"Recent posts
#1
26.1, 26,4 Series / Re: OPNSense not able to re-cl...
Last post by Afif - Today at 07:20:40 AMI already unchecked all the settings under disk/memory and restarted the router. FYI, this OPNsense is running inside the VM for 2+ years, so this issue is happening out of nowhere, and I can't identify which processes causing it to crash. I will let it run for 1-2 days and see if the router crash or not. I will also provide the info you are asking below.
VM Specs
CPUs: 4 cores
RAM: 4GB
Storage: 32GB
Running Services:
Plugins:
VM Specs
CPUs: 4 cores
RAM: 4GB
Storage: 32GB
Running Services:
- caddy
- configd
- cron
- ddclient
- dnsmasq
- hostwatch
- login
- ntpd
- openssh
- pf
- qemu-ga
- routing
- sysctl
- syslog-ng
- webgui
- wireguard
Plugins:
- os-caddy
- os-ddclient
- os-q-feeds-connector
- os-qemu-guest-agent
#2
Development and Code Review / Re: [ANDROID APP] OPNsense Mob...
Last post by Monviech (Cedrik) - Today at 07:12:26 AMHello, it's fine to share a GitHub link of an open source project you created.
However, we do not allow promotion of app beta programs or recruitment of testers through the forum. Please remove the beta-testing invitation, Google account collection, and related signup instructions from both posts.
Users interested in the project can still access the source code via GitHub.
However, we do not allow promotion of app beta programs or recruitment of testers through the forum. Please remove the beta-testing invitation, Google account collection, and related signup instructions from both posts.
Users interested in the project can still access the source code via GitHub.
#3
French - Français / [APP ANDROID] OPNsense Mobile ...
Last post by Tof - Today at 06:17:08 AMBonjour à tous,
Je développe une application Android non officielle pour OPNsense et je cherche 12 beta testeurs pour participer au test fermé sur le Google Play.
Pourquoi 12 testeurs ? Google exige qu'au moins 12 testeurs utilisent l'application pendant 14 jours consécutifs avant d'autoriser une publication publique sur le Play Store.
Ce que fait l'application :
📊 Dashboard — CPU, RAM, uptime et interfaces réseau en temps réel
📋 Logs firewall — visualisation des logs avec filtres par action et protocole
🛡� Règles firewall — listées par interface, activation/désactivation en un tap
🚫 Blocage IP rapide — bloquer une adresse IP en quelques secondes
🔁 Multi-instance — gérer plusieurs OPNsense depuis une seule application
⚡ Vue Haute Disponibilité — superviser vos paires HA (Master/Slave) côte à côte
Prérequis :
OPNsense accessible en HTTPS
Un utilisateur dédié avec clé API (droits limités : Diagnostics, Firewall Rules, Firewall Logs, System Firmware)
Android 8+
Un compte Google pour rejoindre le test
Comment configurer l'application :
Un guide pas-à-pas (FR/EN) est disponible :
Exporter le certificat SSL depuis OPNsense
Créer un utilisateur dédié et générer la clé API + Secret
Installer le certificat sur Android
👉 Guide de configuration : https://nzangel.github.io/opnsense-mobile-privacy/guide.html
Pour rejoindre le test :
Envoyez-moi votre adresse email Google en message privé, je vous ajouterai au groupe de testeurs et vous recevrez un lien d'invitation Google Play.
L'application est open source (MIT), ne collecte aucune donnée et stocke tout localement en stockage chiffré. https://github.com/nzangel/OPNSenseMobile
Merci d'avance pour votre aide !
Je développe une application Android non officielle pour OPNsense et je cherche 12 beta testeurs pour participer au test fermé sur le Google Play.
Pourquoi 12 testeurs ? Google exige qu'au moins 12 testeurs utilisent l'application pendant 14 jours consécutifs avant d'autoriser une publication publique sur le Play Store.
Ce que fait l'application :
📊 Dashboard — CPU, RAM, uptime et interfaces réseau en temps réel
📋 Logs firewall — visualisation des logs avec filtres par action et protocole
🛡� Règles firewall — listées par interface, activation/désactivation en un tap
🚫 Blocage IP rapide — bloquer une adresse IP en quelques secondes
🔁 Multi-instance — gérer plusieurs OPNsense depuis une seule application
⚡ Vue Haute Disponibilité — superviser vos paires HA (Master/Slave) côte à côte
Prérequis :
OPNsense accessible en HTTPS
Un utilisateur dédié avec clé API (droits limités : Diagnostics, Firewall Rules, Firewall Logs, System Firmware)
Android 8+
Un compte Google pour rejoindre le test
Comment configurer l'application :
Un guide pas-à-pas (FR/EN) est disponible :
Exporter le certificat SSL depuis OPNsense
Créer un utilisateur dédié et générer la clé API + Secret
Installer le certificat sur Android
👉 Guide de configuration : https://nzangel.github.io/opnsense-mobile-privacy/guide.html
Pour rejoindre le test :
Envoyez-moi votre adresse email Google en message privé, je vous ajouterai au groupe de testeurs et vous recevrez un lien d'invitation Google Play.
L'application est open source (MIT), ne collecte aucune donnée et stocke tout localement en stockage chiffré. https://github.com/nzangel/OPNSenseMobile
Merci d'avance pour votre aide !
#4
Development and Code Review / [ANDROID APP] OPNsense Mobile ...
Last post by Tof - Today at 06:15:25 AMHi everyone,
I've been building an unofficial Android app for OPNsense and I'm looking for 12 beta testers to join a closed test on Google Play.
Why 12 testers? Google requires at least 12 testers to use the app for 14 consecutive days before allowing a public release on the Play Store.
What the app does:
📊 Dashboard — CPU, RAM, uptime and network interfaces with live metrics
📋 Firewall logs — real-time log viewer with action/protocol filters
🛡� Firewall rules — grouped by interface, enable/disable with one tap
🚫 Quick IP block — block an IP address in seconds
🔁 Multi-instance — manage multiple OPNsense firewalls from a single app
⚡ High Availability view — monitor HA pairs (Master/Slave) side by side
Requirements:
OPNsense reachable over HTTPS
A dedicated API user with limited privileges (Diagnostics, Firewall Rules, Firewall Logs, System Firmware)
Android 8+
A Google account to join the test
Setup guide:
A step-by-step guide (FR/EN) is available:
Export the SSL certificate from OPNsense
Create a dedicated user and generate an API Key + Secret
Install the certificate on your Android device
👉 Setup guide: https://nzangel.github.io/opnsense-mobile-privacy/guide.html
To join the beta:
Send me your Google email address via private message — I'll add you to the tester group and you'll receive a Google Play invitation link.
The app is open source (MIT), collects no data, and stores everything locally using encrypted storage. https://github.com/nzangel/OPNSenseMobile
Thanks in advance for your help!
I've been building an unofficial Android app for OPNsense and I'm looking for 12 beta testers to join a closed test on Google Play.
Why 12 testers? Google requires at least 12 testers to use the app for 14 consecutive days before allowing a public release on the Play Store.
What the app does:
📊 Dashboard — CPU, RAM, uptime and network interfaces with live metrics
📋 Firewall logs — real-time log viewer with action/protocol filters
🛡� Firewall rules — grouped by interface, enable/disable with one tap
🚫 Quick IP block — block an IP address in seconds
🔁 Multi-instance — manage multiple OPNsense firewalls from a single app
⚡ High Availability view — monitor HA pairs (Master/Slave) side by side
Requirements:
OPNsense reachable over HTTPS
A dedicated API user with limited privileges (Diagnostics, Firewall Rules, Firewall Logs, System Firmware)
Android 8+
A Google account to join the test
Setup guide:
A step-by-step guide (FR/EN) is available:
Export the SSL certificate from OPNsense
Create a dedicated user and generate an API Key + Secret
Install the certificate on your Android device
👉 Setup guide: https://nzangel.github.io/opnsense-mobile-privacy/guide.html
To join the beta:
Send me your Google email address via private message — I'll add you to the tester group and you'll receive a Google Play invitation link.
The app is open source (MIT), collects no data, and stores everything locally using encrypted storage. https://github.com/nzangel/OPNSenseMobile
Thanks in advance for your help!
#5
General Discussion / Re: newbie trying to set up ne...
Last post by lumilumi - Today at 03:39:46 AMQuote from: nero355 on June 09, 2026, 02:36:43 PMQuote from: lumilumi on June 09, 2026, 01:22:20 AMhow do I configure the settings in order for the mini pc to "send the internet" to the openwrt one, so that the openwrt one can be my wifi access point?Just connect it to your network and create the SSID and you are DONE! :)
However if you have VLANs on your OPNsense then the whole story gets totally different and you need to do some reading before getting everything up and running...
because I want to have ore security in my network than just an all in one ....
But if I may ask :
What was the reason you have chosen to use OPNsense if you are having issues with this kind of stuff ?!
Why not simply buy a nice "All-in-One" Router or something targeted more at regular home users so to speak ??
#6
General Discussion / Re: LAGG flapping at regular t...
Last post by Seimus - Today at 12:44:56 AMFast timeout is pain in Enterprise too.
At one point I had enough and enforced across company to use timeout slow (30s) for cross vendor connections.
Because the fast was constantly causing for example FW switchovers and other nonsense....
And thats the reason its in OPNsense docs too cause I was crying to Cedrik when he was writing it :)
https://github.com/opnsense/docs/pull/610#issuecomment-2424144823
Regards,
S.
At one point I had enough and enforced across company to use timeout slow (30s) for cross vendor connections.
Because the fast was constantly causing for example FW switchovers and other nonsense....
And thats the reason its in OPNsense docs too cause I was crying to Cedrik when he was writing it :)
https://github.com/opnsense/docs/pull/610#issuecomment-2424144823
Regards,
S.
#7
Tutorials and FAQs / Re: Tutorial 2024/06: HAProxy ...
Last post by sveinse - Today at 12:40:27 AMPart 6 in the tutorial adds support for hosting public services as well as internal services. This works great, but after some consideration I deemed it too risky. The safety of the internal services ending up publicly on the net is the src address condition rule. In addition, the webui of OPNsense (currently 26.1.9) doesn't handle the order of the "select rules" where it is critical to get the order of the `LOCAL_SUBDOMAINS_rule` and the `PUBLIC_SUBDOMAINS_rule` to have a functioning setup. I deemed this too risky.
I was running 1_HTTP_frontend and 1_HTTPS_frontend directly to 0.0.0.0:80 and 0.0.0.0:443 respectively. I'm not running 0_SNI_frontend.
1. Clone 1_HTTP_frontend into 1_HTTP_WAN_frontend. Change the listen address to use the *WAN* address :80.
2. Clone 1_HTTP_frontend into 1_HTTP_LAN_frontend. Change the listen address to use the *LAN* address :80.
3. Disable 1_HTTP_frontend
4. Clone 1_HTTPS_frontend into 1_HTTPS_WAN_frontend. Change the listen address to use the *WAN* address :443. Under Select rules, select only the PUBLIC_SUBDOMAINS_rule.
5. Clone 1_HTTPS_frontend into 1_HTTPS_LAN_frontend. Change the listen address to use the *LAN* address :443. User Select rules, select only the LOCAL_SUBDOMAINS_rule.
6. Disable 1_HTTPS_frontend.
7. Press Apply
For this to work, one needs to override the external addresses to internal addresses.
8. Go to Unbound DNS -> Overrides.
9. Add a new entry. Set host, domain and entry. Use the IP for the *LAN* port from above. E.g. www, my.domain, A to 192.168.1.1.
10. Rinse an repeat for all entries that must be overridden.
I was running 1_HTTP_frontend and 1_HTTPS_frontend directly to 0.0.0.0:80 and 0.0.0.0:443 respectively. I'm not running 0_SNI_frontend.
1. Clone 1_HTTP_frontend into 1_HTTP_WAN_frontend. Change the listen address to use the *WAN* address :80.
2. Clone 1_HTTP_frontend into 1_HTTP_LAN_frontend. Change the listen address to use the *LAN* address :80.
3. Disable 1_HTTP_frontend
4. Clone 1_HTTPS_frontend into 1_HTTPS_WAN_frontend. Change the listen address to use the *WAN* address :443. Under Select rules, select only the PUBLIC_SUBDOMAINS_rule.
5. Clone 1_HTTPS_frontend into 1_HTTPS_LAN_frontend. Change the listen address to use the *LAN* address :443. User Select rules, select only the LOCAL_SUBDOMAINS_rule.
6. Disable 1_HTTPS_frontend.
7. Press Apply
For this to work, one needs to override the external addresses to internal addresses.
8. Go to Unbound DNS -> Overrides.
9. Add a new entry. Set host, domain and entry. Use the IP for the *LAN* port from above. E.g. www, my.domain, A to 192.168.1.1.
10. Rinse an repeat for all entries that must be overridden.
#8
26.1, 26,4 Series / Re: OPNSense not able to re-cl...
Last post by cookiemonster - Today at 12:26:56 AMIf creating swap is at all possible, it is hardly a bad idea to provide it to a system. Even when there is what appears to be plenty of memory for it.
It's quite easy to see most unix-like/*bsd systems with suitable amount of memory, they swap from time to time, even if in small amounts. For the sake of a few gigabytes of storage, it's an easy and cheap help to give it.
It's quite easy to see most unix-like/*bsd systems with suitable amount of memory, they swap from time to time, even if in small amounts. For the sake of a few gigabytes of storage, it's an easy and cheap help to give it.
#9
General Discussion / Re: How Can i modify the lease...
Last post by cookiemonster - Today at 12:21:13 AMQuote from: somanet on June 12, 2026, 10:57:34 AMIs that a typo in the dhcp server address, which is different to the address assigned to the client?Quote from: sopex on June 12, 2026, 10:07:52 AMMy Current RangeQuote from: somanet on June 12, 2026, 09:55:39 AMHave set the range and lease time but its not picking the new leases its still using old configurations
You need to tell the local clients to renew their lease manually.
For Windows:
ipconfig /release
ipconfig /renew
But you need to do some research and use AI. Its great for these kinds of things.
192.168.2.101 - 192.168.2.200
what am getting
eferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.171(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : 12 June 2026 11:48:37
Lease Expires . . . . . . . . . . : 12 June 2026 13:48:36
Default Gateway . . . . . . . . . : fe80::f690:eaff:fe01:fb24%17
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
Instead of making us guess, can you please tell the setup, what is the OPN version, which dhcp service are you using on it, what are the devices involved in the setup? Perhaps a router behind another router. Maybe more than one dhcp server running on the network.
#10
26.1, 26,4 Series / Re: OPNSense not able to re-cl...
Last post by sopex - Today at 12:17:42 AMQuote from: cookiemonster on June 12, 2026, 11:39:59 PMIMHO running any system without swap is not a very good idea. If the system needs it for any reason, it is best for it to have it than not.
It's not a perfect science. In my limited experimentation, the chances of swap getting used and the whole system becoming sluggish are much higher than a 16GB+ system being starved of memory.
