"Recent posts
#1
General Discussion / Re: opnsense-revert opnsense f...
Last post by franco - Today at 10:57:01 AMAre you talking about reapplying firmware settings?
# git grep system_firmware_configure
src/etc/inc/plugins.inc.d/core.inc: 'firmware_reload' => ['system_firmware_configure'],
src/etc/inc/system.inc:function system_firmware_configure($verbose = false)
src/etc/rc.bootup:system_firmware_configure(true);
src/etc/rc.configure_firmware:system_firmware_configure(true);
src/etc/rc.reload_all:system_firmware_configure(true);
We have a few spots already... yet... installing a package will render both OPNsense.conf and FreeBSD.conf so where do the files get lost except when the core package is gone (which is vital so pkg isn't supposed to remove it).
The refresh is only called after successful package install after all, too.
Cheers,
Franco
# git grep system_firmware_configure
src/etc/inc/plugins.inc.d/core.inc: 'firmware_reload' => ['system_firmware_configure'],
src/etc/inc/system.inc:function system_firmware_configure($verbose = false)
src/etc/rc.bootup:system_firmware_configure(true);
src/etc/rc.configure_firmware:system_firmware_configure(true);
src/etc/rc.reload_all:system_firmware_configure(true);
We have a few spots already... yet... installing a package will render both OPNsense.conf and FreeBSD.conf so where do the files get lost except when the core package is gone (which is vital so pkg isn't supposed to remove it).
The refresh is only called after successful package install after all, too.
Cheers,
Franco
#2
Tutorials and FAQs / Re: IPv6 Control Plane with FQ...
Last post by Seimus - Today at 10:56:37 AMAt the end all what matters is how the real live experience feels.
Even if you get in an artificial benchmark/test worse or unwanted score, at the end its just an artificial test. For example, I am getting on waveform and cloudflare A+, but on libre C or D. But in reality, my latency across services in congestion state is fantastic and more close to the results of waveform.
Honestly I am not sure if the libre test is working properly or what the drill with it is. Or even how exactly it works. But it doesn't bother me much as in real life all works as it should.
Regards,
S.
Even if you get in an artificial benchmark/test worse or unwanted score, at the end its just an artificial test. For example, I am getting on waveform and cloudflare A+, but on libre C or D. But in reality, my latency across services in congestion state is fantastic and more close to the results of waveform.
Honestly I am not sure if the libre test is working properly or what the drill with it is. Or even how exactly it works. But it doesn't bother me much as in real life all works as it should.
Regards,
S.
#3
General Discussion / Re: opnsense-revert opnsense f...
Last post by Greelan - Today at 10:41:33 AMQuote from: franco on Today at 10:11:40 AM3. We forcefully disable FreeBSD repo since a few years on firmware configure. We can't avoid user console fiddling with that neither, but at least preserve the integrity the system still has after the fact.I guess what I am trying to do is have a failsafe where the script aborts in between /usr/local/etc/pkg/repos/FreeBSD.conf being removed during the script's process (so the disable override is gone), and refresh.sh re-copying back the sample confs. Without that failsafe, the disable override isn't there when opnsense-revert or an update is run again, and so the system falls back to using /etc/pkg/FreeBSD.conf. This is what happened in my case. When I re-ran opnsense-revert after the first abort, I received an error about package conflicts (can't recall the exact message), and was prompted to reinstall/upgrade pkg. Not realising that this was because the FreeBSD repo was being used, I did that, and this led to my troubles.
The point being: re-enabling of the FreeBSD repo was not caused by "user console fiddling".
#4
26.1 Series / Re: System: Log Files: General...
Last post by Karla - Today at 10:40:30 AMHave you set the time and date correctly in the settings of OPNsense ?
#5
26.1 Series / System: Log Files: General Dat...
Last post by SchengFui - Today at 10:37:04 AMHi there,
the Date in System:Log Files:General Date is wrong (in the Future):
2026-04-25T02:53:20Noticekernel<118>[33] 99 66 49 25 E0 F0 9C 40 D5 C9 6E 36 AE FD 80 07
2026-04-25T02:53:20Noticekernel<118>[33] HTTPS: SHA256 7E 2E F7 CA 7B 87 66 66 D1 27 FB 2C 0F AF E7 06
2026-04-25T02:53:20Noticekernel<118>[33]
2026-04-25T02:53:20Noticekernel<118>[33] WAN (hn1) -> v4: 83.246.106.210/29
2026-04-25T02:53:20Noticekernel<118> LAN (hn0) -> v4: 172.17.101.1/24
2026-04-25T02:53:20Noticekernel<118>[33]
2026-04-25T02:53:20Noticekernel<118>*** OPNsenseLGPUG1.lgpug.intern: OPNsense 25.10.2 (amd64) ***
2026-04-25T02:53:20Noticekernel<118>[33]
2026-04-25T02:53:20Noticekernel<118>[33] Sat Apr 25 02:53:19 CEST 2026
2026-04-25T02:53:20Noticekernel<118>[33] Root file system: /dev/gpt/rootfs
2026-04-25T02:53:18Warningopnsense-business/usr/local/etc/rc.newwanip: Interface '' (ovpns44) is disabled or empty, nothing to do.
2026-04-25T02:53:18Warningopnsense-business/usr/local/etc/rc.newwanip: Interface '' (ovpns42) is disabled or empty, nothing to do.
2026-04-25T02:53:18Noticekernel<6>[31] ovpns44: link state changed to UP
2026-04-25T02:53:18Noticekernel<6>[31] ovpns42: link state changed to UP
2026-04-25T02:53:18Noticekernel<118>[31] >>> Invoking start script 'beep'
Connected since in VPN:OpenVPN:Connection Status shows the same wrong date.
I have no Idea why, Current date/time is correct and synced with NTP-Server. Timezone is also correct.
Any helpful thoughts?
Than you,
SchengFui
the Date in System:Log Files:General Date is wrong (in the Future):
2026-04-25T02:53:20Noticekernel<118>[33] 99 66 49 25 E0 F0 9C 40 D5 C9 6E 36 AE FD 80 07
2026-04-25T02:53:20Noticekernel<118>[33] HTTPS: SHA256 7E 2E F7 CA 7B 87 66 66 D1 27 FB 2C 0F AF E7 06
2026-04-25T02:53:20Noticekernel<118>[33]
2026-04-25T02:53:20Noticekernel<118>[33] WAN (hn1) -> v4: 83.246.106.210/29
2026-04-25T02:53:20Noticekernel<118> LAN (hn0) -> v4: 172.17.101.1/24
2026-04-25T02:53:20Noticekernel<118>[33]
2026-04-25T02:53:20Noticekernel<118>*** OPNsenseLGPUG1.lgpug.intern: OPNsense 25.10.2 (amd64) ***
2026-04-25T02:53:20Noticekernel<118>[33]
2026-04-25T02:53:20Noticekernel<118>[33] Sat Apr 25 02:53:19 CEST 2026
2026-04-25T02:53:20Noticekernel<118>[33] Root file system: /dev/gpt/rootfs
2026-04-25T02:53:18Warningopnsense-business/usr/local/etc/rc.newwanip: Interface '' (ovpns44) is disabled or empty, nothing to do.
2026-04-25T02:53:18Warningopnsense-business/usr/local/etc/rc.newwanip: Interface '' (ovpns42) is disabled or empty, nothing to do.
2026-04-25T02:53:18Noticekernel<6>[31] ovpns44: link state changed to UP
2026-04-25T02:53:18Noticekernel<6>[31] ovpns42: link state changed to UP
2026-04-25T02:53:18Noticekernel<118>[31] >>> Invoking start script 'beep'
Connected since in VPN:OpenVPN:Connection Status shows the same wrong date.
I have no Idea why, Current date/time is correct and synced with NTP-Server. Timezone is also correct.
Any helpful thoughts?
Than you,
SchengFui
#6
General Discussion / Re: Port OPNsense to Linux?
Last post by franco - Today at 10:29:11 AMThat's the point indeed... build it... yes... open source it... investors don't like that.
Cheers,
Franco
Cheers,
Franco
#7
General Discussion / Re: Why I am retiring from con...
Last post by franco - Today at 10:28:07 AMQuote from: Patrick M. Hausen on April 01, 2026, 03:19:40 PMSee you in Brussels, possibly?
Sure. :)
Quote from: Monviech (Cedrik) on April 01, 2026, 11:37:59 AMI guess most of these issues are self inflicted due to the medium of internet.
I disagree. I think people underestimate their impact of dismissiveness in a world where we share and grow together and it's hard to back out of a corner eventually. At some point you're so locked in that any attempt of open communication seems like a neglect of your life's work.
Here are some helpful guidelines we can all benefit from:
https://blog.codinghorror.com/the-ten-commandments-of-egoless-programming/
Quote from: trasz@ on March 27, 2026, 10:42:47 AMThe way commit bits work is that an existing committer (anyone with FreeBSD.org email) sends core@ an email proposing someone, and then core votes on that.
It's kind of amazing that nobody ever took the time to explain it with a single sentence in over a decade to me. It kind of makes sense things went the way they went then. Neglect only gets us so far, but it sure is the easiest thing to do.
Cheers,
Franco
#8
General Discussion / Re: Port OPNsense to Linux?
Last post by Patrick M. Hausen - Today at 10:18:49 AMQuote from: franco on Today at 10:03:51 AMAll the people wanting the ultimate Linux based firewall but nobody really doing it
One could argue that Mikrotik's RouterOS fits that bill. Oh, you (*) want it to be open source ... well :-)
(*) not you personally, Franco
#9
General Discussion / Re: opnsense-revert opnsense f...
Last post by franco - Today at 10:11:40 AMThere's already some worst case recoveries in there, but covering all cases will be difficult to maintain assuming that we desperately need them.
Movement was made in several other directions:
1. The check.sh script can now detect if the wrong version number is installed. It doesn't enforce the right pkg version yet but it could be done.... unless a pkg update breaks the database backwards compat which screws the user over anyway.
2. The nasty pkg-upgrade bug was found. It was a background clean script we had run ourselves for the right reasons, but it also actively sabotages pkg-upgrade still doing its job.
3. We forcefully disable FreeBSD repo since a few years on firmware configure. We can't avoid user console fiddling with that neither, but at least preserve the integrity the system still has after the fact.
At the moment most people fear the benign unepected error popup most and that's saying something for stability. We should address this next (and also update pkg to a newer version obviously but we're waiting for 26.4 to come out first).
Cheers,
Franco
Movement was made in several other directions:
1. The check.sh script can now detect if the wrong version number is installed. It doesn't enforce the right pkg version yet but it could be done.... unless a pkg update breaks the database backwards compat which screws the user over anyway.
2. The nasty pkg-upgrade bug was found. It was a background clean script we had run ourselves for the right reasons, but it also actively sabotages pkg-upgrade still doing its job.
3. We forcefully disable FreeBSD repo since a few years on firmware configure. We can't avoid user console fiddling with that neither, but at least preserve the integrity the system still has after the fact.
At the moment most people fear the benign unepected error popup most and that's saying something for stability. We should address this next (and also update pkg to a newer version obviously but we're waiting for 26.4 to come out first).
Cheers,
Franco
#10
General Discussion / Re: Opnsense and Win 11 in Vir...
Last post by keeka - Today at 10:08:10 AMDon't you have to install virtual box guest additions to get a NIC driver? Does that driver support VLAN tagging? I may be out of date on this, but many windows network drivers did not, including the standard desktop Intel driver.
