Recent posts

#1
26.7 Series / Re: OPNsense 27 upgrade – warn...
Last post by (MARLOO) - Today at 10:06:56 PM
Hello nero355,

Thanks for the reply.

The mongodb.so warnings fit exactly with Zenarmor dropping MongoDB in favor of SQLite / newer Elasticsearch. I'll clean up the leftover php83-pecl-mongodb package and run pkg autoremove, then check if the warnings disappear permanently.

About the ZFS warning: I agree it's likely just OpenZFS being updated and reporting newer available features on my existing pool. The pool is online and healthy, and SMART on the SSD is clean, so I'm treating it as informational.

The greyed‑out Services widget seems to be a UI glitch; all services are actually running fine.

If you've seen this combo on other 27 upgrades, any specific cleanup steps beyond removing the mongodb package?

Thanks,
#2
26.7 Series / Re: Call for testers - new CPU...
Last post by Patrick M. Hausen - Today at 09:58:32 PM
QuoteEarlier kernels may cause boot stalls ...

Did you mean to say "Earlier bootloaders ..."?
#4
Thanks for explaining, interesting how you work with the constraints you have.

I think some people use Proxmox and offload the PPPoE on it on hardware level while passing it to an OPNsense VM. I think Ive read threads like these before. Maybe thats also something you could pursue. But I don't know anything more about this.

Anyway good luck and thanks for the discussion :)
#5
26.7 Series / Re: Totally confused by migrat...
Last post by lignumaqua - Today at 09:10:35 PM
No problem! :)  All friends here and it all worked out in the end.

PS - I've seen users with similar problems to me in understanding the migration assistant on Reddit. It all actually works fine, it just isn't that intuitive.
#6
26.7 Series / Feature Request : Firewall Rul...
Last post by bigops - Today at 09:00:57 PM
As the 26.7 version has started to take the definitive steps to decommission the old firewall rules I finally decided to migrate most firewalls into the new rule-set.  The migration went ahead without much issues but after the migration found that some connections which had been working for years started failing.  Investigating further it appears that the migration assistant doe not really care of the processing order of the rules when migrating. 

To capture all blocks for further troubleshooting the approach adopted earlier was to have an explicit block at the end of each interface firewall rule.  During troubleshooting it was observed that the migration assistant had put some rules of the interface after a block all rule on the interface.  This resulted in the catch all block rule denying access.  So had to manually move rules around so that rules for each interface are grouped together rather than in mix.

While troubleshooting I also felt that if we have a column which shows the rule number which lists the processing order it would be helpful especially when all the rules are now bunched together.
#7
26.7 Series / Re: os-upnp plugin not working...
Last post by Baron_Backdoor - Today at 08:58:12 PM
So i've been battling this today, oddly Destiny 2 was my guinea pig too lol

So as far is i can tell miniupnpd seems to struggle to bind the client IP to the port request, now if i roll back to my deployment of 26.1.x this is a non issue. The unfortunate thing also though is i found the stuggestion nero gave to not work either which is odd.

I have yet to go down the port forward route yet mostly because if that works i'll shelf opnsense in favour of another router as i don't have the time or the will to map all the ports of every game that gets played in this house lol.

I have different network segments for different tasks (IoT, Servers, Gaming, Work etc) because i'm lazy uPnP is excellent for the gaming segment (a cheeky /29 subnet) as there are no access rules to other VLANs from there so it can go mental for all I care (before some karen shouts about security and how uPnP is a infiltration waiting to happen).

But judging on how the intel microcode plugin is causing issues i'm just going to assume it's a bug in the network stack somewhere and wait to see what happens maybe the kids will go outside for once.........
#8
Tutorials and FAQs / Re: ndp-proxy-go: Proxy ISP pr...
Last post by inkeliz - Today at 08:50:04 PM
Quote from: Monviech (Cedrik) on Today at 09:48:20 AMMulti WAN with provider dependant prefixes is not really working that great.

Real IPv6 Multi WAN would require a provider independant prefix. (eg routed to you via gre or another tunnel)

The same limitations also exist for IPv4.

I agree. It would be better if I had my own IP and a dedicated /48 GUA prefix.

I'm exploring that option, but none of my ISPs can announce my IP, even with a business contract. I'm afraid that GRE could reduce performance (speed and latency), especially in higher speeds.

To be fair, I already use WireGuard in a setup similar to GRE. I route a /64 from an external server to OPNsense, which is conceptually similar. Its purpose is to reduce latency to Brazil. I have a couple of VPSs connected together, and the end-to-end latency is around 120 ms, compared to about 220 ms when connecting directly with my ISPs.

Quote from: Monviech (Cedrik) on Today at 09:48:20 AMFaking the host identity on the router via NAT or NPT is a workaround but also has its own limitations.

Your setup is limited by the underlying infrastructure.

I agree that it's a workaround, but it's better than giving multiple GUAs to each client.

---

Side note: I can remove the ISP router and connect the ONT directly to OPNsense, which would give me the full /56 prefix. However, that ISP uses PPPoE, and I don't think my hardware can handle 10 Gbps over PPPoE. I'm also considering buying another router with PPPoE hardware acceleration and DHCPv6-PD support, then using the following setup: ISP → ONT → My Router (PPPoE + DHCPv6-PD) → OPNsense. That should perform as well as my other two ISPs while still giving OPNsense the delegated IPv6 prefixes. However, I need to buy another router and ONT and pray for the best. Currently, I don't have "ONT → My Router", but a single All-In-One device from ISP (which is a ONT, Router, Switch and Access-Point/WIFI).

 

#9
26.7 Series / Re: Firewall Rules One click c...
Last post by bigops - Today at 08:49:52 PM
Quote from: OPNenthu on July 17, 2026, 08:20:54 PMWith the new rules UI there's a separate column with a checkbox to enable/disable rules.  The icons are just visual indicators now, not interactive.

Don't forget to also hit "Apply."

Thanks
#10
26.7 Series / Re: Updated - first impression...
Last post by franco - Today at 08:09:14 PM
Quote from: Amodin on Today at 06:50:31 PMMy only issue with it is apparently theme-based colors, lol.


https://imgur.com/a/Lr8YMi9

Yeah, this is an oversight more or less: https://forum.opnsense.org/index.php?topic=52451.0

We already use a a bit of brand-danger in the pages, but brand-success a lot less.  Doesn't change the fact that these are normal bootstrap branding colors that should go nicely in every theme.  If not it's easy to adjust them as it's just these two colors.