"Recent posts
#1
Hardware and Performance / Re: Mono Gateway (an NXP-based...
Last post by nero355 - Today at 08:03:51 PMQuote from: Maurice on Today at 04:26:25 AMYes, I have one and it does indeed run OPNsense. Hardware offloading is supported and really sets it apart from anything I've seen before. And yes, it can offload connections which are firewalled by pf. Pretty impressive.But where does one put this SoC based on it's performance ?
Similar to ARM64 A3x/A5x/A7x or maybe even X1 and the likes ?
Similar to Intel Atom N97/100/150/305 ?
Of is this like the 500 MHz MIPS SoC was in my old Router that pretty much completely depended on it's Offloading Features ?!
And why suddenly use Offloading while it's always recommended to disable all of it for both OPNsense and pfSense ?!
This is also something I have no experience with :
Quote64 MB NOR flash for BootloaderIs that like :
- /boot ?
- UEFI Boot Partition ?
And how much do we currently need for OPNsense ?
How "futureproof" is it sizewise ?
Quote from: OPNenthu on Today at 06:48:39 AMI did cringe a bit when he mentioned Claude, but those are very appreciable gains that he discussed.+1 :)
I guess the question I have is whether the AI produces fewer bugs and vulnerabilities than a team of humans would.
I like stuff actual humans actually thought about!
And especially when it costs € 600+ !!!
Quote from: meyergru on Today at 04:56:23 PMI would like to see OpnSense on it, instead of OpenWRTI don't mind OpenWRT as long as there is active development and good community support for the port for a specific device.
But that's not always the case sadly...
Quote1. The box only has 2x SFP+ ports and 3x 1 GbE ones. I know why it was infeasible to do 2.5 GbE, however, I think that is something left to be desired.+1 :)
2. The price is now 600€ (the finished product will even be more, AFAIU), which is more than I would pay for an x64-based appliance with 3x 2.5 GbE and 2x SFP+. AFAIK, the routing speed is 10 Gbps as well for those.
If you are asking € 600 for a device then just give me 4 x 10 Gbps RJ45 NICs that can work at 1/2,5/5/10 Gbps and be done with it!
(This is based on 4 x € 100 for the NICs and another € 200 for the AARCH64 SoC Mainboard which is IMHO more or less the average price for those parts sold seperately.)
#2
Hardware and Performance / Re: [solved] Intel i226 Firmwa...
Last post by nero355 - Today at 07:39:27 PMQuote from: BrandyWine on March 28, 2026, 12:51:37 AM3) post #195, ETrackId 80000290, refers to 1MB NVM, but you were trying to flash a 2MB NVMLike I said to the other guy : Click on the date of the post to get the direct URL to it => https://forum.opnsense.org/index.php?topic=48695.msg263371#msg263371
;)
#3
26.1 Series / Re: Hide items from menu(s) / ...
Last post by nero355 - Today at 07:24:00 PMQuote from: sopex8260 on March 28, 2026, 12:26:59 AMThis needs the whole menu logic to be rewritten and will honestly be a disaster.Like I said : I am not a webdeveloper :)
Quote from: Greelan on March 28, 2026, 10:44:32 PMAh, if you mean simply the expanded view in the sidebar, that should be doable. I will look into it.NICE! Thank you! :)
#4
Virtual private networks / Re: IPsec TI gateway: CHILD_SA...
Last post by RES217AIII - Today at 06:57:11 PMThank you for your reply.
The reason is the strict requirements of the Telematics Infrastructure (TI) in the medical sector, which dictate the configuration.
As far as my research indicates, the problem is the changing WAN IP address. The OPNsense kernel remains in state with the old IP address, which is why it doesn't detect the change and doesn't initiate a new connection, while the remote end with the new IP address can't establish a connection, and phase 2 fails.
In two weeks, the switch to fiber optics will take place, which will also provide a static IP address. I hope that the problem will then be resolved, assuming it really is the changing IP address.
The reason is the strict requirements of the Telematics Infrastructure (TI) in the medical sector, which dictate the configuration.
As far as my research indicates, the problem is the changing WAN IP address. The OPNsense kernel remains in state with the old IP address, which is why it doesn't detect the change and doesn't initiate a new connection, while the remote end with the new IP address can't establish a connection, and phase 2 fails.
In two weeks, the switch to fiber optics will take place, which will also provide a static IP address. I hope that the problem will then be resolved, assuming it really is the changing IP address.
#5
Development and Code Review / Feature Request: Ddns native b...
Last post by drosophila - Today at 06:28:22 PMCurrently the only option is to monitor an interface (the various external services will suffer the same problem with even less means of control), but with IPv6 and its multiple IP addresses this doesn't always return the most desirable address out of those available. So it would be great if there were some options to guide it. Most likely one will only want the GUA, anyway, but there also could be another GUA from the privacy extensions, plus there might be reasons to pick an ULA (I don't see a use case for that but who knows, maybe one could use DDNS for internal use inside the DMZ or something to avoid rolling an own DNS service? People can get pretty creative :) ), and maybe even to allow use of deprecated addresses.
Anyway, the issue is that with IPv6 there are more than one address per interface, that also appear in a random order (most often the GUAs are on top, with the non-PE one first, but occasionally the ULAs will be, or even the LLA, so one can't rely on this ordering at all), and thus there needs to be a means of control over which one gets picked. For example, on my WAN IF, I have (at minimum) five IPv6 addresses (1xLLA, 2xGUA(1 PEA), 2xULA(1 PEA)), plus two more deprecated PEAs (again, one GUA and one ULA) until they fully expire. If one could use a Dynamic IPv6 host alias as source this would reduce the ambiguity to 1 GUA and 1 ULA, and I suppose ULAs won't get picked anyway, so it would be unambiguous, but it doesn't allow the selection of this type of alias.
Thanks for considering! :)
Anyway, the issue is that with IPv6 there are more than one address per interface, that also appear in a random order (most often the GUAs are on top, with the non-PE one first, but occasionally the ULAs will be, or even the LLA, so one can't rely on this ordering at all), and thus there needs to be a means of control over which one gets picked. For example, on my WAN IF, I have (at minimum) five IPv6 addresses (1xLLA, 2xGUA(1 PEA), 2xULA(1 PEA)), plus two more deprecated PEAs (again, one GUA and one ULA) until they fully expire. If one could use a Dynamic IPv6 host alias as source this would reduce the ambiguity to 1 GUA and 1 ULA, and I suppose ULAs won't get picked anyway, so it would be unambiguous, but it doesn't allow the selection of this type of alias.
Thanks for considering! :)
#6
26.1 Series / Re: Freebsd 14.4 released - n...
Last post by newsense - Today at 05:55:14 PMOnly if something goes terribly wrong with 15.1 which is planned for 26.7
The relevant networking bits from 14.4 are already in OPNsense, some since the 25.7 days actually.
The relevant networking bits from 14.4 are already in OPNsense, some since the 25.7 days actually.
#7
26.1 Series / Freebsd 14.4 released - new b...
Last post by Karla - Today at 05:20:25 PMFreebsd 14.4 is released.
Will be there a new version based on this ?
Will be there a new version based on this ?
#8
Hardware and Performance / Re: Mono Gateway (an NXP-based...
Last post by meyergru - Today at 04:56:23 PMI followed Tomasz'sYT video series for a while now, and noted early that I would like to see OpnSense on it, instead of OpenWRT - this seemed infeasible at the time...
However, apart from the entertainment and enthusiast aspect of this effort, which in itself deserves praise, I see three problems:
1. The box only has 2x SFP+ ports and 3x 1 GbE ones. I know why it was infeasible to do 2.5 GbE, however, I think that is something left to be desired.
2. The price is now 600€ (the finished product will even be more, AFAIU), which is more than I would pay for an x64-based appliance with 3x 2.5 GbE and 2x SFP+. AFAIK, the routing speed is 10 Gbps as well for those.
3. As it appears, there are some legal obstacles with conflicts of the GPL v2 and commercially licensed code, which Tomasz has acknowledged in a pinned comment under his video and now seeks legal counsel as to if and how it will be possible to do it they way he intended.
However, apart from the entertainment and enthusiast aspect of this effort, which in itself deserves praise, I see three problems:
1. The box only has 2x SFP+ ports and 3x 1 GbE ones. I know why it was infeasible to do 2.5 GbE, however, I think that is something left to be desired.
2. The price is now 600€ (the finished product will even be more, AFAIU), which is more than I would pay for an x64-based appliance with 3x 2.5 GbE and 2x SFP+. AFAIK, the routing speed is 10 Gbps as well for those.
3. As it appears, there are some legal obstacles with conflicts of the GPL v2 and commercially licensed code, which Tomasz has acknowledged in a pinned comment under his video and now seeks legal counsel as to if and how it will be possible to do it they way he intended.
#9
Virtual private networks / Re: IPsec TI gateway: CHILD_SA...
Last post by viragomann - Today at 04:15:23 PMQuote from: RES217AIII on March 26, 2026, 05:49:21 AM- Phase 2 traffic selector: 0.0.0.0/0 === 0.0.0.0/0What's the sense of having 0.0.0.0/0 for both sites?
Normally local and remote network should not overlap to function properly.
#10
German - Deutsch / Upnp Lease File Problem
Last post by Manu_King - Today at 02:33:26 PMHallo zusammen,
ich habe ein Problem mit dem miniupnpd (os-upnp Plugin) auf OPNsense 26.1.5.
Nach jedem Neustart erscheinen Fehlermeldungen wie:
could not open lease file: /var/run/miniupnpd.leases
could not open lease file: /var/run/miniupnpd.leases-ipv6
Mir ist bewusst, dass /var/run beim Boot geleert wird und die Lease-Dateien daher nicht mehr vorhanden sind.
Ich habe bereits versucht, die Dateien per Skript und Cronjob (@reboot) zu erstellen, allerdings scheint miniupnpd früher zu starten und findet die Dateien trotzdem nicht.
Frage:
Wie kann man sicherstellen, dass die Lease-Dateien beim Boot rechtzeitig vorhanden sind?
Oder gibt es eine Möglichkeit, den Pfad dauerhaft (z. B. nach /var/db) zu ändern?
Die Einstellungen des Plugins habe ich als Screenshot angehängt.
Viele Grüße
Manu
ich habe ein Problem mit dem miniupnpd (os-upnp Plugin) auf OPNsense 26.1.5.
Nach jedem Neustart erscheinen Fehlermeldungen wie:
could not open lease file: /var/run/miniupnpd.leases
could not open lease file: /var/run/miniupnpd.leases-ipv6
Mir ist bewusst, dass /var/run beim Boot geleert wird und die Lease-Dateien daher nicht mehr vorhanden sind.
Ich habe bereits versucht, die Dateien per Skript und Cronjob (@reboot) zu erstellen, allerdings scheint miniupnpd früher zu starten und findet die Dateien trotzdem nicht.
Frage:
Wie kann man sicherstellen, dass die Lease-Dateien beim Boot rechtzeitig vorhanden sind?
Oder gibt es eine Möglichkeit, den Pfad dauerhaft (z. B. nach /var/db) zu ändern?
Die Einstellungen des Plugins habe ich als Screenshot angehängt.
Viele Grüße
Manu
