"Recent posts
#1
General Discussion / Re: Packet received by interfa...
Last post by Seimus - Today at 11:20:43 AMKeep in mind, any BUM traffic ( Broadcast, Unknown Unicast and Multicast ) will be contained in its broadcast domain. This is done to prevent flooding.
And yes if @lmoore reply is your answers please mark the topic as [SOLVED] add it into the Subject.
Regards,
S.
And yes if @lmoore reply is your answers please mark the topic as [SOLVED] add it into the Subject.
Regards,
S.
#2
General Discussion / Re: Packet received by interfa...
Last post by Somnolus - Today at 11:07:52 AMI'm fairly new to networking so troubleshooting this has been one massive learning experience. I appreciate the help, it would have taken me forever figuring out it was being auto dropped due to the layer 2 broadcast address. Thanks again. I'm new to the forums here should I mark this thread as solved?
#3
Q-Feeds (Threat intelligence) / Re: blocking https://internet....
Last post by RamSense - Today at 10:54:10 AMYeah qfeeds was enabled but it is blocking it again. I noticed qfeeds blocks legitimatie site/servers more often. Hope it gets better from user input.
#4
Q-Feeds (Threat intelligence) / Re: blocking https://internet....
Last post by lmoore - Today at 10:30:10 AMDid you re-enable Q-Feeds?
My Q-Feeds updated early this morning but I'm still being blocked when opening the URL - the IP address which is blocked is 62.204.66.10.
My Q-Feeds updated early this morning but I'm still being blocked when opening the URL - the IP address which is blocked is 62.204.66.10.
#5
General Discussion / Re: DEC600 BE 24.4 — lapsed su...
Last post by newsense - Today at 08:18:05 AMDepending on what you have installed, if only using official OPNsense plugins you could simply back up the configuration file and then either:
- get a new license and install 26.4 - import configuration - check for updates
- replace the license on the current installation and keep updating until you reach 26.4.x
- switch to CE and update until you reach 26.1.x. Once CE moves to FreeBSD 15.1 on 26.7 mid July you'll have to either get the license for BE and move to the 26.4 branch or keep using CE until 26.10 is out before moving back to BE
In case of a fresh start your plugins will be automatically reinstalled after installing the updates so check for updates until there's nothing left to do.
- get a new license and install 26.4 - import configuration - check for updates
- replace the license on the current installation and keep updating until you reach 26.4.x
- switch to CE and update until you reach 26.1.x. Once CE moves to FreeBSD 15.1 on 26.7 mid July you'll have to either get the license for BE and move to the 26.4 branch or keep using CE until 26.10 is out before moving back to BE
In case of a fresh start your plugins will be automatically reinstalled after installing the updates so check for updates until there's nothing left to do.
#6
26.1, 26,4 Series / Re: Intermittent upload collap...
Last post by newsense - Today at 07:50:41 AM25.7 and 26.1 use the same version of FreeBSD.
The upcoming OPNsense 26.7 will be based on 15.1 and we may get newer drivers...maybe for some but not for all ?
The upcoming OPNsense 26.7 will be based on 15.1 and we may get newer drivers...maybe for some but not for all ?
#7
Tutorials and FAQs / Re: IPv6 on OPNsense with Veri...
Last post by yourfriendarmando - Today at 06:45:53 AMDon't you have to set the FiOS router into bridge mode or similar in its web page?
That way the router just functions as a modem.
That way the router just functions as a modem.
#8
General Discussion / Re: DEC600 BE 24.4 — lapsed su...
Last post by patient0 - Today at 06:24:20 AMQuote from: ed3 on Today at 02:32:31 AMFinding 1 — updates blocked by lapsed subscription (403).If you buy a OPNsense appliance, you get 1 year of the Business Edition. After the year you either renew/pay the subscription or change to Community Edition. The 403 likely means that your BE subscription has run out and therefore you are not allow access to the BE repo anymore.
You can switch to the CE and back to BE later if you choose to renew the subscription.
QuoteFinding 2 — templates errors every boot, and the serial console has no login prompt.I'm can't comment on the template error. For the serial console, make sure the 'USB-based serial' box is unchecked. You can find details in the documentation:
https://docs.opnsense.org/hardware/serial_connectivity.html#serial-console-connectivity
Regarding upgrading to latest: Fastest is usually backup the configuration and reinstall if you have fallen back a bit. Otherwise if you go via the webGUI, just upgrade to whatever OPNsense is offering you, and the next and so on.
#9
General Discussion / DEC600 BE 24.4 — lapsed subscr...
Last post by ed3 - Today at 02:32:31 AMHi all,
Solo operator self-supporting a DEC600 that's run reliably for ~1 year but is now behind and has a couple of issues I've diagnosed. I'd appreciate guidance, especially on a few direct questions up front.
Unit: DEC600, Business Edition 24.4_8 (FreeBSD 13.2-p11). Running uninterrupted for about a year. I'd mistakenly assumed the subscription kept it auto-updated; I now understand updates are manual, and it simply ran 24.4 the whole time.
Finding 1 — updates blocked by lapsed subscription (403). Attempting an update returns Forbidden against the BE repo:
Finding 2 — templates errors every boot, and the serial console has no login prompt. Over the labeled CONSOLE port (micro-USB-B → Exar XR21V1410 USB-UART, 115200 8N1) I receive the complete boot output through the OPNsense banner, stable across reboots — but no login prompt and no input response after boot completes. Every boot shows:
Direct questions to help me decide between renewing BE and moving to Community Edition:
Full GUI/shell access available; happy to run diagnostics or share logs. Thanks in advance
Solo operator self-supporting a DEC600 that's run reliably for ~1 year but is now behind and has a couple of issues I've diagnosed. I'd appreciate guidance, especially on a few direct questions up front.
Unit: DEC600, Business Edition 24.4_8 (FreeBSD 13.2-p11). Running uninterrupted for about a year. I'd mistakenly assumed the subscription kept it auto-updated; I now understand updates are manual, and it simply ran 24.4 the whole time.
Finding 1 — updates blocked by lapsed subscription (403). Attempting an update returns Forbidden against the BE repo:
Code Select
https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:13:amd64/24.4/latest/meta.txz: Forbidden
... packagesite.pkg: Forbidden
... packagesite.txz: Forbidden
Unable to update repository OPNsense
Error updating repositories!The changelog lists releases up to 25.4.1 (2025-05-22), but pulling packages is clearly gated by the lapsed (~2025-06) subscription.Finding 2 — templates errors every boot, and the serial console has no login prompt. Over the labeled CONSOLE port (micro-USB-B → Exar XR21V1410 USB-UART, 115200 8N1) I receive the complete boot output through the OPNsense banner, stable across reboots — but no login prompt and no input response after boot completes. Every boot shows:
Code Select
>>> Invoking early script 'templates'
Generating configuration: ERRConsole config: vt driver enabled, Primary = Serial Console, Secondary = None, USB-based serial enabled. Web GUI over LAN works fine. My working theory is that the failed template generation prevents the serial getty (/etc/ttys) from being configured — producing output-yes / login-no.Direct questions to help me decide between renewing BE and moving to Community Edition:
- Is A causing B? Is the templates: ERR (and the resulting absence of a serial-console login) a side-effect of the lapsed subscription making the update repository unreachable (the 403s above)? I'm trying to confirm whether the broken repo is what's breaking template generation, rather than assuming a cause.
- Would switching to Community Edition restore console access? If the template error stems from the unit being unable to reach its subscription-gated repo, would migrating this DEC600 to the free Community Edition repo — which it can reach — fix template generation and bring back the serial console login?
- Is the migration reversible? If I move this DEC600 from Business Edition to Community Edition now, can I later switch it back to Business Edition with a new/renewed subscription? I'd like to know whether CE is a one-way door before committing.
- Diagnosing the template error directly: how can I find which template is failing (a way to run template generation manually with verbose output)?
- Update sequence / safety: what's the recommended path to get current from 24.4, and I'd want a working serial console as a fallback before any major upgrade or BE→CE switch — so should I resolve the console/template issue first, then update?
Full GUI/shell access available; happy to run diagnostics or share logs. Thanks in advance
Code Select
[shutdown of prior boot]
Waiting for system process `vnlru' to stop... done
Waiting for `syncer'... Syncing disks... done
Uptime: 6m55s ; uhub detached
coreboot-v4.16.5-Deciso ... CPU: AMD GX-420MC SOC ... 4 CPUs initialized
SeaBIOS rel-1.16.0
/boot/config: -S115200 -h
Consoles: serial port
FreeBSD/x86 bootstrap loader
[ OPNsense loader menu ... 24.4 "Savvy Shark" ]
Loading kernel + modules (carp, pflog, pf, zfs, if_bridge, if_lagg, if_gre, ...)
KDB: backend ddb
---<<BOOT>>---
FreeBSD 13.2-RELEASE-p11 stable/24.1 SMP amd64
CPU: AMD GX-420MC SOC (1597 MHz) ; ~8944 MB real / ~7874 MB avail ; 4 CPUs
nvme0 / nvd0: <TS256GMTE110S> 244198MB
igc0: I225-V MAC [REDACTED]
igc1: I225-V MAC [REDACTED]
igc2: I225-V MAC [REDACTED]
igc3: I225-V MAC [REDACTED]
ahci0: AMD Hudson-2 SATA ; ehci0: AMD FCH USB 2.0 ; usbus0 480Mbps
uart0: console (115200,n,8,1) port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
ZFS v5 / pool 5000
ugen0.2: <vendor 0x0438 product 0x7900> (internal USB hub)
Trying to mount root from zfs:zroot/ROOT/default
Setting hostuuid: [REDACTED] ; hostid: [REDACTED]
>>> Invoking early script 'configd' -> Starting configd.
>>> Invoking early script 'templates'
Generating configuration: ERR <-- THE ISSUE
>>> Invoking early script 'backup' ... carp: OK
Launching init system...done.
igc0/igc1: link UP
Setting timezone: [REDACTED]
Setting hostname: [REDACTED]
Configuring firewall / VLAN / interfaces ...done. [interface list redacted]
Starting web GUI...done.
Starting DHCPv4/DHCPv6, Unbound DNS, NTP, suricata, cron ...done.
Root file system: zroot/ROOT/default
[date redacted]
*** [HOSTNAME REDACTED]: OPNsense 24.4_8 ***
[interface -> IP table REDACTED]
HTTPS: SHA256 [REDACTED] #10
General Discussion / Re: Packet received by interfa...
Last post by lmoore - Today at 01:38:20 AMQuote from: Somnolus on May 30, 2026, 09:42:48 PMThe packet in question is under interface 2 and it repeats 4 times
The node at 192.168.4.27 is broadcasting the reply. For the packet to flow through pf in OPNsense, it would need to be forwarded to MAC address a8:b8:e0:04:91:1b.
