"Recent posts
#1
26.1 Series / Re: glib missing dependency af...
Last post by emmitt - Today at 11:09:16 PMAfter doing a little research, I managed to fix it. Just remove the old repo and install the new one.
The error (python311) is now gone — though the update check error remains.
And another oddity: I already have version
v0.107.73 installed. But the plugin changelog says
1.16
* Update to 0.107.67
The error (python311) is now gone — though the update check error remains.
And another oddity: I already have version
v0.107.73 installed. But the plugin changelog says
1.16
* Update to 0.107.67
#2
General Discussion / Re: Trouble understanding VLAN...
Last post by bloodyNetworker - Today at 09:58:53 PMQuote from: nero355 on Today at 07:26:11 PMI'm guessing you mean the NIC on my homeserver? If thats the case: I only have one NIC and I'd like it to stay that way: This is the reason why I'm proposing that every packet has to arrive as tagged so that the firewall rules triggers as intended. It's what I've been wrapping my head around all the time whether OpnSense can react to tagged packets (and whether it does so automatically if an assigned VLAN tag in OpnSense matches with the incoming tagged packet).QuoteI'm assuming that in my case I'd be only working with tagged ports as everything is supposed to run through by Opnsense, which controls through the firewall rules the VLAN-access, am I right?It depends how you like to setup things :
Let's say you use the Default LAN NIC Port as it is.
This would be considered as an Untagged/Access Mode Port.
But then you need to add more networks and have the following options :
- Use another LAN NIC Port without configuring any IP Address and Assign VLAN Interfaces to it.
This would be considered as a Tagged/Trunk Mode Port.
- Use all other LAN NIC Ports with their own IP Address configured for each network.
These would all be considered as Untagged/Access Mode Ports.
If you meant something else, please let me know.
Quote from: nero355 on Today at 07:26:11 PMBy using Untagged/Tagged settings of the Switchport correctly :As far as I understand it you want IOT devices to be untagged. That way they can only communicate if another untagged device within the "internal" VLAN of the switch is also connected to the same switch. Because this isn't happening on my household any untagged devices will be left alone, is that right?
- The VLAN that carries the Network you want the Accesspoint to get/use the IP Address from = Untagged.
- Everything else = Tagged.
---
I know I'm constantly changing my mind, but I've now come to the conclusion that the IOT interface, as I've intended it, is a terrible idea:
Simply because I fear that way I'll break the Mesh functionality.
Hence, I'll let them have complete LAN access and only let them contact their vendor cloud servers for firmware updates.
Let's not forget that I also have different IOT devices - like my printer - which requires a WLAN connection and its packets need be mapped to IOT VLAN tag as well.
Quote from: nero355 on Today at 07:26:11 PM[You'd] have to configure the switch-software in a way that the specific trunk port [untags] packages with IOTIf I got your idea wrong, please let me know!
#3
General Discussion / Re: Why I am retiring from con...
Last post by Greg_E - Today at 09:23:09 PMQuote from: franco on April 09, 2026, 12:59:18 PMAlso when sketching ideas in code and hating the direction deleting it and starting from scratch has been eye-opening on numerous occasions.
Well, that makes me feel better. I'm often doing something while I learn, mess it up and tear it down, often going to the wipe the drives and start over phase. And none of what I do is programming.
This also happens a lot if I'm building something. The plan is only so good until you start assembling the pieces and need to rethink parts of the plan. Especially if there is a delay of years put between concept and execution. I can think of many a motorcycle mod that has been this way for one reason or another.
#4
General Discussion / Re: AI integration for OPNsens...
Last post by Greg_E - Today at 09:17:35 PMAI is sometimes useful to lead you to a result. But if you trust it to be the absolute truth, sooner than later, you will get bitten.
I'm at about 30% with AI. I use it to help me make different types of configurations by typing a prompt of what I want done, then using the result to test the function. About 70% of the time it does not work due to factors that I don't understand. Sometimes it is just plain wrong, and sometimes it spits out something that was deprecated 10 years ago from Server 2008 or server 2003. This is mostly group policy stuff, but when I define server 2022 and windows 11, I would kind of expect it to get closer.
And there are a few times it didn't spit out the correct or full answer, but gave me enough to remind me of the solution. And sometimes it is right on target. Mostly I use Copilot built into our suite of tools, I figure for Microslop stuff, it should be pretty accurate, but not as often as I would like.
I'm at about 30% with AI. I use it to help me make different types of configurations by typing a prompt of what I want done, then using the result to test the function. About 70% of the time it does not work due to factors that I don't understand. Sometimes it is just plain wrong, and sometimes it spits out something that was deprecated 10 years ago from Server 2008 or server 2003. This is mostly group policy stuff, but when I define server 2022 and windows 11, I would kind of expect it to get closer.
And there are a few times it didn't spit out the correct or full answer, but gave me enough to remind me of the solution. And sometimes it is right on target. Mostly I use Copilot built into our suite of tools, I figure for Microslop stuff, it should be pretty accurate, but not as often as I would like.
#5
General Discussion / Download Failure
Last post by spetrillo - Today at 09:13:16 PMHello all,
I have a Plesk server behind my OPNsense firewall. Everything has been working but recently I cannot seem to download an updated installer file, as Plesk says the following:
Getting new version of Plesk Installer...
Downloading file parallels_installer_Ubuntu_22.04_x86_64.md5sum: 100% was finished.
Downloading file parallels_installer_Ubuntu_22.04_x86_64 (retry 3 of 3): Operation too slow. Less than 500 bytes/sec transferred the last 30 seconds
ERROR: The required version '3.77.1' was not found on the server.
This could happen because of configuration error at the installation source.
Failed to download the file http://autoinstall.plesk.com/Installer/3.77.1/parallels_installer_Ubuntu_22.04_x86_64 (84.17.59.10):
Operation too slow. Less than 500 bytes/sec transferred the last 30 seconds
Not all packages were installed.
Please try to install packages again later.
Please resolve this issue and try to install the packages again.
Visit https://support.plesk.com/ to search for a solution.
exit status 1
I spoke with Plesk support and they indicated:
It may be due to some firewall restriction or outbound traffic is filtered. I suppose it is related to network/MTU. Large file uses full TCP window and due to that fragmentation needed. NAT/router drops fragmented packets and due to that connection stalls. As the issue is server wide, please contact your server/network provider to check the network/NAT gateway settings to allows to download bigger files.
Where 8n OPNsense would I look for anything related to NAT settings? I have been running Plesk behind OPNsense for almost 2 years and not sure what changed.
Thanks,
Steve
I have a Plesk server behind my OPNsense firewall. Everything has been working but recently I cannot seem to download an updated installer file, as Plesk says the following:
Getting new version of Plesk Installer...
Downloading file parallels_installer_Ubuntu_22.04_x86_64.md5sum: 100% was finished.
Downloading file parallels_installer_Ubuntu_22.04_x86_64 (retry 3 of 3): Operation too slow. Less than 500 bytes/sec transferred the last 30 seconds
ERROR: The required version '3.77.1' was not found on the server.
This could happen because of configuration error at the installation source.
Failed to download the file http://autoinstall.plesk.com/Installer/3.77.1/parallels_installer_Ubuntu_22.04_x86_64 (84.17.59.10):
Operation too slow. Less than 500 bytes/sec transferred the last 30 seconds
Not all packages were installed.
Please try to install packages again later.
Please resolve this issue and try to install the packages again.
Visit https://support.plesk.com/ to search for a solution.
exit status 1
I spoke with Plesk support and they indicated:
It may be due to some firewall restriction or outbound traffic is filtered. I suppose it is related to network/MTU. Large file uses full TCP window and due to that fragmentation needed. NAT/router drops fragmented packets and due to that connection stalls. As the issue is server wide, please contact your server/network provider to check the network/NAT gateway settings to allows to download bigger files.
Where 8n OPNsense would I look for anything related to NAT settings? I have been running Plesk behind OPNsense for almost 2 years and not sure what changed.
Thanks,
Steve
#6
Hardware and Performance / Re: Used PC as OPNsense router...
Last post by Greg_E - Today at 09:09:55 PMI believe mine is a v2, generally too lazy to log in and check it. I've had a for many years and took it out of service as a Windows Server box a few years ago. I started to get concerned about the age of my previous firewall, and that it had pf on it. so spun up a test on an HP T740 with OPN, liked what I saw and moved it to one of these old servers. Trying to buy a DEC2770, but the price keeps going up and my request keeps getting denied.
#7
26.1 Series / Re: glib missing dependency af...
Last post by emmitt - Today at 08:59:04 PMThanks Patrick. Yeah, I only use AdGuard. Can I just add the new repository, or do I need to uninstall AdGuard first?
#8
26.1 Series / Re: Unbound Access List defaul...
Last post by Patrick M. Hausen - Today at 08:53:25 PMQuote from: Au on Today at 06:17:40 PMbut I didn't see a forum for generalized bug reports
Bug reports should go into Github issues.
#9
26.1 Series / Re: glib missing dependency af...
Last post by Patrick M. Hausen - Today at 08:51:28 PMWorks like a charm here. Are you running anything but AGH from Michael's repo? If you don't, consider switching to his newer "Just AGH" repo instead of the full one.
#10
German - Deutsch / Re: v25 zu v26: OPNSense als V...
Last post by viragomann - Today at 08:41:00 PMQuote from: rolsch on Today at 08:00:23 PMNach dem Upgrade von v25.x.x auf v26.x.x funktioniert diese OUT-Rule nicht mehr,Ich gehe nicht davon aus, dass diese Regel vor dem Upgrade das getan hat, was du beabsichtigst.
da OPNsense v26.x.x nun Traffic von der Firewall (OpenVPN als Client) selbst nicht mehr so handelt.
IF=WAN_igc1, pass, direction=out, Source any, Destination die VPN-IP als Alias, Port any, Protokoll UDP, Gateway das ausgehende Gateway.
Wenn das pppoe0-WAN das Standard-Gateway ist, gehen die Pakete eben standardmäßig da raus. Und genau auf diesem Interface braucht es dann die Policy-Routing Regel für den ausgehenden Traffic zu dem VPN-Server, um diesen auf das alternative Gateway umzubiegen.
Am WAN_igc1 werden diese Pakete sonst nicht anzutreffen sein. Diese Regel kann so also nichts bewirken.
Zusätzlich braucht noch eine Source NAT Regel, die die Quell-IP auf die WAN_igc1 IP umsetzt. Wenn sich nichts geändert hat seitdem ich das mal getestet habe, ebenso am pppoe0-WAN.
