you will need to manually configure them
Have a look at already created ones for RRD
https://github.com/opnsense/core/blob/master/src/opnsense/scripts/health/library/OPNsense/RRD/Types/Temperature.php
https://github.com/opnsense/core/blob/master/src/opnsense/scripts/health/library/OPNsense/RRD/Stats/Temperature.php
Regards,
S.
#10
Q-Feeds (Threat intelligence) / Girls From Your Town - Anonymo...
Last post by swojcik - Today at 04:21:23 PMWomens In Your City - No Selfie - Anonymous Sex Dating
https://secrelocal.com
Girls From Your City - Anonymous Sex Dating - No Selfie
New Girls
Putri
Sara Core
Evelynn
Anna Cute fox
Mia
Natsumi
Busty Anastasia
https://secrelocal.com
Girls From Your City - Anonymous Sex Dating - No Selfie
New Girls
Putri
Sara Core
Evelynn
Anna Cute fox
Mia
Natsumi
Busty Anastasia
