"Recent posts
#1
Tutorials and FAQs / Re: Possible way to Automate g...
Last post by Mikasonu - Today at 11:13:44 AMYou could script this with gateway groups, firewall rules, and a cron job that checks per-IP usage via iftop or vnstat, then changes each rule's gateway on the fly.
#2
General Discussion / Re: change the Web UI certific...
Last post by jeremias.winter - Today at 11:08:20 AMThanks for the quick reply!
"Unfortunately" the error (and I) was way more dumb: The HTTP request did not have the correct Content-Type header because I called the request library with "data=" instead of "json=". Once I changed this, the API calls worked fine.
Sorry for the unnecessary question then, but thanks so much anyway for taking the time to reply!
"Unfortunately" the error (and I) was way more dumb: The HTTP request did not have the correct Content-Type header because I called the request library with "data=" instead of "json=". Once I changed this, the API calls worked fine.
Sorry for the unnecessary question then, but thanks so much anyway for taking the time to reply!
#3
26.1 Series / Re: [26.1.3] PPPoE failed and ...
Last post by Hazza197 - Today at 11:08:04 AMSuffered exactly the same running OPNSense on Baremetal this morning as well, BT PPPoe. Needed a reboot to fix.
Code Select
2026-03-11T09:24:40
Notice
ppp
[wan_link0] PPPoE: can't connect "[c]:"->"mpd55091-0" and "[8]:"->"left": No such file or directory
2026-03-11T09:24:40
Notice
ppp
[wan_link0] Link: reconnection attempt 1
2026-03-11T09:24:36
Notice
opnsense
/usr/local/etc/rc.newwanip: Failed to detect IP for interface wan
2026-03-11T09:24:36
Notice
ppp
[wan_link0] Link: reconnection attempt 1 in 4 seconds
2026-03-11T09:24:36
Notice
ppp
[wan_link0] LCP: state change Stopping --> Starting
2026-03-11T09:24:36
Notice
ppp
[wan_link0] LCP: Down event
2026-03-11T09:24:36
Notice
ppp
[wan_link0] Link: DOWN event
2026-03-11T09:24:36
Notice
ppp
[wan_link0] can't remove hook mpd55091-0 from node "[c]:": No such file or directory
2026-03-11T09:24:36
Notice
ppp
[wan_link0] PPPoE: connection closed
2026-03-11T09:24:36
Notice
ppp
[wan_link0] LCP: LayerDown
2026-03-11T09:24:36
Notice
ppp
[wan_link0] LCP: SendTerminateReq #3
2026-03-11T09:24:36
Notice
ppp
[wan] IPV6CP: state change Closing --> Initial
2026-03-11T09:24:36
Notice
ppp
[wan] Bundle: No NCPs left. Closing links...
2026-03-11T09:24:36
Notice
ppp
[wan] IPV6CP: LayerFinish
2026-03-11T09:24:36
Notice
ppp
[wan] IPV6CP: Down event
2026-03-11T09:24:36
Notice
ppp
[wan] IPCP: state change Closing --> Initial
2026-03-11T09:24:36
Notice
ppp
[wan] IPCP: LayerFinish
2026-03-11T09:24:36
Notice
ppp
[wan] IPCP: Down event
2026-03-11T09:24:36
Notice
ppp
[wan] IFACE: Rename interface pppoe1 to pppoe1
2026-03-11T09:24:36
Notice
ppp
[wan] IFACE: Down event
2026-03-11T09:24:36
Notice
ppp
ppp-linkdown: executing on pppoe1 for inet6
2026-03-11T09:24:36
Notice
ppp
[wan] IPV6CP: LayerDown
2026-03-11T09:24:36
Notice
ppp
[wan] IPV6CP: SendTerminateReq #2
2026-03-11T09:24:36
Notice
ppp
[wan] IPV6CP: state change Opened --> Closing
2026-03-11T09:24:36
Notice
ppp
[wan] IPV6CP: Close event
2026-03-11T09:24:36
Notice
ppp
ppp-linkdown: executing on pppoe1 for inet
2026-03-11T09:24:36
Notice
ppp
[wan] IPCP: LayerDown
2026-03-11T09:24:36
Notice
ppp
[wan] IPCP: SendTerminateReq #4
2026-03-11T09:24:36
Notice
ppp
[wan] IPCP: state change Opened --> Closing
2026-03-11T09:24:36
Notice
ppp
[wan] IPCP: Close event
2026-03-11T09:24:36
Notice
ppp
[wan] Bundle: Status update: up 0 links, total bandwidth 9600 bps
2026-03-11T09:24:36
Notice
ppp
[wan_link0] Link: Leave bundle "wan"
2026-03-11T09:24:36
Notice
ppp
[wan_link0] LCP: state change Opened --> Stopping
2026-03-11T09:24:36
Notice
ppp
[wan_link0] LCP: peer not responding to echo requests
2026-03-11T09:24:36
Notice
ppp
[wan_link0] LCP: no reply to 5 echo request(s)
2026-03-11T09:24:26
Notice
ppp
[wan_link0] LCP: no reply to 4 echo request(s)
2026-03-11T09:24:16
Notice
ppp
[wan_link0] LCP: no reply to 3 echo request(s)
2026-03-11T09:24:06
Notice
ppp
[wan_link0] LCP: no reply to 2 echo request(s) #4
General Discussion / Re: change the Web UI certific...
Last post by ProximusAl - Today at 10:43:08 AMThe key part in my script was this:
$allPem = (Get-Content -Raw $FullchainPath) -replace "`r`n","`n"
I had to replace \r\n with just \n before mine would import.
Worth a try......
$allPem = (Get-Content -Raw $FullchainPath) -replace "`r`n","`n"
I had to replace \r\n with just \n before mine would import.
Worth a try......
#5
General Discussion / Re: change the Web UI certific...
Last post by jeremias.winter - Today at 10:34:56 AMHi all,
I have a similar/related problem trying to achieve the same thing.
I use a python script and the "requests" module to update the certificate, and the critical part looks like this:
This sadly returns the following error:
And when I just try to upload the certificate as a new item instead of replacing the old one (so using req_url2 instead of req_url1), it returns the following error:
Can anybody help me on this one? It feels like I'm quite close, but somewhere there must be a mistake...
I've already tried/checked the following:
* The API access works (Other API calls work, necessary permissions are granted)
* The certificate itself is correct (wildcard certificate, also used in several other places without problems)
* The contents of cert/privkey are read correctly from the files and the variables "cert" and "key" contain the correct data ("-----BEGIN CERTIFICATE-----" etc etc)
* The certificate UUID comes from the Web UI: Opening the "info" popup for the old certificate and watched in browser's dev tools, which API URL was called --> it contained the UUID
* I even once "replayed" an entire API call from the Web UI that worked there, by copying the URL and POST parameters object from the dev tools to the python code. Still the same errors.
I'd be glad to share the script once it is working.
Any help is much appreciated!
I have a similar/related problem trying to achieve the same thing.
I use a python script and the "requests" module to update the certificate, and the critical part looks like this:
Code Select
try:
basic_auth = requests.auth.HTTPBasicAuth(tokenname, token)
cert_uuid = "ed543dbb-6b81-4c92-b831-cd678214a853"
cert_data = {
"cert": {
"action": "import",
"descr": "MyCertDescription",
"cert_type": "usr_cert",
"private_key_location": "firewall",
"crt_payload": cert, # string content of certificate file
"prv_payload": key, # string content of privkey file
"csr_payload": ""
}
}
req_url1 = 'https://' + api_url + '/api/trust/cert/set/' + cert_uuid
req_url2 = 'https://' + api_url + '/api/trust/cert/add'
req = requests.post(req_url1, auth=basic_auth, data=cert_data)
resp = req.json()
This sadly returns the following error:
Code Select
{'errorMessage': 'missing CA key\n error:0480006C:PEM routines::no start line error:0480006C:PEM routines::no start line', 'errorTitle': 'Certificate error'}
And when I just try to upload the certificate as a new item instead of replacing the old one (so using req_url2 instead of req_url1), it returns the following error:
Code Select
{'result': 'failed', 'validations': {'cert.descr': 'A value is required.'}}
Can anybody help me on this one? It feels like I'm quite close, but somewhere there must be a mistake...
I've already tried/checked the following:
* The API access works (Other API calls work, necessary permissions are granted)
* The certificate itself is correct (wildcard certificate, also used in several other places without problems)
* The contents of cert/privkey are read correctly from the files and the variables "cert" and "key" contain the correct data ("-----BEGIN CERTIFICATE-----" etc etc)
* The certificate UUID comes from the Web UI: Opening the "info" popup for the old certificate and watched in browser's dev tools, which API URL was called --> it contained the UUID
* I even once "replayed" an entire API call from the Web UI that worked there, by copying the URL and POST parameters object from the dev tools to the python code. Still the same errors.
I'd be glad to share the script once it is working.
Any help is much appreciated!
#6
Web Proxy Filtering and Caching / Re: Caddy X-Forwarded Header p...
Last post by bucky2780 - Today at 09:05:45 AMthis fixed unifi for me....
With unifi I was able to login... to the unifi os server... and then blank page. Scratched my head for days, until I came across this post.
thanks again....
With unifi I was able to login... to the unifi os server... and then blank page. Scratched my head for days, until I came across this post.
thanks again....
#7
Web Proxy Filtering and Caching / Re: Caddy basic auth: need to ...
Last post by Monviech (Cedrik) - Today at 08:15:30 AMIf you feel like there are issues with the generated configuration please first ask in the Caddy community and provide them your Caddyfile.
AI will lie to you about all of this and send you down a rabbithole.
https://caddy.community/
If something is indeed wrong with the config generation please open an issue for me here so it can be fixed.
https://github.com/opnsense/plugins/issues
AI will lie to you about all of this and send you down a rabbithole.
https://caddy.community/
If something is indeed wrong with the config generation please open an issue for me here so it can be fixed.
https://github.com/opnsense/plugins/issues
#8
26.1 Series / Re: Upgrade to 26.1.3 hung on ...
Last post by franco - Today at 07:57:46 AMIt's already in rm so I think we're here doing exactly that...
https://github.com/opnsense/core/blob/master/src/etc/rc.subr.d/var#L66-L76
We can change the -exec to -delete if it's faster. About the amount of sessions I can't do much.
Cheers,
Franco
https://github.com/opnsense/core/blob/master/src/etc/rc.subr.d/var#L66-L76
We can change the -exec to -delete if it's faster. About the amount of sessions I can't do much.
Cheers,
Franco
#9
Intrusion Detection and Prevention / Re: OPNSense 25.10.2_1 Proble...
Last post by max1987martin - Today at 07:46:03 AMQuote from: Wuensch-AG-Adm on February 23, 2026, 03:26:00 PMDear community,
I am trying to disable the rules (the manual part) in order to set up the rules using policies only, but when I select all entries (or 1000/500/200) and click the "Disable" button, the waiting circle appears, and when it is finished, nothing happens; the checkboxes are not empty.
Is this a known bug or something similar? Because it's crazy to manually deactivate about 30,000 entries.
Thank you in advance for your help.
Best regards,
Joel.
Hello,
Instead of disabling 30k rules manually, you should control them via IDS/IPS Policy settings.
Steps
Go to
Services → Intrusion Detection → Policies
Create or edit a policy.
Configure:
Rulesets: leave empty or select desired rulesets
Action: set to
disabled (to disable all rules)
or alert / drop depending on your setup.
Apply the policy to the interface.
Policies override individual rule states, so you do not need to manually disable rules.
#10
Web Proxy Filtering and Caching / Caddy basic auth: need to logi...
Last post by dinguz - Today at 07:45:48 AMI tried to enable basic auth in Caddy to protect from brute-force attacks; I have done so by enabling basic auth on the domain. When testing this, I noticed I need to re-enter my credentials on every webpage I browse to. Somehow it doesn't stick.
A chatgpt consultation finds issues with the generated config file, but because it's generated by the GUI I am not able to try out any of the suggestions which would require manual editing of the config file, or make the changes permanent after that.
What would be the best way to proceed here?
A chatgpt consultation finds issues with the generated config file, but because it's generated by the GUI I am not able to try out any of the suggestions which would require manual editing of the config file, or make the changes permanent after that.
What would be the best way to proceed here?
