"Recent posts
#1
26.1, 26,4 Series / Re: OpenVPN - Via UDP no routi...
Last post by PotatoCarl - Today at 10:16:29 AMTroubleshooting - Well I am on it. But I am a bit running against walls here and do not even know where to look for anymore.
As I said - it worked with an older OpnSense version and broke one day (sorry, as always many other things to do, TCP one continued to problem was postponed, at last 2 major upgrades since then).
Troubleshoot the new instance: How? Precisely? There is not even a connection attempt in the log. With the "old" server, I get connected but no routing. So I am much further there. How can I troubleshoot the new server?
>Tried with the phone using the mobile connection, not the wifi?
Yes. internally (works/worked fine previously and still with Port 443), with Wifi at a different place and with the normal network connection.
The laptop at two different sites, one internal WIFI and an unconnected wifi.
I have tested the allow all rule - now change.
As I said - it worked with an older OpnSense version and broke one day (sorry, as always many other things to do, TCP one continued to problem was postponed, at last 2 major upgrades since then).
Troubleshoot the new instance: How? Precisely? There is not even a connection attempt in the log. With the "old" server, I get connected but no routing. So I am much further there. How can I troubleshoot the new server?
>Tried with the phone using the mobile connection, not the wifi?
Yes. internally (works/worked fine previously and still with Port 443), with Wifi at a different place and with the normal network connection.
The laptop at two different sites, one internal WIFI and an unconnected wifi.
I have tested the allow all rule - now change.
#2
Zenarmor (Sensei) / Re: Zenarmor - Secure Connecti...
Last post by sy - Today at 10:16:05 AMHi,
If you see these UDP on port 53 DNS traffic as blocked, the landing page should be appeared. Do they seem as blocked or allowed traffic?
If you see these UDP on port 53 DNS traffic as blocked, the landing page should be appeared. Do they seem as blocked or allowed traffic?
#3
25.7, 25.10 Legacy Series / Intermittent connectivity loss...
Last post by elvinmammadov - Today at 10:04:41 AMHello,
Sometimes OPNsense (running as a VM on Proxmox VE) becomes unreachable (no Web UI / no ping), which causes all VMs behind it to lose internet connectivity.
The issue is only resolved by opening the OPNsense console and either reloading all services or rebooting the VM. After that, everything works normally again.
Notes
Question:
Has anyone encountered this issue? Is there a known solution or workaround?
Sometimes OPNsense (running as a VM on Proxmox VE) becomes unreachable (no Web UI / no ping), which causes all VMs behind it to lose internet connectivity.
The issue is only resolved by opening the OPNsense console and either reloading all services or rebooting the VM. After that, everything works normally again.
Notes
- Issue appeared after upgrading to 25.7
- Did not happen on older versions
Question:
Has anyone encountered this issue? Is there a known solution or workaround?
#4
General Discussion / Re: Policy Based Routing ignor...
Last post by Residence0886 - Today at 09:48:12 AMQuote from: viragomann on April 24, 2026, 03:03:23 PMQuote from: Residence0886 on April 24, 2026, 02:48:14 PMSo I created a new firewall rule on the transfer-LAN adapter that covers all traffic and set it on top of the list. Source is my test-client and destination is any.You have to add this rule to the LAN interface. But maybe, that's just a typo.
Also you have to state the new gateway in the rules advanced settings.
Hi, yes this is what I did. As I said: The rule is working fine and applies to the connection. It's only the routing to the new gateway that won't work.
#5
26.1, 26,4 Series / Doulbed logs in IDS/IPS logs
Last post by oakbuck - Today at 09:33:49 AMHi,
blocked rules in IDS are still shown twice in the actual version. It's the same behavior as mentioned in this two topics:
https://forum.opnsense.org/index.php?topic=43493.0
https://forum.opnsense.org/index.php?topic=43440.msg216049#msg216049
Franco wrote that pf needs a makeover. Wanted to ask if it's going to be fixed in the future.
Thank you very much.
oakbuck
blocked rules in IDS are still shown twice in the actual version. It's the same behavior as mentioned in this two topics:
https://forum.opnsense.org/index.php?topic=43493.0
https://forum.opnsense.org/index.php?topic=43440.msg216049#msg216049
Franco wrote that pf needs a makeover. Wanted to ask if it's going to be fixed in the future.
Thank you very much.
oakbuck
#6
General Discussion / Re: Troubleshooting frequent i...
Last post by Stormscape - Today at 09:28:12 AMSo this may seem slightly bizzare, but what DNS servers is your OPNsense server configured to check? I've noticed if my forward lookup DNS servers are slightly on the slow side (such as the root nameservers), I'll get the occasional DNS timeout like you're experiencing. Have you tried one with good anycast and response times like Cloudflare (1.1.1.1) or Google (8.8.8.8)?
Additional: Your ISP router is in bridge mode, right? You're not doing double NAT? Not really related to DNS issues (usually), but worth making sure.
Additional: Your ISP router is in bridge mode, right? You're not doing double NAT? Not really related to DNS issues (usually), but worth making sure.
#7
26.1, 26,4 Series / Re: 26.1.6_2 Multiple Pugins S...
Last post by franco - Today at 09:12:45 AMIf you keep not posting what went wrong while trying to install the correct pkg version nobody is able to help you. I don't think randomly updating to a development version would help here either.
Cheers,
Franco
Cheers,
Franco
#8
General Discussion / Shadowsocks with mullvad?
Last post by catnap4048 - Today at 06:05:18 AMTrying to set up shadowsocks and have it work with mullvad to bypass restrictions. I already have my entire network routed through mullvad passing all checks but I can't quite find out how to integrate shadowsocks with it and there is minimal resources online to find out how. I do have shadowsocks local running with mullvad's socks5 information, just cannot find out how to make the network run through it.
#9
General Discussion / Re: 2nd LAN Port has no Intern...
Last post by stefanpf - Today at 04:29:26 AMHi,
It sounds like a DHCP range is missing for the second LAN interface.
Take a look at the relevant sections in Dnsmasq.
Also check the interface binding settings for Dnsmasq and Unbound.
I'm not entirely sure about this, but you might need to add a rule for the DNS destination "this firewall" on UDP port 53 on the second interface.
It sounds like a DHCP range is missing for the second LAN interface.
Take a look at the relevant sections in Dnsmasq.
Also check the interface binding settings for Dnsmasq and Unbound.
I'm not entirely sure about this, but you might need to add a rule for the DNS destination "this firewall" on UDP port 53 on the second interface.
#10
26.1, 26,4 Series / Re: 26.1.6_2 Destination NAT ...
Last post by lmoore - Today at 02:29:46 AMQuote from: OPNsense4ever on April 26, 2026, 11:47:58 PMWhat should be used for Redirect Target Port? The first port in the range? 1630? any?
In your case you would enter 1630, which is the base port number for the range.
Connections arriving within you port range of 1630-1641 will be redirected to ports 1630-1641 at the redirected address.
If you set your Redirect Target Port to 20630, the connections arriving within the port range of 1630-1641, will be redirected to 20630-20641.
If you wanted to use multiple but not sequential ports, you would set up a Port Alias with the port numbers and use the Port Alias in the Destination Port and Redirect Target Port fields.
[Edit] Using "any" simply redirects to the port numbers within the range.
