"Recent posts
#1
General Discussion / Re: Unifi VLANs with new OPNse...
Last post by OPNenthu - Today at 11:32:40 PMTo give it an IP address needs a DHCP server on the UniFi default network, right? So again VLAN 1 or native LAN (untagged) is required, unless you have a UniFi gateway. Otherwise I guess you have to get to it by its default IP (192.168.1.20).
Does the CLI allow configuration of switch ports, even temporarily? I wasn't aware.
Does the CLI allow configuration of switch ports, even temporarily? I wasn't aware.
#2
German - Deutsch / Re: Firmware Update Notificati...
Last post by fastboot - Today at 11:25:38 PMProgram 'OPNsense_Update_Check'
status OK
monitoring status Waiting
monitoring mode active
on reboot start
last exit value 0
last output NO_UPDATE: Current version: 26.1.3
data collected Thu, 05 Mar 2026 22:27:06
status OK
monitoring status Waiting
monitoring mode active
on reboot start
last exit value 0
last output NO_UPDATE: Current version: 26.1.3
data collected Thu, 05 Mar 2026 22:27:06
#3
General Discussion / Re: Unifi VLANs with new OPNse...
Last post by nero355 - Today at 11:01:45 PMQuote from: OPNenthu on Today at 10:30:51 PMThe trouble with these switches, at least the one I have, is there is no OOB management access. If it can't configure itself from the network you're dead in the water.Not entirely :
- Make sure it gets an IP Address.
- SSH to it.
- Telnet localhost.
- Play with your UniFi Switch as if it was an EdgeSwitch :)
Everything is gone after a reboot tho... :(
#4
26.1 Series / Re: fixed rule window size
Last post by nero355 - Today at 10:58:33 PMQuote from: tessus on Today at 09:34:59 PMThis can easily be solved by adding a link (reference within the same page) at the top to jump to the static mappings.I was thinking about a seperate sub-menu on the left, but since ISC DHCP Server is EOL officially it's not gonna happen...
Quote from: Monviech (Cedrik) on Today at 10:29:05 PMIt's a deliberate design choice.With or without a chance that it might get a re-design/small fix in the future ??
#5
26.1 Series / Re: Unbound Query Forwarding ....
Last post by Netlearn - Today at 10:40:11 PMI have been making some tests installing the BIND plugin in a VM OPNsense and it works as expected, being an authoritative DNS server for our *.internal domains. Unbound makes the "query forwarding" to BIND and it responds correctly (still not tested thoroughly).
I'm considering alternatives to our current config, and installing BIND in all OPNsenses is probably the best option from a functional perspective, but it implies an increment in administration and workload.
I know that DNSmasq can act a authoritative and Unbound can't. But that's not my point. I'll try to explain it better:
What is failing in my current setup is the "query forwarding" from one Unbound to another, and that forwarding is also present with the BIND setup. As I said, I still haven't tested the new setup deeply and with enough time to be sure it will work.
To cover our needs, making "query forwardings" between Unbounds with "overrides" declared is enough, but still unknown why it sometimes fails. Docs say here:
"Register DHCP Static Mappings: Register static dhcpd entries so clients can resolve them. Supported on IPv4 and IPv6."
So static entries from Kea are supposed to work.
But instead of using that approach, I deactivate that option and use "overrides", which should also work (just in case "register mappings" has some issues).
As docs say here, Unbound resolves those names, no problem here.
The only problem is the origin Unbound NOT ALWAYS attending the "query forwarding". When it does, the setup works.
Hope this clarifies my question.
I have put a set of most-needed "overrides" in all five Unbounds to patch the problem for now, but that's very prone to errors and hard to maintain.
I may be missing something somewhere, but that behavior is not consistent. Any suggestion welcome, of course.
I'm considering alternatives to our current config, and installing BIND in all OPNsenses is probably the best option from a functional perspective, but it implies an increment in administration and workload.
I know that DNSmasq can act a authoritative and Unbound can't. But that's not my point. I'll try to explain it better:
What is failing in my current setup is the "query forwarding" from one Unbound to another, and that forwarding is also present with the BIND setup. As I said, I still haven't tested the new setup deeply and with enough time to be sure it will work.
To cover our needs, making "query forwardings" between Unbounds with "overrides" declared is enough, but still unknown why it sometimes fails. Docs say here:
"Register DHCP Static Mappings: Register static dhcpd entries so clients can resolve them. Supported on IPv4 and IPv6."
So static entries from Kea are supposed to work.
But instead of using that approach, I deactivate that option and use "overrides", which should also work (just in case "register mappings" has some issues).
As docs say here, Unbound resolves those names, no problem here.
The only problem is the origin Unbound NOT ALWAYS attending the "query forwarding". When it does, the setup works.
Hope this clarifies my question.
I have put a set of most-needed "overrides" in all five Unbounds to patch the problem for now, but that's very prone to errors and hard to maintain.
I may be missing something somewhere, but that behavior is not consistent. Any suggestion welcome, of course.
#6
General Discussion / Re: Unifi VLANs with new OPNse...
Last post by OPNenthu - Today at 10:30:51 PMQuote from: mooh on Today at 04:03:25 PMUnifi switches can use any vlan for their management network just like all other Unifi gear. The tricky bit is that one needs a switch port (ideally with PoE) configured to that vlan to adopt any new devices, i.e. untag outgoing traffic, tag incoming traffic with the management vlan.
Yeah, though this can bite in certain circumstances that I think are far more likely on a small home network. Imagine if you only have a single UniFi switch and it either needs replacement or you need to reset it, and for whatever reason the controller isn't available or the switch can't find it. You're now locked out with no network. (I may have discovered this once or thrice in the beginning...)
The trouble with these switches, at least the one I have, is there is no OOB management access. If it can't configure itself from the network you're dead in the water.
#7
26.1 Series / Issues with Caddy and multiple...
Last post by awshirley - Today at 10:30:36 PMI've got a number of services running behind Caddy via the reverse proxy. It's currently 1 for 1, a subdomain and one handler. This is working perfectly. I'd like to move to 1 domain and put all the services behind that domain and remove the subdomains. I've tried setting up several handlers behind the domain for this and all I get are either error 403 forbidden or a very small page of xml. I'm not even sure how to try solving this.
All assistance is greatly appreciated!
Thanks.
All assistance is greatly appreciated!
Thanks.
#8
26.1 Series / Re: Unbound won't start 26.1.1...
Last post by TheSHAD0W - Today at 10:29:48 PMAnother suggestion to try, if you don't want to migrate from dnsmasq to kea - set a machine with a static ip and disable dnsmasq, then try to start unbound. If it succeeds you know something in dnsmasq is blocking it.
#9
26.1 Series / Re: fixed rule window size
Last post by Monviech (Cedrik) - Today at 10:29:05 PMIt's a deliberate design choice.
#10
26.1 Series / 26.1.3 log errors
Last post by JDE1000 - Today at 10:25:54 PMNoticed a lot of Audit and Backend errors in logs since update to 26.1.3. I don't notice any degraded performance. Are these anything to worry about?
07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.134)
2026-03-05T14:23:17-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:22:42-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:22:42-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:22:02-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:22:02-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:21:24-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:21:24-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:20:47-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:18:15-07:00Errorconfigd.py[e56dcddb-1c34-4944-a622-b2753f8fbb6d] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:47-07:00Errorconfigd.py[0c3f5dad-a408-4915-994d-0c2fa8ec3249] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:32-07:00Errorconfigd.py[09c6c392-783a-46c0-950f-91086472c756] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:22-07:00Errorconfigd.py[b77b9d5e-c683-4636-8485-c91c43362ed6] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:12-07:00Errorconfigd.py[0f584c3d-c44b-42fd-a52d-02d26b2e1de9] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:02-07:00Errorconfigd.py[2671c452-d7bc-49a6-93ce-7d63a20f853c] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:53:52-07:00Errorconfigd.py[d7fb0b4b-bc33-449e-987c-b2d9c12d6249] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.134)
2026-03-05T14:23:17-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:22:42-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:22:42-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:22:02-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:22:02-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:21:24-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:21:24-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:20:47-07:00Errorauditno active session, user not found (called "/wpad.dat" @ 192.168.67.xxx
2026-03-05T14:18:15-07:00Errorconfigd.py[e56dcddb-1c34-4944-a622-b2753f8fbb6d] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:47-07:00Errorconfigd.py[0c3f5dad-a408-4915-994d-0c2fa8ec3249] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:32-07:00Errorconfigd.py[09c6c392-783a-46c0-950f-91086472c756] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:22-07:00Errorconfigd.py[b77b9d5e-c683-4636-8485-c91c43362ed6] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:12-07:00Errorconfigd.py[0f584c3d-c44b-42fd-a52d-02d26b2e1de9] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:54:02-07:00Errorconfigd.py[2671c452-d7bc-49a6-93ce-7d63a20f853c] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
2026-03-05T11:53:52-07:00Errorconfigd.py[d7fb0b4b-bc33-449e-987c-b2d9c12d6249] Script action stderr returned "b"/usr/local/opnsense/scripts/openvpn/ovpn_status.py:80: SyntaxWarning: invalid escape sequence '\\ '\n header_def.append(re.sub('[\\ \\(\\)]', '_', item.lower().strip()))""
