"Recent posts
#1
26.1 Series / Re: Proxmox instance upgrade 2...
Last post by rfox - Today at 12:12:07 PMWell that was quick - after experimenting around I think I solved it myself - as FYI for those curious, I had Zenarmor configured to use "native netmap" - since forever - after changing to "emulated netmap" it works again . . .
File this under "Good to know" category! Now how do I mark this post a "Solved" ?!?
Happy Sunday to all . . .
File this under "Good to know" category! Now how do I mark this post a "Solved" ?!?
Happy Sunday to all . . .
#2
Hardware and Performance / Re: Adapts to Marvell AQC113C-...
Last post by albb0920 - Today at 12:09:55 PMI've been working on adding aq2 (e.g. aqc113c) support to the abandoned FreeBSD driver.
https://github.com/albb0920/aqtion-freebsd-aq2
The patches are mostly written by LLMs, but it is already quite functional.
If anyone is interested in testing this, here's a guide on how to install on OPNsense
https://github.com/albb0920/aqtion-freebsd-aq2/wiki/OPNsense-Installation-Guide
https://github.com/albb0920/aqtion-freebsd-aq2
The patches are mostly written by LLMs, but it is already quite functional.
If anyone is interested in testing this, here's a guide on how to install on OPNsense
https://github.com/albb0920/aqtion-freebsd-aq2/wiki/OPNsense-Installation-Guide
#3
26.1 Series / Proxmox instance upgrade 26.1 ...
Last post by rfox - Today at 12:02:08 PMGreetings - just noticed on my 26.1.2 updated virtual instance - seeing flatlines on all internal interfaces in the Reporting > Traffic menu
When I show WAN traffic, it works ?!? Prior to upgrading from 25.7 and changing to new rules, this was working ??
Netflow cache not showing data (see attached pic)- I tried repairing then resetting the netflow data - no change
YES - I'm running Zenarmor - and when I turn it off - the data seems to flow again (as opposed to last time this happened it didn't help) ?!?
Similar issue as reported in this post:
https://forum.opnsense.org/index.php?topic=45608.msg228098
Any hints what can be done short of uninstalling Zenarmor?
I'm tempted to perform a fresh install and import my config file and take my chances . . . This instance has been updated since I think 23.1 version ?!?
Thx in advance -
When I show WAN traffic, it works ?!? Prior to upgrading from 25.7 and changing to new rules, this was working ??
Netflow cache not showing data (see attached pic)- I tried repairing then resetting the netflow data - no change
YES - I'm running Zenarmor - and when I turn it off - the data seems to flow again (as opposed to last time this happened it didn't help) ?!?
Similar issue as reported in this post:
https://forum.opnsense.org/index.php?topic=45608.msg228098
Any hints what can be done short of uninstalling Zenarmor?
I'm tempted to perform a fresh install and import my config file and take my chances . . . This instance has been updated since I think 23.1 version ?!?
Thx in advance -
#4
26.1 Series / Re: Issue Removing Gateway Gro...
Last post by Ben S - Today at 11:32:10 AMGlad you got it sorted. I've created a bug report for this now https://github.com/opnsense/core/issues/9792
#5
Hardware and Performance / Re: Warning about RealTek adap...
Last post by meyergru - Today at 11:27:53 AMI am already on the second but last one and considering the risk for my system and the restoration time I would be looking at, I am not willing to take that risk any more.
#6
26.1 Series / Re: Can Unbound DNSSEC be used...
Last post by Ben S - Today at 11:20:31 AMQuote from: LemurTech on February 14, 2026, 10:09:58 PMThe order of the parameters doesn't seem to matter here:
Well, I beg to differ, because..
QuoteCode Selectroot@fw01:~ # drill @127.0.0.1 -p 53053 emporia.iot.lan
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 6682
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
...
root@fw01:~ # drill -p 53053 @127.0.0.1 emporia.iot.lan
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 33100
;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Note the difference in flags. You are getting different results here. aa = Authoritative Answer because that one is hitting Dnsmasq directly. The other is not, because the port is being ignored, and it's going via Unbound.
But yes, I have what is a broadly similar setup.
- I am forwarding a subdomain of a real, existing domain to Dnsmasq (e.g. subdomain.example.net) rather than a .lan domain. I've just tried with a .lan domain like yours though and it still all seems to work too.
- Another difference in my setup may be that I'm using DoT forwarders (Quad9) instead of doing full recursion. Potentially that makes some difference to DNSSEC validation. But I also tried temporarily turning those off and everything still seemed to work.
- I don't have any windows AD stuff but you're seeing problems even without that involved so I don't think that's the culprit.
I'm kind of out of ideas but it does seem like what you're trying to do should be possible. If no-one else has better ideas you might need to turn up Unbound logging levels and see if there are any clues, especially with DNSSEC enabled, what's different between the working queries and the one which fail after 30 seconds?
#7
26.1 Series / Re: Issue Removing Gateway Gro...
Last post by namphy - Today at 10:45:00 AMThank you for the clarification. I can confirm that this was indeed the issue (we removed old rules after migration by running the removal script). I applied your suggested workaround by adding an old style rule, and after that I was able to successfully delete the gateway group.
Thanks again for the guidance!
Thanks again for the guidance!
#8
Hardware and Performance / Re: Warning about RealTek adap...
Last post by OPNenthu - Today at 10:35:54 AMAny BIOS updates for the X570 board by chance? Sometimes they don't explicitly document fixes but a new AGESA or something might fix some initialization quirks.
#9
26.1 Series / Re: Cannot lookup my domain an...
Last post by SoWhy - Today at 10:31:50 AMOkay, it seems it was the problem noted at https://github.com/opnsense/core/issues/9754
Changing the "Local" flag to off for each host has fixed it. Weirdly, it worked fine before...
Regards
SoWhy
Changing the "Local" flag to off for each host has fixed it. Weirdly, it worked fine before...
Regards
SoWhy
#10
26.1 Series / Re: NAT Reflection / Hairpinni...
Last post by ak888 - Today at 10:31:44 AMI have similar issue - to clarify my setup:
I have a local domain which is the same as my external domain. I run AGH and forwards to DNSMasq. I have a custom conf file in /usr/local/etc/dnsmasq.conf.d/custom-domain.conf with the contents
This use to work on the 25.7 series - but once I updated to 26.1 I cannot access any of the self hosted sites on from my LAN such as sub-domain.mydomain.com. I determined in was DNS by just running a nslookup on the URL's and getting no answer back.
Does your DNS resolve? Just reverted to 25.7 and all is well again (took a config backup - so was easy with the opnsense installer!)
I think the problem is the local domain flag works in the dnsmasq setting - I couldn't see that change in the generated dnsmasq.conf (what I think the setting is in the config file).
I have a local domain which is the same as my external domain. I run AGH and forwards to DNSMasq. I have a custom conf file in /usr/local/etc/dnsmasq.conf.d/custom-domain.conf with the contents
Code Select
# Only answer for known hosts, forward unknown queries upstream
server=/mydomain.com/1.1.1.1
domain=mydomain.comThis use to work on the 25.7 series - but once I updated to 26.1 I cannot access any of the self hosted sites on from my LAN such as sub-domain.mydomain.com. I determined in was DNS by just running a nslookup on the URL's and getting no answer back.
Does your DNS resolve? Just reverted to 25.7 and all is well again (took a config backup - so was easy with the opnsense installer!)
I think the problem is the local domain flag works in the dnsmasq setting - I couldn't see that change in the generated dnsmasq.conf (what I think the setting is in the config file).
