"Recent posts
#1
26.1, 26,4 Series / Re: KEA is still a mess IMHO
Last post by lmoore - Today at 03:02:36 AMQuote from: Patrick M. Hausen on May 08, 2026, 10:50:30 PMQuote from: lilsense on May 08, 2026, 07:07:27 PMI must be the only one here who's seen many dupe macs on laptops and pc's.I'm a network engineer for more than three decades and I have never seen a single duplicate MAC address. 🤷�♂️
I've only ever heard of this once and it was some 30 years ago, from someone I knew. They had supplied a school with new computers and installed NIC's in all of them.
The first computer connected to the network and worked just fine. When more computers were connected to the network, problems ensued and they were all failing to communicate - the root cause was the (cheap and cloned) NIC's, which all had the same MAC address.
The only time I would expect to see the same MAC address used more than once, is if the interface is configured with VLAN's.
Off-beat, I am aware of a Ubiquiti device failing spectacularly and deciding it wanted to claim to have the address for every ARP request seen on the network and offered its MAC address in response.
#2
Hardware and Performance / Re: 10GBASE-T RJ45 SFP+ Copper...
Last post by pfry - Today at 02:51:17 AMQuote from: BrandyWine on May 08, 2026, 10:23:02 PMHelp me understand that. Atom based mobo? Vendor-locked NVM?[...]
I could have been more clear. Atom-based integrated system.
As far as the vendor lock, some (most) of my discrete Intel (Intel branded, not OEM) NICs (specifically x710 and e810) only support Intel-branded (in firmware) optics. It's not a driver issue; it appears to be built into the NVM. There is no vendor lock for DAC cables; I haven't tried a UTP SFP+ (I only have one, which sits in a drawer because it's a burning weenie roaster). (Shouldn't be an issue for the original poster.)
#3
Q-Feeds (Threat intelligence) / Re: Q-Feeds Update Interval
Last post by lmoore - Today at 01:58:31 AMQuote from: lmoore on May 08, 2026, 06:23:52 PMThe main reason to leave Q-Feeds to update just after midnight is to see if the Events would be cleared, which they aren't. It appears there is a hard limit of 50,000 entries and once this is reached, no more entries are recorded.
I see now, these logs are taken from the filter logs. I thought I disabled the logging of the relevant rules later than the time in the Events view. ;)
#4
Q-Feeds (Threat intelligence) / Re: Q-Feeds Update Interval
Last post by lmoore - Today at 12:45:33 AMQuote from: DEC740airp414user on May 08, 2026, 07:30:04 PMI'm not sure what you mean by pf
My reference to PF is Packet Filter - pf.
I was referring to your Unbound image. I can't see the end of the URL feed_type and assumed you meant the IP feed.
#5
26.1, 26,4 Series / Re: KEA is still a mess IMHO
Last post by Patrick M. Hausen - May 08, 2026, 10:50:30 PMQuote from: lilsense on May 08, 2026, 07:07:27 PMI must be the only one here who's seen many dupe macs on laptops and pc's.I'm a network engineer for more than three decades and I have never seen a single duplicate MAC address. 🤷�♂️
#6
General Discussion / Help with GeoIP and csv format
Last post by ChrisC - May 08, 2026, 10:28:19 PMHi everyone,
I just learnt of this service: https://ip66.dev/ which purports to be a drop-in replacement for the MaxMind service.
I downloaded the mmdb, and using mmdbinspect against it works fine.
There exists a github project to convert .mmdb files into .csv files, but I have no idea if this would be compatible.
Does anyone know the format of the CSV files that OPNsense will accept for the GeoIP function?
I assume it also has to be compressed? I have seen both .zip and .gz extensions mentioned in URLs.
Thanks!
I just learnt of this service: https://ip66.dev/ which purports to be a drop-in replacement for the MaxMind service.
I downloaded the mmdb, and using mmdbinspect against it works fine.
There exists a github project to convert .mmdb files into .csv files, but I have no idea if this would be compatible.
Does anyone know the format of the CSV files that OPNsense will accept for the GeoIP function?
I assume it also has to be compressed? I have seen both .zip and .gz extensions mentioned in URLs.
Thanks!
#7
26.1, 26,4 Series / 26.1.7_3 - Firewall Logs all s...
Last post by zartoz - May 08, 2026, 10:23:34 PMCaveat up front, new to OPNsense. Coming over from Untangle.
I have everything functional and started testing out cutting over but I am struggling with getting Firewall Logs to show the Source IP as my 10. internal network. Everything is being shown as Pass with the rule "let out anything from firewall host itself (force gw)"
I do have dual WAN setup with a Group.
All the entries show the Gateway Interface IP as the Source IP. I have tried changing the Outbound NAT from Auto to Hybrid and Manual and back again with no change. I know I am missing something simple. I did install Zenarmor and that can report out the LAN IP traffic so at least I have some visibility there.
Happy to output anything or try anything that would help troubleshoot as I haven't fully cutover yet and still testing.
I have everything functional and started testing out cutting over but I am struggling with getting Firewall Logs to show the Source IP as my 10. internal network. Everything is being shown as Pass with the rule "let out anything from firewall host itself (force gw)"
I do have dual WAN setup with a Group.
All the entries show the Gateway Interface IP as the Source IP. I have tried changing the Outbound NAT from Auto to Hybrid and Manual and back again with no change. I know I am missing something simple. I did install Zenarmor and that can report out the LAN IP traffic so at least I have some visibility there.
Happy to output anything or try anything that would help troubleshoot as I haven't fully cutover yet and still testing.
#8
Hardware and Performance / Re: 10GBASE-T RJ45 SFP+ Copper...
Last post by BrandyWine - May 08, 2026, 10:23:02 PMQuote from: pfry on May 08, 2026, 02:56:09 AMHelp me understand that. Atom based mobo? Vendor-locked NVM?Quote from: BrandyWine on May 07, 2026, 08:00:26 PMIIRC, the ix in kernel tree lists specific models of hardware, much of it being Intel stuff.[...]
I wouldn't expect third-party Atom-based devices to have network interfaces with a vendor-locked NVM... but you never can tell. My one actual Intel 82599 (= x520) is not, but most (but not all) of my x710s are. So as you pointed out, a recommended device is a safe bet. Before Patrick chimes in, there's always fs.com for compatibles.
The in-tree driver code simply cannot house all devices. If the NIC used is in the tree (driver) code then its the P-&-P situation, should just work. Otherwise the NIC vendor should have a driver to install (my preferred method).
Post #1 seems to confuse OPNsense & FreeBSD. The hardware and OS versions determine what NICs will and will not work out-of-the-box.
Quote from: alhaddar on May 07, 2026, 05:38:28 PMHas anyone used a 10GBASE-T RJ45 SFP+ copper transceiver on a similar Mini PC setup running OPNsense?If a 10GBASE-T RJ45 SFP+ copper transceiver is in any in-tree NIC driver for the OS version, then that specific model should be good to go. Other 10GBASE-T RJ45 SFP+ copper transceivers would need their own KLM to work.
#9
Q-Feeds (Threat intelligence) / Re: Upcoming major updates sne...
Last post by Q-Feeds - May 08, 2026, 10:18:24 PMQuote from: Patrick M. Hausen on April 30, 2026, 01:49:17 PMBTW ... 🙂
Haha, oops... let's just say it's our Dutch accent ;)
#10
Q-Feeds (Threat intelligence) / Re: Q-Feeds Update Interval
Last post by Q-Feeds - May 08, 2026, 10:01:29 PMThe widget's 'Updated at' timestamp has a bug in it... it skips exactly one update cadence. So if you're licensed for 24 hours it will show 48. If you're licensed (plus) for 4 hours you will see 8 hours and for premium it will show 40 minutes instead of 20....
We actually solved it today but it wil only be shipped with the next update: https://github.com/opnsense/plugins/issues/5415
We actually solved it today but it wil only be shipped with the next update: https://github.com/opnsense/plugins/issues/5415
