Recent posts

#1
General Discussion / Re: Periodic NIC issues (?) wi...
Last post by tuto2 - Today at 02:06:43 PM
Hi there,

While having a look at this issue, I noticed a potential bug in the iflib code making an automatic reset in case of a TX hang impossible, a custom kernel has been published which resolves this (though likely not the final patch version). Would you mind installing this kernel to see if this changes anything about the issue?

# opnsense-update -zk 26.1.10-iflib
The commit in question is https://github.com/opnsense/src/commit/8dd26e6351d72a53fab5d47a16d053d5f8648353.

If it's this issue, you should see "watchdog timeout" messages appearing in your dmesg/system log. After this, an automatic reset should recover connectivity. If this happens, can you share these logs?

Your description of the issue sounds similar to others, however, there are still a lot of gaps to fill. Most notably, do you always need manual intervention to fix the issue? or does it recover on its own? Is it always the same igc interface? What is the auto-negotiated link state at the time of failure (# ifconfig igcX)?  If there's no auto-negotiation, what link speed did you set it to?

Also, and perhaps most importantly, can you share a snapshot of

# sysctl dev.igc.X (where X is the affected interface) after the failure?

Lastly, please do these tests with all default tunables. As far as I know, dev.igc.0.eee_control=0 will *enable* EEE.

Cheers,
Stephan
#2
Turkish - Türkçe / OPNsense Captive Portal İçin A...
Last post by GkhnG - Today at 11:12:53 AM
Herkese merhaba,

OPNsense captive portal için Node.js ve JavaScript ile ücretsiz ve açık kaynaklı bir hotspot yönetim yazılımı geliştiriyorum. Proje tamamlandığında kaynak kodlarıyla birlikte GitHub üzerinden yayımlayacağım.

Yazılımda kupon, SMS, yönetici onayı, Telegram, WhatsApp, e-posta ve NVİ doğrulamasının yanı sıra kota ve kullanım süresi belirleme gibi özellikler bulunuyor.

Şu anda geliştirme ve canlı test aşamasındayım. Kaynak kodları henüz yayıma hazır olmadığı için testleri kendi geliştirme ortamımda gerçekleştirmem gerekiyor. Bu nedenle aşağıdaki konularda destek olabilecek gönüllüler arıyorum:

1. NVİ/KPS V2 entegrasyonunu test edebilmem için geçici, mümkünse yalnızca test amacıyla yetkilendirilmiş erişim sağlayabilecek bir kurum veya geliştirici,
2. 5651 loglarının zaman damgası ile imzalanmasını test edebilmem için KamuSM test hesabı konusunda yardımcı olabilecek bir kullanıcı.

Üretim ortamında kullanılan kalıcı veya kişisel hesap bilgilerinin paylaşılmasını istemiyorum. Mümkünse geçici ve kısıtlı bir test hesabı kullanılabilir ya da bilgiler ekran paylaşımı sırasında hesap sahibi tarafından doğrudan girilebilir.

Destek olabilecek arkadaşlar benimle özel mesaj üzerinden iletişime geçebilirler.
#3
French - Français / Re: Bloquer les appels vers de...
Last post by Tipper7042 - Today at 10:55:07 AM
Bonjour,
ce que tu décris ressemble à un piratage de tes lignes via un routage de l'appel. ça arrive souvent quand il n'y a pas de code PIN dans la boite vocale (ou le 0000 par défaut) et tu peux installer un renvoi d'appel. Tout se passe dans l'interface de gestion.
Tu vas avoir du mal à limiter les numéros car ça va changer régulièrement...

#4
Quote from: cookiemonster on Today at 12:17:06 AMIf you have set RSS for that performance, it might need revisiting. Maybe it does not help and is detrimental in your case.

The problem was present before that optimization, in fact i thought that the problem was there because I selected "safe defaults".

#5
Quote from: pfry on June 30, 2026, 11:37:34 PMHow about the PCI query?

not a single error logged, see attached file

Quote from: pfry on June 30, 2026, 11:37:34 PMIt could be a software issue. My experience is limited to a couple FreeBSD and a couple OPNsense machines, all bare-metal. Recent/relevant experience, that is. Most of the pf messages could point to really wacky network issues, but (in particular) I wouldn't expect a duplicate flow ID to be a soft issue (within the scope of a standard OPNsense install). I just don't have enough experience poking into pf to say with certainty.

same for me, i dont have a lot of experience with BSD in general and opnsense in particular, but in  my particular experience all these messages about bad states in the state connection table sound strange.

Thanks for the ideas anyway
#6
General Discussion / Re: Business license question ...
Last post by ou1 - Today at 09:32:18 AM
Quote from: DEC740airp414user on June 20, 2026, 01:36:10 PMmy Only disappointment with Opnsense is when buying a new appliance the business license starts from the day of your purchase:

I did not realize this on my 2nd appliance and will be losing 3-4 months of the latest license.

  when I setup the new appliance, I used my previous business licensing thinking I could then use the full new license when it expired. when it did expire and I put in the new key it showed I had 9 months remaining..

I then read the email from the appliance purchase and it said it started day of purchase.  live and learn

I would email sales explaining this, they are usually very helpful. Maybe they can offer a discount on a renewal for this lost period or something similar, it's worth a try.
#7
26.1, 26,4 Series / Re: 2 WAN Uplinks split routin...
Last post by paul5012 - Today at 09:22:59 AM
Quote from: lmoore on Today at 02:51:24 AM
Quote from: paul5012 on June 30, 2026, 09:57:00 PM
Quote
Quote1) what is the sense of "no RDR (NOT)" (Enabling this option will disable redirection for traffic matching this rule.) Wouldn't make this the rule itself pointless?
For a single port forwarding rule, it does.
I guess, this can make sense if you forward multiple / all ports. So using this option you can define an exception.
Still not quite clear to me.

OPNsense uses "no rdr" by default on the LAN interface to prevent redirects away from OPNsense management ports, i.e. SSH, HTTP & HTTPS and for CARP.

HTH.
I see. So it should better read "no auto RDR rules"?

I mean this option exists in a destination NAT dialogue. Which is a redirect, isn't it? So I still find it confusing to have an option "no rdr". Whilst with that auto-RDR mechanisms this gets an other view. And if then "no auto RDR rules" can be choosen that makes sense.

Or do I still miss the meaning of the terms and mechanisms?
#8
General Discussion / Re: Periodic NIC issues (?) wi...
Last post by meyergru - Today at 09:14:09 AM
ASPM is causing this for I226 devices and I am not aware that updating the NIC firmware fixes that.

If there is an updated BIOS for the Protectl, try that first. You can actually make that go away with ASPM off, but AFAIK, you can only disable this for the whole machine under OpnSense if the BIOS does not set it selectively for your NICs.

The global setting is by done setting the tuneable hw.pci.enable_aspm=0. You should probably also set dev.igc.X.eee_control=0 with X=0,1.
#9
26.1, 26,4 Series / Re: [OPNsense v26.1.10] IGMPPr...
Last post by staticznld - Today at 09:14:02 AM
I have a small script running that restarts IGMPproxy every night at 03:00 to prevent issues. Nobody is affected by it, and if someone happens to be watching TV at that time, it is only interrupted for a second or two.

Also, I personally think adding an extra device for such a small task is a bit overkill.
#10
There is now a proposed fix which can be tested via "opnsense-patch 67ea4ad". Applying the same patch again reverts it, whould the need arise.