Recent posts

#1

26.1, 26,4 Series / Gateway Monitoring auf IPv6 fu...

Last post by Bytechanger - Today at 06:06:45 PM

Hallo,

ich betreibe eine OPNSense hinter einer FritzBox.
Ping6 funktioniert auf der OPNSense und im Netz ohne Probleme, nur wenn ich im Gateway das Monitoring starte (auf Google oder Cloudflare) bekomme ich beim IPv6 Gateway immer 100% loss ??

Was mache ich falsch?

LG

Byte

#2

26.1, 26,4 Series / Re: This makes me want to cry!...

Last post by roohoo - Today at 05:55:52 PM

Quote from: lmoore on Today at 04:24:00 PMWhen you first sign in to the Web GUI, is the Uptime being reported correctly and does the time on your computer match OPNsense?

The next time this happens, instead of rebooting, select option 11 to restart all services.

Which time zone have you selected in OPNsense?

In your environment, where is your DNS server located?

When you SSH to OPNsense, do you use the IP address or FQDN?

The screen shot you posted on the 18th shows your memory usage at 76.5%, has it gone above this mark?

When you first sign in to the Web GUI, is the Uptime being reported correctly and does the time on your computer match OPNsense?

It is, occasionally, correct but most of the time it's >20,000 days. OPNSense time is correct

The next time this happens, instead of rebooting, select option 11 to restart all services.

I have tied this. Sometimes it works, most of the time it doesn't have any effect.

Which time zone have you selected in OPNsense?

Europe/London

In your environment, where is your DNS server located?

It's the OPNSense box.

When you SSH to OPNsense, do you use the IP address or FQDN?

IP address [ssh root@192.168.2.1]

The screen shot you posted on the 18th shows your memory usage at 76.5%, has it gone above this mark?

I'm not sure I trust this figure but it often goes above this. At the moment it's 93.48% - that's nearly 19GB! If this is correct, I put it down to either ZFS or FreeBSD making use of some free RAM. Here's the output of a top shell command:

1568 processes:1 running, 1567 sleeping
CPU: 0.9% user, 0.0% nice, 1.6% system, 0.0% interrupt, 97.5% idle
Mem: 11G Active, 1250M Inact, 4031M Laundry, 1685M Wired, 72K Buf, 1048M Free
ARC: 760M Total, 239M MFU, 364M MRU, 32M Anon, 13M Header, 110M Other
538M Compressed, 1384M Uncompressed, 2.57:1 Ratio
Swap: 8192M Total, 916M Used, 7276M Free, 11% Inuse

PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11658 root 1 68 0 55M 25M lockf 0 0:00 5.13% php
21957 root 1 21 0 20M 6528K CPU2 2 0:02 2.54% top
344 root 1500 68 0 657M 295M accept 0 100:31 0.46% python3.13
14678 root 4 20 0 53M 7920K kqread 3 4:17 0.23% syslog-ng
96093 root 2 37 0 24M 6424K select 3 0:00 0.13% ntpd
24195 unbound 6 20 0 134M 38M kqread 1 3:23 0.06% unbound
93316 root 1 36 0 14M 2024K bpf 1 0:00 0.05% filterlog
42146 root 1 68 0 13M 1536K select 0 0:11 0.05% dhcp6c
11732 nobody 1 20 0 15M 1816K select 5 0:29 0.04% dnsmasq
95265 root 1 20 0 28M 7752K select 1 0:17 0.01% python3.13
41669 root 1 20 0 28M 5000K select 0 0:05 0.01% python3.13
65213 _flowd 1 20 0 13M 1660K select 2 0:06 0.01% flowd
33021 root 1 20 0 32M 5428K nanslp 0 0:08 0.01% python3.13
39760 root 1 20 0 13M 1256K select 5 0:16 0.01% powerd
57172 root 1 20 0 53M 27M nanslp 1 35:15 0.00% python3.13
80715 root 1 20 0 20M 7668K select 4 0:00 0.00% sshd-session
36291 root 1 20 0 14M 1528K kqread 3 0:01 0.00% rtsold
96883 nobody 1 20 0 13M 1212K sbwait 2 0:02 0.00% samplicate
38379 root 1 20 0 14M 1508K select 1 0:01 0.00% rtsold
76958 root 1 20 0 23M 6984K kqread 4 0:08 0.00% lighttpd
34669 _dhcp 1 20 0 14M 1684K select 1 0:01 0.00% dhclient
98197 root 1 68 0 14M 1616K nanslp 4 0:01 0.00% cron
49260 root 1 20 0 69M 14M accept 4 0:01 0.00% php-cgi
91065 root 1 20 0 53M 13M accept 5 0:01 0.00% php-cgi
90927 root 1 26 0 60M 8192B accept 1 0:01 0.00% <php-cgi>
342 root 1 68 0 29M 8192B wait 3 0:01 0.00% <python3.13>
21933 root 1 4 0 14M 1612K select 3 0:01 0.00% dhclient
9902 root 1 20 0 69M 14M accept 0 0:01 0.00% php-cgi
96048 root 1 20 0 53M 9440K accept 2 0:01 0.00% php-cgi
82910 root 1 20 0 53M 11M accept 3 0:00 0.00% php-cgi
4016 root 1 20 0 53M 14M accept 2 0:00 0.00% php-cgi
3936 root 1 20 0 53M 24M accept 2 0:00 0.00% php-cgi
47989 root 1 68 0 55M 24M lockf 0 0:00 0.00% php
68226 root 1 68 0 55M 24M lockf 0 0:00 0.00% php
90853 root 1 68 0 55M 24M lockf 4 0:00 0.00% php
35933 root 1 68 0 55M 24M lockf 4 0:00 0.00% php
13691 root 1 68 0 55M 24M lockf 2 0:00 0.00% php
60305 root 1 68 0 55M 24M lockf 1 0:00 0.00% php
94602 root 1 68 0 55M 24M lockf 4 0:00 0.00% php
30761 root 1 68 0 55M 24M lockf 0 0:00 0.00% php

#3

Tutorials and FAQs / Re: OPNsense HA (CARP) with IP...

Last post by opn_mndr12101 - Today at 04:35:21 PM

This is the os-ndp-proxy-go plugin? Do I need the os-ndproxy, too?

#4

26.1, 26,4 Series / Re: This makes me want to cry!...

Last post by lmoore - Today at 04:24:00 PM

Quote from: roohoo on April 17, 2026, 08:51:20 PMInterestingly, this afternoon I grabbed another computer: A Ryzen 3900x-powered machine with 128GB of RAM, an M.2 nvme drive, and a Quadro video card. I installed OPNSense with a bare setup (just interfaces configured) and started it up.

Now, around two hours later, I have exactly the same issue: That's a third completely different computer used to install and run OPNSense that has the webGUI die in a few hours of running!

I use Firefox (ESR) primarily and have it and MS-Edge operating in In-Private mode. I only have two extensions installed in each of them.

On the rare occasion the browser has timed out, the most I've ever needed to do is a browser refresh to regain the login page. I typically have the browser signed in to OPNsense for days without issue and no timeouts.

When you first sign in to the Web GUI, is the Uptime being reported correctly and does the time on your computer match OPNsense?

The next time this happens, instead of rebooting, select option 11 to restart all services.

Which time zone have you selected in OPNsense?

In your environment, where is your DNS server located?

When you SSH to OPNsense, do you use the IP address or FQDN?

The screen shot you posted on the 18th shows your memory usage at 76.5%, has it gone above this mark?

#5

26.1, 26,4 Series / Re: WAAgent Linux broken after...

Last post by tunnebr - Today at 03:59:52 PM

That's very strange. I hope the issue gets fixed. For now, I have no choice but to restore the VMs I've already updated. I hope Deciso fixes this soon... after all, we pay platform fees to Deciso for the license and the image, which are significantly higher than a "default" BE license. :-)

#6

26.1, 26,4 Series / Re: WAAgent Linux broken after...

Last post by nero355 - Today at 03:22:25 PM

I see many of those errors here too : https://toggen.com.au/it-tips/getting-the-azure-agent-running-in-opnsense/

And it seems this WAAgent thing is not supported on anything FreeBSD based at all ?!

Perhaps it needs : https://docs.freebsd.org/en/books/handbook/linuxemu/ ??
In the past it use to add a Red Hat Linux base for Linux applications but I don't know what it does these days...

#7

Tutorials and FAQs / Re: OPNsense HA (CARP) with IP...

Last post by Monviech (Cedrik) - Today at 03:15:42 PM

I run two opnsense behind my fritzbox in HA with an ndp proxy. That way both devices announce the same prefix all the time, doesn't matter which of them is online. The CARP hook prevents the ndp proxy from running on both nodes at the same time.

Please note that DHCPv6-PD might be better for most environments.

HA support was a natural consequence of the stateless design and the CARP hook from when I wrote the ndp proxy. Works pretty stable for me (in combination with a Fritzbox).

https://docs.opnsense.org/manual/ndp-proxy-go.html#high-availability

#8

26.1, 26,4 Series / Re: IPv6 weirdness

Last post by nero355 - Today at 03:14:03 PM

Quote from: jcdick1 on Today at 03:15:50 AMSome VMs in my environment have only a single interface on the LAN network, others have some combination of the three. Physical devices (PCs, streaming devices, etc) are all on the LAN network.

The Management and Storage networks have firewall rules to keep them isolated - for all intents and purposes, unrouted.

But you should still be aware of possible A-symmetric Routing despite the Firewall Rules so make sure to double check on that or at least keep an eye on it !!

QuoteKEA is configured to only have its DHCPv6 server active on the LAN network (only interface with a checkbox in the dropdown).
But its "Leases DHCPv6" page is showing active leases on the "Management" interface.
And on the hosts, those corresponding IPv6 addresses are showing on their LAN-associated interface.

At the same time, some devices on the LAN network cannot get IPv6 addresses.

This could be related to the above or simply a case of adjusting local settings/tuning configuration on those hosts.

#9

26.1, 26,4 Series / Re: Crash and brick during upd...

Last post by nero355 - Today at 03:04:41 PM

So this is a Proxmox VM with OPNsense in it that we are talking about ?

I believe there are some adjustments you need to do if both your Proxmox Storage and OPNsense VM use OpenZFS as the File System so you could have a look at that if it applies to your situation ??

#10

Tutorials and FAQs / Re: OPNsense HA (CARP) with IP...

Last post by nero355 - Today at 02:59:35 PM

IMHO :
- This is a silly HA setup : When the Fritz!Box goes down your whole network goes down too !!
- If you remove the Fritz!Box the issue would stay the same : Your ISP would also give you two different IPv6 Prefixes !!
At least a lot of them do AFAIK because they don't check if one Customer has requested more than one IPv6 Prefix.

This kind of HA setup is more suited for Business Customers that get a Static IPv4 Address or whole Subnet + Static IPv6 Prefix.