"Recent posts
#1
General Discussion / Re: DNS, DoH, DoT, DoQ, DNSCry...
Last post by nero355 - Today at 04:01:21 PMQuote from: OPNenthu on Today at 03:17:22 AMIn all of the years that I have used Pi-Hole and helped people on various forums with all sorts of questions this is the first time that I read something like that : Are you sure it's not a False Positive ?!Quote from: nero355 on April 04, 2026, 03:40:27 PM- Or you could use Pi-Hole + Unbound the way it's explained here : https://docs.pi-hole.net/guides/dns/unbound/Their main website (https://pi-hole.net/) get blocked on my end by a DoH IP list. Looks like a CDN domain (*.b-cdn.net) according to uBlock origin and it has a high abuse score to boot:
https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/37.19.207.37
I've used Pi-Hole in the past and wanted to experiment with it again in a Proxmox container, but I don't want to whitelist these IPs.
Not a good look for a privacy-focused DNS project :-/
QuoteNo issue with their GitHub repo, though.What does https://discourse.pi-hole.net/ do for you ?
AFAIK it's hosted on the official Discourse CDN so it should not show you any issues and you could post the above results there and see what they say :)
QuoteAs I haven't used Pi-Hole in years and haven't followed the project, do you still find them trustworthy now in 2026?It's a small team of about 8 people and some do the development and some do the support on a couple of places : That's it! ;)
Any concerning developments or money ties?
Sometimes other people contribute too and the code only gets added after approval by the other developers ofcourse.
There is no Spyware/Adware/Telemetry/Ads/Subscriptions or any kind of company involved !!
FYI :
I can't remember what I have started using using Pi-Hole but it has got to be more than 10 years by now and there wasn't any moment of doubt or reason to reconsider their trust during that period ;)
In fact when Pi-hole v6.x.x got released somewhere around February 2025 I was seriously 'STOKED!' as they say :
- No more LigHTTPd.
- No more PHP.
- CivetWeb does almost everything now and is part of the whole FTLDNS package.
- C++ is now the way forward.
- DNSmasqd is ofcourse still part of FTLDNS.
- The API is also still available.
- Super Sweet New webGUI that's a 1:1 translation of the pihole.toml config file which is in a league of it's own when you see how nicely commented it is via SSH when you edit it via nano or vi :)
Basically while a lot of software and websites are getting seriously bloated they made the whole thing a lot more compact and removed some dependencies.
Not just to avoid issues, but now the whole thing also runs on a wider range of Linux distros as a bonus !!
#2
26.1 Series / Re: OPNsense broken after 26.1...
Last post by alex12342 - Today at 03:49:45 PMI had a different issue, also related to this update. My destination NAT broke. I eventually got it to a point where I could either have destination NAT working and some external websites fail to load with ERR_SSL_UNRECOGNIZED_NAME_ALERT, or be stuck with no destination NAT so I could have internet access for all websites. It was weird though because it only affected certain websites. I have been unsuccessful with finding a working configuration and am using my backup router on an older version.
#3
26.1 Series / Re: 25.x.x to 26.x.x: Floating...
Last post by rolsch - Today at 03:32:34 PMThe rule "MyVPNProvider" is at the top but all VPN Traffic goes over GW1: OPT3_PPPOE0_PPPOE (active) and not the WAN_IGC1_GW - 192.168.2.1
https://www.pasteboard.co/6KMF6YyaZqb1.png
So i think traffic from the firewall it-self (OpenVPN in Client Mode) can not catched with policy-based-rules on the WAN interfaces.
- at OPENsense 25.x.x works this feature...
I solved this issue - not nice to handle but it works.
- created an static route: System-Routes-Configuration
[Feature-Request]: handle ALIAS-entrys in the field "Network Address"
https://www.pasteboard.co/6KMF6YyaZqb1.png
Code Select
10113c75-838e-4d0b-9bf7-9cc8ba4600bf;1;keep;;6;pass;1;0;wan;out;inet;any;;;any;0;;MyVPN_Provider;0;;;WAN_IGC1_GW;;0;1;0;0;0;;;;;;;;;;;;;;;;;;;;;0;;;;;;MyVPNProvider
So i think traffic from the firewall it-self (OpenVPN in Client Mode) can not catched with policy-based-rules on the WAN interfaces.
- at OPENsense 25.x.x works this feature...
I solved this issue - not nice to handle but it works.
- created an static route: System-Routes-Configuration
[Feature-Request]: handle ALIAS-entrys in the field "Network Address"
#4
German - Deutsch / Fehler Update
Last post by open - Today at 03:20:53 PMIch bekomme einen Fehler, wenn ich ein Update machen möchte
Bei der Abfrage bekomme ich die Meldung:
base 26.1.3 26.1.6 upgrade OPNsense
kernel 26.1.3 26.1.6 upgrade OPNsense
Wenn ich dann das Update starte, kommt die Meldung unten:
***GOT REQUEST TO UPDATE***
Currently running OPNsense 26.1.6 (amd64) at Tue Apr 14 15:03:49 CEST 2026
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf:
Fetching data.pkg:
SunnyValley repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf:
Fetching data.pkg:
SunnyValley repository is up to date.
All repositories are up to date.
Checking for upgrades (3 candidates): ... done
Processing candidates (3 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
Nothing to do.
Nothing to do.
Flushing temporary package files...find: /usr/local/etc/wireguard/wg1.stat: No such file or directory
find: /usr/local/opnsense/changelog/index.json: No such file or directory
find: /usr/local/opnsense/changelog/24.7.b.txt: No such file or directory
find: /usr/local/opnsense/changelog/26.1.5.htm: No such file or directory
find: /usr/local/opnsense/changelog/25.1.7.htm: No such file or directory
find: /usr/local/opnsense/changelog/24.7.7.txt: No such file or directory
find: /usr/local/opnsense/changelog/20.7.7.txt: No such file or directory
find: /usr/local/opnsense/changelog/26.1.r1.txt: No such file or directory
find: /usr/local/opnsense/changelog/21.1.7.htm: No such file or directory
find: /usr/local/opnsense/changelog/21.7.r2.htm: No such file or directory
find: /usr/local/opnsense/changelog/25.1.9.htm: No such file or directory
find: /usr/local/opnsense/changelog/24.7.9.txt: No such file or directory
find: /usr/local/opnsense/changelog/changelog.txz.sig: No such file or directory
Starting web GUI...done.
Partial update failure detected: report this error log to OPNsense.
No further actions will be taken. Please restart the update now.
***DONE***
Bei einem Health-Check, bekomme ich die folgende Ausgabe:
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 26.1.6 (amd64) at Tue Apr 14 15:10:29 CEST 2026
>>> Root file system: /dev/gpt/rootfs
>>> Check installed kernel version
Version 26.1.3 is incorrect, expected: 26.1.6
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 26.1.3 is incorrect, expected: 26.1.6
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
SunnyValley (Priority: 7)
>>> Check installed plugins
os-bind 1.34_2
os-chrony 1.5_3
os-debug 1.7
os-isc-dhcp 1.0_4
os-net-snmp 1.6_1
os-postfix 1.24.1
os-qemu-guest-agent 1.3
os-sensei 2.4.2
os-sensei-updater 2.0
os-sunnyvalley 1.5_2
os-telegraf 1.12.14
os-vnstat 1.3_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" at 26.1.6 has 68 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
Unter Status sehe ich:
Type opnsense
Version 26.1.6
Was kann ich machen, um das System wieder sauber zu bekommen?
Bei der Abfrage bekomme ich die Meldung:
base 26.1.3 26.1.6 upgrade OPNsense
kernel 26.1.3 26.1.6 upgrade OPNsense
Wenn ich dann das Update starte, kommt die Meldung unten:
***GOT REQUEST TO UPDATE***
Currently running OPNsense 26.1.6 (amd64) at Tue Apr 14 15:03:49 CEST 2026
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf:
Fetching data.pkg:
SunnyValley repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf:
Fetching data.pkg:
SunnyValley repository is up to date.
All repositories are up to date.
Checking for upgrades (3 candidates): ... done
Processing candidates (3 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
Nothing to do.
Nothing to do.
Flushing temporary package files...find: /usr/local/etc/wireguard/wg1.stat: No such file or directory
find: /usr/local/opnsense/changelog/index.json: No such file or directory
find: /usr/local/opnsense/changelog/24.7.b.txt: No such file or directory
find: /usr/local/opnsense/changelog/26.1.5.htm: No such file or directory
find: /usr/local/opnsense/changelog/25.1.7.htm: No such file or directory
find: /usr/local/opnsense/changelog/24.7.7.txt: No such file or directory
find: /usr/local/opnsense/changelog/20.7.7.txt: No such file or directory
find: /usr/local/opnsense/changelog/26.1.r1.txt: No such file or directory
find: /usr/local/opnsense/changelog/21.1.7.htm: No such file or directory
find: /usr/local/opnsense/changelog/21.7.r2.htm: No such file or directory
find: /usr/local/opnsense/changelog/25.1.9.htm: No such file or directory
find: /usr/local/opnsense/changelog/24.7.9.txt: No such file or directory
find: /usr/local/opnsense/changelog/changelog.txz.sig: No such file or directory
Starting web GUI...done.
Partial update failure detected: report this error log to OPNsense.
No further actions will be taken. Please restart the update now.
***DONE***
Bei einem Health-Check, bekomme ich die folgende Ausgabe:
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 26.1.6 (amd64) at Tue Apr 14 15:10:29 CEST 2026
>>> Root file system: /dev/gpt/rootfs
>>> Check installed kernel version
Version 26.1.3 is incorrect, expected: 26.1.6
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 26.1.3 is incorrect, expected: 26.1.6
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
SunnyValley (Priority: 7)
>>> Check installed plugins
os-bind 1.34_2
os-chrony 1.5_3
os-debug 1.7
os-isc-dhcp 1.0_4
os-net-snmp 1.6_1
os-postfix 1.24.1
os-qemu-guest-agent 1.3
os-sensei 2.4.2
os-sensei-updater 2.0
os-sunnyvalley 1.5_2
os-telegraf 1.12.14
os-vnstat 1.3_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" at 26.1.6 has 68 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
Unter Status sehe ich:
Type opnsense
Version 26.1.6
Was kann ich machen, um das System wieder sauber zu bekommen?
#5
26.1 Series / Re: Netflow - again high I/O
Last post by TheRealDoug - Today at 03:10:38 PMAlso had some netflow issues after this update. everything up to 26.1.5 was fine, system load running at ~0.5 at normal. As soon as I updated to 26.1.6, system load was immediately at 1.5 - 1.9. I did
Culprit was flowd_aggregate.py which is related to 'Insight Aggregator' service, which is weird because that file hasn't been touched in over a year:
For my particular issue, I was able to resolve by going to Reporting -> Settings then click 'Repair Netflow Data' and then 'Reset Netflow Data'. I did these in quick succession, so I don't know which one exactly solved my issue.
Culprit was flowd_aggregate.py which is related to 'Insight Aggregator' service, which is weird because that file hasn't been touched in over a year:
Code Select
root@artimus:/home/dbyrd # ps aux | grep python
root 66256 100.0 0.3 35072 21564 - Rs 12:55 1:01.25 /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.13)
For my particular issue, I was able to resolve by going to Reporting -> Settings then click 'Repair Netflow Data' and then 'Reset Netflow Data'. I did these in quick succession, so I don't know which one exactly solved my issue.
#6
German - Deutsch / Re: IPv6 PD hinter FritzBox nu...
Last post by Monviech (Cedrik) - Today at 03:02:57 PMIch habe auch eine Fritzbox und benutze einen ndp proxy um alles transparent durchzureichen, das erspart einem viele Probleme die man sich mit dhcpv6-pd einfängt. (Ich bestreite nicht das PD auch seinen Anwendungszweck hat, mir persönlich macht es aber immer wieder zu viele Probleme.)
https://docs.opnsense.org/manual/ndp-proxy-go.html
Das gleiche /64 das auf dem WAN landet wird dadurch an mehrere interfaces hinter auf der OPNsense weitergereicht.
Disclaimer, ich hab das tool für mich geschrieben wegen solchen Problemen und auch um mehrere OPNsensen hinter der gleichen Fritzbox betreiben zu können ohne das mir die PD Netze ausgehen. (zb geht auch Fritzbox -> Opnsense 1 -> Opnsense 2 ... seriell)
https://docs.opnsense.org/manual/ndp-proxy-go.html
Das gleiche /64 das auf dem WAN landet wird dadurch an mehrere interfaces hinter auf der OPNsense weitergereicht.
Disclaimer, ich hab das tool für mich geschrieben wegen solchen Problemen und auch um mehrere OPNsensen hinter der gleichen Fritzbox betreiben zu können ohne das mir die PD Netze ausgehen. (zb geht auch Fritzbox -> Opnsense 1 -> Opnsense 2 ... seriell)
#7
German - Deutsch / IPv6 PD hinter FritzBox nur na...
Last post by Bytechanger - Today at 02:49:55 PMHallo,
ich habe schon seit Monaten folgendes Problem:
Mein Aufbau:
Deutsche Glasfaser -> FritzBox -> OPNSense
OPNSense fordert von der FritzBox ein 60er Prefix an (den Rest benötigt die Fritzbox für ihre Netze).
Ich habe DHCPv6 auf dem WAN sowie dem LAN, Gast, IoT Interface eingestellt.
Nach einem Neustart bekommt der WAN-Port eine IPv6 Adresse, die anderen bekommen keine (ich vermute, ich bekomme kein Prefix von der FritzBox).
Drücke ich auf Interface->Overview bei WAN-Interface auf Refresh (mehrfach, 2-3 mal), dann bekommen die die Interfaces eine IPv6.
Über die Bash habe ich das nie hinbekommen, also ein
ifconfig vtnet0 down
sleep 5
ifconfig vtnet0 up
hat nie geholfen, auch ein
configctl interface restart wan
brachte keinen Erfolg.
Nur das 2-3 fache Drücken des Refresh-Buttons auf der GUI bringt irgendwann die IPv6.
Das Problem ist reproduzierbar!
Klingt für mich nach einem "timing Problem"?!
Hat jemand eine Idee oder einen Analysevorschlag?
LG
Byte
ich habe schon seit Monaten folgendes Problem:
Mein Aufbau:
Deutsche Glasfaser -> FritzBox -> OPNSense
OPNSense fordert von der FritzBox ein 60er Prefix an (den Rest benötigt die Fritzbox für ihre Netze).
Ich habe DHCPv6 auf dem WAN sowie dem LAN, Gast, IoT Interface eingestellt.
Nach einem Neustart bekommt der WAN-Port eine IPv6 Adresse, die anderen bekommen keine (ich vermute, ich bekomme kein Prefix von der FritzBox).
Drücke ich auf Interface->Overview bei WAN-Interface auf Refresh (mehrfach, 2-3 mal), dann bekommen die die Interfaces eine IPv6.
Über die Bash habe ich das nie hinbekommen, also ein
ifconfig vtnet0 down
sleep 5
ifconfig vtnet0 up
hat nie geholfen, auch ein
configctl interface restart wan
brachte keinen Erfolg.
Nur das 2-3 fache Drücken des Refresh-Buttons auf der GUI bringt irgendwann die IPv6.
Das Problem ist reproduzierbar!
Klingt für mich nach einem "timing Problem"?!
Hat jemand eine Idee oder einen Analysevorschlag?
LG
Byte
#8
Virtual private networks / Re: WG Server with 2 different...
Last post by Monviech (Cedrik) - Today at 02:49:23 PMBest would be with ospf or bgp.
Mentally swap ipsec with wireguard.
https://docs.opnsense.org/manual/how-tos/dynamic_routing_ospf.html#ipsec-failover-with-vti-and-ospf
Mentally swap ipsec with wireguard.
https://docs.opnsense.org/manual/how-tos/dynamic_routing_ospf.html#ipsec-failover-with-vti-and-ospf
#9
Virtual private networks / WG Server with 2 different IPs...
Last post by c-mu - Today at 01:46:13 PMHi!
I have a data center that is directly connected to my headquarters via dark fiber. This has historical reasons, as we gradually moved all servers from the HQ into the data center over time.
Now I want to convert my HQ into a regular site again and separate the networks. I also want to set up a WireGuard tunnel between the HQ and the data center. The tunnel should primarily run over the dark fiber (100 Gbit) and secondarily over the regular internet (10 Gbit) in case the dark fiber is damaged.
Is this scenario possible to implement using a WireGuard tunnel?
Thank You!
I have a data center that is directly connected to my headquarters via dark fiber. This has historical reasons, as we gradually moved all servers from the HQ into the data center over time.
Now I want to convert my HQ into a regular site again and separate the networks. I also want to set up a WireGuard tunnel between the HQ and the data center. The tunnel should primarily run over the dark fiber (100 Gbit) and secondarily over the regular internet (10 Gbit) in case the dark fiber is damaged.
Is this scenario possible to implement using a WireGuard tunnel?
Thank You!
#10
26.1 Series / Re: PPPOE Frequent Disconnecti...
Last post by hharry - Today at 12:59:43 PMOPnsense when properly configured PPPoE is super stable, it even properly supports PPPoE adaptive LCP echo request...I always test this in a sandboxed LAB environment before every new release makes it into my production environment, and it's always worked perfectly.
