"Recent posts
#1
Hardware and Performance / Re: Mono Gateway (an NXP-based...
Last post by OPNenthu - Today at 06:48:39 AMTomaž's videos would show up in my algorithm from time to time. Awesome development w.r.t to OPNsense. Very cool, @Maurice!
I did cringe a bit when he mentioned Claude, but those are very appreciable gains that he discussed. I guess the question I have is whether the AI produces fewer bugs and vulnerabilities than a team of humans would.
I did cringe a bit when he mentioned Claude, but those are very appreciable gains that he discussed. I guess the question I have is whether the AI produces fewer bugs and vulnerabilities than a team of humans would.
#2
26.1 Series / Re: 26.1.3 and Intel X710 (ixl...
Last post by dirtyfreebooter - Today at 06:02:07 AMhrm, watching this thread. i am running a vp2440 with opnsense 25.10.2_8 (business) and coreboot 0.9.1-rc3, so its running 25.7.14 base, but 26.4 is scheduled to be released mid-april and will likely use the 26.1 kernel/drivers. i was running AMI bios before, as coreboot 0.9.0 dropped packets all the time on 2.5g ports with ASPM enabled. 0.9.1-rc3 seem to fix that and really helped with the idle power.
now i am worried upgrading to 26.4 will come with some surprises for x710..
now i am worried upgrading to 26.4 will come with some surprises for x710..
#3
Hardware and Performance / Re: Mono Gateway (an NXP-based...
Last post by Maurice - Today at 04:26:25 AMYes, I have one and it does indeed run OPNsense. Hardware offloading is supported and really sets it apart from anything I've seen before. And yes, it can offload connections which are firewalled by pf. Pretty impressive.
I recommend watching Tomaž's latest video on YouTube.
Cheers
Maurice
Full disclosure: I've been contracted by Mono to maintain their OPNsense update server.
I recommend watching Tomaž's latest video on YouTube.
Cheers
Maurice
Full disclosure: I've been contracted by Mono to maintain their OPNsense update server.
#4
Hardware and Performance / Re: [solved] Intel i226 Firmwa...
Last post by mdmower - Today at 03:40:19 AMQuote from: He4DHuNt3r on March 27, 2026, 04:49:42 PMQuote from: turnah on March 27, 2026, 02:40:34 AMdid you manage to update? i have the same card/version and it's failing for me too
Sadly no, for whatever reason the NVM / Flash chip is write protected according to the eeupdate64e tool :(
You can check yourself by using the commandCode Selecteeupdatew64e.exe /NIC=1 /IDFLASH
tl;dr: Have you tried disabling secure boot?
I was seeing "Error: Flash update failed." when attempting to update from Win 11 (using nvmupdatew64e.exe 1.41.3.1 from Intel® Ethernet Adapter Complete Driver Pack 31.1. Then I tried with Debian 13. The recommendation to set iomem=relaxed only works if I disable secure boot, otherwise that flag is ignored. After setting the kernel cmdline and disabling secure boot, I was able to successfully flash my I226-V from 2.17 to 2.32. This is the Ethernet controller that came with my MSI MAG Z790 Tomahawk motherboard.
Identification (from Windows): nvmupdatew64e.exe -i -l out.txt
Code Select
Config file will not be read.
Inventory
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Vendor : 8086
Device : 125C
Subvendor : 1462
Subdevice : 7D91
Revision : 4
LAN MAC : 047C167CA2DB
Alt MAC : 000000000000
SAN MAC : 000000000000
ETrackId : 80000308
SerialNumber : 047C16FFFF7CA2DB
NVM Version : 2.23(2.17)
PBA : G23456-000
VPD status : Not set
VPD size : 0
NVM update : No config file entry
checksum : Valid
Config (used in both Windows and Linux): nvmupdate.cfg
Code Select
CONFIG VERSION: 1.24.0
BEGIN DEVICE
DEVICENAME: Intel(R) Ethernet Controller I226-V
VENDOR: 8086
DEVICE: 125C
NVM IMAGE: FXVL_125C_V_1MB_2.32.bin
EEPID: 80000425
RESET TYPE: REBOOT
REPLACES: 80000308
END DEVICE
Failed update (from Windows): nvmupdatew64e.exe -b -l upd.txt -m 047C167CA2DB -u -c nvmupdate.cfg
Code Select
Config file read.
Inventory
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
Update
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Creating backup images in directory: 047C167CA2DB.
Backup images created.
Flash update started.
Error: Flash update failed.
Device update failed.
Update security revisions
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Skipping update minimum security revisions.
Update VPD with VPD template
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Skipping VPD update with VPD template.
Successful update (from Linux with secure boot disabled and iomem=relaxed): ./nvmupdate64e -b -l upd.txt -m 047C167CA2DB -u -c nvmupdate.cfg
Code Select
Config file read.
Inventory
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
Update
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Creating backup images in directory: 047C167CA2DB.
Backup images created.
Flash update started.
NVM verification started.
Shadow RAM verification started.
Shadow RAM verification finished.
Flash verification started.
Flash verification finished.
NVM verification finished.
Flash update successful.
Device update successful.
Update security revisions
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Skipping update minimum security revisions.
Update VPD with VPD template
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Skipping VPD update with VPD template.
Checking update availability for next tool run.
A reboot is required to complete the update process.
Identification (from Linux): ./nvmupdate64e -i -l out.txt
Code Select
Config file will not be read.
Inventory
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
[00:008:00:00]: Intel(R) Ethernet Controller I226-V
Vendor : 8086
Device : 125C
Subvendor : 8086
Subdevice : 0000
Revision : 4
LAN MAC : 047C167CA2DB
Alt MAC : 000000000000
SAN MAC : 000000000000
ETrackId : 80000425
SerialNumber : 047C16FFFF7CA2DB
NVM Version : 2.50(2.32)
PBA : G23456-000
VPD status : Not set
VPD size : 0
NVM update : No config file entry
checksum : Valid
#5
26.1 Series / Re: 26.1.3 and Intel X710 (ixl...
Last post by felipe0123 - Today at 03:29:30 AMProtectli hasn't been very helpful so far, they state they sold more than 4000 VP2440 and I'm the first person reporting the issue and no reply to my next communication.
Since the script has fixed the issue for me, I'm adding it here in case someone else face the same issue: https://github.com/galmeida/opnsense-protectli-vp2440
Since the script has fixed the issue for me, I'm adding it here in case someone else face the same issue: https://github.com/galmeida/opnsense-protectli-vp2440
#6
26.1 Series / Upgrade fail after fresh new i...
Last post by Vincent Chen - Today at 03:27:51 AMHi, all
Since 25, I got this issue.
Step 1. I download iso from opnsense and make a bootable usb.
Step 2. I use this bootable usb to install opnsense and restore configration
Step 3. I do upgrade in dashboard link, download is ok but after several package install, error popup and I lose access to opnsense
My hardware is CWWK N100 with 4 intel NIC and 64G microSD as boot device.
I saw some error complain about microSD device, but it work normally sometime.
I got 50% failure in step 3 and do not know what went wrong.
Any suggestion?
Thanks,
Since 25, I got this issue.
Step 1. I download iso from opnsense and make a bootable usb.
Step 2. I use this bootable usb to install opnsense and restore configration
Step 3. I do upgrade in dashboard link, download is ok but after several package install, error popup and I lose access to opnsense
My hardware is CWWK N100 with 4 intel NIC and 64G microSD as boot device.
I saw some error complain about microSD device, but it work normally sometime.
I got 50% failure in step 3 and do not know what went wrong.
Any suggestion?
Thanks,
#7
Hardware and Performance / Mono Gateway (an NXP-based rou...
Last post by pfry - Today at 12:46:49 AMI didn't see this flying around, and someone had to start it, so I figured I might as well.
An NXP-based router that... should support OPNsense. I wonder about the hardware offloading, as I figure it would play hell with monitoring/logging.
It looks like the first development kit sale has closed, awaiting a second or production run. Hopefully they make it, but it's a tough market.
Maurice, do you have one?
An NXP-based router that... should support OPNsense. I wonder about the hardware offloading, as I figure it would play hell with monitoring/logging.
It looks like the first development kit sale has closed, awaiting a second or production run. Hopefully they make it, but it's a tough market.
Maurice, do you have one?
#8
26.1 Series / "Redirect external DNS request...
Last post by Demmers - March 28, 2026, 11:26:36 PMI wondered if the rule I created for the purpose in Subject made a few years ago, is still set correctly following migration to 26.1 (Firewall > Rules [new]).
I have realised the settings I followed originally (I'm sure from here https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/ ), some no longer exist. More specifically, "Destination port range - DNS". DNS no longer exists, it is now "Single port or range - 53". The setting NAT > Port Forward has gone too.
Is anyone able to confirm what needs applying for this purpose if doing from scratch please?
I have realised the settings I followed originally (I'm sure from here https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/ ), some no longer exist. More specifically, "Destination port range - DNS". DNS no longer exists, it is now "Single port or range - 53". The setting NAT > Port Forward has gone too.
Is anyone able to confirm what needs applying for this purpose if doing from scratch please?
#9
26.1 Series / completely lost after switch t...
Last post by sigma - March 28, 2026, 11:00:56 PMHi,
After switching to Dnsmasq DNS & DHCP, nothing I did before works now.
example.
-setup a vpn as the steps that i used before changed.
-have my network use a vpn service(all computers, wifi)
-I used to defer ips(static ip) from using VPN(like TVs, iot etc.)
-block iot devices from internet completely(I had it working but an hour later the iot's connected to the internet so, that is a big fail)
-have 2 different dhcp ranges(example 192.168.1.1, 192.168.2.1) each with its own dns service
I have tried so many different options(some things I could not find. like the manual dns for each dhcp range) that I have lost track of what I did. I have been trying to get this working(with my spare time that I have) since v26.
If anyone may help me to get the above working it would be most appreciated and many thanks.
After switching to Dnsmasq DNS & DHCP, nothing I did before works now.
example.
-setup a vpn as the steps that i used before changed.
-have my network use a vpn service(all computers, wifi)
-I used to defer ips(static ip) from using VPN(like TVs, iot etc.)
-block iot devices from internet completely(I had it working but an hour later the iot's connected to the internet so, that is a big fail)
-have 2 different dhcp ranges(example 192.168.1.1, 192.168.2.1) each with its own dns service
I have tried so many different options(some things I could not find. like the manual dns for each dhcp range) that I have lost track of what I did. I have been trying to get this working(with my spare time that I have) since v26.
If anyone may help me to get the above working it would be most appreciated and many thanks.
#10
26.1 Series / Re: Hide items from menu(s) / ...
Last post by Greelan - March 28, 2026, 10:44:32 PMQuote from: nero355 on March 28, 2026, 12:09:43 AMThe expanded view ofcourse :)
Ah, if you mean simply the expanded view in the sidebar, that should be doable. I will look into it.
