Recent posts

#1
General Discussion / firewall is toast
Last post by robertkwild - Today at 02:17:20 AM
hi all,

my firewall is toast and unfortunately i didnt keep a backup (i know) obviously i have the m2 SSD still in the garbage firewall, can i just move it into the new host and will it work that way

thanks,
rob
#2
General Discussion / Problem upgrading from 26.1.9 ...
Last post by Lotek85 - Today at 12:00:36 AM
I'm not sure if i am putting this post in the right forum, so forgive me if i did. Anyways, for some reason when i try to update from    26.1.9   26.1.11 im getting this odd message saying some files are missing. Anyway to fix this or do i have to reinstall? Thanks in advance <3

***GOT REQUEST TO UPDATE***
Currently running OPNsense 26.1.11_5 (amd64) at Fri Jul  3 17:59:47 EDT 2026
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (0 candidates): . done
Processing candidates (0 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
Nothing to do.
Nothing to do.
Flushing temporary package files... done
Starting web GUI...done.
Fetching base-26.1.11-amd64.txz: .............. done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing base-26.1.11-amd64.txz...chflags: /usr/lib/i18n/libmapper_zone.so: No such file or directory
chflags: /usr/lib/i18n/libmapper_zone.so.5: No such file or directory
chflags: /usr/lib/i18n/libmapper_std.so: No such file or directory
chflags: /usr/lib/i18n/libmapper_std.so.5: No such file or directory
chflags: /usr/lib/i18n/libmapper_serial.so: No such file or directory
chflags: /usr/lib/i18n/libmapper_serial.so.5: No such file or directory
chflags: /usr/lib/i18n/libmapper_parallel.so: No such file or directory
chflags: /usr/lib/i18n/libmapper_parallel.so.5: No such file or directory
chflags: /usr/lib/i18n/libmapper_none.so: No such file or directory
chflags: /usr/lib/i18n/libiconv_std.so.5: No such file or directory
chflags: /usr/lib/i18n/libiconv_none.so: No such file or directory
 failed, chflags error 0
***DONE***
#3
General Discussion / Re: Why do I need to temporari...
Last post by Patrick M. Hausen - July 03, 2026, 09:52:16 PM
GRE does not have ports. It's its own protocol on top of IP independent of TCP and UDP. Port 0 might be a historical frontend abstraction of some product for not having port numbers at all.
#4
German - Deutsch / Re: [WON'T SOLVED] Plugin Inst...
Last post by Monviech (Cedrik) - July 03, 2026, 09:41:56 PM
Wenn sie nicht auf dem aktuellen stand ist geht es nur über die Kommandozeile.

Z.b "pkg install os-dyndns".

Würde ich aber nicht machen wenn die opnsense version zu alt ist da abhängigkeiten fehlen können.
#5
General Discussion / Re: Why do I need to temporari...
Last post by tbk49 - July 03, 2026, 09:28:01 PM
I can't tell whether you are having a joke here or not, but if not, you're telling me opnsense and neither freebsd have solved a 20 year old problem?...
#6
26.1, 26,4 Series / Re: When to migrate to new fir...
Last post by mlenje - July 03, 2026, 08:47:31 PM
I migrated the rules this morning, and the process was surprisingly easy.  I took screenshots of all my exiting rules beforehand, followed the migration assistant making snapshot and downloading the configuration.  It went smoothly.  I was stressed for nothing!
#7
German - Deutsch / Re: [WON'T SOLVED] Plugin Inst...
Last post by fastboot - July 03, 2026, 08:24:57 PM
Ich stehe hier gerade ein wenig auf dem Schlauch?!?

Es ist wirklich so, dass wenn die Sense nicht auf dem aktuellsten Stand ist, dass man keine Plugins installiert bekommt?! Vermutlich hatte ich diesen Status noch nicht, wirkt aber trotzdem ein wenig suspekt?
#8
26.1, 26,4 Series / Re: Help With DHCP, IPv6 and D...
Last post by meyergru - July 03, 2026, 08:15:30 PM
AFAIK, MacOS does requests in parallel, Windows does a fallback and goes back to preferred order. Unbound uses a sophisticated model preferring the fastest server - which is what many clients also do via the "Happy Eyeballs" approach. Whatever the case, this scheme does stop eventually once you factor in IPv6: Because you can only supply DNS server IPs of "your own kind" in any type of IP protocol, you have independent settings. So, which one will be preferred in the presence of both IPv4 and IPv6 DNS servers?

Before you say: "IPv6 is always preferred" - just today I had a case where I had augmented a DynDNS entry for a CG-NAT connection with a fixed IPv4, which has a reverse proxy to make the IPv6-only connection work for IPv4, too. Thus, the DynDNS name now refers to both an IPv4 and an IPv6.

And guess what? That broke a Wireguard PC client, who just happens to prefer IPv4 and thus did not reach the real IPv6 backend, but the IPv4 proxy (which did not have a Wireguard service). So there,

What can we learn from this? Patrick is right: Do not rely on DNS server ordering for ANY client. RFC 2132 is not helpful, either, because it only covers what an IPv4 server SHOULD do - i.e., it does not say:

a. what the server MUST do.
b. what the client SHOULD or MUST do.
c. what the client SHOULD or MUST do when an additional IPv6 DNS server list is provided.
#9
26.1, 26,4 Series / Re: PPPoE Connection Issue
Last post by Liran - July 03, 2026, 08:04:07 PM
Quote from: nero355 on July 03, 2026, 07:29:35 PM
Quote from: Liran on July 03, 2026, 09:17:14 AMFor some reason when the PPPoE connection is established, the device is getting an 10.x.x.x IP address instead of my public one.

According to the ISP, when this IP shows as connected they see a connection.
Sounds like my old ADSL connection back in 1999 or so :
- Client PC = 10.0.0.150
- ADSL Modem = 10.0.0.138
- PPTP Connection between the two.
- Actual WAN IP Address = 80.60.146.6

So my question here is : Do you have a working Internet Connection or not ?!

And what does something like https://whatismyipaddress.com/ show in the current situation ?

The output of tracert/traceroute would be nice to see too :)

In this case, "the device" = the WAN interface. So there's no internet I cannot ping anything except the 10.x.x.x WAN address or the local network (192.168.1.0/24).

The issue is that I seem to have no proper route outside. I'll post more data tomorrow to include logs, the gateways that are automatically created and other settings. In the meanwhile, anything I can try is welcome.
#10
26.1, 26,4 Series / Re: Help With DHCP, IPv6 and D...
Last post by nero355 - July 03, 2026, 07:37:38 PM
Quote from: WiteWulf on July 03, 2026, 04:35:37 PMRFC 2132 states that:
QuoteServers SHOULD be listed in order of preference
So yeah, it's down to the client whether or not it respects the preference/order.

I believe macOS, Windows and Linux all respect the order given by the DHCP server, trying them in order, not parallel.
I don't know about others, like iOS and Android.

My PiHole is an adblocker, for convenience, not for filtering/blocking/censoring any other content, so I'm happy with this.
Like I said earlier : Mixing DNS Servers is not something you want for your network.

So I fully agree with :
Quote from: meyergru on June 30, 2026, 07:04:32 PMAFAIK, this is a common misconception: There is no guaranteed order if you specify multiple DNS servers. A client may choose to send out the DNS queries in parallel and take the first answer. Thus, the order is arbitrary, so this is not a "fallback" in its strict sense. This exact behaviour can be detrimental for DNS blocking.
&
Quote from: Patrick M. Hausen on July 03, 2026, 04:48:18 PMAs a firewall administrator you cannot rely on the client systems behaving in any particular manner nor can you force them to do so.

If I had a separate e.g. Pihole device I would hand that via DHCP to clients and that device only.
Then block all other DNS requests but from the named Pihole device.
:)

When it comes to this :
Quote from: Patrick M. Hausen on July 03, 2026, 04:48:18 PMAll Unix like operating system's resolver libraries have historically used the entries in /etc/resolv.conf in round-robin fashion.
I don't know what current e.g. systemd based implementations do.
My understanding is that some operating systems check who replies faster and then stick with that DNS Server until something changes for whatever reason...