Recent posts

#1
25.7, 25.10 Series / Re: 25.7.9: pkg exited on sign...
Last post by kozistan - Today at 05:58:39 PM
I checked plugin os-cpu-microcode-intel and it was installed from beginning.

And have have the following in /boot/loader.conf:
cpu_microcode_load="YES"
cpu_microcode_name="/boot/firmware/intel-ucode.bin"

The output of dmesg | grep -i microcode shows:
CPU microcode: no matching update found

#2
25.7, 25.10 Series / Re: 25.7.8 upgrade
Last post by KeithRBrown - Today at 05:56:30 PM
I'm also getting the "Danger" message.

The first time I saw it, it was during an upgrade from 25.7.7_4 to 25.7.8. Although the update completed, something had clearly gone wrong as nothing was stable after it rebooted (NOTE: you can't stop it from rebooting. The upgrade continues to complete, and then promptly reboots).

I decided to reinstall from the Installation Media (v25.7) and restore my config from backup. This all worked fine, and once I was happy it was stable, I proceeded to progress with the update (this time to 25.7.9, as it had been released by then).

Once again, during the update from 25.7 to 25.7.9, I again got the "Danger" message, and like before the update completed and rebooted. This time though, everything seems stable, so I've just left it in-situ.

Happy to provide logs if it can help determine the root cause.
#3
25.7, 25.10 Series / Re: 25.7.9: pkg exited on sign...
Last post by meyergru - Today at 04:48:46 PM
IDK, but I doubt it. Did you install the microcode updates?
#4
Interface configuration for LAN - did you set a gateway there? Don't.

If you need static routes pointing to that other firewall, add it as a gateway in System > Gateways and add the static routes as necessary.
#5
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by Maurice - Today at 04:40:52 PM
Having some build issues with 25.7.9 after switching to my own fork of opnsense/core in 25.7.8. Stand by, I'll figure it out.

@franco No opnsense-update 25.7.9 with removed "pin" feature? Patching that locally on my build system is a bit of a pita...
#6
25.7, 25.10 Series / Re: Unwanted route that keeps ...
Last post by abenaou - Today at 04:40:34 PM
Quote from: Patrick M. Hausen on December 05, 2025, 08:54:18 PMUGHS - that route is static. It's configured somewhere. Do you have configured a gateway on vlan0.6? Remove that.
Thanks for your answer.
Where should I look? I checked :
System -> Routes -> configuration
And there is no such a route, in fact the page is empty.
I even downloaded the configuration file and did and nothing came up:
grep -rni 10.99.200.180 myroute-20251206083945.xml
Where should I check?

Thanks
#7
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by reincoder - Today at 03:56:23 PM
Hi,

We were slowly migrating to a different cloud storage service over a period of time. We have rolled back the system migration entirely.

We have been doing incremental migration throughout the process, and thanks to the post and the only message we received on the support portal, we discovered reliance on the URI header metadata. This was not a hard transition, which has been rolled back, and further investigation will be conducted in the next few days.

During this transition, thanks to this post, we found out that the Content-Disposition header was no longer included in the final download response. This header was optional, but OpnSense relies on it to detect the filename or file type. We have been doing the slow rollout for several weeks, and this was the first issue we received.

The file itself has not changed; it's still a .csv.gz gzip file, but because the header is missing, some scripts may incorrectly treat it as a ZIP instead of a GZIP file. We have rolled back our entire deployment to our previous storage service.

We will investigate closely in the coming days. Thank you for understanding.

— Abdullah | DevRel, IPinfo
#8
Experimental PPPoE support is in 25.7.9.

The last feature I added is PF table (firewall alias) support to help with the network segmentation for highly dynamic setups.

It will most likely hit 25.7.10.

With that the proxy should be complete for now, I personally do not miss any feature when using it, it just worksTM and is quite possibly the leading most complete implementation to fix IPv6 for many setups.

I would call it generic since you can chain the proxy over multiple routers. You dont even need DHCPv6-PD anymore, this proxy handles dynamic IPv6 so gracefully that you won't believe it.

https://github.com/opnsense/docs/commit/5bb5fca5c67ac9162c8f76d6261ca6cc90f34076

#9
25.7, 25.10 Series / Re: 25.7.9: pkg exited on sign...
Last post by kozistan - Today at 03:46:42 PM
Understood. What I did is set the remaining tunables and reboot, but this did not fix the issue.
vm.pmap.pcid_enabled="0"
hw.ibrs_disable="0"
vm.pmap.pti="1"

Then I removed SunnyValley from the active repos and reset the pkg state:
mv /usr/local/etc/pkg/repos/SunnyValley.conf /usr/local/etc/pkg/repos/SunnyValley.conf.DISABLED
rm -rf /var/cache/pkg/*
rm -f /var/db/pkg/*.sqlite

After that I reinstalled pkg using pkg-static:
/usr/local/sbin/pkg-static install -f pkg   # installed pkg-2.3.1_1
So I downgraded pkg and pkg update -f now runs cleanly and no longer faults.

Does this mean there is something wrong with the pkg 2.4.2 version on this hardware/setup?
#10
General Discussion / Re: Unbound strange behavior
Last post by ricksense - Today at 02:00:53 PM
Quote from: Patrick M. Hausen on Today at 11:57:37 AMIn general it doesn't. I run it at multiple offices and an entire data centre with that setting and no problems at all.

Something about your configuration must be unusual. Still pondering what that might be. Did you change the interfaces setting for Unbound, possibly? Something in private networks?

I read about another user on Reddit who is dealing with the same issue as mine. Anyway, I've never complained about OPNsense, but I have already run across a couple of problems with the last version.