"Recent posts
#1
26.1, 26,4 Series / Re: [26.1] NAT reflection not ...
Last post by nero355 - Today at 03:44:47 PMQuote from: Kinerg on May 14, 2026, 11:56:52 PMTo be honest I can't remember the whole theory behind it anymore (It's been like 20 years or so... LOL!) but in the past it has always been considered as a possible security issue and something that shouldn't have ever existed in the first place and thus deprecated technology basically :)Quote from: nero355 on May 14, 2026, 03:45:22 PMIf possible you should avoid Reverse NAT a.k.a. NAT Loopback anyway, so maybe a good moment to consider moving away from it ?!Why? Genuine question.
#2
26.1, 26,4 Series / Outgoing Ping not working
Last post by xenon2008 - Today at 03:30:59 PMHello together,
I currently have the problem on my OPNsense that all outgoing pings which are NOT to the local network do not get a reply.
My setup is as follows: FRITZ!Box (router) => WAN OPNsense | => LAN network.
I can ping everything, including the Fritzbox, but nothing beyond that.
Yesterday I restarted the OPNsense, and then pinging worked again. Today, one day later, nothing on the internet can be pinged again.
In the live view I can see that the request is passed through via NAT, but I cannot find any block in the live log, no matter what I try to ping on the internet.
tracert on the other hand apparently works.
Does anyone have an idea what could be causing this?
Unfortunately, I cannot say how long this has not been working anymore, but until recently it definitely still worked.
I have OPNsense 26.1.8_5 installed, and everything other like Web Surfing ... works fine.
Thanks & Kind Regards
I currently have the problem on my OPNsense that all outgoing pings which are NOT to the local network do not get a reply.
My setup is as follows: FRITZ!Box (router) => WAN OPNsense | => LAN network.
I can ping everything, including the Fritzbox, but nothing beyond that.
Yesterday I restarted the OPNsense, and then pinging worked again. Today, one day later, nothing on the internet can be pinged again.
In the live view I can see that the request is passed through via NAT, but I cannot find any block in the live log, no matter what I try to ping on the internet.
tracert on the other hand apparently works.
Does anyone have an idea what could be causing this?
Unfortunately, I cannot say how long this has not been working anymore, but until recently it definitely still worked.
I have OPNsense 26.1.8_5 installed, and everything other like Web Surfing ... works fine.
Thanks & Kind Regards
#3
Q-Feeds (Threat intelligence) / Re: False positives, probably ...
Last post by wirehire - Today at 03:26:59 PMindeed, many vodafone ips are on the blocklist now, with good reputation.
#4
Web Proxy Filtering and Caching / Ngix - NSXI - WAF - Can we Whi...
Last post by ynth - Today at 02:57:34 PMHello
I am facing a strange situation when NAXSI blocks json request for a web site. The error message states that NAXSI is blocking due to id0=15..
The only way managed to bypass the error was to manually edit the ngix.conf file on location section and add the line :
location / {
SecRulesEnabled;
BasicRule wl:19;
BasicRule wl:15; --ADDED--
Which on next NGING reload from the gui will be gone.
As per the GitHub Rule 15 is the following :
invalid_json
id: 15
action: block
impact: pass-thru on BODY (json)
JSON is malformed (ie. missing } ]).
Is there any alternative to either disable NXSI Internal rule 15 or somehow to keep the added line on the nginx.conf file ?
Best Regards
I am facing a strange situation when NAXSI blocks json request for a web site. The error message states that NAXSI is blocking due to id0=15..
The only way managed to bypass the error was to manually edit the ngix.conf file on location section and add the line :
location / {
SecRulesEnabled;
BasicRule wl:19;
BasicRule wl:15; --ADDED--
Which on next NGING reload from the gui will be gone.
As per the GitHub Rule 15 is the following :
invalid_json
id: 15
action: block
impact: pass-thru on BODY (json)
JSON is malformed (ie. missing } ]).
Is there any alternative to either disable NXSI Internal rule 15 or somehow to keep the added line on the nginx.conf file ?
Best Regards
#5
26.1, 26,4 Series / PPSK / Freeradius / OpenWRT AP...
Last post by Adamzsite - Today at 12:46:59 PMHi all,
First I'm hoping to find a solution to my issue. I run a 200-users + Captive Portal with vouchers and users in pfSense. I have been coming to the realisation that not every user has tables and phones/computers that can show a CP login page.
I run 9 TP-Link access points, all running OpenWRT. All seem fine with two SSIDs (Staff VLAN 1 and Guest VLAN 10). I came across PPSK; I was hoping to use this with OpenWRT and FreeRADIUS, to to just have the tunnel-password option as the main login. I don't have MAC addresses, just a list of pre-made passcodes I have imported into the user config file. i just the impermanent this into pfsense with no look, but been opensense i snot a million miles away I would be happy to mover my main router over to opnsense is it would work.
My question has anyone done this or is there another solution.
Thank you
Adam
First I'm hoping to find a solution to my issue. I run a 200-users + Captive Portal with vouchers and users in pfSense. I have been coming to the realisation that not every user has tables and phones/computers that can show a CP login page.
I run 9 TP-Link access points, all running OpenWRT. All seem fine with two SSIDs (Staff VLAN 1 and Guest VLAN 10). I came across PPSK; I was hoping to use this with OpenWRT and FreeRADIUS, to to just have the tunnel-password option as the main login. I don't have MAC addresses, just a list of pre-made passcodes I have imported into the user config file. i just the impermanent this into pfsense with no look, but been opensense i snot a million miles away I would be happy to mover my main router over to opnsense is it would work.
My question has anyone done this or is there another solution.
Thank you
Adam
#6
Zenarmor (Sensei) / Re: Zenarmor performance expec...
Last post by sy - Today at 12:44:36 PMHi,
Please add the following tunables in System - Settings - Tunables and check again.
Tunable: dev.netmap.generic_rings, Value: 6
Please add the following tunables in System - Settings - Tunables and check again.
Tunable: dev.netmap.generic_rings, Value: 6
#7
26.1, 26,4 Series / Re: Partial config wipe after ...
Last post by Crane_Train - Today at 11:23:08 AMI'm the only admin and there is only one device running OPNsense under my control, which rules both of those out unfortunately!
So strange that there are no logs or anything anywhere, mind...
Just going to bite the bullet and rebuild the config changes and be a bit stricter with my backup cadence.
So strange that there are no logs or anything anywhere, mind...
Just going to bite the bullet and rebuild the config changes and be a bit stricter with my backup cadence.
#8
Virtual private networks / Re: OpenVPN still presenting e...
Last post by SaltyBishop - Today at 09:44:58 AMOh, the CA has also expired. Amazing. Why is this defaulted to 2 years :(
Can be closed.
Can be closed.
#9
Virtual private networks / OpenVPN still presenting expir...
Last post by SaltyBishop - Today at 09:34:35 AMI'm running into an interesting problem with OpenVPN on OPNsense 25.7. My server certificate expired a while ago. I have since renewed this and this is reflected in the Trust store. However, when exporting the VPN client configs, it still tries to use the expired certificate. If I manually replace this with the new one in the client configs, it seems the server is still presenting the expired certificate. I have restarted the service and swapped out the server certificate option but it seems to be holding onto the old, expired certificate for some reason.
Any thoughts?
Any thoughts?
#10
General Discussion / Re: What is the Purpose of 'op...
Last post by Al Muckart - Today at 07:57:56 AMRight, that makes perfect sense, thank you.
