"Recent posts
#1
General Discussion / Re: Port OPNsense to Linux?
Last post by MrWizard - Today at 10:03:02 PMYes, Nix is declarative.
The reason IPFire is being unrecommended, is the guys behind.
So there will likely be users for a Linux router with an OPNsense like user interface and decent support. The Linux user base is growing.
The reason IPFire is being unrecommended, is the guys behind.
So there will likely be users for a Linux router with an OPNsense like user interface and decent support. The Linux user base is growing.
#2
Tutorials and FAQs / Re: IPv6 Control Plane with FQ...
Last post by OPNenthu - Today at 08:46:51 PM@Seimus No, I only use the firewall with static IP blocklists (Spamhaus, FireHOL, ...) for outbound filtering and DNSBLs. I'm blocking DoH/DoQ as well.
#3
25.7, 25.10 Series / Re: new device in network show...
Last post by chemlud - Today at 07:49:41 PMCan confirm problem and solution. Switched the MAC for a static DHCP client (have static ARP on that interface enabled btw). IP is handed out, traffic on same interface going back and forth, but no DNS, and no other traffic outside the same interface going back and forth. Client not showing up in ARP table and listed as status "offline" in DHCP leases.
Took me some hours to find this here and a reboot of OPNsense resolved the problem immediately. Strange, very strange.
Took me some hours to find this here and a reboot of OPNsense resolved the problem immediately. Strange, very strange.
#4
Tutorials and FAQs / Re: IPv6 Control Plane with FQ...
Last post by Seimus - Today at 07:32:59 PMIn regards of waveform bufferblaost test,
Do you by chance use ZenArmor maybe? I have seen stalls as well but caused by ZA, as ZA started to block some of the the IPs behind which waveform is hosted. They btw moved the hosting, and since that time ZA started to block it.
Regards,
S.
Do you by chance use ZenArmor maybe? I have seen stalls as well but caused by ZA, as ZA started to block some of the the IPs behind which waveform is hosted. They btw moved the hosting, and since that time ZA started to block it.
Regards,
S.
#5
Intrusion Detection and Prevention / Re: Suricata, Zenarmor , inter...
Last post by Melroy vd Berg - Today at 06:54:35 PMQuote from: MojoMC on February 03, 2026, 10:00:15 AMWe would see CPU spikes to 99% and traffic ground to a halt. We went to LAN only, and now we only see the blips from these $20 DDoS attacks."
Wait this redditor says that switching Suricata to LAN only actually reduces the CPU spikes. So this person is confirming what I said, you want to use LAN interface.
#6
General Discussion / Re: Mullvad VPN and Opnsense?
Last post by borealis67 - Today at 06:28:40 PMI am not sure what the specifics are regarding Wireguard and Mullvad. But I will try your suggestions. Thank you for the reply.
#7
Intrusion Detection and Prevention / Seems to drop, but still can e...
Last post by gilberto.ferreira41 - Today at 06:21:45 PM2026-04-01T13:14:58-03:00
Notice
suricata
[Drop] [1:3400002:2] POSSBL PORT SCAN (NMAP -sS) [Classification: Attempted Information Leak] [Priority: 2] {TCP} 172.16.0.ABC:60788 -> 201.XXX.YYY.ZZZ:464
Suricata seems to be drop, but still can execute nmap 201.XXX.YYY.ZZZ, for 3 or 4 times...
It's never block.
IPS inline, with netmap IPS.
Hyperscan in use.
Dectect profile = medium.
It's not suppose to prevent the nmap execution?
Like, give the source a timeout or something like that?
What did I missed?
Notice
suricata
[Drop] [1:3400002:2] POSSBL PORT SCAN (NMAP -sS) [Classification: Attempted Information Leak] [Priority: 2] {TCP} 172.16.0.ABC:60788 -> 201.XXX.YYY.ZZZ:464
Suricata seems to be drop, but still can execute nmap 201.XXX.YYY.ZZZ, for 3 or 4 times...
It's never block.
IPS inline, with netmap IPS.
Hyperscan in use.
Dectect profile = medium.
It's not suppose to prevent the nmap execution?
Like, give the source a timeout or something like that?
What did I missed?
#8
26.1 Series / Re: New IPv6 address assignmen...
Last post by dseven - Today at 06:20:54 PMI suppose so. I'm currently focused on the "out of box experience" - i.e. I just want to plug in the credentials supplied by my ISP and I expect basic internet access (including IPv6) to "just work". It seems unfriendly that I have to configure something that seemingly could easily be derived from the DHCP response.
#9
Virtual private networks / Re: WireGuard local DNS resolu...
Last post by donee - Today at 05:59:40 PMI figured out the issue
When I was connecting to the vpn my search path was disappearing. None of my internal domains resolve with out the search path.
on wifi
user@hostname ~ % cat /etc/resolv.conf
search lan.internal
nameserver 10.10.10.1
on WireGuard
user@hostname ~ % cat /etc/resolv.conf
nameserver 10.10.10.1
So the next question I had to ask was how do you add a search path to wireguard
I found it site. https://rakhesh.com/linux-bsd/wireguard-search-domain/
in the DNS servers box you have to add in "10.10.10.1, lan.internal"
Now everything appears to be woking as expected.
When I was connecting to the vpn my search path was disappearing. None of my internal domains resolve with out the search path.
on wifi
user@hostname ~ % cat /etc/resolv.conf
search lan.internal
nameserver 10.10.10.1
on WireGuard
user@hostname ~ % cat /etc/resolv.conf
nameserver 10.10.10.1
So the next question I had to ask was how do you add a search path to wireguard
I found it site. https://rakhesh.com/linux-bsd/wireguard-search-domain/
in the DNS servers box you have to add in "10.10.10.1, lan.internal"
Now everything appears to be woking as expected.
#10
26.1 Series / Re: igc0 will not link at 1000...
Last post by nero355 - Today at 05:28:08 PMQuote from: meyergru on Today at 02:26:45 PMCould also be a faulty port on the switch or on your firewallSince I had this happen on two totally different Switches from two different brands I am suspecting it might be the case here too...
Quoteor bad NIC support if Realtek NICs are in use.igc = always Intel AFAIK ?!
Quote from: CyberTend on Today at 01:34:05 PM1) I am using a Cat6 cable factory madeIs this just UTP or some Shielded version ?
There are some Switches that do not like Shielded cables out there !!
Quote3) Setting both sides to autonegotiate, I only get 100meg- Automatic Negotiation is the best way to detect issues, so avoid using Manual Settings !!
4) Setting both sides to 1000baseT Full, no connection at all.
- What happens when you "wiggle" the connector of the cable in the port ?
The LED of the port could show changes in the operating speed while you do this.
QuoteI do have many other devices on the switch that are indeed connected at 1000baseT.Could you swap ports to make sure it's not the NIC Port of your OPNsense having issues ?
QuotePerhaps a switch incompatibility?Don't think so... Very rare anyway...
QuoteWhat switches are folks using that you know work?Any decent brand should work and if it doesn't then it's probably a cable or port issue IMHO :)
