"Recent posts
#1
German - Deutsch / Re: Umbau Netzwerk/Rules
Last post by kosta - Today at 12:27:05 AMHier ist auch noch so ein Screenshot der für mich absolut keinen Sinn macht... innerhalb von 30 Sekunden, ohne dass ich irgendwas geändert habe, mittendrin des Zugriffs per SMB, kommen lauta Blocks und dann Allow. Aber gemerkt habe ich eigentlich nichts.
#2
25.7, 25.10 Series / Re: Error popup: The release t...
Last post by olluz - December 09, 2025, 11:35:16 PMThe error still occurs on freshly installed OPNsense instance the FIRST time when clicking "Check for updates". This is reproducable.
#3
Portuguese - Português / Re: Comunidade - Língua Portug...
Last post by juliocbc - December 09, 2025, 11:12:52 PMSeja bem vindos!
@glgontijo muito obrigado pelo testemunho! É bom ver a comunidade OPNsense crescendo e se fortalecendo!
@glgontijo muito obrigado pelo testemunho! É bom ver a comunidade OPNsense crescendo e se fortalecendo!
#4
German - Deutsch / Re: Probleme mit DNS + VLAN + ...
Last post by viragomann - December 09, 2025, 11:10:29 PMQuote from: mfreudenberg on December 09, 2025, 10:55:05 PMich weiß nicht, wo man in OPNSense Packet Capture machen kann.Interfaces: Diagnostics: Packet Capture
Quote from: mfreudenberg on December 09, 2025, 10:55:05 PMIch hab mal einfach meinen Wireshark angeworfen, auf die dst-adresse gefiltert und mal einen curl auf heise.de gemacht.Am Client Gerät, nehm ich an?
Am Route siehst du auch, ob und wie die Pakete am WAN rausgehen.
Nur um sicher zu gehen, die grundsätzliche Konfiguration ist in Ordnung?
- in Interfaces: Settings: Haken bei "Hardware CRC", "Hardware TSO", "Hardware LRO"
- in Proxmox auf den Bridges "VLAN awareness" aktiviert
#5
German - Deutsch / Re: GeoIP (Maxmind) nicht mehr...
Last post by viragomann - December 09, 2025, 10:57:56 PMHallo,
Der letzte Punkt in der Anleitung.
Wobei kommt diese Meldung?.
Quote from: kosta on December 09, 2025, 09:01:56 PM"In order to use GeoIP, you need to configure a source in the GeoIP settings tab"hast du das auch gemacht?
Der letzte Punkt in der Anleitung.
Wobei kommt diese Meldung?.
#6
General Discussion / Re: Zoraxy Reverse Proxy does ...
Last post by crazywolf13 - December 09, 2025, 10:56:33 PMYeah seems like this is somewhat out of my league and power, but I'm happy to provide/do any testing for this to be resolved, as this is kind of the online major pain-point I currently have in my homelab.
On a side note, on this thread, I'm also helping to troubleshoot Forward Auth in zoraxy when using authentik: https://github.com/tobychui/zoraxy/issues/895#issuecomment-3621381598
Here there is a image of zoraxy that logs far more verbose data, maybe this is in any way helpful?
On a side note, on this thread, I'm also helping to troubleshoot Forward Auth in zoraxy when using authentik: https://github.com/tobychui/zoraxy/issues/895#issuecomment-3621381598
Here there is a image of zoraxy that logs far more verbose data, maybe this is in any way helpful?
#7
German - Deutsch / Re: Probleme mit DNS + VLAN + ...
Last post by mfreudenberg - December 09, 2025, 10:55:05 PMHi,
ich weiß nicht, wo man in OPNSense Packet Capture machen kann. Ich hab mal einfach meinen Wireshark angeworfen, auf die dst-adresse gefiltert und mal einen curl auf heise.de gemacht.
Ich sehe ganz viele TCP-Retransmissions. Ich vermute, dass die Rückpakete irgendwie nicht durchkommen.
ich weiß nicht, wo man in OPNSense Packet Capture machen kann. Ich hab mal einfach meinen Wireshark angeworfen, auf die dst-adresse gefiltert und mal einen curl auf heise.de gemacht.
Ich sehe ganz viele TCP-Retransmissions. Ich vermute, dass die Rückpakete irgendwie nicht durchkommen.
#8
General Discussion / I spent a couple of days tryin...
Last post by 7queue - December 09, 2025, 10:25:38 PMWhat I tried as a backup recovery plan is to use a drive that's the same size as the one in the firewall in a usb adapter and have zfs mirror the install partion onto the usb drive.
The usb drive has a clean install of OPNsense with zfs and that's it.
Plug the usb drive into the firewall and do the following
# gpart show
=> 40 2000409184 ada0 GPT (954G)
40 532480 1 efi (260M)
532520 1024 2 freebsd-boot (512K)
533544 984 - free - (492K)
534528 16777216 3 freebsd-swap (8.0G)
17311744 1983096832 4 freebsd-zfs (946G)
2000408576 648 - free - (324K)
=> 40 2000409184 da0 GPT (954G)
40 532480 1 efi (260M)
532520 1024 2 freebsd-boot (512K)
533544 984 - free - (492K)
534528 16777216 3 freebsd-swap (8.0G)
17311744 1983096832 4 freebsd-zfs (946G)
2000408576 648 - free - (324K)
The usb drive is da0 and partition 4 is the clean install of OPNsense.
# gpart delete -i 4 da0
# gpart add -i 4 -a 1m -t freebsd-zfs da0
Then attach the new partition. (had to use -f since it complains that /dev/da0p4 is part of potentially active pool 'zroot' from the clean install)
# zpool attach -f zroot ada0p4 da0p4
Let it resilver then shutdown and unplug the usb drive and power the firewall back up and detach the now missing usb drive.
# zpool detach zroot da0p4
After this verify the usb drive works by booting off of the usb drive in a test system. If you don't have a test system you will need to temporaraly disconnect the drive in the firewall in order to boot off the usb drive.
To clean up the cloned drive in the usb adapter.
# zpool detach zroot ada0p4
Login through the web interface and verify everything looks good.
If the drive in the firewall goes I can boot off the usb drive untill I get around to replacing the failed drive.
If the hardware goes I have a drive in the usb adapter I can use in a new firewall to get back up and running.
...and this works for me, YMMV.
The usb drive has a clean install of OPNsense with zfs and that's it.
Plug the usb drive into the firewall and do the following
# gpart show
=> 40 2000409184 ada0 GPT (954G)
40 532480 1 efi (260M)
532520 1024 2 freebsd-boot (512K)
533544 984 - free - (492K)
534528 16777216 3 freebsd-swap (8.0G)
17311744 1983096832 4 freebsd-zfs (946G)
2000408576 648 - free - (324K)
=> 40 2000409184 da0 GPT (954G)
40 532480 1 efi (260M)
532520 1024 2 freebsd-boot (512K)
533544 984 - free - (492K)
534528 16777216 3 freebsd-swap (8.0G)
17311744 1983096832 4 freebsd-zfs (946G)
2000408576 648 - free - (324K)
The usb drive is da0 and partition 4 is the clean install of OPNsense.
# gpart delete -i 4 da0
# gpart add -i 4 -a 1m -t freebsd-zfs da0
Then attach the new partition. (had to use -f since it complains that /dev/da0p4 is part of potentially active pool 'zroot' from the clean install)
# zpool attach -f zroot ada0p4 da0p4
Let it resilver then shutdown and unplug the usb drive and power the firewall back up and detach the now missing usb drive.
# zpool detach zroot da0p4
After this verify the usb drive works by booting off of the usb drive in a test system. If you don't have a test system you will need to temporaraly disconnect the drive in the firewall in order to boot off the usb drive.
To clean up the cloned drive in the usb adapter.
# zpool detach zroot ada0p4
Login through the web interface and verify everything looks good.
If the drive in the firewall goes I can boot off the usb drive untill I get around to replacing the failed drive.
If the hardware goes I have a drive in the usb adapter I can use in a new firewall to get back up and running.
...and this works for me, YMMV.
#9
General Discussion / Re: Zoraxy Reverse Proxy does ...
Last post by meyergru - December 09, 2025, 10:16:55 PMYup, as I said, the moment you connect via HTTP/2 to Zoraxy with OpnSense as the backend, it does not work any more.
There must be something that is special on the backend when that happens which OpnSense does not like. However, I have found no way of setting or deleting HTTP headers on the frontend not could I find a setting within Zoraxy to change it. I used many combinations of advanced settings, like deleting headers that pertain to HTTP/2, to no avail.
The only approach I can think of is to dump all request data on the HTTPS backend - but that is not easy, since you cannot easily use tcpdump for that, you will need to have the web server (or Zoraxy as the client) do it. Zoraxy itself is relatively fresh - there is a bug open for this problem and there are no means to log requests, either (that is a feature request).
There must be something that is special on the backend when that happens which OpnSense does not like. However, I have found no way of setting or deleting HTTP headers on the frontend not could I find a setting within Zoraxy to change it. I used many combinations of advanced settings, like deleting headers that pertain to HTTP/2, to no avail.
The only approach I can think of is to dump all request data on the HTTPS backend - but that is not easy, since you cannot easily use tcpdump for that, you will need to have the web server (or Zoraxy as the client) do it. Zoraxy itself is relatively fresh - there is a bug open for this problem and there are no means to log requests, either (that is a feature request).
#10
Virtual private networks / Re: Routing OpenVPN Traffic th...
Last post by cidimir - December 09, 2025, 10:06:51 PMIt did, but what it didn't have was a SPD for the second child. For whatever reason, OPNSense only generated a source/dest pair for the first child, so I had to manually add a new pair for the second child and then associate them together with a reqid. It's functioning now.
