Recent posts

#1

26.1, 26,4 Series / Re: OPNSense forwarding packet...

Last post by ChristopherL - Today at 12:07:18 PM

Logically its a flat layer 2 network, with the two firewalls, the hosts and the gateways all connected to some Cisco switches running spanning tree.

So effectively:

Code Select Expand

border-routera   border-routerb   dmzhosta    dmzhost<x>
      |                 |            |           |
      --------------------------------------------
            |               |              |
         office-fwa    office-fwa       dmzhostb
The default gateway for everything points at a VRRP address shared between border-router1 and border-router2.
The office firewalls run CARP, and the border routers and the hosts have routes to the office-fw1 address ranges pointing at the CARP address.

#2

High availability / Re: HA broken since update to ...

Last post by Monviech (Cedrik) - Today at 11:44:19 AM

It looks like it might have been an isolated issue that you had.

Glad you could resolve it. I also run two OPNsense (2x DEC750) in community version in HA, and I update them frequently. I didn't have issues yet, I mostly do this to catch issues like these early as well.

#3

High availability / Re: HA broken since update to ...

Last post by StephB - Today at 11:35:11 AM

Problem solved :
reinstalled version 26.1.2
restored config backup
checked HA : OK
upgraded to 26.1.9
checked HA : OK

Don't know what went wrong when upgrading 26.1.2 -> 26.1.6 -> 26.1.9 !?

Sorry for the noise.

#4

General Discussion / Re: How Can i modify the lease...

Last post by somanet - Today at 10:57:34 AM

Have set the range and lease time but its not picking the new leases its still using old configurations

You need to tell the local clients to renew their lease manually.

For Windows:
ipconfig /release
ipconfig /renew

But you need to do some research and use AI. Its great for these kinds of things.

My Current Range
192.168.2.101 -  192.168.2.200

what am getting
eferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.171(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Lease Obtained. . . . . . . . . . : 12 June 2026 11:48:37
   Lease Expires . . . . . . . . . . : 12 June 2026 13:48:36
   Default Gateway . . . . . . . . . : fe80::f690:eaff:fe01:fb24%17
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1

#5

General Discussion / Re: How Can i modify the lease...

Last post by sopex - Today at 10:07:52 AM

Have set the range and lease time but its not picking the new leases its still using old configurations

You need to tell the local clients to renew their lease manually.

For Windows:
ipconfig /release
ipconfig /renew

But you need to do some research and use AI. Its great for these kinds of things.

#6

General Discussion / Re: How Can i modify the lease...

Last post by somanet - Today at 09:55:39 AM

XXXX/ui/dnsmasq/settings#dhcpranges

Edit or create a new range, its one of the settings here

Have set the range and lease time but its not picking the new leases its still using old configurations

#7

General Discussion / Re: support contacts

Last post by Monviech (Cedrik) - Today at 09:34:33 AM

Can you PM me and tell me the sending Email Address and your Company name? I can check.

#8

German - Deutsch / Re: "Lahmes" Internet seit Upd...

Last post by trixter - Today at 09:04:49 AM

Dann zieh doch erst mal in Ruhe um, bevor Du noch eine Baustelle aufmachst..

Dann würde evtl versuchen eine aktuelle Sense aufzusetzen und nicht alten Ballast mit zu schleppen.

ICS ist längst abgekündigt - wird Dir also nur Probleme machen.

#9

26.1, 26,4 Series / Maltrail Failed to establish a...

Last post by raywan - Today at 09:00:00 AM

Regarding to my last Maltrial fail2ban connection problem, i have manually added two command lines into FAIL2BAN_ALLOWLIST 127.0.0.1 & FAIL2BAN_ALLOWLIST 192.168.1.1/24 into /usr/local/opnsense/service/templates/OPNsense/Maltrail/maltrail.conf to resolve fail2ban connection problem.
https://forum.opnsense.org/index.php?topic=52066.msg268118#msg268118
However, it only works for few hours only then appears alot of error message as below. I would like to confirm that Maltrial is working so far so good and i can access the fail2ban list from my pc without any problem. I have tried to restart all the service and reboot the firewall. It doesn't help to solve the connection problem.

Code Select Expand

2026-06-12T12:54:00
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:54:00
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:48:45
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:48:45
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:42:02
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:42:02
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:37:03
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:37:03
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:32:01
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:32:01
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:27:00
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)
2026-06-12T12:27:00
Error
firewall
error fetching alias url http://127.0.0.1:8338/fail2ban (HTTPConnectionPool(host='127.0.0.1', port=8338): Max retries exceeded with url: /fail2ban (Caused by NewConnectionError("HTTPConnection(host='127.0.0.1', port=8338): Failed to establish a new connection: [Errno 61] Connection refused")))
2026-06-12T12:22:01
Error
firewall
alias resolve error BlocklistMaltrail (error fetching alias url http://127.0.0.1:8338/fail2ban)


#10

26.1, 26,4 Series / Re: Reboot every time automate...

Last post by bebef - Today at 08:42:07 AM

Finding https://forum.opnsense.org/index.php?topic=38982.0 I disabled IPv6 for testing and it got rid of the changelog.txz appears to be truncated error. After another "update" in the console (which did nothing) and another reboot, it now seems to work again.