"Recent posts
#1
26.1 Series / Re: lots of empty space in new...
Last post by bimbar - Today at 10:38:50 AMCan we, perhaps, all acknowledge that the complaints of especially the long time users and/or contributors are reasonable and deserve to be heard and discussed in good faith?
Coming back to the general issue of modern UIs - there is a general trend to waste space. I don't think that is something one should accept as normal and reasonable.
The reason that I attach so much importance to this is that this is the central problem of managing firewalls - keeping track of a potentially large
amount of rules.
The answers to that I read in the linked issue do not convince me - like "you should use categories heavily and select only one at a time".
The situation on the ground is that I come into setups I have not built myself and need the be able to work with them. Literally everything is possible, it's like the wild west, and I have never yet taken over a well configured firewall.
That means it is absolutely crucial to be able to get a good overview over a considerable amount of rules just by looking at that firewall rule table.
So those perhaps 20% of wasted vertical space do matter.
Coming back to the general issue of modern UIs - there is a general trend to waste space. I don't think that is something one should accept as normal and reasonable.
The reason that I attach so much importance to this is that this is the central problem of managing firewalls - keeping track of a potentially large
amount of rules.
The answers to that I read in the linked issue do not convince me - like "you should use categories heavily and select only one at a time".
The situation on the ground is that I come into setups I have not built myself and need the be able to work with them. Literally everything is possible, it's like the wild west, and I have never yet taken over a well configured firewall.
That means it is absolutely crucial to be able to get a good overview over a considerable amount of rules just by looking at that firewall rule table.
So those perhaps 20% of wasted vertical space do matter.
#2
25.1, 25.4 Legacy Series / Re: NET-SNMP not working any m...
Last post by Yudre - Today at 10:34:49 AMQuote from: random1104 on March 02, 2026, 01:48:42 AMWhat happens if you do want to query LLDP data via SNMP geometry dash lite?
Is this a bug? I have reinstalled the system twice, but the issue persists.
#3
26.1 Series / Re: DNS Confusion
Last post by meyergru - Today at 10:05:18 AMIf that does not work, I can only imagine two reasons:
1. You have your local unbound be responsible for home.arpa as a whole, such that sub-zone are not delegated any more.
2. Somehow the firewall rules or something blocks your OpnSense from accessing 192.168.178.3 on port 53. Being able to resolve from a client on your LAN is not the same as doing the same from OpnSense itself, especially when a VPN in involved en route. Try an nslookup from your OpnSense instance and then track down where that goes.
1. You have your local unbound be responsible for home.arpa as a whole, such that sub-zone are not delegated any more.
2. Somehow the firewall rules or something blocks your OpnSense from accessing 192.168.178.3 on port 53. Being able to resolve from a client on your LAN is not the same as doing the same from OpnSense itself, especially when a VPN in involved en route. Try an nslookup from your OpnSense instance and then track down where that goes.
#4
25.7, 25.10 Series / Re: some LDAP users was automa...
Last post by franco - Today at 10:03:19 AMNice, thanks for the feedback!
Cheers,
Franco
Cheers,
Franco
#5
25.7, 25.10 Series / Re: some LDAP users was automa...
Last post by bran.ko - Today at 09:55:31 AMit seems to be fixed. Any LDAP user wasn't automaticaly deleted.
Thanks
Thanks
#6
General Discussion / Re: Support AmneziaWG
Last post by OPNenthu - Today at 09:13:48 AMUnderstood and thanks, though my last post wasn't arguing for inclusion. The arguments against are convincing enough :)
#7
Russian - Русский / Re: os-amneziawg — плагин Amne...
Last post by Nummo - Today at 09:06:21 AMВсем привет!
Я создал пулл реквест (PR) с правками по редактору параметров, в котром сделал фиксы параметров H1-H4 и добавил параметры I1-I5, которые требуются для работы протокола AWG v2. Ждем когда автор плагина егео применит и возможно поправит плагин который должен использовать эти новые параметры.
Я создал пулл реквест (PR) с правками по редактору параметров, в котром сделал фиксы параметров H1-H4 и добавил параметры I1-I5, которые требуются для работы протокола AWG v2. Ждем когда автор плагина егео применит и возможно поправит плагин который должен использовать эти новые параметры.
#8
26.1 Series / Re: Kea DHCP log /leases quest...
Last post by Monviech (Cedrik) - Today at 08:19:48 AMIt now uses the unix sockets and hook libraries to collect the leases, so with your manual config you have to add those to dhcpv4 and dhcpv6 config files.
The csv files are not used anymore.
https://github.com/opnsense/core/blob/913863a72e5dc0da1fcbffe2cd562bb6e903a454/src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php#L317
The csv files are not used anymore.
https://github.com/opnsense/core/blob/913863a72e5dc0da1fcbffe2cd562bb6e903a454/src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php#L317
#9
General Discussion / Re: Support AmneziaWG
Last post by franco - Today at 08:12:34 AMThis isn't about tools or politics.
When OpenVPN XOR patch was needed 10 years ago OpenVPN upstream declined to use the extension. FreeBSD ports maintainer reluctantly added it and tried to kill it every chance he got, too. The patch was rather small and controllable and completely optional. You could use it from the advanced parameters found in the OpenVPN legacy GUI. We gladly kept it in OPNsense and defended it in FreeBSD ports as long as we could.
Fast forward 10 years and now we're asking:
Kernel module that can potentially crash the whole system or take it over. A toolkit to configure it. A user-space alternative that WireGuard itself abandoned years ago. And there is no plugin that was written yet... looking at the evolution of WireGuard plugin that is a lot of work to be made by someone, too. Then somebody will drop an AI generated plugin as becoming customary nowadays. Is that really the way to go?
So I'm asking for a commitment here, because it's asking a lot of the project. WireGuard was rough (with community plugin being the first few years), NetBird and Tailscale do work but I don't particularly enjoy the complexity and the plugins IMO need a lot more work (including documentation). I just don't see that happening here and adding another hoping this one will do it will not help either.
Again, nothing against it, but it needs a committment from someone and then they are asking for a commitment on review and keeping it afloat when bugs arise from the community and us.
Cheers,
Franco
When OpenVPN XOR patch was needed 10 years ago OpenVPN upstream declined to use the extension. FreeBSD ports maintainer reluctantly added it and tried to kill it every chance he got, too. The patch was rather small and controllable and completely optional. You could use it from the advanced parameters found in the OpenVPN legacy GUI. We gladly kept it in OPNsense and defended it in FreeBSD ports as long as we could.
Fast forward 10 years and now we're asking:
Kernel module that can potentially crash the whole system or take it over. A toolkit to configure it. A user-space alternative that WireGuard itself abandoned years ago. And there is no plugin that was written yet... looking at the evolution of WireGuard plugin that is a lot of work to be made by someone, too. Then somebody will drop an AI generated plugin as becoming customary nowadays. Is that really the way to go?
So I'm asking for a commitment here, because it's asking a lot of the project. WireGuard was rough (with community plugin being the first few years), NetBird and Tailscale do work but I don't particularly enjoy the complexity and the plugins IMO need a lot more work (including documentation). I just don't see that happening here and adding another hoping this one will do it will not help either.
Again, nothing against it, but it needs a committment from someone and then they are asking for a commitment on review and keeping it afloat when bugs arise from the community and us.
Cheers,
Franco
#10
Development and Code Review / Re: cron job parameters only w...
Last post by franco - Today at 08:03:51 AMNice job :)
Cheers,
Franco
Cheers,
Franco
