"Recent posts
#1
26.1, 26,4 Series / Re: issue with update with pkg...
Last post by nero355 - Today at 12:26:44 AMQuote from: edomatic4576 on May 23, 2026, 05:09:27 PMI am running opnsense 26.1.8_5 but have this issue when i do upgrade check that the package manager does this:There are multiple topics and posts about the whole PKG weirdness that occurs for some people so grab the Forum Search and see what applies to you in those olders topics and posts :)
"Upgrading package manager from version '2.5.1' to '2.3.1_1'"
#2
Hardware and Performance / Re: DEC750 NVMe thermal pad?
Last post by nero355 - Today at 12:19:03 AMQuote from: foxxx0 on May 23, 2026, 12:24:19 PMHere are some graphs for the last 4 days and 14 days respectively.Not sure why, but your images are perfectly viewable this way instead of between IMG tags :)
Mind you, the weather has gotten warmer over the last couple of days and I don't have a room temperature sensor (yet).
Last 4d:
https://foxxx0.de/img/dec750_temps_4d.jpg
Last 14d:
https://foxxx0.de/img/dec750_temps_14d.jpg
#3
General Discussion / Re: Unable to SSH into OPNsens...
Last post by nero355 - Today at 12:07:44 AMQuote from: Jingles on May 23, 2026, 05:05:53 PMHow do I access the console if I can't SSH into it?- Create a new user : Jingles
- Make sure the user is part of the wheel User Group.
- Try using that user for webGUI and SSH access :)
#4
26.1, 26,4 Series / Re: Unbound TCP drops every 7....
Last post by Decaffinated_Duck - May 23, 2026, 08:35:32 PMI've been chasing a slow/poor internet issue for a couple of weeks, and have also been kind of fixated on DNS. 4am this morning I finally found the same issue & Google led me to your post.
I'm with IINet, and not using PiHole (Using AdGuard Home on the OPNSense router). I'm now thinking that its a straight up TCP issue, and that the DHCP RENEW is somehow interrupting traffic (DNS or otherwise) - AFAIK leases fom the ISP should be in the order of day(s), not 15 minutes. Now I need to work out whether it's the OPNSense configuration or the ISP.
Please let me know if & how you resolve it & I'll do the same
Edit: apparently ISP leases can be that short & DHCPRENEWs shouldn't interrupt traffic - another rabbit hole explored!
I'm with IINet, and not using PiHole (Using AdGuard Home on the OPNSense router). I'm now thinking that its a straight up TCP issue, and that the DHCP RENEW is somehow interrupting traffic (DNS or otherwise) - AFAIK leases fom the ISP should be in the order of day(s), not 15 minutes. Now I need to work out whether it's the OPNSense configuration or the ISP.
Please let me know if & how you resolve it & I'll do the same
Edit: apparently ISP leases can be that short & DHCPRENEWs shouldn't interrupt traffic - another rabbit hole explored!
#5
26.1, 26,4 Series / Re: Netflow - continous 50-60 ...
Last post by pfry - May 23, 2026, 08:12:47 PMQuote from: molnart on May 23, 2026, 02:35:35 PM[...]Is there a better way to handle this, while keeping long term netflow statistics (10+ years)?
Quote from: Patrick M. Hausen on May 23, 2026, 05:37:29 PMSend the netflow data to a different system.
I rather like consolidation, but given your desired retention time, I have to agree. You'd probably end up with a write-only setup anyway, rather like folks I knew who recorded hundreds of hours of TV, films, etc. (Flow records would at least be usefully searchable, but still.)
#6
German - Deutsch / Re: "Lahmes" Internet seit Upd...
Last post by cottec - May 23, 2026, 08:08:38 PMQuote from: meyergru on May 23, 2026, 12:18:27 PMWindows hat da etliche ParameterSorry, wir sprechen hier von einem Android Tablet..
Und ich bin mir ziemlich sicher, dass das Problem eher durch das Update auf die 26.1 gekommen ist.
Vermutlich dann auch eher ne IPv6 Thematik...
#7
General Discussion / Re: Unable to SSH into OPNsens...
Last post by Stormscape - May 23, 2026, 07:08:17 PMQuote from: Jingles on May 23, 2026, 05:05:53 PMHow do I access the console if I can't SSH into it?He means locally, hook up a monitor and keyboard to the machine.
#8
Web Proxy Filtering and Caching / Squid proxy blocking socket ex...
Last post by emily556 - May 23, 2026, 06:50:02 PMHi everyone,
I'm currently managing an OPNsense deployment for a small team of software QA testers, and I've run into a frustrating issue regarding our outgoing web proxy rules and web-category access control lists (ACLs).
The main problem is that whenever our test devices try to fetch runtime parameters or execute remote scripts over an active SSL pipeline, the Squid proxy layer throws a 503 gateway error or abruptly terminates the websocket handshake. When checking the local logs under /var/log/squid/access.log, it appears that the firewall's dynamic category filtering is flagging the underlying traffic strings as an unclassified security risk, dropping the active loop entirely.
To narrow down if this was an issue with our local firewall rules or a broader issue with how OPNsense parses encrypted payload handshakes on mobile user-agents, I tried explicitly whitelisting a few test endpoints. I set up an exception rule referencing a popular online free modular framework that our mobile developers use to analyze script injection environments and client-side Luau mechanics. Interestingly, even with a destination alias set to fully bypass the SSL inspection profile and remote blacklist databases, the proxy engine still manages to disrupt the background websocket connections, causing the application on the testbed to freeze up and crash.
Has anyone here dealt with persistent thread termination errors when attempting to run mobile optimization or script testing utilities through a strict web proxy setup? Are there specific settings in the proxy core options—or perhaps within the structural rules of the web proxy filtering—that I need to adjust to keep mobile execution layers from breaking during runtime?
Any suggestions, custom ACL templates, or log-parsing tips from fellow network admins would be an absolute lifesaver. Thanks!
I'm currently managing an OPNsense deployment for a small team of software QA testers, and I've run into a frustrating issue regarding our outgoing web proxy rules and web-category access control lists (ACLs).
The main problem is that whenever our test devices try to fetch runtime parameters or execute remote scripts over an active SSL pipeline, the Squid proxy layer throws a 503 gateway error or abruptly terminates the websocket handshake. When checking the local logs under /var/log/squid/access.log, it appears that the firewall's dynamic category filtering is flagging the underlying traffic strings as an unclassified security risk, dropping the active loop entirely.
To narrow down if this was an issue with our local firewall rules or a broader issue with how OPNsense parses encrypted payload handshakes on mobile user-agents, I tried explicitly whitelisting a few test endpoints. I set up an exception rule referencing a popular online free modular framework that our mobile developers use to analyze script injection environments and client-side Luau mechanics. Interestingly, even with a destination alias set to fully bypass the SSL inspection profile and remote blacklist databases, the proxy engine still manages to disrupt the background websocket connections, causing the application on the testbed to freeze up and crash.
Has anyone here dealt with persistent thread termination errors when attempting to run mobile optimization or script testing utilities through a strict web proxy setup? Are there specific settings in the proxy core options—or perhaps within the structural rules of the web proxy filtering—that I need to adjust to keep mobile execution layers from breaking during runtime?
Any suggestions, custom ACL templates, or log-parsing tips from fellow network admins would be an absolute lifesaver. Thanks!
#9
26.1, 26,4 Series / Re: catch-22 with OPNsense 26....
Last post by euclid - May 23, 2026, 06:36:51 PMApologies for the confusion I spent about 3 hours on my day off tracking down this issue. To clarify (my misnomer); by "soft-interfaces" I meant the logocal interfaces that OPNSense is mapping for already existing interfaces devices/interfaces and is using for configuration (eg a VLAN to OPTx). OPNSense is calling those plain interfaces, from the top of my head, the description is not precise because some of the items that it lists under Device can be interfaces.
#10
Hardware and Performance / Re: cpu-microcode-intel: no ma...
Last post by BrandyWine - May 23, 2026, 06:28:20 PMQuote from: newsense on May 23, 2026, 09:09:18 AMAs long as Freshports doesn't move you'll get the same files from December 2025 repackaged for each 26.1.x release.The ucode packages from v25 to v26 are not the same, you can see that in ucode file sig diffs. Some ucode will remain the same whiles others change. When you bundle a whole bunch of small items into one package, and only a few small items change, makes it hard to know exactly what has changed even though the package date or rev has changed, etc.
