Recent posts

#1
26.1, 26,4 Series / Re: lots of empty space in new...
Last post by nero355 - Today at 01:07:08 AM
I am sorry for bringing this topic up again, but I have no choice : The amount of data I can see in the webGUI part of Firewall Rules [New] is A LOT LESS than the old Firewall Rules that will become Legacy starting with 26.7 and moved to a plug-in :'(

Here are some screenshots :

Firefox - 1366x768 Laptop Screen


LibreWolf - 1366x768 Laptop Screen


Pale Moon - 1366x768 Laptop Screen


Pale Moon - 1920x1200 Desktop Monitor - Windowed


Pale Moon - 1920x1200 Desktop Monitor - Window resized to almost the size of the whole monitor



Issues I have with the Firewall Rules [New] webGUI :
- I can't see all the rules like I could in the old Firewall Rules and can't even scroll to see more on a 1366x768 screen.
- I feel like the 'Commands' should be part of the whole Firewall Rule line and not a side-menu or overlay sub-window so to speak.
This forces you to scroll sideways to be able to see the 'Comment' part of the Firewall Rule for example.
- On the 'Pale Moon - 1920x1200 Desktop Monitor - Windowed' screenshot you can see that there is a lot of overlapping of text and everything is not outlined if you know what I mean.
This is also the case for 'Pale Moon - 1366x768 Laptop Screen' and in the case of 'Pale Moon - 1920x1200 Desktop Monitor - Window resized to almost the size of the whole monitor' this leads to a lot of added unnecessary space and waste of it.
- Even on the 'Pale Moon - 1920x1200 Desktop Monitor - Window resized to almost the size of the whole monitor' screenshot you can see that I can't see all the Firewall Rules which is just strange : Both how much width the data needs and how much data is shown from top to bottom.


I would kindly like to ask you guys to have another look at this and maybe redesign it a bit ? :)
#2
26.1, 26,4 Series / Re: Unable to make wifi workin...
Last post by nero355 - Today at 12:24:10 AM
Quote from: sonofnet on July 08, 2026, 08:16:12 PMI've just found out that be201 and be202 do only work with intel processors 12th generation an highier. So I've changed to a realtek module.
Crap...

I totally forgot about that and did not tell you after you posted about ordering one...

My bad! And thnx for the reminder! :)
#3
26.7 Release Candidate Series / Re: Upgrades into RC1 via 26.1...
Last post by newsense - July 08, 2026, 11:29:28 PM
>>> single repository with just AdGuard (mimugmail-single.conf)


Actually AGH is the outlier that survives the upgrade to openssl35 - because AGH uses its own ssl from Go.

Still, the mimugmail repo-whichever may be in use - needs to be deleted ( as suggested above) or renamed as .bak for now in order for the OPNsense upgrade to succeed.
#4
High availability / Re: HA Cluster with a /30 CIDR...
Last post by toreamun - July 08, 2026, 11:19:28 PM
Your private-WAN + public-on-the-CARP-VIP approach is exactly the topology I ended up writing down for the "not enough WAN IPs for CARP" case — private per-node WAN IPs used only for CARP advertisements, with the public address floating on the VIP. So you're on a sound track.

On the backup having no internet: that's a real point, and there are two answers. Either just accept it — both nodes share one physical WAN uplink, so the backup's own internet adds no HA value (if the WAN is down, it's down for both); the backup can pull pkg/NTP/DNS/config from the master over the SYNC link. Or, if you want it, route the backup's own traffic through the master with a gateway group (tier 1 = the ISP gateway on WAN, tier 2 = the peer's SYNC IP) plus outbound NAT on the master that translates the backup's SYNC subnet to the public VIP. dpinger tracks the CARP role for you, because only the master can source probes from the VIP.

One clarification for your case: your /30 is static, so you do NOT need any DHCP lease-keeping — you just assign the public IP to the CARP VIP directly (or bind it as an IP-alias VIP to the CARP VIP, as you suggested). A plugin only enters the picture if that single public address is handed out by DHCP, where something has to keep the lease alive on the CARP virtual MAC as it floats. For a static /30, skip that part — everything else in the writeup applies unchanged.

I've written the whole single-IP design up — the gateway group, the backup-internet options, the CARP mechanics and the open risks: https://github.com/toreamun/opnsense-plugins/blob/main/net/os-carp-vip-dhcp/docs/single-ip-wan-carp.md (plugin + README: https://github.com/toreamun/opnsense-plugins/tree/main/net/os-carp-vip-dhcp)

Fair warning: the end-to-end single-IP topology is theoretical/untested — the lease-keeping core is proven, but the private-WAN + gateway-group part isn't — so I'd genuinely value a report back if you get it working on your /30.
#5
26.7 Release Candidate Series / Re: Upgrades into RC1 via 26.1...
Last post by julsssark - July 08, 2026, 11:02:29 PM
PS - The new services dashboard widget is great!
#6
High availability / Re: HA setup with no WAN CARP ...
Last post by toreamun - July 08, 2026, 10:47:47 PM
If the reason there's no WAN CARP VIP is that the WAN is DHCP (a static VIP gets no traffic), there's a way now: os-carp-vip-dhcp keeps a DHCP lease alive for the CARP VIP's virtual MAC so it's actually routed and can fail over. The straightforward setup wants a few concurrent leases (one per node + one for the VIP) — any DHCP line handing out several addresses (tested on both a public-DHCP and a CGNAT line). I've also sketched a single-IP variant (private per-node WANs for CARP advertisements + one floating VIP holding the single lease) — but it's theoretical and untested, so I'd be genuinely grateful if anyone on a one-IP line tried it and reported back. Personal plugin for now; if there's interest I'd like to get it into the official community plugins. Repo + the single-IP writeup: https://github.com/toreamun/opnsense-plugins
#7
26.7 Release Candidate Series / Re: Upgrades into RC1 via 26.1...
Last post by julsssark - July 08, 2026, 10:17:30 PM
I upgraded my test VM from 26.1.11_6 to 26.7.r1. I have some minor observations:

1) I had to check for updates multiple times at steps 2, 3 and 5. But the update eventually completed and it is running fine.
2) Thanks @newsense for posting about the mimugmail respository. I also ran into the same problem using the single repository with just AdGuard (mimugmail-single.conf). I could not get the upgrade to complete with that repo configured and I ended up needing to delete the repo config.

Just out of curiosity, has anyone built a digital twin (or as near as possible) of their network using Proxmox's SDN to better simulate testing/rules with VLANs? I tried to create one using Proxmox v8 last year but it didn't handle VLANs well and I haven't tried again with v9.
#8
Hardware and Performance / Re: Inseego MiFi Pro M4 as WAN...
Last post by pfry - July 08, 2026, 09:24:08 PM
Quote from: Greg_E on July 08, 2026, 07:32:12 PM[...]with very picky x710-da4 card[...]

Grrr! Fortunately I have mostly short-distance (<5m) like-to-like (SFP+ to SFP+ or SFP28) links, so DAC cables work. I did grab a couple Intel 10GBASE-SR SFP+s, because I'm paranoid; I don't know what I'd do with 1000BASE-SX/LX. All I have are a few old surplus modules, mostly MT-RJ SFPs with a few cables (and really nothing to plug them into).
#9
26.1, 26,4 Series / Re: a few hundreds of messages...
Last post by thelittleblackbird - July 08, 2026, 09:10:40 PM
Quote from: cookiemonster on July 07, 2026, 11:50:54 PMSure but I'm referring to htop allows to see the process tree in real time which is of more interest.

htop is not able to display irq handlers AFIK

in your image the interrupt context is summarized in the red bar in the processor usage, among a lot of other things
#10
High availability / Re: CARP when WAN side is dyna...
Last post by toreamun - July 08, 2026, 09:09:47 PM
The docs basically say CARP needs static/multiple WAN IPs, and that's the wall: CARP gives you a static shared VIP, but a DHCP WAN only routes an address while a live lease is bound to its MAC — so the static VIP never gets traffic. I wanted HA on a DHCP WAN and wrote a plugin for it: os-carp-vip-dhcp keeps a DHCP lease alive for the CARP VIP's virtual MAC, so the ISP routes it and normal CARP failover works on a dynamic WAN (it also follows a changing address). Any DHCP line that leases a few addresses works — I've run it both on a plain public-DHCP WAN and behind CGNAT. Personal third-party plugin for now; if there's interest I'd like to try getting it into the official community plugins, so let me know if it'd help you. Repo: https://github.com/toreamun/opnsense-plugins (net/os-carp-vip-dhcp)