"Recent posts
#1
26.1 Series / Re: Destination NAT: Configura...
Last post by miketubby - Today at 07:26:42 PMRe-installation pf "opnsense 26.1_4" package performed:
***GOT REQUEST TO REINSTALL***
Currently running OPNsense 26.1_4 (amd64) at Mon Feb 2 18:23:36 GMT 2026
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following packages will be fetched:
New packages to be FETCHED:
opnsense: 26.1_4 (6 MiB: 100.00% of the 6 MiB to download)
Number of packages to be fetched: 1
The process will require 6 MiB more space.
6 MiB to be downloaded.
Fetching opnsense-26.1_4.pkg: .......... done
opnsense-26.1_4: already unlocked
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be REINSTALLED:
opnsense-26.1_4
Number of packages to be reinstalled: 1
[1/1] Reinstalling opnsense-26.1_4...
[1/1] Extracting opnsense-26.1_4: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
=====
Message from opnsense-26.1_4:
--
One step ahead, one step behind it, now you gotta run to get even
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
I will now re-boot and try the DNAT configuration again.
Regards
Mike
***GOT REQUEST TO REINSTALL***
Currently running OPNsense 26.1_4 (amd64) at Mon Feb 2 18:23:36 GMT 2026
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following packages will be fetched:
New packages to be FETCHED:
opnsense: 26.1_4 (6 MiB: 100.00% of the 6 MiB to download)
Number of packages to be fetched: 1
The process will require 6 MiB more space.
6 MiB to be downloaded.
Fetching opnsense-26.1_4.pkg: .......... done
opnsense-26.1_4: already unlocked
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be REINSTALLED:
opnsense-26.1_4
Number of packages to be reinstalled: 1
[1/1] Reinstalling opnsense-26.1_4...
[1/1] Extracting opnsense-26.1_4: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
=====
Message from opnsense-26.1_4:
--
One step ahead, one step behind it, now you gotta run to get even
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
I will now re-boot and try the DNAT configuration again.
Regards
Mike
#2
Intrusion Detection and Prevention / IDS Web Server
Last post by spetrillo - Today at 07:08:45 PMHello all,
Does Suricata have a web interface that I could expose, so ppl could have read access to see the alerts?
Thanks,
Steve
Does Suricata have a web interface that I could expose, so ppl could have read access to see the alerts?
Thanks,
Steve
#3
Intrusion Detection and Prevention / Re: Performance tuning for IPS...
Last post by spetrillo - Today at 07:07:51 PMIs this information still relevant for Suricata 8.03?
#4
25.7, 25.10 Series / Re: Utility for checking healt...
Last post by BigFreddy - Today at 07:04:09 PMQuote from: Patrick M. Hausen on Today at 06:58:24 PM1. Schedule regular ZFS pool scrubs.
2. Follow this procedure of mine to get SMART data into a tool named Scrutiny:
https://forum.opnsense.org/index.php?topic=48101.msg242617#msg242617
HTH,
Patrick
Thanks Patrick, I will look into this as it's well needed.
#5
25.7, 25.10 Series / Microsoft Entra ID and OIDC Gr...
Last post by opnsense_ci - Today at 07:00:59 PMPlease could someone assist, I have searched everywhere.
I recently purchased a business licence explicitly to try out OIDC WebGui logins. Whatever I do I cannot seem to get the group attribute to be used when logging in. All of the info I could find says to enable debug logging in the OIDC settings which I have done however nothing about groups is shown in the logs.
I'm on 25.10 with the latest updates applied as of the time of this post.
Any help would be much appreciated
I recently purchased a business licence explicitly to try out OIDC WebGui logins. Whatever I do I cannot seem to get the group attribute to be used when logging in. All of the info I could find says to enable debug logging in the OIDC settings which I have done however nothing about groups is shown in the logs.
I'm on 25.10 with the latest updates applied as of the time of this post.
Any help would be much appreciated
#6
General Discussion / Certificate Removal
Last post by spetrillo - Today at 06:59:46 PMHello all,
I had used Let's Encrypt to protect a web server that is proxied by Caddy. I would like to revoke the certs in OPNsense but its not doing as it shows it should work. What is the right process?
Thanks,
Steve
I had used Let's Encrypt to protect a web server that is proxied by Caddy. I would like to revoke the certs in OPNsense but its not doing as it shows it should work. What is the right process?
Thanks,
Steve
#7
26.1 Series / Re: Rules migration wizard see...
Last post by Headless1919 - Today at 06:59:14 PMThat seems to have done it, thanks Cedric. Changes made in Notepad, imported without an issue. Saved me a lot of work!
#8
26.1 Series / Re: New Rules "Edit/Clone Rule...
Last post by retatefw - Today at 06:58:39 PMI have also had the "Nothing selected" happening frequently on rules edit. My sequence of events was upgrade install and a day later migrated about 50 rules to the new interface with no problems. I then did a clean install with the existing configuration to migrate from UFS to ZFS file system. At this point I started editing rules and noticed the "Nothing selected" problem. I believe I encountered the problem even with no interface change involved.
From a speed perspective everything is over provisioned. The client system has an Intel Ultra 9 285K processor, Intel X710-TL 10 Gb ethernet connection, Samsung 9100 SSD & Windows 11 with Edge as the browser. The OPNSense hardware has an Intel i7-13700K processor, Samsung 990 Pro SSD, and Intel X710-TL configured as a dual (wan/lan) 10 Gb ethernet.
From a speed perspective everything is over provisioned. The client system has an Intel Ultra 9 285K processor, Intel X710-TL 10 Gb ethernet connection, Samsung 9100 SSD & Windows 11 with Edge as the browser. The OPNSense hardware has an Intel i7-13700K processor, Samsung 990 Pro SSD, and Intel X710-TL configured as a dual (wan/lan) 10 Gb ethernet.
#9
25.7, 25.10 Series / Re: Utility for checking healt...
Last post by Patrick M. Hausen - Today at 06:58:24 PM1. Schedule regular ZFS pool scrubs.
2. Follow this procedure of mine to get SMART data into a tool named Scrutiny:
https://forum.opnsense.org/index.php?topic=48101.msg242617#msg242617
HTH,
Patrick
2. Follow this procedure of mine to get SMART data into a tool named Scrutiny:
https://forum.opnsense.org/index.php?topic=48101.msg242617#msg242617
HTH,
Patrick
#10
26.1 Series / Re: hostwatch db grows rapidly
Last post by dinguz - Today at 06:42:04 PMIt's currently 150 MB on my home router, mostly caused by IPv6 addresses which appear to change frequently over time. I also see log entries going back to the initial activation. Is there any expiry or cleanup mechanism in place for HostWatch data (database and/or logs)?
