"Recent posts
#1
Web Proxy Filtering and Caching / Re: Nginx stream - proxying Op...
Last post by s.meier68 - Today at 08:33:10 AMIt's a bit late, I solved this using the SNI map and a default entry. OpnSense 26.1
Nginx > Data Streamx > SNI Based Routing
default > my openvpn Server
Nginx > Data Streamx > SNI Based Routing
default > my openvpn Server
#2
25.7, 25.10 Series / Re: IPv6 erratically broken fr...
Last post by franco - Today at 08:29:11 AM #3
26.1 Series / Re: IPv6 from Android devices ...
Last post by franco - Today at 08:27:53 AM> Is https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280701 supposed to apply to 26.1 kernels? Has the whole patch set been reverted or is it supposed to be fixed?
We do not really know and they made it clear they really do not care.
I still think FreeBSD users suffer more from this than OPNsense users ever did.
Cheers,
Franco
We do not really know and they made it clear they really do not care.
I still think FreeBSD users suffer more from this than OPNsense users ever did.
Cheers,
Franco
#4
26.1 Series / Re: Monit does not update its ...
Last post by franco - Today at 08:25:59 AMCheck the backend log for template errors:
# opnsense-log configd
Cheers,
Franco
# opnsense-log configd
Cheers,
Franco
#5
26.1 Series / Re: Feature Request: FIDO2 / W...
Last post by franco - Today at 08:25:05 AM> From my side, it wasn't meant as "I want everything for free", but more as a reality check.
Sure, we're both managing expectations here. It's only fair.
We also have the added cost of maintenance for any feature that makes it into community especially, which also includes scrutiny on the business end. In some cases it's easier to rewrite or refuse. Commercial support is also an invaluable reality check for user base need and expectations.
Cheers,
Franco
Sure, we're both managing expectations here. It's only fair.
We also have the added cost of maintenance for any feature that makes it into community especially, which also includes scrutiny on the business end. In some cases it's easier to rewrite or refuse. Commercial support is also an invaluable reality check for user base need and expectations.
Cheers,
Franco
#6
26.1 Series / Re: RAM usage changed
Last post by JamesFrisch - Today at 07:28:09 AMWhile I agree that empty RAM == wasted RAM, OP is asking about the increased RAM usage.
And since ARC is only the small, green part of that picture, my guess is he/she is not asking about the increased ARC usage, but the RAM usage.
And since OP is asking why the RAM usage got smaller, I would guess either something got better (IDK blocklist of unbound compressed or something like that?) or he/she changed something in the settings.
And since ARC is only the small, green part of that picture, my guess is he/she is not asking about the increased ARC usage, but the RAM usage.
And since OP is asking why the RAM usage got smaller, I would guess either something got better (IDK blocklist of unbound compressed or something like that?) or he/she changed something in the settings.
#7
German - Deutsch / Re: Stiegeler Glasfaser mit Op...
Last post by Maurice - Today at 04:52:31 AMQuote from: bamf on Today at 01:22:18 AMWäre es möglich, einen kleinen Switch wie den Mikrotik CRS305 quasi als "externes Gehäuse" für das SFP-Modul zu verwenden?Klar, falls Du ohnehin einen Switch mit SFP-Ports hast, dann kann das GPON-SFP auch da rein.
Bei mir steckt es in einem kleinen MikroTik-Router (hEX S), der zum einen als Switch dient und zum anderen als PPPoE-Offloader.
#8
26.1 Series / Re: Multi WAN load balancing v...
Last post by OPNenthu - Today at 04:09:24 AMQuote from: dash on February 12, 2026, 06:50:12 PMI create a group Gateway with both GWs on Level1 for load balancing as well as a out rule for LAN net on LAN interface with GW setted to this group Gateway.
I suspect the 'out' rule might be at least one culprit and I don't know why it's needed.
Try:
Interface: LAN
Direction: IN
Source: LAN net
Destination: !LAN net (or whatever 'internet' means on your network)
Gateway: <YOUR_LB_GROUP>
That works for my LB group (I balance two VPN gateways), but I only use them for internet access from my local network. A LAN rule like this for both IP protocols would take care of load balancing for outbound traffic originating locally.
For ingress, the packets would first enter the WAN firewall interface and get filtered there, then forwarded. I don't think LAN rules come into play for your external SSH connection if I'm not mistaken, so that LAN 'out' rule wouldn't do what you want. That's for blocking outbound traffic that originated from LAN (like if you have some internal IPs that should not be allowed out from LAN).
What seems clear from your description is that it's choosing the default route (your ISP#1) for the IPv4 return traffic, which is the default behavior.
EDIT: I'm not confident about this part. Some sources say that the default behavior is to use the same gateway that the packet arrived in on because the gateway is pinned in the state that was created on WAN, but only if 'reply-to' is not disabled (which is the default).
#9
26.1 Series / Re: RAM usage changed
Last post by pfry - Today at 03:21:08 AMSince you were considering a change in default values or failure to restore, are these settings the same:
Firewall: Settings: Advanced -> Miscellaneous -> Firewall Maximum States and Firewall Maximum Table Entries
System: Settings: Miscellaneous -> Disk / Memory Settings (reboot to apply changes)
...?
Firewall: Settings: Advanced -> Miscellaneous -> Firewall Maximum States and Firewall Maximum Table Entries
System: Settings: Miscellaneous -> Disk / Memory Settings (reboot to apply changes)
...?
#10
German - Deutsch / Re: Stiegeler Glasfaser mit Op...
Last post by bamf - Today at 01:22:18 AMIch habe hier auch ein Zyxel PMG3000-D20B für den kommenden Telekom Glasfaser-Anschluss rumliegen.
Mein Router hat keine aktive Kühlung und wird so schon ziemlich heiß. Die SSDs kämpfen bei jedem Scrub oder SMART-Test mit der Hitze. Wär das dann eher eine schlechte Idee, das Ding im SFP-Port zu verwenden?
Ich würde eigentlich gerne den I226-V komplett umgehen und alles über den X553 laufen lassen.
Wäre es möglich, einen kleinen Switch wie den Mikrotik CRS305 quasi als "externes Gehäuse" für das SFP-Modul zu verwenden? Mit Bridge auf dem Switch über die beiden Ports?
Mein Router hat keine aktive Kühlung und wird so schon ziemlich heiß. Die SSDs kämpfen bei jedem Scrub oder SMART-Test mit der Hitze. Wär das dann eher eine schlechte Idee, das Ding im SFP-Port zu verwenden?
Ich würde eigentlich gerne den I226-V komplett umgehen und alles über den X553 laufen lassen.
Wäre es möglich, einen kleinen Switch wie den Mikrotik CRS305 quasi als "externes Gehäuse" für das SFP-Modul zu verwenden? Mit Bridge auf dem Switch über die beiden Ports?
