"Recent posts
#1
General Discussion / Re: Watchguard T70 and OPNsens...
Last post by patient0 - Today at 07:14:55 AMSearching the forum, someone installed OPNsense on it some time ago : https://forum.opnsense.org/index.php?topic=29602
#2
26.1, 26,4 Series / Re: Intel ucode Plugin vs Pack...
Last post by Patrick M. Hausen - Today at 07:14:00 AMOPNsense uses the FreeBSD ports system to build FreeBSD packages. Until the FreeBSD port maintainer updates the port the package stays the same.
#3
Documentation and Translation / Re: KEA DHCP port example inte...
Last post by sulphurfold - Today at 05:03:35 AMQuote from: wmagin on March 08, 2026, 08:25:39 AMHi all,The shared resources are truly impressive. It's incredibly easy to update and research solutions because Captive Portal and the KEA control agent are running on the same port.
I just come out of a session of getting 400: Bad request answers from my captive portal because I configured KEA DHCP server like discribed at https://docs.opnsense.org/manual/kea.html sprunki binding the control agent to port 8000. The 400 error came because Captive Portal and KEA contrl agent were running on the same port. As it is likely irrelevant on which high port the KEA agent should run it would be helpful for fellows not to run into the same issue if the example would show a port (for example 8080) which is not used by the default installation of OPNsense.
Just as a hint. Does this make sense?
Greetings
Wolfgang
#4
General Discussion / Re: Average CPU temperature go...
Last post by newsense - Today at 04:16:39 AM> Why did temps suddenly change as noted?
Corrupt databases will do that, hence my answer above
Corrupt databases will do that, hence my answer above
#5
26.1, 26,4 Series / Re: Intel ucode Plugin vs Pack...
Last post by BrandyWine - Today at 01:46:35 AMQuote from: dseven on May 27, 2026, 08:34:44 PMHmmm...Code Selectroot@opnsense:~ # pkg info cpu-microcode-intel
cpu-microcode-intel-20260227
Name : cpu-microcode-intel
Version : 20260227
Installed on : Tue May 26 08:34:48 2026 UTC
Origin : sysutils/cpu-microcode-intel
Architecture : FreeBSD:14:*
Prefix : /usr/local
Categories : sysutils
Licenses : EULA
Maintainer : jrm@FreeBSD.org
WWW : https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
Comment : Intel CPU microcode updates
Options :
RC : off
SPLIT : on
Annotations :
cpe : cpe:2.3:o:intel:microcode:20260227:::::freebsd14:x64
repo_type : binary
repository : OPNsense
Flat size : 30.2MiB
Description :
This port uses the cpuctl(4) microcode update facility to keep your Intel
processor's firmware up-to-date.
Updating your microcode can help to mitigate certain potential security
vulnerabilities in CPUs as well as address certain functional issues that could,
for example, result in unpredictable system behavior such as hangs, crashes,
unexpected reboots, data errors, etc.
root@opnsense:~ #
Just a copy from one location to another.
If there's a new version from git then why not just copy that newer pkg to the opsnsene repo, and when the FW does an updates check it installs the newer ucode pkg. I cant see how the opnsense v1.1 package would have anything newer than what comes from the Intel pkg.
My only gripe with the Intel ucode pkg, most of that pkg remains static, they bundle a whole bunch of cpuid updates into one pkg, but not every cpuid gets an update, some ucode in the pkg is many years old. Thus if the pkg is marked new but it does not contain new ucode for your cpuid, then installing the pkg is 100% moot.
And then I also wonder, why are some cpuid's getting frequent ucode updates?
#6
26.1, 26,4 Series / Re: DNSmasq missing leases and...
Last post by Ger - Today at 01:19:29 AMall interfaces are connected and showed up in adguard home when set up . very strange.
#7
26.1, 26,4 Series / Re: WAN connectivity problems ...
Last post by SilentAgnostic - May 27, 2026, 11:59:31 PMQuote from: nero355 on May 27, 2026, 11:37:09 PMYou could also just insert a Switch between the ONT and the Router to check if it's not some weird conflict between the two because of the NIC Chipsets :)
Haha, I saw that "workaround" when reading about the I225's. I don't think the I225's are any sort of problem, nor is any of my customer-owned equipment.
Anyways, quick update, I got the ISP router for testing, and it disconnected twice in under an hour when trying to renew DHCP leases.
So this is probably not an opnsense issue, it sounds like my ONT is going bad (or possibly the PON card on the ISP side).
For anyone who cares to follow, this is the messages I was getting on the ISP router (note this IP is my ISP gateway):
Quote2026 May 27 17:34:34 wan_detection info [WAN.6][WDHCP] eth1 arping to x.y.z.1 fail.
followed by a very delayed DHCP lease renewal AFTER the issue/disconnect occurs
Quote2026 May 27 17:55:43 dhcpc.sh info "[WAN.6][WDHCP] bound IP: x.y.z.113"
Based on a similar thread, it sounds like it's indeed a bad ONT/OLT/LineCard. Truck roll scheduled later this week.
https://community.verizon.com/discussion/1564866/cr1000a-losing-connection-dhcpc-sh-and-wan-detection
#8
General Discussion / Re: Watchguard T70 and OPNsens...
Last post by nero355 - May 27, 2026, 11:50:15 PMQuote from: LaForge on May 27, 2026, 11:31:02 PMI have purchased an additional mSata disk to create the install but need some instructions.https://docs.opnsense.org/ is all you need IMHO :)
QuoteI would also like to know how OPNsense and OpenWRT differ from one another and why installing OPNsense might be an advantage?OpenWRT = Linux based
OPNsense = FreeBSD based
IMHO you should consider which one to use based on :
- The type of WAN Connection
If you need good PPPoE speeds with Low End Hardware then Linux based stuff might be the better choice !!
- Which of the two is better maintained for your hardware.
OpenWRT usually has a huge "Android Custom ROM vibe" and by that I mean that if the person maintaining the OpenWRT port for a certain device decides he no longer has the time/will/interest or simply enough spare time to do it, then you are out of luck for future updates/upgrades and thus security patches.
OPNsense however simply has releases for x86-64 hardware that are released on a regular basis and that's all you need most of the time.
(Most of the time = ZenArmor/Suricata/all that other weird stuff from certain repos is not included and a whole different story...)
There is also a AArch64 port made by a 3rd party : https://forum.opnsense.org/index.php?topic=35828.0
Current last release : https://forum.opnsense.org/index.php?topic=35828.msg267203#msg267203
#9
General Discussion / Re: Multi-WAN IPv6 Prefix Depr...
Last post by ciaduck - May 27, 2026, 11:42:52 PMThanks for the reply. There were a few changes I made and things appear to be more stable. I'll have to wait a bit longer to be sure. Over the last few months I've been having to power cycle the router to fix a "split brain" situation with the networks.
The 2 things that seem to have made a difference.
1 - In verifying my settings, I didn't have any DNS server set in [system] > [settings] > [general]. I've corrected this and set them to the same servers as I have in the gateway monitoring.
2 - I've set more aggressive timeouts for RADV. I'm now using:
I've disabled any settings for NPTv6 from the [Firewall] > [NAT], because of my GUA prefix changing. Thanks for your feedback about ULAs. I know there are issues with dual stack networks, and it seems this would be one of those cases where using ULA for NPT would simply result in no IPv6 going out the secondary WAN due to "happy eyeballs" and IPv4 preference.
I'll look into NAT66. I'm also researching using a reserved GUA (like 2000:db8:: ) for NPT, but this would be a hack.
Thanks for the time and feedback.
The 2 things that seem to have made a difference.
1 - In verifying my settings, I didn't have any DNS server set in [system] > [settings] > [general]. I've corrected this and set them to the same servers as I have in the gateway monitoring.
2 - I've set more aggressive timeouts for RADV. I'm now using:
Code Select
Minimum Interval = 10
Maximum Interval = 30
AdvPreferredLifetime = 60
AdvRouteLifetime = 90I've disabled any settings for NPTv6 from the [Firewall] > [NAT], because of my GUA prefix changing. Thanks for your feedback about ULAs. I know there are issues with dual stack networks, and it seems this would be one of those cases where using ULA for NPT would simply result in no IPv6 going out the secondary WAN due to "happy eyeballs" and IPv4 preference.
I'll look into NAT66. I'm also researching using a reserved GUA (like 2000:db8:: ) for NPT, but this would be a hack.
Thanks for the time and feedback.
#10
General Discussion / Re: Watchguard T70 and OPNsens...
Last post by nero355 - May 27, 2026, 11:40:36 PMQuote from: LaForge on May 27, 2026, 11:31:02 PM1. Why does searching for "OpenSense" get you the netgate form which is for the pfSense product?OpenSense != OPNsense
I then get an admin telling me that I am "unlikely to find much love for OPNSense here on the pfSense forum". The why are they subverting the search results to exploit what must be a common mis-spelling?
So dunno...
Quote2. Why did I have to look for a link in small print at the bottom of the OPNsense website to find this forum?https://opnsense.org/ => Be Involved => OPNsense forum => DONE! ;)
