"Recent posts
#1
26.1, 26,4 Series / Re: automatically generated ru...
Last post by knowHoff - Today at 01:58:05 PMThanks a lot Patrick, good to know!
I've checked the rules and found them there.
I just hope, that this change will last.
off topic:
After being an early adopter of KEA DHCP, being afraid of continues use of ISC back then,
I regret the move nowadays, since I did not find a comparable migration tool to come back to ISC.
Someday I'll take the time to either learn howto use dnsmasq or switch back to ISC manually.
Cheers
I've checked the rules and found them there.
I just hope, that this change will last.
Quote from: Patrick M. Hausen on April 22, 2026, 06:10:58 PMThe old one going to be removed, eventually.
off topic:
After being an early adopter of KEA DHCP, being afraid of continues use of ISC back then,
I regret the move nowadays, since I did not find a comparable migration tool to come back to ISC.
Someday I'll take the time to either learn howto use dnsmasq or switch back to ISC manually.
Cheers
#2
General Discussion / Re: How do IPv6 Router Adverti...
Last post by mooh - Today at 01:41:32 PMQuote from: barney on Today at 01:32:21 AMThe RA the Dirigera publishes makes these devices routable within the VLAN but I needed to reach them from a server on a separate VLAN.This is where I don't understand what you're looking for. Devices not on one of the IPv6 networks that the border router announces can still use Matter as long as they can communicate with the border router via other means.
At my home, I have an IPv4 only network for IoT stuff which is blocked from all other local networks. That's where my border routers live. Everyone in my home has their own dedicated network. mDNS is used to announce the border router to other networks. My Mac uses IPv4 over Ethernet to communicate with the border router. Actually, I can use all my Matter over Thread devices from anywhere in the world as long as I can connect to the border router.
If you want to use IPv6 in networks where you don't see the RA messages, you may try NDP proxy. There's a section in the OPNsense manual on its usage but it only shows how to use IPv6 on a local network if you don't have prefix delegation.
#3
General Discussion / Re: still see traffic going ou...
Last post by OPNenthu - Today at 01:07:47 PMGlad it helped :)
#4
Q-Feeds (Threat intelligence) / Re: Upcoming major updates sne...
Last post by DEC740airp414user - Today at 12:02:23 PMplus user looking forward to this :)
#5
Russian - Русский / Re: os-xray — плагин Xray-core...
Last post by Qtronix - Today at 11:30:59 AMQuote from: kingpin_ak on April 11, 2026, 10:51:51 PMя сделал, за основу взял пакет ТС, идея такая же, но думаю потом чуть переделать. вот git
Етить! Гдеж ты раньше то был?? я можно сказать только из за этого плагина на OPNsense и начал переход :)
Ну конечно не только из за него.
Quote from: Pavlik24rus on February 23, 2026, 01:06:51 PMБуду рад вопросам и обратной связи.
Подскажите планируется ли работа с подписками? или какое либо автоматическое обновление ссылок vless://UUID@host:443?security=reality&...
?
#6
General Discussion / Re: No IP from DuckDNS and Ded...
Last post by JamesFrisch - Today at 11:22:06 AMYou have to make a distinction between two different things.
The official OPNsense plugin uses ddclient.net. The catch with ddclient is that there is no official support yet for deSEC.io.
The Github link on the other hand, links to a bash script that I wrote. It was written solely for deSEC.io
How to install it on OPNsense is here: https://github.com/jameskimmel/deSEC_DynDNS#prepare-on-opnsense
The official OPNsense plugin uses ddclient.net. The catch with ddclient is that there is no official support yet for deSEC.io.
The Github link on the other hand, links to a bash script that I wrote. It was written solely for deSEC.io
How to install it on OPNsense is here: https://github.com/jameskimmel/deSEC_DynDNS#prepare-on-opnsense
#7
Announcements / Re: OPNsense 26.1.6 released
Last post by franco - Today at 11:13:16 AMA hotfix release was issued as 26.1.6_2:
o system: use Framed-IPv6-Address in case of an IPv6 address in RADIUS accounting
o captive portal: fix allowed addresses missing from session IPs in roaming case
o ports: python 3.13.13[10]
[10] https://docs.python.org/release/3.13.13/whatsnew/changelog.html
o system: use Framed-IPv6-Address in case of an IPv6 address in RADIUS accounting
o captive portal: fix allowed addresses missing from session IPs in roaming case
o ports: python 3.13.13[10]
[10] https://docs.python.org/release/3.13.13/whatsnew/changelog.html
#8
26.1, 26,4 Series / ACME Client certificate not au...
Last post by Matthew_Kent - Today at 10:51:28 AMHi,
I have the ACME client installed, using a locally hosted CA (smallstep), the cert is renewed successfully if I manually refresh, but never triggers to automatically renew. The logs read that renewal is not required, although there is less than 1 day remaining on my cert.
Any help / pointers greatly appreciated
Cert Expiry:
Manual refresh - OK:
ACMEClient says "Not Required":
I have the ACME client installed, using a locally hosted CA (smallstep), the cert is renewed successfully if I manually refresh, but never triggers to automatically renew. The logs read that renewal is not required, although there is less than 1 day remaining on my cert.
Any help / pointers greatly appreciated
Cert Expiry:
Code Select
Validity
Not Before
Fri, 20 Mar 2026 09:53:13 GMT
Not After
Fri, 24 Apr 2026 09:54:13 GMTManual refresh - OK:
Code Select
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Installing full chain to: /var/etc/acme-client/certs/691b0b09b8ce58.18644849/fullchain.pem
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Installing key to: /var/etc/acme-client/keys/691b0b09b8ce58.18644849/private.key
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Installing CA to: /var/etc/acme-client/certs/691b0b09b8ce58.18644849/chain.pem
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Installing cert to: /var/etc/acme-client/certs/691b0b09b8ce58.18644849/cert.pem
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] And the full-chain cert is in: /var/etc/acme-client/cert-home/691b0b09b8ce58.18644849/opnsense.mpkc.local/fullchain.cer
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] The intermediate CA cert is in: /var/etc/acme-client/cert-home/691b0b09b8ce58.18644849/opnsense.mpkc.local/ca.cer
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Your cert key is in: /var/etc/acme-client/cert-home/691b0b09b8ce58.18644849/opnsense.mpkc.local/opnsense.mpkc.local.key
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Your cert is in: /var/etc/acme-client/cert-home/691b0b09b8ce58.18644849/opnsense.mpkc.local/opnsense.mpkc.local.cer
2026-03-20T09:54:14
acme.sh
[Fri Mar 20 09:54:14 GMT 2026] Cert success.
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Le_LinkCert='https://ca.mpkc.local/acme/acme/certificate/88gNu3LXl0Rw34e3zQ8TEssh92BMXQzP'
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Downloading cert.
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Le_OrderFinalize='https://ca.mpkc.local/acme/acme/order/pO5gl8eJAgmjIz3t1GebzGEKEpAiI3ii/finalize'
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Let's finalize the order.
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Verification finished, beginning signing.
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Success
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Verifying: opnsense.mpkc.local
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Getting webroot for domain='opnsense.mpkc.local'
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Single domain='opnsense.mpkc.local'
2026-03-20T09:54:13
acme.sh
[Fri Mar 20 09:54:13 GMT 2026] Using CA: https://ca.mpkc.local/acme/acme/directoryACMEClient says "Not Required":
Code Select
2026-04-23T04:12:00
opnsense
AcmeClient: issue/renewal not required for certificate: opnsense.mpkc.local
2026-04-22T04:12:00
opnsense
AcmeClient: issue/renewal not required for certificate: opnsense.mpkc.local
2026-04-21T04:12:00
#9
Tutorials and FAQs / Re: OPNsense HA (CARP) with IP...
Last post by b1ggi - Today at 10:28:42 AMThanks for your effort!
#10
26.1, 26,4 Series / Re: 26.1.X Wireguard - add net...
Last post by systeme - Today at 10:27:02 AMQuote from: DEC740airp414user on April 22, 2026, 11:34:40 AM"There's a "Dynamic gateway policy" checkbox on the interface—maybe that could be the solution to these errors?"
for my wireguard i do exactly that.
it enables gateway monitoring. i also click disable routes as well
Hello,
I tried these settings on one instance and I have other error :
I also have the gateway on the instance with a /32 subnet same error (second error).
