Recent posts

#1
26.1 Series / Creating port-alias fails
Last post by dan_m_joh - Today at 01:25:53 PM
Hello,

I am new to OPNsense and are trying to setup some Firewall rules using aliases.
But when I try to create an alias for "rsync" I get the followingf error message "Reserved protocol or service names may not be used".
OK, I thought - rsync is already defined as a service...

BUT, when I try to use "rsync" while creating a new rule I get the message "Please specify a valid portnumber, name, alias or range." when I enter "rsync" for "Single port or range".
"rsync/RSYNC" is not present in the drop-down-list for Destination Port.

Am I completely missing/misunderstanding something or is this some bug?

Regards,
Dan
#2
26.1 Series / Re: 26.1.6 migrated from 25.7 ...
Last post by stefan21 - Today at 01:16:17 PM
Thank's for hopping on.

No. Didn't change anything on the workstations. Worked before flawless. I didn't reboot the workstations after migrating to KEA. Can't do this right now. Maybe a reboot helps. IDK. Will try this tomorrow. Maybe it's still the old lease from ISC?

BTW connecting to the workstations via windows remote doesn't work either...
#3
26.1 Series / Re: SUPPORT NEEDED - Reply-to ...
Last post by Oriann - Today at 12:54:36 PM
Quote from: FredFresh on April 11, 2026, 11:20:08 PMThe two fail over options inside the gateway setup (of both the wan connections) are enabled or not?
Today I observed something similar to your desciption, after disabling them, the issue seems to be disappeared.

Sometimes I had to delete the state and sourcing tables in order for the system to consider the changes to configuration.

At first I had it enabled when I discovered this issue but aftewards I tried to disable it but it wont helped.

Can somebody test with my reproduce steps ?

  • Set up some sort of cloud php service (in my case nextcloud AIO) with reverse proxy on WAN2
  • Set up DNAT (manual rule) and firewall rule for WAN2 and WAN1 (I set up both because I have failover on OPNsense and Cloudflare DNS)
  • Set up PC in remote location
  • Prepare 1GB file on cloud
  • Set up WAN1 as default gateway, WAN2 as secondary (priority WAN1 - 199, WAN2 - 254)
  • Set up traffic shaper on WAN1 and choke it on 1Mbit/s using this - https://docs.opnsense.org/manual/how-tos/shaper_share_evenly.html
  • Share link for 1GB file from cloud to remote PC and start download
  • Now monitor download speed and choke and unchoke the WAN1 upload speed in shaper and see it does not working properly (upload/download traffic flows through WAN1 not WAN2 as expected)
Nslookup from remote PC to my cloud showing WAN2 tho...
#4
26.1 Series / Re: 26.1.6 migrated from 25.7 ...
Last post by vimage22 - Today at 12:53:40 PM
Is there a firewall service active on the windows workstation? Do you see anything in:
Firewall: Log Files: Live View
#5
I reached the maximum number of attachments

this is with abuse.ch
adguard
HAGAZI extended
Steven black list
and oisd big

and the business edition GEOIP enabled blocking on Wan
#6
been having overall higher memory use on my Deciso appliance.  I am normally around 40-50%
its been around 72%. and websites are taking a lot longer to load.  I've tried different dns servers.  no change.

I deleted the Qfeeds plugin. and disabled the firewall rules.    memory usage is back down to 32-45%(that's overnight).  system overall speeds is significantly better.  websites load instantly on all devices.

I re added them back as DNSBL to unbound.  some are being blocked. 

maybe this is because I am still running the latest Business Edition of Opnsense and the older plugin?
#7
26.1 Series / Re: Tried moving from Dnsmasq ...
Last post by vimage22 - Today at 12:40:59 PM
By "DNS name", do you mean local hostname? And you are using ping to test? Running "ipconfig /all", have you confirmed the client is using the local ip of the router for DNS?

I use Unbound and Kea only. To guarantee local hostname resolution (IPv4 and 6), I add a reservation for only the machines I need to resolve. Then, I just restart the Unbound service once and it works.

"Register ISC DHCP4 Leases" is disabled, as well as the ISC service. Attached are the Unbound settings.
#8
26.1 Series / Re: Netflow - again high I/O
Last post by GreenMatter - Today at 11:50:52 AM
Writing above post triggered better thinking ;-). The culprit was selection of VPNs' interfaces in netflow settings. Once they've been removed, all went back to normal...
#9
26.1 Series / Re: Is VPN kill switch rule st...
Last post by keeka - Today at 11:50:41 AM
I have rarely if ever seen my WAN egress rule fire (match tag, block and log). A test, I guess, is to temporarily disable the VPN tunnel or its associated gateway, and see if the the tagged packets can egress via the default gateway.
Also, AIUI states are tied to direction as well as interface. So perhaps, even with states not bound to interfaces, packet are associated with both an ingress an egress state.
#10
Hardware and Performance / Re: DEC3920 Quick Review
Last post by Seimus - Today at 11:42:13 AM
@dirtyfreebooter

If I may ask you, we have a topic on the forum in regards of "Intel i225/i226 2.5G NIC Information/Issue Tracking Thread".

I do not ask you to disassemble the new DEC, but could you put your Description of the issue and the Disabling of ASPM (via script) in there?

https://forum.opnsense.org/index.php?topic=38055.30

Regards,
S.