Recent posts

#1
26.1 Series / Re: Upgrade went wrong
Last post by ezhik - Today at 10:31:30 PM
This update is a bit rough for many, hopefully there is an update to patch things up.
#2
General Discussion / Re: Managing OPNsense upgrades...
Last post by meyergru - Today at 10:15:56 PM
Well, I am nearly lost for words...

Quote from: builderall on Today at 09:54:52 PMconversational firewall management

I mean, really? I can imagine my future self referring you back to this when things will have gone awry and saying "Entirely avoidable.".

Not to insult you, but you must be one of the guys who turn on the AI auto-pilot in your car and then read a book during the ride.

P.S.: I never saw that purported upgrade problem happening since starting to use OpnSense back in 2023 (and counting).
#3
German - Deutsch / Re: Kaufberatung
Last post by iani - Today at 10:13:07 PM
Gute Idee, Patrick. Das werde ich ins Auge fassen. Danke.

Ein schönes Restwochenende euch.
#4
26.1 Series / Re: 26.1.3 Upgrade error popup...
Last post by cookiemonster - Today at 10:12:57 PM
I would start with System > Firmware > Status and do a health check. Run audit: health.
That will not tell you what happended but might help identify any lingering problem.
#5
General Discussion / Managing OPNsense upgrades wit...
Last post by builderall - Today at 09:54:52 PM
I've been working on tools to make OPNsense upgrades more reliable and recently wrote up the experience:

I gave Claude access to my OPNsense firewall — here's what happened

Two tools in one project:

A stateful Python upgrade script that runs over SSH — handles the pkg ABI mismatch after base/kernel upgrades and auto-resumes after reboots
A Claude MCP server that connects Claude Code to the OPNsense REST API for conversational firewall management
Tested on a live 26.1.2 → 26.1.3 upgrade this week, with two bugs found and fixed mid-session.

Code: https://github.com/builderall/opnsense-upgrade

Happy to answer questions or take feedback.

#7
26.1 Series / Link between user and certific...
Last post by henri9813 - Today at 09:02:07 PM
Hello there,

I create many users with for each, a certificate with the same CN.

My Openvpn instance has the option to ensure the match between username and the CN of his certificate.

In the System > Access > User when i click on "search certificate for the user X", it lead my to System > Trust with a search and it's ok, i see the cert.

the cert has a picto of a user profile. so i deduce the certificate is successfuly linked.

The user can log into the vpn using the exported profile.

but in the export list, the column "Linked user" is empty. Idem on the API.

PS: The Openvpn certificate is signed by the same CA than the CA used to sign the certificate user.

Do you know why ?

Thanks !
#8
26.1 Series / Re: two issues on OPNsense 26....
Last post by andreasglashauser - Today at 08:53:17 PM
Quote from: Monviech (Cedrik) on March 06, 2026, 10:25:20 AMOh sorry I forgot the context. There has been a microcode update that caused some reboot issues or something. I read about it on reddit.

If you don't 100% need the microcode updates you most likely are better off stability wise without the plugin. (personal opinion, no expert on that matter)

I will try it out next time and consider it. Thanks.
#9
General Discussion / Re: VLAN with Synology RT600AX...
Last post by nero355 - Today at 08:43:15 PM
Quote from: Tobanja on Today at 07:00:14 PMI feel compelled to just add that with the new unifi AP, wireless isolation works.
NICE!!! :)

QuoteBut not before disabling the tailnet completely on the test device (the phone).
I feel bad making such a mistake, but I believe Tailscale has been sneaking behind my back, creating a backdoor into the LAN without me noticing.
Tailnet = TailScale and it was runnning all the time or something ?!

Please explain, because I have no idea what you mean exactly ?

QuoteAnyway, that wraps up this horror episode, and we can all go back to living happy lives.

The story does not tell if the AP purchase was completely unnecessary. Blaming the synology AP might have been unfair. But I'd rather leave this all behind for now.
IMHO you did the right thing, because the Synology seems very "features limited" without resorting to flashing it with alternative firmware if that's even possible ;)
#10
26.1 Series / Re: Serivce Network Time and M...
Last post by rudiratlos63 - Today at 07:48:13 PM
Hi,
das versuche ich ja erfolglos.
1. Wie kann ich den redirect machen?