"Recent posts
#1
26.1, 26,4 Series / Re: Intel ucode Plugin vs Pack...
Last post by BrandyWine - Today at 01:46:35 AMQuote from: dseven on May 27, 2026, 08:34:44 PMHmmm...Code Selectroot@opnsense:~ # pkg info cpu-microcode-intel
cpu-microcode-intel-20260227
Name : cpu-microcode-intel
Version : 20260227
Installed on : Tue May 26 08:34:48 2026 UTC
Origin : sysutils/cpu-microcode-intel
Architecture : FreeBSD:14:*
Prefix : /usr/local
Categories : sysutils
Licenses : EULA
Maintainer : jrm@FreeBSD.org
WWW : https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files
Comment : Intel CPU microcode updates
Options :
RC : off
SPLIT : on
Annotations :
cpe : cpe:2.3:o:intel:microcode:20260227:::::freebsd14:x64
repo_type : binary
repository : OPNsense
Flat size : 30.2MiB
Description :
This port uses the cpuctl(4) microcode update facility to keep your Intel
processor's firmware up-to-date.
Updating your microcode can help to mitigate certain potential security
vulnerabilities in CPUs as well as address certain functional issues that could,
for example, result in unpredictable system behavior such as hangs, crashes,
unexpected reboots, data errors, etc.
root@opnsense:~ #
Just a copy from one location to another.
If there's a new version from git then why not just copy that newer pkg to the opsnsene repo, and when the FW does an updates check it installs the newer ucode pkg. I cant see how the opnsense v1.1 package would have anything newer than what comes from the Intel pkg.
My only gripe with the Intel ucode pkg, most of that pkg remains static, they bundle a whole bunch of cpuid updates into one pkg, but not every cpuid gets an update, some ucode in the pkg is many years old. Thus if the pkg is marked new but it does not contain new ucode for your cpuid, then installing the pkg is 100% moot.
And then I also wonder, why are some cpuid's getting frequent ucode updates?
#2
26.1, 26,4 Series / Re: DNSmasq missing leases and...
Last post by Ger - Today at 01:19:29 AMall interfaces are connected and showed up in adguard home when set up . very strange.
#3
26.1, 26,4 Series / Re: WAN connectivity problems ...
Last post by SilentAgnostic - May 27, 2026, 11:59:31 PMQuote from: nero355 on May 27, 2026, 11:37:09 PMYou could also just insert a Switch between the ONT and the Router to check if it's not some weird conflict between the two because of the NIC Chipsets :)
Haha, I saw that "workaround" when reading about the I225's. I don't think the I225's are any sort of problem, nor is any of my customer-owned equipment.
Anyways, quick update, I got the ISP router for testing, and it disconnected twice in under an hour when trying to renew DHCP leases.
So this is probably not an opnsense issue, it sounds like my ONT is going bad (or possibly the PON card on the ISP side).
For anyone who cares to follow, this is the messages I was getting on the ISP router (note this IP is my ISP gateway):
Quote2026 May 27 17:34:34 wan_detection info [WAN.6][WDHCP] eth1 arping to x.y.z.1 fail.
followed by a very delayed DHCP lease renewal AFTER the issue/disconnect occurs
Quote2026 May 27 17:55:43 dhcpc.sh info "[WAN.6][WDHCP] bound IP: x.y.z.113"
Based on a similar thread, it sounds like it's indeed a bad ONT/OLT/LineCard. Truck roll scheduled later this week.
https://community.verizon.com/discussion/1564866/cr1000a-losing-connection-dhcpc-sh-and-wan-detection
#4
General Discussion / Re: Watchguard T70 and OPNsens...
Last post by nero355 - May 27, 2026, 11:50:15 PMQuote from: LaForge on May 27, 2026, 11:31:02 PMI have purchased an additional mSata disk to create the install but need some instructions.https://docs.opnsense.org/ is all you need IMHO :)
QuoteI would also like to know how OPNsense and OpenWRT differ from one another and why installing OPNsense might be an advantage?OpenWRT = Linux based
OPNsense = FreeBSD based
IMHO you should consider which one to use based on :
- The type of WAN Connection
If you need good PPPoE speeds with Low End Hardware then Linux based stuff might be the better choice !!
- Which of the two is better maintained for your hardware.
OpenWRT usually has a huge "Android Custom ROM vibe" and by that I mean that if the person maintaining the OpenWRT port for a certain device decides he no longer has the time/will/interest or simply enough spare time to do it, then you are out of luck for future updates/upgrades and thus security patches.
OPNsense however simply has releases for x86-64 hardware that are released on a regular basis and that's all you need most of the time.
(Most of the time = ZenArmor/Suricata/all that other weird stuff from certain repos is not included and a whole different story...)
There is also a AArch64 port made by a 3rd party : https://forum.opnsense.org/index.php?topic=35828.0
Current last release : https://forum.opnsense.org/index.php?topic=35828.msg267203#msg267203
#5
General Discussion / Re: Multi-WAN IPv6 Prefix Depr...
Last post by ciaduck - May 27, 2026, 11:42:52 PMThanks for the reply. There were a few changes I made and things appear to be more stable. I'll have to wait a bit longer to be sure. Over the last few months I've been having to power cycle the router to fix a "split brain" situation with the networks.
The 2 things that seem to have made a difference.
1 - In verifying my settings, I didn't have any DNS server set in [system] > [settings] > [general]. I've corrected this and set them to the same servers as I have in the gateway monitoring.
2 - I've set more aggressive timeouts for RADV. I'm now using:
I've disabled any settings for NPTv6 from the [Firewall] > [NAT], because of my GUA prefix changing. Thanks for your feedback about ULAs. I know there are issues with dual stack networks, and it seems this would be one of those cases where using ULA for NPT would simply result in no IPv6 going out the secondary WAN due to "happy eyeballs" and IPv4 preference.
I'll look into NAT66. I'm also researching using a reserved GUA (like 2000:db8:: ) for NPT, but this would be a hack.
Thanks for the time and feedback.
The 2 things that seem to have made a difference.
1 - In verifying my settings, I didn't have any DNS server set in [system] > [settings] > [general]. I've corrected this and set them to the same servers as I have in the gateway monitoring.
2 - I've set more aggressive timeouts for RADV. I'm now using:
Code Select
Minimum Interval = 10
Maximum Interval = 30
AdvPreferredLifetime = 60
AdvRouteLifetime = 90I've disabled any settings for NPTv6 from the [Firewall] > [NAT], because of my GUA prefix changing. Thanks for your feedback about ULAs. I know there are issues with dual stack networks, and it seems this would be one of those cases where using ULA for NPT would simply result in no IPv6 going out the secondary WAN due to "happy eyeballs" and IPv4 preference.
I'll look into NAT66. I'm also researching using a reserved GUA (like 2000:db8:: ) for NPT, but this would be a hack.
Thanks for the time and feedback.
#6
General Discussion / Re: Watchguard T70 and OPNsens...
Last post by nero355 - May 27, 2026, 11:40:36 PMQuote from: LaForge on May 27, 2026, 11:31:02 PM1. Why does searching for "OpenSense" get you the netgate form which is for the pfSense product?OpenSense != OPNsense
I then get an admin telling me that I am "unlikely to find much love for OPNSense here on the pfSense forum". The why are they subverting the search results to exploit what must be a common mis-spelling?
So dunno...
Quote2. Why did I have to look for a link in small print at the bottom of the OPNsense website to find this forum?https://opnsense.org/ => Be Involved => OPNsense forum => DONE! ;)
#7
26.1, 26,4 Series / Re: WAN connectivity problems ...
Last post by nero355 - May 27, 2026, 11:37:09 PMQuote from: SilentAgnostic on May 27, 2026, 04:29:18 PMThis very well could be ONT wonkiness - and if so, I'm thinking that will show up when I test with another router.You could also just insert a Switch between the ONT and the Router to check if it's not some weird conflict between the two because of the NIC Chipsets :)
#8
General Discussion / Watchguard T70 and OPNsense qu...
Last post by LaForge - May 27, 2026, 11:31:02 PMI have just signed up to this forum and have some questions regarding my T70 box. But first, I have a couple of questions about the OPNsense forum:
1. Why does searching for "OpenSense" get you the netgate form which is for the pfSense product? I then get an admin telling me that I am "unlikely to find much love for OPNSense here on the pfSense forum". The why are they subverting the search results to exploit what must be a common mis-spelling?
2. Why did I have to look for a link in small print at the bottom of the OPNsense website to find this forum?
So now on to the T70. I acquired one a couple of weeks back running OpenWRT and its now my Broadband router. Recently I got another cheaply as a backup and it was suggested to me that I could try running OPNsense on it. I have purchased an additional mSata disk to create the install but need some instructions. I would also like to know how OPNsense and OpenWRT differ from one another and why installing OPNsense might be an advantage? I won't ask any questions about pfSense as I suspect the above feeling might be mutual....
I would also be interested to know whether OPNsense has solved the problem with the 5-port switch, or whether that still requires the resistor mod?
I asked over on OpenWRT and it seems that developers have moved on and there will be no further development there so possibly the same here, but presumably it can't hurt to ask.
1. Why does searching for "OpenSense" get you the netgate form which is for the pfSense product? I then get an admin telling me that I am "unlikely to find much love for OPNSense here on the pfSense forum". The why are they subverting the search results to exploit what must be a common mis-spelling?
2. Why did I have to look for a link in small print at the bottom of the OPNsense website to find this forum?
So now on to the T70. I acquired one a couple of weeks back running OpenWRT and its now my Broadband router. Recently I got another cheaply as a backup and it was suggested to me that I could try running OPNsense on it. I have purchased an additional mSata disk to create the install but need some instructions. I would also like to know how OPNsense and OpenWRT differ from one another and why installing OPNsense might be an advantage? I won't ask any questions about pfSense as I suspect the above feeling might be mutual....
I would also be interested to know whether OPNsense has solved the problem with the 5-port switch, or whether that still requires the resistor mod?
I asked over on OpenWRT and it seems that developers have moved on and there will be no further development there so possibly the same here, but presumably it can't hurt to ask.
#9
General Discussion / Re: current best practices for...
Last post by nero355 - May 27, 2026, 11:25:46 PMQuote from: BPengu on May 27, 2026, 10:42:47 PMOr just point me towards any documentation that makes it painfully obvious what I need to do?I think this is all you need to know :
- https://docs.opnsense.org/manual/firewall_settings.html
- https://docs.opnsense.org/manual/nat.html#destination-nat-port-forward
Port Forward got (correctly!) renamed to Destination NAT some time ago ;)
#10
26.1, 26,4 Series / Re: OPNsense 26.1.8_5 Freezes ...
Last post by nero355 - May 27, 2026, 11:16:48 PMQuote from: xenon2008 on May 27, 2026, 05:38:31 PMBut there haven't been any changes to the firewall's configuration for months, and I still have about 10 different old configuration versions. At least the last two always have the same problem.IMHO :
Changed hardware of your OPNsense ?
Don't use the config.xml of your old hardware setup and begin from scratch with the new one !!
But that's just me I guess...?!
And since you have the old hardware offline now maybe you could use that setup to try out new things that you would otherwise not change on your running/active setup ??
