"Recent posts
#1
26.1 Series / Re: Disk 0%
Last post by Karla - Today at 06:23:11 AMAs a result: can the disk usage displayed a number of total size ?
E.g.: 400 MB of 250 GB.
E.g.: 400 MB of 250 GB.
#2
Tutorials and FAQs / Re: HOWTO - Redirect all DNS R...
Last post by Gilgamesh - Today at 05:32:21 AMQuote from: meyergru on March 06, 2026, 08:47:40 AMThe !127.0.0.1 is only to make sure no endless loop gets created if a request is initially directed at 127.0.0.1.
Thank you for your reply, but I'm not sure I get it. Can you help me with example when "a request is initially directed at 127.0.0.1" and therefore it creates a loop?
#3
26.1 Series / Re: 26.1.3 and Intel X710 (ixl...
Last post by lechterpolntrien - Today at 05:18:06 AMI've been struggling with intermittent instability on my VP2440 since I got it, but I'm still on 25.7. I currently have a 25 day uptime, which is the longest uptime I've had since I got it - I'm sure it will fall over tonight now that I've thought about it.
I was considering a 26.1 upgrade to help with these problems...
I was considering a 26.1 upgrade to help with these problems...
#4
General Discussion / Re: Opnsense in double nat - ...
Last post by TheLivingBubba - Today at 04:51:07 AMFigured it out with Chatgpt's help. WhiteSky is blocking port 53, did some workaround with cloudfare and unbound.
#5
26.1 Series / native ddclient not functionin...
Last post by akp55 - Today at 01:24:22 AMHello friends,
i'm not really sure where to start poking to figure out what went side was, but for whatever reason my DynamicDNS updating broke on 3/3/2026. The native client was going and setting the A record with a random ipv4 address from cloudflare. the client was configured with 2 entries. one for the A record (monitoring WAN), the other for the AAAA record (monitoring a LAN if w/ pd). the ipv6 client/thread would run and update both the A and AAAA record. switching back to normal ddclient seems to have resolved the issue. i'm more interesting in figure out why it happened and what i can do to fix it. any tips/pointers would be greatly appreciated.
thanks
i'm not really sure where to start poking to figure out what went side was, but for whatever reason my DynamicDNS updating broke on 3/3/2026. The native client was going and setting the A record with a random ipv4 address from cloudflare. the client was configured with 2 entries. one for the A record (monitoring WAN), the other for the AAAA record (monitoring a LAN if w/ pd). the ipv6 client/thread would run and update both the A and AAAA record. switching back to normal ddclient seems to have resolved the issue. i'm more interesting in figure out why it happened and what i can do to fix it. any tips/pointers would be greatly appreciated.
thanks
#6
26.1 Series / 26.1.3 Upgrade error popup lin...
Last post by opnsmM - Today at 12:47:43 AMUpgraded OPNsense from 26.1.2_5 to 26.1.3 got an error popup during the installation. Think it said unknown error please check logs. When I checked the logs I got:
Script action failed with Command '/usr/local/opnsense/scripts/system/sysctl.py --gather' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 85, in execute subprocess.run(script_command, env=self.config_environment, shell=True, ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ check=not self.disable_errors, stdout=output_stream, stderr=error_stream) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/subprocess.py", line 577, in run raise CalledProcessError(retcode, process.args, output=stdout, stderr=stderr) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/system/sysctl.py --gather' returned non-zero exit status 1.
Everything is running ok but I don't get the warm fuzzies without checking into this. Is this a no big deal or do I have to fix/check something? Any input would be appreciated.
Script action failed with Command '/usr/local/opnsense/scripts/system/sysctl.py --gather' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 85, in execute subprocess.run(script_command, env=self.config_environment, shell=True, ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ check=not self.disable_errors, stdout=output_stream, stderr=error_stream) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/subprocess.py", line 577, in run raise CalledProcessError(retcode, process.args, output=stdout, stderr=stderr) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/system/sysctl.py --gather' returned non-zero exit status 1.
Everything is running ok but I don't get the warm fuzzies without checking into this. Is this a no big deal or do I have to fix/check something? Any input would be appreciated.
#7
26.1 Series / Re: fixed rule window size
Last post by tessus - March 06, 2026, 11:48:43 PMQuote from: Monviech (Cedrik) on March 06, 2026, 09:39:04 PMI have linked the code where there is a comment about the new library used (tabulator) having some challenges with this resizing.
Thank you. I had an appointment this afternoon and I wasn't able to read up on it. I only saw the referenced issue in the comment, but need more time to look into it, which I will do this evening.
So, why didn't someone answer with: it was a workaround for a bug or limitation. Please open a github issue for further discussions. On one side I can certainly understand this, but there might be fixes or better libraries in the future. (As I mentioned before, I have to read up on it and maybe open an issue with the tabulator project.)
I like github, so I don't have a problem with it. But questions are usually closed in gh trackers referencing a forum or some other channel.
Which is why I asked my question in this forum (as a starting point). I certainly have no problem to move it over to gh. But in that case, please state in which repo, and other info: issue, discussion, ...
Quote from: Monviech (Cedrik) on March 06, 2026, 09:39:04 PMThe way you initially wrote with bold text and suggestive questions made it look like you were baiting for an argument.
Initially I did not write in bold. I wrote in bold to emphasize my unanswered questions. People tend not to answer questions, but rather give unrelated statements. This is not an OPNsense forum problem, but apparently how communication now works. 20 years ago, you asked a question and you got an answer to that exact question.
These days you get comments, deflection, part of an answer that could have been derived if all of it had been answered, or an answer that might not have anything to do with the question that was asked.
The answer "it was a deliberate design choice" by itself is utterly useless unless I am told why.
I was just trying to emphasize the question and I believe that is what bold is for. To emphasize text. I did not use all CAPS, btw.
Quote from: Patrick M. Hausen on March 06, 2026, 09:50:56 PMBut if at the top I select "show me 50 entries per page" there is absolutely no reason not to just render a table with 50 lines and let the browser and me handle it.
Thank you, this was exactly my point as well.
Quote from: Monviech (Cedrik) on March 06, 2026, 10:09:26 PMWe are constantly working on improving the user experience with the new tabulator library.
My point is that the user experience hasn't been improved in this case. At least not for me. For me the experience got worse in this specific case. Otherwise I wouldn't have brought it up. Please check my first post again. I mentioned that I missed rules because of this. I did not use profanity, nor did I attack anyone. I voiced an opinion. That's all. And apparently I am not alone with my opinion.
I will read up on the tabulator issue, but I am not a GUI person, which means I will be most likely over my head with this one.
So maybe there are options or ways to get back the old behavior even with the new library. If not, the new libary should fix this problem to actually improve the user experience. Otherwise you could just remove the "number-of-rules" button and the pagination functionality, since those things are pretty much useless now.
Apart from all that I am very happy with OPNsense. I am not someone to complain without reason and I actually still haven't complained yet. I mentioned that the user experience is worse for me. A complaint is filed, if the other party did something wrong. But I don't think that anybody did anything wrong in this case. A combination of circumstances led to an unfavorable result and I can't complain about something like this.
#8
German - Deutsch / Re: Wechsel von OpenVPN zu Wir...
Last post by d-man - March 06, 2026, 11:42:40 PMNochmal vielen Dank für die schnelle Antwort. AGH & OPNsense haben die gleiche IP und sind vom Vlan1 (lan) erreichbar. Des Weiteren habe ich mehrere Vlans (Privat, IoT, IoT mit www Zugriff, Firma, Nebengebäude, Datenserver, Webserver) die unterschiedliche Aufgaben, Zugriffe oder Sperren haben. OPNsense und AGH sind nur vom Vlan1 erreichbar.
Beste Grüße
d-man
Beste Grüße
d-man
#9
Tutorials and FAQs / [HOWTO] How to Get EE TV in th...
Last post by RutgerDiehard - March 06, 2026, 11:38:45 PMAfter wrestling with this for several hours , I finally have EE TV IPTV running smoothly through OPNsense on EE TV Pro and EE TV Edge boxes without relying on the EE Broadband router. There really isn't an awful lot of information about this out there, so I've consolidated what I've done into a walkthrough of what worked for me. Hopefully it saves you a few evenings of trial and error.
You'll need an EE Broadband subscription for this as EE TV won't work on others.
1️⃣ Set Up Your WAN (PPPoE) - I assume you already have done this and the PPPoE link is working correctly, but listed here for completeness.
EE uses PPPoE for broadband.
WAN Interface Settings (Interfaces → Devices → Point-to-Point)
I would recommend following @meyergru's excellent guide on properly configuring PPPoE here.
2️⃣ Create a Dedicated IPTV Interface
EE sends IPTV traffic to the ONT physical interface and NOT returning over the PPPoE link. This is the part that is missing from all other instructions.
Add the IPTV Interface
Go to Interfaces → Assignments → Add a new interface
Click Add and Save.
Enable the Interface
Click the IPTV interface in "Interfaces"
This interface is purely for passing multicast traffic.
3️⃣ Enable IGMP Proxy
EE TV relies on multicast. Without IGMP Proxy, the box won't get channel streams.
Install IGMP Proxy
System → Firmware → Plugins
Tick "Show community plugins"
Find os-igmp-proxy and click "+" to install
Configure IGMP Proxy
Refresh the OPNsense page
Go to Services → IGMP Proxy
Add an Upstream interface:
** Note, the OPNsense UI will not allow two different Network entries with different CIDR values. If you try to add using the CIDR dropdown, the next entry will have the same CIDR entry and you cannot change it. The workaround is to add the networks as above (including the /4 and /24) without choosing a CIDR value. When you save and edit the interface again, it will be listed correctly. **
Click save
Add a Downstream interface:
Apply changes.
If you have more subnets, add them and apply changes.
4️⃣ Firewall Rules
You need to allow UDP and IGMP traffic through.
In my testing, and for simplicity, I created an allow all rule for traffic flowing in to the LAN interface - if you have other subnets you added in the downstream interface in step 3, create firewall rules for those also. The critical setting here is you must allow options. Edit the rule, click advanced mode and tick "Allow options".
Once this is working for you, I would suggest restricting this to the traffic that you require.
On the IPTV interface create two new rules:
You cannot view this attachment.
For both, ensure "Allow options" is enabled.
5️⃣ Enable IGMP Snooping on Your Switch
IGMP Snooping allows the switch to restrict stream traffic to only ports that have requested the stream, rather than every port on the switch.
This is very much vendor dependent and may be a simple setting change on the management page of your switch or through a console session. For my HP Procurve 3500yl, I enabled this through the management page of the switch.
If your switch supports it:
Turn on IGMP Snooping
If available, enable Fast Leave
Test your new EE TV boxes and you should have full live TV :-)
After monitoring outbound traffic whilst streaming channels using the firewall live view, note the ports and destinations in use and create allow rules for them to replace the LAN allow all rule used for testing.
You'll need an EE Broadband subscription for this as EE TV won't work on others.
1️⃣ Set Up Your WAN (PPPoE) - I assume you already have done this and the PPPoE link is working correctly, but listed here for completeness.
EE uses PPPoE for broadband.
WAN Interface Settings (Interfaces → Devices → Point-to-Point)
Code Select
Connection type: PPPoE
Username: bthomehub@btbroadband.com
Password: btI would recommend following @meyergru's excellent guide on properly configuring PPPoE here.
2️⃣ Create a Dedicated IPTV Interface
EE sends IPTV traffic to the ONT physical interface and NOT returning over the PPPoE link. This is the part that is missing from all other instructions.
Add the IPTV Interface
Go to Interfaces → Assignments → Add a new interface
Code Select
Device: your physical WAN NIC - the same as the PPPoE interface is bound to
Description: IPTVClick Add and Save.
Enable the Interface
Click the IPTV interface in "Interfaces"
Code Select
Tick Enable
IPv4 Configuration: Static IPv4
Static IPv4 configuration
IPv4 address: 10.20.30.1/24 (this can be anything private but make sure that it's a subnet not currently in use)
IPv6 Configuration: NoneThis interface is purely for passing multicast traffic.
3️⃣ Enable IGMP Proxy
EE TV relies on multicast. Without IGMP Proxy, the box won't get channel streams.
Install IGMP Proxy
System → Firmware → Plugins
Tick "Show community plugins"
Find os-igmp-proxy and click "+" to install
Configure IGMP Proxy
Refresh the OPNsense page
Go to Services → IGMP Proxy
Add an Upstream interface:
Code Select
Interface: IPTV
Network: 224.0.0.0/4
Network: 109.159.247.0/24 - this is EE's source for IPTV** Note, the OPNsense UI will not allow two different Network entries with different CIDR values. If you try to add using the CIDR dropdown, the next entry will have the same CIDR entry and you cannot change it. The workaround is to add the networks as above (including the /4 and /24) without choosing a CIDR value. When you save and edit the interface again, it will be listed correctly. **
Click save
Add a Downstream interface:
Code Select
Interface: your LAN
Network: your LAN subnet (e.g., 192.168.1.0/24)Apply changes.
If you have more subnets, add them and apply changes.
4️⃣ Firewall Rules
You need to allow UDP and IGMP traffic through.
In my testing, and for simplicity, I created an allow all rule for traffic flowing in to the LAN interface - if you have other subnets you added in the downstream interface in step 3, create firewall rules for those also. The critical setting here is you must allow options. Edit the rule, click advanced mode and tick "Allow options".
Once this is working for you, I would suggest restricting this to the traffic that you require.
On the IPTV interface create two new rules:
You cannot view this attachment.
For both, ensure "Allow options" is enabled.
5️⃣ Enable IGMP Snooping on Your Switch
IGMP Snooping allows the switch to restrict stream traffic to only ports that have requested the stream, rather than every port on the switch.
This is very much vendor dependent and may be a simple setting change on the management page of your switch or through a console session. For my HP Procurve 3500yl, I enabled this through the management page of the switch.
If your switch supports it:
Turn on IGMP Snooping
If available, enable Fast Leave
Test your new EE TV boxes and you should have full live TV :-)
After monitoring outbound traffic whilst streaming channels using the firewall live view, note the ports and destinations in use and create allow rules for them to replace the LAN allow all rule used for testing.
#10
26.1 Series / Re: Upgrade went wrong
Last post by ezhik - March 06, 2026, 10:41:15 PMQuote from: franco on March 06, 2026, 08:03:29 PM# opnsense-revert opnsense
Cheers,
Franco
What is expected here? Doesn't look like it worked as expected either:
root@opnsense:~ # opnsense-revert opnsense
pkg-static: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
pkg-static: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf: 100% 179 B 0.2kB/s 00:01
SunnyValley repository is up to date.
All repositories are up to date.
pkg-static: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
The following packages will be fetched:
New packages to be FETCHED:
opnsense: 26.1.3 (6 MiB: 100.00% of the 6 MiB to download)
Number of packages to be fetched: 1
The process will require 6 MiB more space.
6 MiB to be downloaded.
Fetching opnsense-26.1.3.pkg: 100% 6 MiB 6.1MB/s 00:01
pkg-static: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
opnsense-26.1.3: already unlocked
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf: 100% 179 B 0.2kB/s 00:01
SunnyValley repository is up to date.
All repositories are up to date.
pkg-static: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be REINSTALLED:
opnsense-26.1.3 [OPNsense]
Number of packages to be reinstalled: 1
[1/1] Reinstalling opnsense-26.1.3...
[1/1] Extracting opnsense-26.1.3: 100%
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense SunnyValley
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
=====
Message from opnsense-26.1.3:
--
One step ahead, one step behind it, now you gotta run to get even
pkg-static: warning: database version 37 is newer than libpkg(3) version 36, but still compatible
