Recent posts

#1
Just need to figure out what is the actual problem. use your browser's developer tools to see what is the actual error if there is one.
#2
General Discussion / Re: Issue migrating hardware
Last post by cookiemonster - Today at 12:19:55 AM
It sounds like it's configuration problem.
When you go from VM to baremetal or viceversa, there are changes to be made. There is no proxmox bridge anymore, the firewall rules will need to be adjusted for instance.
Either will work fine on small networks until you need high cpu performance for IPS for instance.
My main OPN (at home) runs as VM on a small Chanwang thingie and has spare resources. It uses an AMD Ryzen 5 5600U with just 2 cores, 2 threads. Uses various services, including Zenarmor, a few VLANs. No problem.
In sum, just review or post your settings and we'll help you figure out the problem. Doubt is performance related.
#3
26.1, 26,4 Series / Re: a few hundreds of messages...
Last post by cookiemonster - July 07, 2026, 11:50:54 PM
Quote from: Patrick M. Hausen on July 07, 2026, 06:37:23 PMYou can just invoke "top" and sort by CPU. FreeBSD top can do that. And lots of other things.
True, just preferences. I find htop better shows me the process tree and colours. Just personal preferences.

Quote from: thelittleblackbird on July 07, 2026, 07:57:41 PM
Quote from: cookiemonster on July 07, 2026, 05:31:19 PMCould you install htop, launch with admin privs and sort by CPU ? May show a clue

Quote from: Patrick M. Hausen on July 07, 2026, 06:37:23 PMYou can just invoke "top" and sort by CPU. FreeBSD top can do that. And lots of other things.

done in the other thread i link, the top shows a 100% usage in the interrupt level specially in the netisr irq handler, see the picture:
https://forum.opnsense.org/index.php?action=dlattach;attach=56143
Sure but I'm referring to htop allows to see the process tree in real time which is of more interest.

#4
thanks for the insight @Patrick M Hausen
#5
Zenarmor (Sensei) / Re: Cancelling my subscription...
Last post by Taunt9930 - July 07, 2026, 11:36:18 PM
That's a shame, I thought that would probably be the case - except for a very select few people, the same constraints/complaints about the Home tier remain for most. 
#6
Zenarmor (Sensei) / Re: updating to 2.6 checking f...
Last post by dirtyfreebooter - July 07, 2026, 10:37:25 PM
pkg -d update
Updating OPNsense repository catalogue...
DBG(1)[18410]> PkgRepo: verifying update for OPNsense
DBG(1)[18410]> Pkgrepo, begin update of '/var/db/pkg/repos/OPNsense/db'
DBG(1)[18410]> (fetch) Request to fetch https://us-east.opnsense-update.deciso.com/4409c341-bd35-4332-9b15-39ffd854a63b/FreeBSD:14:amd64/26.4/latest/meta.conf
DBG(1)[18410]> (fetch) Fetch: fetcher used: https
DBG(1)[18410]> (fetch) Request to fetch https://us-east.opnsense-update.deciso.com/4409c341-bd35-4332-9b15-39ffd854a63b/FreeBSD:14:amd64/26.4/latest/data.pkg
DBG(1)[18410]> (fetch) Fetch: fetcher used: https
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
DBG(1)[18410]> PkgRepo: verifying update for SunnyValley
DBG(1)[18410]> Pkgrepo, begin update of '/var/db/pkg/repos/SunnyValley/db'
DBG(1)[18410]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.4/769b66af-4dce-43d9-81a0-cdac469aef9d/meta.conf
DBG(1)[18410]> (fetch) Fetch: fetcher used: https
pkg: An error occurred while fetching package: Unknown error
DBG(1)[18410]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.4/769b66af-4dce-43d9-81a0-cdac469aef9d/meta.txz
DBG(1)[18410]> (fetch) Fetch: fetcher used: https
DBG(1)[18410]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.4/769b66af-4dce-43d9-81a0-cdac469aef9d/data.pkg
DBG(1)[18410]> (fetch) Fetch: fetcher used: https
pkg: An error occurred while fetching package: Unknown error
DBG(1)[18410]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.4/769b66af-4dce-43d9-81a0-cdac469aef9d/data.tzst
DBG(1)[18410]> (fetch) Fetch: fetcher used: https
Fetching data.tzst:   0%
DBG(1)[18410]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.4/769b66af-4dce-43d9-81a0-cdac469aef9d/packagesite.pkg
DBG(1)[18410]> (fetch) Fetch: fetcher used: https
Fetching packagesite.pkg:   0%
SunnyValley repository is up to date.
All repositories are up to date.

if i try and curl that URL i get error code: 1015
curl --verbose --location https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.4/769b66af-4dce-43d9-81a0-cdac469aef9d/meta.conf
*   Trying [2606:4700:20::681a:dad]:443...
* Immediate connect fail for 2606:4700:20::681a:dad: No route to host
* connect to 2606:4700:20::681a:dad port 443 from :: port 0 failed: No error: 0
*   Trying [2606:4700:20::ac43:4ad1]:443...
* Immediate connect fail for 2606:4700:20::ac43:4ad1: No route to host
* connect to 2606:4700:20::ac43:4ad1 port 443 from :: port 0 failed: No error: 0
*   Trying [2606:4700:20::681a:cad]:443...
* Immediate connect fail for 2606:4700:20::681a:cad: No route to host
* connect to 2606:4700:20::681a:cad port 443 from :: port 0 failed: No error: 0
* Host updates.zenarmor.net:443 was resolved.
* IPv6: 2606:4700:20::681a:dad, 2606:4700:20::ac43:4ad1, 2606:4700:20::681a:cad
* IPv4: 104.26.13.173, 172.67.74.209, 104.26.12.173
*   Trying 104.26.13.173:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust Anchors:
*   CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*   subject: CN=zenarmor.net
*   start date: Jun  2 00:12:03 2026 GMT
*   expire date: Aug 31 01:11:53 2026 GMT
*   issuer: C=US; O=Google Trust Services; CN=WE1
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
*   Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
*   subjectAltName: "updates.zenarmor.net" matches cert's "*.zenarmor.net"
* OpenSSL verify result: 0
* SSL certificate verified via OpenSSL.
* Established connection to updates.zenarmor.net (104.26.13.173 port 443) from 71.33.134.33 port 37694
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.4/769b66af-4dce-43d9-81a0-cdac469aef9d/meta.conf
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: updates.zenarmor.net]
* [HTTP/2] [1] [:path: /opnsense/FreeBSD:14:amd64/26.4/769b66af-4dce-43d9-81a0-cdac469aef9d/meta.conf]
* [HTTP/2] [1] [user-agent: curl/8.20.0]
* [HTTP/2] [1] [accept: */*]
> GET /opnsense/FreeBSD:14:amd64/26.4/769b66af-4dce-43d9-81a0-cdac469aef9d/meta.conf HTTP/2
> Host: updates.zenarmor.net
> User-Agent: curl/8.20.0
> Accept: */*
>
* Request completely sent off
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 429
< date: Tue, 07 Jul 2026 20:36:16 GMT
< content-type: text/plain; charset=UTF-8
< content-length: 17
< retry-after: 162
< cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< expires: Thu, 01 Jan 1970 00:00:01 GMT
< referrer-policy: same-origin
< x-frame-options: SAMEORIGIN
< report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ZmUN3cyrFXqk%2B1qHTk7Ldc8NjauZHxDaMxXTuxWL1gtrmKFKgDn9h0LH0Cdn%2BgIGmb%2BExZJRJ8gDW0V%2FVR5OPO6bF7%2BPmNehWHiNDZMQybw9ot93lAsoaVlUjcu6LsuJ6ITjWZeS"}]}
< nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
< server: cloudflare
< cf-ray: a179a3f369b2e675-DEN
<
error code: 1015
* Connection #0 to host updates.zenarmor.net:443 left intact

HTTP/2 429  so it looks like i am hitting some sort of cloudflare rate limiting... from my quantum fiber home internet...
#7
General Discussion / restored a config file, and Op...
Last post by cluemein - July 07, 2026, 10:05:58 PM
I recently restored a configuration file from a few months ago to my firewall, and after a reboot, while the firewall seems to be functioning fine, I can no longer access the Opnsense web interface.

I can SSH into the firewall (non-root user) -- is there a way to restore web interface access?
#8
General Discussion / Re: Issue migrating hardware
Last post by yourfriendarmando - July 07, 2026, 09:19:13 PM
One observation with these mini-pcs,
is that running a system in a system on these older Protectli devices, like Proxmox,
feels like it would be TOO heavy for them.
It could add unnecessary lag too which is not preferable for a firewall.

For the price one of these FW series devices run for, you can get a few in stock, or run in a HA redundant configuration or something.
FreeBSD/OpnSense runs great as the bare-metal OS.

That being said, I think depending on how you configured your VM OS,
are you passing through the physical adapter, which may be ideal for a firewall.
Sometimes the VT Net virtualized network adapter struggles with real life events like
a cable physically disconnected from the medium.

Also is the virtual switch perhaps blocking VLAN tags through to the real switch.
For virtual application servers, I have often added a new network adapter,
that tags a VLAN externally, and the inner VM server has no idea.
You may need to allow VLAN pass through.

Here is some discussion on that
https://forum.proxmox.com/threads/vlan-passthrough.142272/

Hope that helps, but yeah unless you have a 1U server to handle VMs, I highly urge you to run OPN as the baremetal OS, make your life easier.
#9
Development and Code Review / Re: vibecoded plugin
Last post by Patrick M. Hausen - July 07, 2026, 08:54:59 PM
System > Configuration > Backups:



In System > Firmware > Plugins you will find additional backup destinations:

- git
- Google drive
- Nextcloud
- SFTP

HTH,
Patrick
#10
Development and Code Review / Re: vibecoded plugin
Last post by Vectralis - July 07, 2026, 08:44:31 PM
Quote from: Patrick M. Hausen on July 07, 2026, 12:22:26 PMBut there is a periodic backup mechanism with various destination options in OPNsense, already. Standard, out of the box.

Really? that would be the thing i was searching for. can you maybe tell me where i can find it on the opnsense webpanel?
if that's already built in, then i don't need my plugin and then the plugin is completely useless.
i was probably just too blind to see it because i was in a hurry lol