Recent posts

#1

26.1, 26,4 Series / Captive Portal access to firew...

Last post by JamesL - Today at 01:46:30 AM

OpnSense 26.1 on Dell Precision 3420 Core i5 7th Gen, 12GB Ram.
Our guest network firewall rules include a daily schedule to prevent parking lot use after hours.
The captive portal JavaScript includes a copy of the current schedule, but it will be easier to maintain if the firewall could be queried to get the current days values for a specified schedule.
Is this information already available or easy to make available (I didn't see it in the documentation)?
I haven't determined yet how to download the opnSense source modules, and will need to sufficiently learn the language (python?) to attempt implementing something myself.
Thanks

#2

26.1, 26,4 Series / Re: Unbound TCP drops every 7....

Last post by Decaffinated_Duck - Today at 12:53:09 AM

Thanks, Ive taken Unbound out of the system for now while I get to the bottom of my issue, but if DHCPRenew are non interrupting then this may not have any connection to OPs issue & don't want to hijack their thread

#3

26.1, 26,4 Series / Unbound restarting on interfac...

Last post by HerkomerKlamm - Today at 12:35:17 AM

My Unbound is restarting frequently, even every 15 seconds under heavy load. This is being caused--I believe--by my WAN interface flapping. That is a separate issue I am trying furiously to resolve, but in the meantime I am trying to get Unbound not to restart with every WAN flap.

I have seen in previous forum posts that this can be caused by having DHCP registration enabled in Unbound. I do not have it enabled. I have also seen that it can be caused by having specific interfaces specified for Unbound to listen on. I did have this set, but on seeing the recommendation to use the recommended setting of 'all' (no specific interfaces set), I configured it that way. But the problem persists.

Any other ideas why Unbound is repeatedly restarting?

#4

25.1, 25.4 Legacy Series / Re: Unbound is blocking withou...

Last post by HerkomerKlamm - Today at 12:20:40 AM

With the option in Q-Feeds 'Register domain feeds' enabled

Well, if you explicitly enable the "block via Q-Feeds" feature, what do you expect?

I expected it to obey Unbound whitelists configured in Unbound, since it is using Unbound to do the blocking. It doesn't. But now an option has been added to remedy this, & you can set whitelists in Q-Feeds. With this formerly missing option, the problem was resolved for me.

#5

Hardware and Performance / Re: DEC750 NVMe thermal pad?

Last post by Patrick M. Hausen - Today at 12:13:04 AM

I would be interested in knowing if a small usb powered fan (a silent type) placed on top of your device would improve the temps significantly.

I have come to really like these:

https://www.amazon.de/dp/B08QYY87XW

Cheap and whisper quiet. And the rubber feet keep them from wandering due to vibration. I have one on top of my DEC750 and one at the side of my Mikrotik CRS326-24G-2S+IN switch and they work wonders.

[LAN interface setup:]

#6

26.1, 26,4 Series / Re: Identity Association IPv6 ...

Last post by knyl - Today at 12:01:30 AM

Following up onto this thread for anyone still looking for information on this. Managed to get it working today on 26.1.8_5 with an approach I believe is one of the intended ones. Since I haven't found a step-by-step and the issue with Identity association not being selectable seem to have been resolved or can be worked around, might aswell write one. Note that this one's using Dnsmasq for everything but I thought it might feel a little more comprehensive to some folks.
I'll assume your WAN is already set up correctly and you're getting a prefix (tcpdump can get you some insight into that)

Code Select Expand

tcpdump -i YOUR_WAN_INTERFACE -n -v ip6 and udp and port 546 or port 547look for something along the lines of

Code Select Expand

(IA_PD-prefix 2001:xxx:xxx:xxx ... )

• LAN interface setup: Rather than using Track Interface, the sister method seems to be Identity association, as has been discussed in this thread. Unfortunately, that will not automatically configure any services but it's not too hard to do that manually with Dnsmasq.
  
  
• Services -> Dnsmasq -> General
  
• Services -> Dnsmasq -> DHCP ranges
  
  Now comes the fun part and also the part where you decide how your clients should receive their IPv6 adresses (stateful vs. stateless). If you set your RA mode to slaac, devices will generate a SLAAC address and an additional DHCPv6 address which could be useful for reservations. Using ra-stateless will have your clients only generate a SLAAC address. Now we come to the beauty of constructors which essentially behave like afforementioned tracking- your interface will be used to calculate a RA/DHCPv6 range and you only got to specify your start address as a suffix (e.g. ::1000). So, little + down right for a new DHCP range, switch to Advanced mode and then:
  
  

After that, setup anything else you need, make sure to check your firewall rules to allow ICMPv6 and whatnot and then...well, things should run. I hope this is atleast somewhat useful to someone (I've been screwed over by logout/editor three times now) and not beyond the scope of this thread.
Note: There's apparently been an update regarding the whole KEA situation four days ago, seems like an option for automatic configuration has been included on master.
Cheers!

#7

Hardware and Performance / Re: DEC750 NVMe thermal pad?

Last post by BrandyWine - Today at 12:00:53 AM

Do you see significant temperature swings in your equipment? I figure load would swing the temperature far more than (typical) HVAC schedules (up to 25C vs. ~5C, measured internally). (Seasonally the effect of ambient temperature is greater, but that's a pretty slow cycle.)

The temp swing is +25F when the HVAC goes off, lets the cpu core temp rise to 70C. The device has an N150 with one cpu core pegged at 100% due to a legit process.

#8

Hardware and Performance / Re: DEC750 NVMe thermal pad?

Last post by BrandyWine - May 24, 2026, 11:57:27 PM

I would be interested in knowing if a small usb powered fan (a silent type) placed on top of your device would improve the temps significantly.

#9

German - Deutsch / Re: WAN-Umstellung von PPPoE a...

Last post by PrinceLG - May 24, 2026, 11:21:26 PM

lieben Dank meyergru !

ja ich weiss es gibt keine dummen Fragen :-).
Ich habe im Dashboard die Karte Gateway durch die Karte Schnittstellen ersetzt und sehe sofort die vollständigen korrekten IP's

#10

General Discussion / Re: update notifications - bus...

Last post by osn1803 - May 24, 2026, 11:09:12 PM

If you put this as cron job parameter it will also do major upgrades automatically:

https://github.com/opnsense/core/blob/eb2800a9bd76060fa17937840e3498c31e4081d2/src/etc/rc.firmware.subr#L34

ALLOW_RISKY_MAJOR_UPGRADE

That's potentially useful, thank you.