"Recent posts
#1
26.1 Series / Re: test for future post
Last post by OPNenthu - Today at 12:08:59 AM"May the odds be ever in your favor." -Effie Trinket
#2
26.1 Series / Re: test for future post
Last post by anilv26 - February 17, 2026, 11:42:08 PMTesting 1 2 tree 🥳
Sorry couldn't resist, I truly tried.
Sorry couldn't resist, I truly tried.
#3
General Discussion / Need Help with Reolink Cameras
Last post by sparker2 - February 17, 2026, 11:41:23 PMI have an Opnsense router with a 16 port POE switch and am an amateur when it comes to setup. I have used it very basically for a while but now I am running into some issues. I have 2 Reolink POE cameras that will not stay connected. Does anyone have experience with these cameras that can help walk me through the best settings to have my cameras work and the application stable?
Thank you in advance!
Thank you in advance!
#4
26.1 Series / Re: Router Advertisements left...
Last post by mokaz - February 17, 2026, 11:21:03 PMHey hey, indeed...
bob@ons:~ $ cat /var/etc/radvd.conf
# Automatically generated, do not edit
# Skipping defunct interface lan
"lan" is pretty much always removed here in favor of VLANs etc..
bob@ons:~ $ cat /var/etc/radvd.conf
# Automatically generated, do not edit
# Skipping defunct interface lan
"lan" is pretty much always removed here in favor of VLANs etc..
#5
German - Deutsch / Re: Zwei Baustellen ISC->KEA /...
Last post by Patrick M. Hausen - February 17, 2026, 11:04:45 PMQuote from: Swtrse on February 17, 2026, 11:01:07 PMBei mir war es so, dass KEA nicht laufen wollte, solange ISC auch nur auf einer Schnittstelle gelaufen ist.
Ich musste ISC wirklich komplett abdrehen, damit KEA angefangen hat, zu arbeiten.
Das ist so. ISC bindet an alle Interfaces, selbst wenn er nur an einem aktiv ist.
#6
German - Deutsch / Re: Zwei Baustellen ISC->KEA /...
Last post by Swtrse - February 17, 2026, 11:01:07 PMBei mir war es so, dass KEA nicht laufen wollte, solange ISC auch nur auf einer Schnittstelle gelaufen ist.
Ich musste ISC wirklich komplett abdrehen, damit KEA angefangen hat, zu arbeiten.
Das hat meinen Plan, Schnittstelle für Schnittstelle langsam umzustellen, schön durcheinandergebracht ...
Ich musste ISC wirklich komplett abdrehen, damit KEA angefangen hat, zu arbeiten.
Das hat meinen Plan, Schnittstelle für Schnittstelle langsam umzustellen, schön durcheinandergebracht ...
#7
26.1 Series / Re: Remote migration of firewa...
Last post by mokaz - February 17, 2026, 10:55:50 PMHi there,
Yes basically 5 out of 6 migrated nodes here are remote / I always keep way's in each Hypervisor from my current location while doing this and I simply snapshot the VM before doing anything (remote access = a simple Network(s) alias hosting my edge WAN IP's having access to a few DNAT rules; allowing HTTPS management over the hypervisor + a ThinLinc enabled Linux host + 127.0.0.1/32:OPNsense_admin_port). Although yes, if these rules fails, I may be in troubles.
I've successfully done the rules migration on all of them -- a single issue in the wizard was a left over rule addressing a none existing anymore gateway. I started by doing the local node to assess that my Remote Access rules were fully migrated and working fine (tested from a remote site)...
Another safety net I've been using sometimes was a complete "clone" of the untouched, in running state VM. Clone on which I'd set the "start at boot" parameter to enable this while remaining in powered off status for now. Then I'd remove that same parameter from the currently running VM (do NOT start on boot) on which I'd conduct the updates. You'd do your things, if all goes well, you can drop the clone and re-set the start at boot parameter on the main VM. If in troubles, you'd have to reboot the host and analyze what went wrong.
I'm sorry I wouldn't be of much help if you're using hardware appliances.
Hope this helps a bit.
Cheers,
m.
Yes basically 5 out of 6 migrated nodes here are remote / I always keep way's in each Hypervisor from my current location while doing this and I simply snapshot the VM before doing anything (remote access = a simple Network(s) alias hosting my edge WAN IP's having access to a few DNAT rules; allowing HTTPS management over the hypervisor + a ThinLinc enabled Linux host + 127.0.0.1/32:OPNsense_admin_port). Although yes, if these rules fails, I may be in troubles.
I've successfully done the rules migration on all of them -- a single issue in the wizard was a left over rule addressing a none existing anymore gateway. I started by doing the local node to assess that my Remote Access rules were fully migrated and working fine (tested from a remote site)...
Another safety net I've been using sometimes was a complete "clone" of the untouched, in running state VM. Clone on which I'd set the "start at boot" parameter to enable this while remaining in powered off status for now. Then I'd remove that same parameter from the currently running VM (do NOT start on boot) on which I'd conduct the updates. You'd do your things, if all goes well, you can drop the clone and re-set the start at boot parameter on the main VM. If in troubles, you'd have to reboot the host and analyze what went wrong.
I'm sorry I wouldn't be of much help if you're using hardware appliances.
Hope this helps a bit.
Cheers,
m.
#8
26.1 Series / Re: IPFire Domain Blocklist ( ...
Last post by abraxxa - February 17, 2026, 10:33:02 PMThanks for the quick reply!
I wasn't aware of keeping the Type field empty and entering the URL(s) instead.
Reading the IPFire DBL how-to-use docs guided me towards using the 'DNS Request Policy Zone (RPZ)' feature of unbound but I guess this isn't configurable via the OPNSense WebUI?
I wasn't aware of keeping the Type field empty and entering the URL(s) instead.
Reading the IPFire DBL how-to-use docs guided me towards using the 'DNS Request Policy Zone (RPZ)' feature of unbound but I guess this isn't configurable via the OPNSense WebUI?
#9
26.1 Series / Re: IPFire Domain Blocklist ( ...
Last post by Patrick M. Hausen - February 17, 2026, 10:23:47 PMQuote from: abraxxa on February 17, 2026, 10:12:14 PMCan we get this integrated into the unbound blocklists?
You can easily configure it.
- Navigate to https://www.ipfire.org/dbl/how-to-use
- Scroll down to "Plaintext Formats"
- Pick e.g. Domains > Malware
This results in this URL: https://dbl.ipfire.org/lists/malware/domains.txt
In OPNsense navigate to Service > Unbound > Blocklists, click the tiny + to add one, enable advanced mode, enter the URL above into the "URLs of Blocklists" field, add a description, save and apply.
Done. Repeat for more lists as you see fit.
This is what it looks like in AdGuard Home which is what I use. Should work in Unbound all the same.
#10
26.1 Series / Re: IPFire Domain Blocklist ( ...
Last post by abraxxa - February 17, 2026, 10:12:14 PMCan we get this integrated into the unbound blocklists?
