Recent posts

#1
26.1, 26,4 Series / Re: Source NAT vs Outbound ?
Last post by konrad63897 - Today at 01:46:12 PM
Quote from: franco on July 08, 2026, 04:10:33 PMHi Stephan,

You're right.  We're talking about it right now.

Outbound -> Source NAT is not entirely ready yet. Likely for a later 26.7.x and 26.10.


Cheers,
Franco

Thanks for your information, so waiting for one of the next releases before migrating to "new" Source NAT.
#2
Quote from: franco on Today at 07:27:42 AM@LHoust Still partially set up for ISC DHCP perhaps?


Cheers,
Franco

Although my 26.1 Configuration uses Kea DHCPv4, the os-isc-dhcp Plug-IN was installed as part of my Configuration Restoration...

My assumption being the DHCP Range Assigned from the Console into my "Fresh" RC1 Installation should Support Kea DHCPv4 without adding any Plug-INs???
#3
I wrote a monit script that uses wg0_monit_start.sh to automatically restart wg0 by monitoring netstat -i | grep wg0. It will take 2-3 minutes.

The new monit status is updated periodically.

https://forum.opnsense.org/index.php?topic=52172.0
#4
Tutorials and FAQs / Re: Guide: Achieving Full IPv6...
Last post by deajan - Today at 01:24:03 PM
Really nice tutorial.
I have done something alike some years ago with GUAs only since my ISP gives me a /56 network, but then again Orange (my french ISP), told me that they don't provide static IPv6 even for my profesionnal WAN link (yes! they don't provide static IPv6 in 2026 for their smaller professionel customers).

Finally, I like your ULA<--NAT-->GUA solution since I don't need to change my GUA prefix everytime Orange decides it's time to change my public IPv6.

I did read a bit about the general preference of GUAs over ULAs in this post, but would love to get a small "why ULAs are good/bad ?" answer.
The only downside I see is that IPv4 is preferred over IPv6 in case of ULAs. Is there anything else I should account for ?

Thank you.
#5
General Discussion / Renew dhcp-lease on wan via AP...
Last post by angulion - Today at 01:09:04 PM
Hello,
running opnsense 26.1.11
My ISP is a bit flaky and every few few days I lose connection which resolves by renewing the dhcp-lease.
Previously I have opened browser, gone to web UI, Interfaces->Overview and Reload on WAN, however I would like this to be less steps and just call it though the API.
I have made a new user for this with an apikey and minimal permissions (Interface: Settings, Interface: WAN (these already are way too wide)), but just get 403 Forbidden:
> curl -u 'key':'secret' -X POST https://myrouter/api/interfaces/overview/reload_interface/wan
{"status":403,"message":"Forbidden"}

Is there a way to see what permissions is required, perhaps a way to allow only that endpoint?

On the whole it seems to me that the permissions are quite lacking in granularity (would expect ability to filter by every endpoint and arguments) and opaque/poorly documented.

#6
26.1, 26,4 Series / Re: Did Monit Settings Change?
Last post by franco - Today at 01:01:45 PM
Will be next week with the upgrade path unlock for 26.7.

Still some things to do so we refrained from pushing a 26.1.12 this week.


Cheers,
Franco
#7
26.1, 26,4 Series / Re: Latest OPNsense 26.1.11_6-...
Last post by franco - Today at 01:00:37 PM
I'm assuming this since the file could have been created before ntp corrected the time. A forced update may fix it?


Cheers,
Franco
#8
26.1, 26,4 Series / Re: Latest OPNsense 26.1.11_6-...
Last post by rfox - Today at 12:40:49 PM
Good guess Franco - but don't think so - machine is only 1 year old and system time seems fine - this is only the "update" timestamp for Dyn DNS

#9
General Discussion / Re: Unbound DNS keeps crashing...
Last post by meyergru - Today at 12:28:44 PM
I proposed to ,,try" disabling These rules in the absence of you having presented your exact rules, which in Turn prevents anyone from inspecting them for any potential errors.

If Unbound works without them being enabled, it would prove something is wrong and then we can start looking. So basically, this is just a quick and Dirty Test, not a permanent Solution.
#10
German - Deutsch / Re: OpnSense Update - Adguard ...
Last post by xCtrl - Today at 12:04:36 PM
Kleines Update,

ich habe wieder eine Sense mit nicht startenden Adguard gehabt, diesmal vor Ort. Ich habe mir die config .yaml angeschaut und die Zeile mit der Version (bei mir Schema Version, ist die das?), wie oben geschrieben wurde, gefunden. Wenn ich sie entferne, läuft Adguard immer noch nicht. Ändere ich die Version von z.b. 34 auf 31, startet Adguard wieder. Ich habe die Versionsnummern mit anderen Sensen verglichen. Nachdem Adguard wieder lief, konnte ich nochmals das Update auf die 107.77 machen, seitdem geht das wieder.

Also sollte ich am Besten vor dem Update Adguard ausschalten, Unbound auf Port 53 setzen, updaten und das Ganze vice versa als kleiner Sicherheitsanker.