"Recent posts
#1
General Discussion / Re: iso verification
Last post by patient0 - Today at 06:29:38 AMLet's see what is needed by using the lastes 26.1.6 nano as an example. The referenced guide writes:
"<filename>" does mean different things here, which can be a bit confusing.
With that the process would be as follows:
Could you elaborate which part you did find confusing and need clarification?
Since "openssl sha256 OPNsense-<filename>.bz2" ends in "bz2" you can be sure that for the sha256 checksum the compressed file is needed. And later it then mentions in the warning "Make sure to unpack the image using bunzip2 before verifying". So checksum => compressed image, verification => uncompressed image.
QuoteOpenSSL is used for image file verification. 4 files are needed for verification process:
- The SHA-256 checksum file (<filename>.sha256)
- The bzip-compressed image file (<filename>.<image>.bz2)
- The signature file for the uncompressed image file (<filename>.<image>.sig)
- The OpenSSL public key (<filename>.pub)
- For "The SHA-256 checksum file", "<filename>.sha256" refers to "OPNsense-26.1.6-checksums-amd64.sha256"
- For "The bzip-compressed image file", "<filename>.<image>.bz2" refers to "OPNsense-26.1.6-nano-amd64.img.bz2"
- For "The signature file for the uncompressed image file", "<filename>.<image>.sig" refers to "OPNsense-26.1.6-nano-amd64.img.sig"
- For "The OpenSSL public key", "<filename>.pub" refers to "OPNsense-26.1.pub"
"<filename>" does mean different things here, which can be a bit confusing.
With that the process would be as follows:
- verify the *.pub file content by comparing it from two different sources
- Verify the compressed image: 'openssl sha256 OPNsense-26.1.6-nano-amd64.img.bz2'
- Convert the signature file to base64: 'openssl base64 -d -in OPNsense-26.1.6-nano-amd64.img.sig -out /tmp/image.sig'
- Verify the uncompressed image file against it's signature and the public key: 'openssl dgst -sha256 -verify OPNsense-26.1.pub -signature /tmp/image.sig OPNsense-26.1.6-nano-amd64.img'
Could you elaborate which part you did find confusing and need clarification?
Quoteneeding to nano in a new file .pub -- for the public keyNot sure what you want to say here.
Quoteas well as a bit of unclearness about whether you uncompress before or after checking the checksum 256
Since "openssl sha256 OPNsense-<filename>.bz2" ends in "bz2" you can be sure that for the sha256 checksum the compressed file is needed. And later it then mentions in the warning "Make sure to unpack the image using bunzip2 before verifying". So checksum => compressed image, verification => uncompressed image.
#2
General Discussion / Re: iso verification
Last post by lumilumi - Today at 03:14:36 AMI think there may be an error in the guide / or at least some unclearness
- needing to nano in a new file .pub -- for the public key
- as well as a bit of unclearness about whether you uncompress before or after checking the checksum 256
I think if you compress after it provides an incorrect checksum
but if you checksum the compressed file it provides the correct checksum256
- needing to nano in a new file .pub -- for the public key
- as well as a bit of unclearness about whether you uncompress before or after checking the checksum 256
I think if you compress after it provides an incorrect checksum
but if you checksum the compressed file it provides the correct checksum256
#3
Hardware and Performance / Re: Battery Replacement: DEC74...
Last post by newsense - Today at 01:35:26 AMConfirming LR44, I changed one as well.
#4
Tutorials and FAQs / Re: IPv6 on OPNsense with Veri...
Last post by gadgetguy - Today at 01:20:00 AMQuote from: daemonhorn on March 22, 2026, 03:25:57 PMadjust interface names to match your system (e.g. em0 to igc0
Despite your instructions, I missed changing one of the interface names and struggled for a while to make it work.
Big thanks for this. I had not seen this mentioned anywhere else in my searches.
Quote from: yourfriendarmando on May 31, 2026, 06:45:53 AMDon't you have to set the FiOS router into bridge mode or similar in its web page?
Thanks for the reply. I don't have any FiOS equipment (other than the ONT), but perhaps this will help someone who finds this later and does.
#5
General Discussion / iso verification
Last post by lumilumi - Today at 12:18:47 AMhi! I'm brand new to this and I was wondering if I could get some help with this part of the instructions on installation --
im trying to verify my iso before installing - but I can't get this part of the instructions to work:
https://docs.opnsense.org/manual/install.html#download-and-verification
If the checksums match, continue with the verification commands.
openssl base64 -d -in OPNsense-<filename>.<image>.sig -out /tmp/image.sig
openssl dgst -sha256 -verify OPNsense-<filename>.pub -signature /tmp/image.sig OPNsense-<filename>.<image>
I have changed the file name to actual file name -- but the command says:
cannot verify two files at once
I verified pub key and checksum 256 -- but this part of the commands won't work for me
any tips? i'm very new!
any help greatly appreciated
im trying to verify my iso before installing - but I can't get this part of the instructions to work:
https://docs.opnsense.org/manual/install.html#download-and-verification
If the checksums match, continue with the verification commands.
openssl base64 -d -in OPNsense-<filename>.<image>.sig -out /tmp/image.sig
openssl dgst -sha256 -verify OPNsense-<filename>.pub -signature /tmp/image.sig OPNsense-<filename>.<image>
I have changed the file name to actual file name -- but the command says:
cannot verify two files at once
I verified pub key and checksum 256 -- but this part of the commands won't work for me
any tips? i'm very new!
any help greatly appreciated
#6
General Discussion / Re: [SOLVED]Packet received by...
Last post by Patrick M. Hausen - Today at 12:04:26 AMWhat are these devices, what OS are they running, and what is the API for network communication? The socket interface for IP/UDP/TCP is completely oblivious of MAC addresses and the OS just does everything necessary.
Just curious ;-)
Kind regards,
Patrick
Just curious ;-)
Kind regards,
Patrick
#7
General Discussion / Re: [SOLVED]Packet received by...
Last post by Somnolus - June 01, 2026, 11:37:26 PMYes lmoore solved it, manually modifying the program to force a proper destination mac address allows the traffic to route through Opnsense correctly.
#8
General Discussion / Re: Extended Blocklists are no...
Last post by Monviech (Cedrik) - June 01, 2026, 10:18:04 PMIt has been merged into community, documentation might need an update.
#9
Hardware and Performance / Re: Battery Replacement: DEC74...
Last post by sopex - June 01, 2026, 09:48:47 PMSend a picture
#10
Hardware and Performance / Re: Battery Replacement: DEC74...
Last post by proformap - June 01, 2026, 09:22:51 PMIt looks like an LR44 - not certain though.
The problem is that now — about two years after buying the new DEC740 — the battery has completely disintegrated ... black pieces of material, with only the top metal cap remaining. The metal battery holder on the PCB has also partially detached on one side.
I've never seen anything like this in hardware before ... I'm asking myself what could have caused the battery to degrade like this after just two years ... I can't explain it.
The problem is that now — about two years after buying the new DEC740 — the battery has completely disintegrated ... black pieces of material, with only the top metal cap remaining. The metal battery holder on the PCB has also partially detached on one side.
I've never seen anything like this in hardware before ... I'm asking myself what could have caused the battery to degrade like this after just two years ... I can't explain it.
