"Recent posts
#1
25.7, 25.10 Series / Re: clarification of snapshots
Last post by patient0 - Today at 08:59:15 AMQuote from: franco on Today at 08:05:56 AMAnd then we'd have to explain to non-ZFS and non-tech users what a snapshot and a "BE" is. It's just not going to fly.Well, you're the boss. You still have to explain to non-tech and non-ZFS people what a Snapshot is. Plus you also gotta explain to tech and ZFS people why these snapshots behave different then ZFS snapshots.
#2
25.7, 25.10 Series / Possible fix / workaround for ...
Last post by errored out - Today at 08:31:43 AMFirst off, I had multiwan with dynamicdns working before changing over to new equipment. Through trial and error, I figure out a simple solution for those who have the issue of the default route IP address being taken over the actual WAN IP address when using ddclient with backend=ddclient.
You do not have to modify your rules, routing, GW group, default routes, anything more than the ddclient.
This configuration was found when I had removed all my entries (this may not be needed, just ended up starting from scratch)
****** Steps *****
1. Create your first entry with the information that is needed.
Hostname = yourdomain.com (use your actual domain)
Check ip method = Interface
Interface to monitor = WAN (or what your external / Internet facing interface is called)
2. Create your second entry with the information that is needed.
Hostname = www.yourdomain.com (use your actual domain)
Check ip method = Interface
Interface to monitor = WAN (or what your external / Internet facing interface is called)
Note:
The only difference between the first and second entries is the hostname. The first does not have a subdomain.
I have not tested the subdomain with other entries as I can not. It may need to be www, you should test.
Also when entering, I found it did not matter if the first entry only has the domain, as once you enter the second entry, it they will switch the order automatically where subdomain . domain is listed lower.
You do not have to modify your rules, routing, GW group, default routes, anything more than the ddclient.
This configuration was found when I had removed all my entries (this may not be needed, just ended up starting from scratch)
****** Steps *****
1. Create your first entry with the information that is needed.
Hostname = yourdomain.com (use your actual domain)
Check ip method = Interface
Interface to monitor = WAN (or what your external / Internet facing interface is called)
2. Create your second entry with the information that is needed.
Hostname = www.yourdomain.com (use your actual domain)
Check ip method = Interface
Interface to monitor = WAN (or what your external / Internet facing interface is called)
Note:
The only difference between the first and second entries is the hostname. The first does not have a subdomain.
I have not tested the subdomain with other entries as I can not. It may need to be www, you should test.
Also when entering, I found it did not matter if the first entry only has the domain, as once you enter the second entry, it they will switch the order automatically where subdomain . domain is listed lower.
#3
General Discussion / Re: OPnsense VM, VLANS, Caddy,...
Last post by jamas899 - Today at 08:17:02 AMQuote from: viragomann on January 16, 2026, 07:13:38 PMThey resolved to the correct IP, OPNsense settings were changed as well (per the opnsense doc tutorial).Quote from: jamas899 on January 14, 2026, 11:54:22 AM- opnsense.example.com loads fineDo all these domains resolve to an OPNsense IP?
- pve.example.com does not load, but if you press the back button on the browser, and then forward, it will load. It just never loads on first attempt or refresh.
- pbs.example.com does not load at all.
And is your OPNsense GUI listening on something else than port 443 and did you disable "HTTP Redirect"?
I managed to resolve the issue earlier. Turned out to be a combination of some old settings in the unbound dns forwarding (forwarding the domain to localhost) that was the main culprit. There was also an issue with Pulse were for some reason it wouldn't accept https even with tls skip verify checked - had to be http.
#4
25.7, 25.10 Series / Re: CALL FOR TESTING: IPv6 imp...
Last post by franco - Today at 08:09:56 AM> On the WAN interface, ifconfig shows the lifetime of the interface address (IA_NA). But where do I see the lifetime of the prefix (IA_PD)? On the tracking LAN interface, ifconfig does not show a lifetime.
No it sounds to me that the dhcp6c service wasn't restarted. If you skipped the reboot you need to "killall dhcp6c" and reconfigure otherwise SIGHUP is used and the old binary remains active.
> Excellent! This has plagued me a lot and the workarounds I had to implement are nightmare fuel.
> Oh, I probably have to perform 2. (switch to development branch and apply patch) to see the IA_PD lifetime?
No, this issue should be fixed on 25.7.11 with the latest dhcp6c code from the repository active. If not it's a bit of core glue that is not entirely correct but that will be easy to fix with an ifconfig -L dump at the time of the renewal where it tells radvd.conf to still use the old prefix.
Cheers,
Franco
No it sounds to me that the dhcp6c service wasn't restarted. If you skipped the reboot you need to "killall dhcp6c" and reconfigure otherwise SIGHUP is used and the old binary remains active.
> Excellent! This has plagued me a lot and the workarounds I had to implement are nightmare fuel.
> Oh, I probably have to perform 2. (switch to development branch and apply patch) to see the IA_PD lifetime?
No, this issue should be fixed on 25.7.11 with the latest dhcp6c code from the repository active. If not it's a bit of core glue that is not entirely correct but that will be easy to fix with an ifconfig -L dump at the time of the renewal where it tells radvd.conf to still use the old prefix.
Cheers,
Franco
#5
25.7, 25.10 Series / Re: clarification of snapshots
Last post by franco - Today at 08:05:56 AMAnd then we'd have to explain to non-ZFS and non-tech users what a snapshot and a "BE" is. It's just not going to fly.
Cheers,
Franco
Cheers,
Franco
#6
25.7, 25.10 Series / Re: IPv6 connectivity error af...
Last post by franco - Today at 08:04:58 AMI don't think there are structural issues that would warrant this behaviour. Very rarely I see that dhcp6c is not starting, but that's because e.g. the port it's being run over is not plugged in for example.
There are logs and context missing here. 26.1 would not change what is described here. We're relying on the same mechanism to start the dhcp6c service which works IMO.
Cheers,
Franco
There are logs and context missing here. 26.1 would not change what is described here. We're relying on the same mechanism to start the dhcp6c service which works IMO.
Cheers,
Franco
#7
25.7, 25.10 Series / Re: choose shell for item 8 in...
Last post by franco - Today at 08:01:42 AMThat sounds great, thanks!
Cheers,
Franco
Cheers,
Franco
#8
25.7, 25.10 Series / Re: Captive Portal slows down ...
Last post by franco - Today at 08:00:57 AMI think you have an entirely different problem... the code didn't change from the one introduced in 25.7.10.
Cheers,
Franco
Cheers,
Franco
#9
25.7, 25.10 Series / Re: clarification of snapshots
Last post by patient0 - Today at 07:59:54 AMYou are right, it's an odd behavior given the name but most of all I think its naming is not correct.
The feature is based on 'bectl -- Utility to manage boot environments on ZFS', ZFS snapshots are use but the purpose is not for rollbacks but having different boot environments.
Reading OPnsense/Snapshots: Recommended Workflow explains the use quite well, e.g. if you want to test a config.
I think it would be clearer if it would be called 'Boot Environments'.
The feature is based on 'bectl -- Utility to manage boot environments on ZFS', ZFS snapshots are use but the purpose is not for rollbacks but having different boot environments.
Reading OPnsense/Snapshots: Recommended Workflow explains the use quite well, e.g. if you want to test a config.
I think it would be clearer if it would be called 'Boot Environments'.
#10
25.7, 25.10 Series / Re: Hostwatch - high disk writ...
Last post by franco - Today at 07:48:43 AM> Out of curiosity, what is considered a "movement"
We're recording the last MAC address for any IPv4 and IPv6 we see. If the MAC changes that's considered a "movement". In some environments this happens very rapidly and thus the service constantly registers the changes.
Cheers,
Franco
We're recording the last MAC address for any IPv4 and IPv6 we see. If the MAC changes that's considered a "movement". In some environments this happens very rapidly and thus the service constantly registers the changes.
Cheers,
Franco
