Recent posts

#1
May be this due to a temporary file lock during log rotate and is not a problem at all.
#2
26.1, 26,4 Series / Re: Upgrade went wrong
Last post by davidgildea - Today at 01:59:54 PM
Experiencing the same issue, standard upgrade, have not installed any packages, had to reboot and getting a secgemnt vault error now in the update.

One extra thing I noticed is plugins are all showing as (Orphaned), not sure what this means or if its an issue.


os-acme-client (orphaned)    4.16_1    821KiB    4    OPNsense    ACME Client   
os-isc-dhcp (orphaned)    1.0_4    280KiB    4    OPNsense    ISC DHCPv4/v6 server   
os-ntopng (orphaned)    1.3    20.6KiB    4    OPNsense    Traffic Analysis and Flow Collection   
os-redis (orphaned)    1.1_4    68.8KiB    4    OPNsense    Redis DB   
os-sensei (orphaned)    2.5    274MiB    4    SunnyValley    Zenarmor is an Enterprise SASE & SSE platform (NGFW, SWG, CASB, ZTNA, SD-WAN)   
os-sensei-agent (orphaned)    2.5    129MiB    4    SunnyValley    Cloud Connectivity Agent for Zenarmor - Enterprise SASE & SSE platform   
os-sensei-updater (orphaned)    2.0    3.75KiB    4    SunnyValley    OPNsense ZENARMOR Plugin Updater   
os-sunnyvalley (orphaned)    1.5_2    2.43KiB    4    OPNsense    Vendor Repository for Zenarmor - Enterprise SASE & SSE platform (NGFW, SWG, CASB, ZTNA, SD-WAN)   
os-tailscale (orphaned)    1.4    46.9KiB    4    OPNsense    VPN mesh securely connecting clients using WireGuard


Would really appreciate any help or advice

Dave
#3
German - Deutsch / Re: LogIn-Seite vor Captive Po...
Last post by viragomann - Today at 01:52:13 PM
Quote from: NausB on Today at 11:11:15 AMProduktiv werde ich ,,Disable firewall rules" erst einmal nicht setzen, sondern höchstens in einer Testumgebung nachbauen.
Die Sache ist, dass durch die automatisch generierten CP Regeln alles außer DNS, DHCP und die Ports 8000 u. 9000 auf die OPNsense selbst (f. Zone 0) blockiert wird.

Ich habe mir nun die Regeln einer anderen Installation angesehen, bei der in CP als Host ein FQDN angegeben ist, der auf die WAN IP aufgelöst wird. Da sind auch nur Zugriffe auf die OPNsense selbst erlaubt. Ich denke aber nicht, dass sie weiß, dass der FQDN auf die eigene IP verweist.
D.h., wenn das Ziel auf einem andern Host liegt, wird das nicht funktionieren.

Wenn du deine Clients also eine andere Seite aufrufen können müssen, muss das explizit erlaubt werden. Mit einer Regel am Interface ist das nicht möglich, wenn die automatischen Regeln aktiv sind, denn diese haben höhere Prio.
Du kannst es bestenfalls mit eine Floating Regel mit Quick versuchen. Floating Regeln sollten vor den Interface Regeln abgearbeitet werden und somit Vorrang haben. Das sollte auch für automatisch generierte Regeln gelten.
Bedenke aber, dass in den "New Rules" Floatings nicht für ein einzelnen Interface definiert werden können. Du müsstest also ein zweites hinzunehmen.
#4
General Discussion / Re: [SOLVED] serial console co...
Last post by franco - Today at 11:42:54 AM
Hi Silke,

No problem at all. If the problem reappears let me know. Reordering the options wouldn't be an issue although in practice their order shouldn't matter since they are accessed by the boot code as needed.


Cheers,
Franco
#5
I'm running OPNsense 26.1.8_5 with os-q-feeds-connector 1.6 and when I go to view the events nothing is listed.

Looking in System -> Log Files -> Backend, I am seeing these log entries;

Quote2026-05-22T17:13:33
Error
configd.py
[6381d872-a12b-4043-826d-0548754dcdac] Script action failed with Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py logs ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 93, in execute subprocess.run(script_command, env=self.config_environment, shell=True, ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ check=not self.disable_errors, stdout=output_stream, stderr=error_stream) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/subprocess.py", line 577, in run raise CalledProcessError(retcode, process.args, output=stdout, stderr=stderr) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py logs ' returned non-zero exit status 1.

Quote2026-05-22T10:42:41
Error
configd.py
[687e3cd2-e0d4-4f64-b27c-31bc9b6da13a] Script action failed with Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py logs ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 93, in execute subprocess.run(script_command, env=self.config_environment, shell=True, ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ check=not self.disable_errors, stdout=output_stream, stderr=error_stream) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.13/subprocess.py", line 577, in run raise CalledProcessError(retcode, process.args, output=stdout, stderr=stderr) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/qfeeds/qfeedsctl.py logs ' returned non-zero exit status 1.

I rebooted OPNsense earlier but it hasn't helped.

Is it just me or are others seeing this issue too?
#6
German - Deutsch / Re: LogIn-Seite vor Captive Po...
Last post by NausB - Today at 11:11:15 AM
Danke, das erklärt einiges.
Ich hatte Allowed Addresses tatsächlich als erlaubte Zieladressen verstanden.
Wenn das eher Quelladressen meint, passt das zu meinem Log mit der Default Captive Portal block rule.
Ich schaue mir als Nächstes über Inspect die automatisch generierten Regeln an und prüfe DHCP Option 114.
Produktiv werde ich ,,Disable firewall rules" erst einmal nicht setzen, sondern höchstens in einer Testumgebung nachbauen.
#7
Hello Bob,

Thanks again for your help and i can confirm that works.
You just need to avoid overlap the ip address and boom, all working. Amazing.

Thanks

Quote from: Bob.Dig on May 19, 2026, 12:58:04 PM
Quote from: rumshot on May 19, 2026, 12:38:49 PMI won't be able to have two connections with proton, once their tunnels always have the same address
Just change the first "2" to a different number (e.g. 10.3.0.2).
#8
General Discussion / Re: [SOLVED] serial console co...
Last post by silke61 - Today at 10:20:57 AM
Now I am totally perplexed. After your answer I did some more research and found the info that onifconsole only works when in /boot/loader.conf comconsole is set before vidconsole in the console parameter. So I changed it, also set /etc/ttys back to onifconsole and rebooted but after the reboot loader.conf was back to the old sequence, onifconsole was still set but now the serial console worked !?! I promise I tried dozens of times before and it definitely did not work with these very settings.

But since it now works with onifconsole I will not write a feature request. Whatever happend in my instace I don't think OPNsense is at fault.

Thanks for your responsiveness and sorry for the noise
Silke
#9
General Discussion / Re: [SOLVED] serial console co...
Last post by franco - Today at 09:36:58 AM
It was never needed and I recall no reports that it would have. It's the FreeBSD default we try to follow.

If it fixes your issue I'd appreciate a GitHub ticket and I can see how to offer this. It's not great to micro-manage this but if it fixes a real world issue that's ok.

https://github.com/opnsense/core/issues/new?template=feature_request.md


Cheers,
Franco
#10
General Discussion / Re: [SOLVED] serial console co...
Last post by silke61 - Today at 09:23:55 AM
Quote from: franco on Today at 08:42:28 AMFor VMs one mostly starts with a VGA image which doesn't have serial enabled.

That's why I enabled it after installation. The standard VGA based console in Proxmox has a few disadvantages, e.g. it doesn't support cut & paste (at least not easily), that is why I used the serial based xterm.js console. As I said, it works, but only after I changed 'onifconsole' to 'on'. Is there any reason not to always set it to 'on' when enabled?
If there are good reasons it is fine with me since I found a solution, it is just one more thing to remember for a possible new install. (And if I miss it, a web search will hopefully lead me to this post to remind me)

Thanks for all your great work!
Silke