"Recent posts
#1
Development and Code Review / How to determine the correct k...
Last post by OrvilleQ - Today at 07:20:37 AMHi everyone,
I am currently trying to repurpose an old enterprise SD-WAN device (VeloCloud Edge 520) as a router by installing OPNsense. Unfortunately, VeloCloud made some non-standard hardware modifications to this device, so I have to patch and modify the kernel to get it working properly.
Since OPNsense releases updates roughly twice a month, I don't want to manually rebuild the kernel every time, nor do I want to be stuck on an outdated version. Therefore, I plan to set up a GitHub Action to automate the custom kernel build process whenever a new version is released.
However, I'm currently a bit confused about the relationship between OPNsense release versions and kernel versions.
For example, I see that OPNsense 26.1.2 was released on January 12th. However, I cannot find a 26.1.2 tag in the opnsense/src repository on GitHub—the latest tag I see is only 26.1.1. Additionally, I checked pkg.opnsense.org and didn't see a kernel package specifically released for 26.1.2.
So,
1. Does this mean that the 26.1.2 release did not bring any changes to the kernel compared to 26.1.1?
2. But I do noticed there are commits in opnsense/src between the 26.1.1 tag and the 26.1.2 release date. Then should I just ignore them?
3. If I upgrade from 26.1.1 (with custom kernel installed) to 26.1.2, do I not need to replace my custom 26.1.1 kernel or just reuse it?
4. But if I were to perform a fresh install of 26.1.2, should I simply install the kernel based on the 26.1.1 source tag?
5. Is there a specific documented workflow or release engineering process for OPNsense that I can reference? I would like to understand exactly how the versioning and tagging logic is handled between the core system and the kernel.
Thanks in advance.
I am currently trying to repurpose an old enterprise SD-WAN device (VeloCloud Edge 520) as a router by installing OPNsense. Unfortunately, VeloCloud made some non-standard hardware modifications to this device, so I have to patch and modify the kernel to get it working properly.
Since OPNsense releases updates roughly twice a month, I don't want to manually rebuild the kernel every time, nor do I want to be stuck on an outdated version. Therefore, I plan to set up a GitHub Action to automate the custom kernel build process whenever a new version is released.
However, I'm currently a bit confused about the relationship between OPNsense release versions and kernel versions.
For example, I see that OPNsense 26.1.2 was released on January 12th. However, I cannot find a 26.1.2 tag in the opnsense/src repository on GitHub—the latest tag I see is only 26.1.1. Additionally, I checked pkg.opnsense.org and didn't see a kernel package specifically released for 26.1.2.
So,
1. Does this mean that the 26.1.2 release did not bring any changes to the kernel compared to 26.1.1?
2. But I do noticed there are commits in opnsense/src between the 26.1.1 tag and the 26.1.2 release date. Then should I just ignore them?
3. If I upgrade from 26.1.1 (with custom kernel installed) to 26.1.2, do I not need to replace my custom 26.1.1 kernel or just reuse it?
4. But if I were to perform a fresh install of 26.1.2, should I simply install the kernel based on the 26.1.1 source tag?
5. Is there a specific documented workflow or release engineering process for OPNsense that I can reference? I would like to understand exactly how the versioning and tagging logic is handled between the core system and the kernel.
Thanks in advance.
#2
German - Deutsch / Re: IPSec Site2Site (Connectio...
Last post by user.42 - Today at 07:08:12 AMEs ist nunmal die IP der OPNSense. IKEv2/IPSec ist manchmal etwas Tricky, aber wenn es erstmal läuft, ist es ein Traum.
#3
German - Deutsch / Kea DHCP mit anderem DNS statt...
Last post by cklahn - Today at 06:29:25 AMHallo Forum,
ich würde gerne meinen ISC DHCP gegen Kea DHCP austauschen.
Nun meine Fragen:
1.) Wozu ist der "Control Agent"? Kea scheint ja, auch ohne diesen aktiviert zu haben, zu funktionieren.
2.) Bei den Settings teile ich Kea mit, auf welchen Schnittstellen DHCP gemacht werden soll. Warum trage ich beim Reiter "Subnet" die Schnittstellen-IP und nicht den Netzwerkbereich ein? Also statt 192.168.100.1/24 sondern 192.168.100.0/24?
3.) Wenn ich das so richtig verstanden habe, dann geht Kea davon aus, dass der DNS-Server und das Gateway jeweils die IP-Adresse des Subnets hat?! Wie kann ich Kea andere IP-Adressen mitteilen? Also Gateway z.B. 192.168.1.1 und DNS aber 192.168.1.12?
Ich danke im Voraus für Aufklärung :-).
ich würde gerne meinen ISC DHCP gegen Kea DHCP austauschen.
Nun meine Fragen:
1.) Wozu ist der "Control Agent"? Kea scheint ja, auch ohne diesen aktiviert zu haben, zu funktionieren.
2.) Bei den Settings teile ich Kea mit, auf welchen Schnittstellen DHCP gemacht werden soll. Warum trage ich beim Reiter "Subnet" die Schnittstellen-IP und nicht den Netzwerkbereich ein? Also statt 192.168.100.1/24 sondern 192.168.100.0/24?
3.) Wenn ich das so richtig verstanden habe, dann geht Kea davon aus, dass der DNS-Server und das Gateway jeweils die IP-Adresse des Subnets hat?! Wie kann ich Kea andere IP-Adressen mitteilen? Also Gateway z.B. 192.168.1.1 und DNS aber 192.168.1.12?
Ich danke im Voraus für Aufklärung :-).
#4
German - Deutsch / Re: IPSec Site2Site (Connectio...
Last post by cklahn - Today at 06:15:02 AMHallo nochmal,
ich habe nun in der Phase1 bei der verbindungsaufbauenden OPNsense als lokale IP nun die interne IP der OPNsense eingetragen. Und schwups kommt die Verbindung zustande. Der Tunnel steht nun seit ein paar Tagen.
Könnten die Jungs von Deciso gerne mal mit in die Doku nehmen :-).
ich habe nun in der Phase1 bei der verbindungsaufbauenden OPNsense als lokale IP nun die interne IP der OPNsense eingetragen. Und schwups kommt die Verbindung zustande. Der Tunnel steht nun seit ein paar Tagen.
Könnten die Jungs von Deciso gerne mal mit in die Doku nehmen :-).
#5
26.1 Series / Re: Multi WAN question/solutio...
Last post by Lucid1010 - Today at 06:13:24 AM #6
Hardware and Performance / Re: Warning about RealTek adap...
Last post by Stormscape - Today at 06:04:04 AMI've seen the 8127ATF SFP+ NICs and I wonder if they work any better than the 4.0 1x BaseT cards. I've also noticed they're all 4x, so they're presumably PCIe 3.0 only. If they are, putting them in a 1x slot wouldn't get a full 10 gigabits, but it would still be 7.5 gigabits which ehhh... close enough.
#7
26.1 Series / Re: NAT Reflection / Hairpinni...
Last post by PilaScat - Today at 04:22:04 AMQuote from: nero355 on February 13, 2026, 03:17:35 PMAlso consider not using any kind of NAT Loopback or Reverse NAT for this kind of setup.It is for speed, the domains and reverse proxy are already configured
Setting up domains correctly in combination with any Reverse Proxy software is IMHO the better solution.
So after enabling option 1 and 3 in 3rd screenshoot it started working as expected, maybe they were disabled when upgrading to 26
#8
26.1 Series / Re: Shaper on 26.1.2 - Removed...
Last post by Boxer - Today at 04:05:02 AMFirewall>Diagnostics>States>Actions>Reset state table.
That should clear them if they're already disabled
That should clear them if they're already disabled
#9
26.1 Series / Dynamic ipv6 host does not wor...
Last post by yarn - Today at 02:55:40 AMI have dynamic ipv6 host set to the address of my device, but ddclient still updates the record with the router's IP6. Unfortunately because my domain is in porkbun I have to use the ddclient backend.
Is there a way to make dynamic ipv6 host work?
Is there a way to make dynamic ipv6 host work?
#10
26.1 Series / Re: [SOLVED] Static IPv6 addre...
Last post by Maurice - Today at 01:32:11 AMA stable-privacy interface identifier (RFC 7217) is only stable as long as the prefix is stable, but then you wouldn't need dynamic DNS.
If your prefix is dynamic, you indeed have to use EUI-64 or a token (which most devices still do).
ISC DHCPv6 allows static mappings without an address range for dynamic leases. RA flags are configured independently (in radvd).
Kea does not (yet) support dynamic prefixes, so that's probably not an option.
Not sure about dnsmasq.
If your prefix is dynamic, you indeed have to use EUI-64 or a token (which most devices still do).
ISC DHCPv6 allows static mappings without an address range for dynamic leases. RA flags are configured independently (in radvd).
Kea does not (yet) support dynamic prefixes, so that's probably not an option.
Not sure about dnsmasq.
