"Recent posts
#1
26.1, 26,4 Series / Re: Nginx can't access to its ...
Last post by muchacha_grande - Today at 02:24:58 PMMay be this due to a temporary file lock during log rotate and is not a problem at all.
#2
26.1, 26,4 Series / Re: Upgrade went wrong
Last post by davidgildea - Today at 01:59:54 PMExperiencing the same issue, standard upgrade, have not installed any packages, had to reboot and getting a secgemnt vault error now in the update.
One extra thing I noticed is plugins are all showing as (Orphaned), not sure what this means or if its an issue.
os-acme-client (orphaned) 4.16_1 821KiB 4 OPNsense ACME Client
os-isc-dhcp (orphaned) 1.0_4 280KiB 4 OPNsense ISC DHCPv4/v6 server
os-ntopng (orphaned) 1.3 20.6KiB 4 OPNsense Traffic Analysis and Flow Collection
os-redis (orphaned) 1.1_4 68.8KiB 4 OPNsense Redis DB
os-sensei (orphaned) 2.5 274MiB 4 SunnyValley Zenarmor is an Enterprise SASE & SSE platform (NGFW, SWG, CASB, ZTNA, SD-WAN)
os-sensei-agent (orphaned) 2.5 129MiB 4 SunnyValley Cloud Connectivity Agent for Zenarmor - Enterprise SASE & SSE platform
os-sensei-updater (orphaned) 2.0 3.75KiB 4 SunnyValley OPNsense ZENARMOR Plugin Updater
os-sunnyvalley (orphaned) 1.5_2 2.43KiB 4 OPNsense Vendor Repository for Zenarmor - Enterprise SASE & SSE platform (NGFW, SWG, CASB, ZTNA, SD-WAN)
os-tailscale (orphaned) 1.4 46.9KiB 4 OPNsense VPN mesh securely connecting clients using WireGuard
Would really appreciate any help or advice
Dave
One extra thing I noticed is plugins are all showing as (Orphaned), not sure what this means or if its an issue.
os-acme-client (orphaned) 4.16_1 821KiB 4 OPNsense ACME Client
os-isc-dhcp (orphaned) 1.0_4 280KiB 4 OPNsense ISC DHCPv4/v6 server
os-ntopng (orphaned) 1.3 20.6KiB 4 OPNsense Traffic Analysis and Flow Collection
os-redis (orphaned) 1.1_4 68.8KiB 4 OPNsense Redis DB
os-sensei (orphaned) 2.5 274MiB 4 SunnyValley Zenarmor is an Enterprise SASE & SSE platform (NGFW, SWG, CASB, ZTNA, SD-WAN)
os-sensei-agent (orphaned) 2.5 129MiB 4 SunnyValley Cloud Connectivity Agent for Zenarmor - Enterprise SASE & SSE platform
os-sensei-updater (orphaned) 2.0 3.75KiB 4 SunnyValley OPNsense ZENARMOR Plugin Updater
os-sunnyvalley (orphaned) 1.5_2 2.43KiB 4 OPNsense Vendor Repository for Zenarmor - Enterprise SASE & SSE platform (NGFW, SWG, CASB, ZTNA, SD-WAN)
os-tailscale (orphaned) 1.4 46.9KiB 4 OPNsense VPN mesh securely connecting clients using WireGuard
Would really appreciate any help or advice
Dave
#3
German - Deutsch / Re: LogIn-Seite vor Captive Po...
Last post by viragomann - Today at 01:52:13 PMQuote from: NausB on Today at 11:11:15 AMProduktiv werde ich ,,Disable firewall rules" erst einmal nicht setzen, sondern höchstens in einer Testumgebung nachbauen.Die Sache ist, dass durch die automatisch generierten CP Regeln alles außer DNS, DHCP und die Ports 8000 u. 9000 auf die OPNsense selbst (f. Zone 0) blockiert wird.
Ich habe mir nun die Regeln einer anderen Installation angesehen, bei der in CP als Host ein FQDN angegeben ist, der auf die WAN IP aufgelöst wird. Da sind auch nur Zugriffe auf die OPNsense selbst erlaubt. Ich denke aber nicht, dass sie weiß, dass der FQDN auf die eigene IP verweist.
D.h., wenn das Ziel auf einem andern Host liegt, wird das nicht funktionieren.
Wenn du deine Clients also eine andere Seite aufrufen können müssen, muss das explizit erlaubt werden. Mit einer Regel am Interface ist das nicht möglich, wenn die automatischen Regeln aktiv sind, denn diese haben höhere Prio.
Du kannst es bestenfalls mit eine Floating Regel mit Quick versuchen. Floating Regeln sollten vor den Interface Regeln abgearbeitet werden und somit Vorrang haben. Das sollte auch für automatisch generierte Regeln gelten.
Bedenke aber, dass in den "New Rules" Floatings nicht für ein einzelnen Interface definiert werden können. Du müsstest also ein zweites hinzunehmen.
#4
General Discussion / Re: [SOLVED] serial console co...
Last post by franco - Today at 11:42:54 AMHi Silke,
No problem at all. If the problem reappears let me know. Reordering the options wouldn't be an issue although in practice their order shouldn't matter since they are accessed by the boot code as needed.
Cheers,
Franco
No problem at all. If the problem reappears let me know. Reordering the options wouldn't be an issue although in practice their order shouldn't matter since they are accessed by the boot code as needed.
Cheers,
Franco
#5
Q-Feeds (Threat intelligence) / Q-Feeds Events - nothing shown
Last post by lmoore - Today at 11:22:40 AMI'm running OPNsense 26.1.8_5 with os-q-feeds-connector 1.6 and when I go to view the events nothing is listed.
Looking in System -> Log Files -> Backend, I am seeing these log entries;
I rebooted OPNsense earlier but it hasn't helped.
Is it just me or are others seeing this issue too?
Looking in System -> Log Files -> Backend, I am seeing these log entries;
Quote2026-05-22T17:13:33
Error
configd.py
[6381d872-a12b-4043-826d-0548754dcdac] Script action failed with Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py logs ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 93, in execute subprocess.run(script_command, env=self.config_environment, shell=True, ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ check=not self.disable_errors, stdout=output_stream, stderr=error_stream) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/subprocess.py", line 577, in run raise CalledProcessError(retcode, process.args, output=stdout, stderr=stderr) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py logs ' returned non-zero exit status 1.
Quote2026-05-22T10:42:41
Error
configd.py
[687e3cd2-e0d4-4f64-b27c-31bc9b6da13a] Script action failed with Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py logs ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 93, in execute subprocess.run(script_command, env=self.config_environment, shell=True, ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ check=not self.disable_errors, stdout=output_stream, stderr=error_stream) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/subprocess.py", line 577, in run raise CalledProcessError(retcode, process.args, output=stdout, stderr=stderr) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py logs ' returned non-zero exit status 1.
I rebooted OPNsense earlier but it hasn't helped.
Is it just me or are others seeing this issue too?
#6
German - Deutsch / Re: LogIn-Seite vor Captive Po...
Last post by NausB - Today at 11:11:15 AMDanke, das erklärt einiges.
Ich hatte Allowed Addresses tatsächlich als erlaubte Zieladressen verstanden.
Wenn das eher Quelladressen meint, passt das zu meinem Log mit der Default Captive Portal block rule.
Ich schaue mir als Nächstes über Inspect die automatisch generierten Regeln an und prüfe DHCP Option 114.
Produktiv werde ich ,,Disable firewall rules" erst einmal nicht setzen, sondern höchstens in einer Testumgebung nachbauen.
Ich hatte Allowed Addresses tatsächlich als erlaubte Zieladressen verstanden.
Wenn das eher Quelladressen meint, passt das zu meinem Log mit der Default Captive Portal block rule.
Ich schaue mir als Nächstes über Inspect die automatisch generierten Regeln an und prüfe DHCP Option 114.
Produktiv werde ich ,,Disable firewall rules" erst einmal nicht setzen, sondern höchstens in einer Testumgebung nachbauen.
#7
Virtual private networks / Re: Gateway monitoring and pro...
Last post by rumshot - Today at 10:55:22 AMHello Bob,
Thanks again for your help and i can confirm that works.
You just need to avoid overlap the ip address and boom, all working. Amazing.
Thanks
Thanks again for your help and i can confirm that works.
You just need to avoid overlap the ip address and boom, all working. Amazing.
Thanks
Quote from: Bob.Dig on May 19, 2026, 12:58:04 PMQuote from: rumshot on May 19, 2026, 12:38:49 PMI won't be able to have two connections with proton, once their tunnels always have the same addressJust change the first "2" to a different number (e.g. 10.3.0.2).
#8
General Discussion / Re: [SOLVED] serial console co...
Last post by silke61 - Today at 10:20:57 AMNow I am totally perplexed. After your answer I did some more research and found the info that onifconsole only works when in /boot/loader.conf comconsole is set before vidconsole in the console parameter. So I changed it, also set /etc/ttys back to onifconsole and rebooted but after the reboot loader.conf was back to the old sequence, onifconsole was still set but now the serial console worked !?! I promise I tried dozens of times before and it definitely did not work with these very settings.
But since it now works with onifconsole I will not write a feature request. Whatever happend in my instace I don't think OPNsense is at fault.
Thanks for your responsiveness and sorry for the noise
Silke
But since it now works with onifconsole I will not write a feature request. Whatever happend in my instace I don't think OPNsense is at fault.
Thanks for your responsiveness and sorry for the noise
Silke
#9
General Discussion / Re: [SOLVED] serial console co...
Last post by franco - Today at 09:36:58 AMIt was never needed and I recall no reports that it would have. It's the FreeBSD default we try to follow.
If it fixes your issue I'd appreciate a GitHub ticket and I can see how to offer this. It's not great to micro-manage this but if it fixes a real world issue that's ok.
https://github.com/opnsense/core/issues/new?template=feature_request.md
Cheers,
Franco
If it fixes your issue I'd appreciate a GitHub ticket and I can see how to offer this. It's not great to micro-manage this but if it fixes a real world issue that's ok.
https://github.com/opnsense/core/issues/new?template=feature_request.md
Cheers,
Franco
#10
General Discussion / Re: [SOLVED] serial console co...
Last post by silke61 - Today at 09:23:55 AMQuote from: franco on Today at 08:42:28 AMFor VMs one mostly starts with a VGA image which doesn't have serial enabled.
That's why I enabled it after installation. The standard VGA based console in Proxmox has a few disadvantages, e.g. it doesn't support cut & paste (at least not easily), that is why I used the serial based xterm.js console. As I said, it works, but only after I changed 'onifconsole' to 'on'. Is there any reason not to always set it to 'on' when enabled?
If there are good reasons it is fine with me since I found a solution, it is just one more thing to remember for a possible new install. (And if I miss it, a web search will hopefully lead me to this post to remind me)
Thanks for all your great work!
Silke
