Recent posts

#1

26.1 Series / Re: OPNsense System Tunables C...

Last post by nightcom - Today at 12:17:39 AM

Honestly good job on that, finding the tunables on itself is easy but finding the explanation is...... different story.

Are you gonna keep it updated? Cause as you most likely know tunables tent to change, decom depending how FBSD deems them usable and need-able.

Regards,
S.

Thank you for your kind words, it means allot! :)

Project will be updated for sure, there will be delays sometimes because of updated documentation, time and logs from test environment. You probably know that there are  differences in FreeBSD and Opnsense and repository aims on Opnsense only so it takes time but I will try my best to keep myself updated ;) 

@Lucid1010 That's a great approach! Use AI as advance search engine or to analyze data, it often give answers according FreeBSD documentation precisely on default values what can lead to issues - keep it in mind ;)


Regards,
nightcom

#2

26.1 Series / Re: IPv6 from Android devices ...

Last post by rmayr - Today at 12:14:16 AM

This seems stable for my desktop devices, but Android devices, though they consistently get a SLAAC pair of addresses, fail to connect.

Are you sure it hasn't to do with Android's energy saving behaviour? Android >=15 ignores IPv6 if RA lifetime is below a certain threshold (e.g. 180 seconds).

Wow, now I feel slightly stupid in that I hadn't learned of this change beforehand. Indeed, setting RA lifetime from 120s to 300s makes my test Android devices set a default route again. One weird aspect is that the Android device picks up and sets its two random SLAAC addresses perfectly well with a lifetime of 120s. It just doesn't seem to set the default route.

(Context: I am using values much lower than the default 1800s because of ongoing debugging with IPv6 handover when the firewalls switch master/backup CARP roles.)

But now I'm back to the behavior of "it works for a few minutes, and then it breaks in an irregular manner, causing network connections from the Android devices to fail or become extremely slow". So, to keep my other members of the household happy, I'm intentionally setting the lifetimes back to 120s and therefore letting Android devices fall back to IPv4-only for the time being. I will continue debugging.

Thanks for the pointer! I learned something new today.

#3

26.1 Series / Re: Bare metal Raid 1 install ...

Last post by Patrick M. Hausen - March 17, 2026, 10:48:58 PM

I assume you mean ZFS? How did you install more than one drive in an APU4 device?

#4

26.1 Series / Re: Restore config.xml in 26.1...

Last post by meyergru - March 17, 2026, 10:48:35 PM

You probably installed a newer version of OpnSense where ISC DHCP has become a plugin. Once you have internet backup, you can reinstall the package and get everything up an running again.

#5

26.1 Series / Bare metal Raid 1 install on o...

Last post by rebuilder - March 17, 2026, 10:47:30 PM

Tying to do a raid 1 26.1.2 install on pcengines apu4 utilizing ZPS file system. Not getting anywhere
with the installer application when it asks to select ap0 or mulitple drives. Can someone
point me in the right direction?

#6

26.1 Series / Re: Port Forwarding automatic ...

Last post by Diggy - March 17, 2026, 10:41:06 PM

Anyways, I disabled the auto-generated rules.  Then created the correct "Pass" rules and placed them after the GeoIP block.  In theory, the GeoIP block should take place when applicable before allowing the Port Forwarding.

#7

26.1 Series / Re: Port Forwarding automatic ...

Last post by Diggy - March 17, 2026, 10:37:59 PM

In any case the order of the rules you show here should be working.  Are you sure you are testing from the outside?

Yeah, of course I was testing from the internet.

Do you have any other NAT rules set to "Pass" maybe?  Those would override and would not show here.

I do not see any rules elsewhere that would affect the desired behavior.

#8

26.1 Series / Restore config.xml in 26.1 ser...

Last post by Mr_Flibble - March 17, 2026, 10:34:47 PM

I have been running OPNsense for 3+ years, and unfortunately due to heavy snow, a power line went down and sent a surge up the cable line. This let the magic smoke out of the modem, Cat6 cable, and the router running OPNsense.

Fortunately, I take nightly backups, and after getting new (identical) hardware (Protectli FW2B) I was able to install OPNsense and upload my config.xml.

I am running the latest download iso, and we still don't have a main internet line to update any packages, as that line was melted.

However, while the backup worked, the original static DHCP listings seem to be missing - I set them up back in the day when they were called DHCPv4 under the Services menu, but now I only see the KEA DHCP and no other options.

This is a problem, as many devices are not seeming to get their static DHCP leases back, and I cannot remember what I set them to all those years ago.

Where should I look for these settings?

Also, given that I currently have no internet, will OPNsense try to get the missing packages I installed prior when I do have WAN again? That is, does the config.xml remember the Plugins I had and can pull them again?

#9

26.1 Series / Re: Port Forwarding automatic ...

Last post by Diggy - March 17, 2026, 10:33:29 PM

What is the meaning of "!" by itself in the Source field of your NAT rules?

I have no idea the meaning of the "!" by itself and am also wondering its meaning.  It is part of auto-generated rules.

#10

German - Deutsch / Re: Erweiterungen

Last post by Patrick M. Hausen - March 17, 2026, 09:51:47 PM

dmesg (was ja (im Wesentlichen?) nur /var/log/messages vorliest).

Nicht ganz. Es zeigt den Kernel Message Buffer, der *auch* in /var/log/messages landet. Also dmesg ist näher an der Quelle. Und /var/log/messages hat mehr als das, was dmesg anzeigt.